diff options
Diffstat (limited to '.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL')
27 files changed, 0 insertions, 13092 deletions
diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_int.c deleted file mode 100755 index f551bdba..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_int.c +++ /dev/null @@ -1,458 +0,0 @@ -/* crypto/asn1/a_int.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/asn1.h> -#include <openssl/bn.h> - -ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) -{ return M_ASN1_INTEGER_dup(x);} - -int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) - { - int neg, ret; - /* Compare signs */ - neg = x->type & V_ASN1_NEG; - if (neg != (y->type & V_ASN1_NEG)) - { - if (neg) - return -1; - else - return 1; - } - - ret = ASN1_STRING_cmp(x, y); - - if (neg) - return -ret; - else - return ret; - } - - -/* - * This converts an ASN1 INTEGER into its content encoding. - * The internal representation is an ASN1_STRING whose data is a big endian - * representation of the value, ignoring the sign. The sign is determined by - * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. - * - * Positive integers are no problem: they are almost the same as the DER - * encoding, except if the first byte is >= 0x80 we need to add a zero pad. - * - * Negative integers are a bit trickier... - * The DER representation of negative integers is in 2s complement form. - * The internal form is converted by complementing each octet and finally - * adding one to the result. This can be done less messily with a little trick. - * If the internal form has trailing zeroes then they will become FF by the - * complement and 0 by the add one (due to carry) so just copy as many trailing - * zeros to the destination as there are in the source. The carry will add one - * to the last none zero octet: so complement this octet and add one and finally - * complement any left over until you get to the start of the string. - * - * Padding is a little trickier too. If the first bytes is > 0x80 then we pad - * with 0xff. However if the first byte is 0x80 and one of the following bytes - * is non-zero we pad with 0xff. The reason for this distinction is that 0x80 - * followed by optional zeros isn't padded. - */ - -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) - { - int pad=0,ret,i,neg; - unsigned char *p,*n,pb=0; - - if ((a == NULL) || (a->data == NULL)) return(0); - neg=a->type & V_ASN1_NEG; - if (a->length == 0) - ret=1; - else - { - ret=a->length; - i=a->data[0]; - if (!neg && (i > 127)) { - pad=1; - pb=0; - } else if(neg) { - if(i>128) { - pad=1; - pb=0xFF; - } else if(i == 128) { - /* - * Special case: if any other bytes non zero we pad: - * otherwise we don't. - */ - for(i = 1; i < a->length; i++) if(a->data[i]) { - pad=1; - pb=0xFF; - break; - } - } - } - ret+=pad; - } - if (pp == NULL) return(ret); - p= *pp; - - if (pad) *(p++)=pb; - if (a->length == 0) *(p++)=0; - else if (!neg) memcpy(p,a->data,(unsigned int)a->length); - else { - /* Begin at the end of the encoding */ - n=a->data + a->length - 1; - p += a->length - 1; - i = a->length; - /* Copy zeros to destination as long as source is zero */ - while(!*n) { - *(p--) = 0; - n--; - i--; - } - /* Complement and increment next octet */ - *(p--) = ((*(n--)) ^ 0xff) + 1; - i--; - /* Complement any octets left */ - for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; - } - - *pp+=ret; - return(ret); - } - -/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ - -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long len) - { - ASN1_INTEGER *ret=NULL; - const unsigned char *p, *pend; - unsigned char *to,*s; - int i; - - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); - ret->type=V_ASN1_INTEGER; - } - else - ret=(*a); - - p= *pp; - pend = p + len; - - /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it - * signifies a missing NULL parameter. */ - s=(unsigned char *)OPENSSL_malloc((int)len+1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; - goto err; - } - to=s; - if(!len) { - /* Strictly speaking this is an illegal INTEGER but we - * tolerate it. - */ - ret->type=V_ASN1_INTEGER; - } else if (*p & 0x80) /* a negative number */ - { - ret->type=V_ASN1_NEG_INTEGER; - if ((*p == 0xff) && (len != 1)) { - p++; - len--; - } - i = len; - p += i - 1; - to += i - 1; - while((!*p) && i) { - *(to--) = 0; - i--; - p--; - } - /* Special case: if all zeros then the number will be of - * the form FF followed by n zero bytes: this corresponds to - * 1 followed by n zero bytes. We've already written n zeros - * so we just append an extra one and set the first byte to - * a 1. This is treated separately because it is the only case - * where the number of bytes is larger than len. - */ - if(!i) { - *s = 1; - s[len] = 0; - len++; - } else { - *(to--) = (*(p--) ^ 0xff) + 1; - i--; - for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; - } - } else { - ret->type=V_ASN1_INTEGER; - if ((*p == 0) && (len != 1)) - { - p++; - len--; - } - memcpy(s,p,(int)len); - } - - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=s; - ret->length=(int)len; - if (a != NULL) (*a)=ret; - *pp=pend; - return(ret); -err: - ASN1err(ASN1_F_C2I_ASN1_INTEGER,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_INTEGER_free(ret); - return(NULL); - } - - -/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of - * ASN1 integers: some broken software can encode a positive INTEGER - * with its MSB set as negative (it doesn't add a padding zero). - */ - -ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length) - { - ASN1_INTEGER *ret=NULL; - const unsigned char *p; - unsigned char *s; - long len; - int inf,tag,xclass; - int i; - - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); - ret->type=V_ASN1_INTEGER; - } - else - ret=(*a); - - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) - { - i=ASN1_R_BAD_OBJECT_HEADER; - goto err; - } - - if (tag != V_ASN1_INTEGER) - { - i=ASN1_R_EXPECTING_AN_INTEGER; - goto err; - } - - /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it - * signifies a missing NULL parameter. */ - s=(unsigned char *)OPENSSL_malloc((int)len+1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; - goto err; - } - ret->type=V_ASN1_INTEGER; - if(len) { - if ((*p == 0) && (len != 1)) - { - p++; - len--; - } - memcpy(s,p,(int)len); - p+=len; - } - - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=s; - ret->length=(int)len; - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_INTEGER_free(ret); - return(NULL); - } - -int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) - { - int j,k; - unsigned int i; - unsigned char buf[sizeof(long)+1]; - long d; - - a->type=V_ASN1_INTEGER; - if (a->length < (int)(sizeof(long)+1)) - { - if (a->data != NULL) - OPENSSL_free(a->data); - if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) - memset((char *)a->data,0,sizeof(long)+1); - } - if (a->data == NULL) - { - ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE); - return(0); - } - d=v; - if (d < 0) - { - d= -d; - a->type=V_ASN1_NEG_INTEGER; - } - - for (i=0; i<sizeof(long); i++) - { - if (d == 0) break; - buf[i]=(int)d&0xff; - d>>=8; - } - j=0; - for (k=i-1; k >=0; k--) - a->data[j++]=buf[k]; - a->length=j; - return(1); - } - -long ASN1_INTEGER_get(ASN1_INTEGER *a) - { - int neg=0,i; - long r=0; - - if (a == NULL) return(0L); - i=a->type; - if (i == V_ASN1_NEG_INTEGER) - neg=1; - else if (i != V_ASN1_INTEGER) - return -1; - - if (a->length > (int)sizeof(long)) - { - /* hmm... a bit ugly */ - return(0xffffffffL); - } - if (a->data == NULL) - return 0; - - for (i=0; i<a->length; i++) - { - r<<=8; - r|=(unsigned char)a->data[i]; - } - if (neg) r= -r; - return(r); - } - -ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) - { - ASN1_INTEGER *ret; - int len,j; - - if (ai == NULL) - ret=M_ASN1_INTEGER_new(); - else - ret=ai; - if (ret == NULL) - { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); - goto err; - } - if (BN_is_negative(bn)) - ret->type = V_ASN1_NEG_INTEGER; - else ret->type=V_ASN1_INTEGER; - j=BN_num_bits(bn); - len=((j == 0)?0:((j/8)+1)); - if (ret->length < len+4) - { - unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); - if (!new_data) - { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); - goto err; - } - ret->data=new_data; - } - ret->length=BN_bn2bin(bn,ret->data); - /* Correct zero case */ - if(!ret->length) - { - ret->data[0] = 0; - ret->length = 1; - } - return(ret); -err: - if (ret != ai) M_ASN1_INTEGER_free(ret); - return(NULL); - } - -BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) - { - BIGNUM *ret; - - if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) - ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); - else if(ai->type == V_ASN1_NEG_INTEGER) - BN_set_negative(ret, 1); - return(ret); - } - -IMPLEMENT_STACK_OF(ASN1_INTEGER) -IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strex.c deleted file mode 100755 index 264ebf23..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +++ /dev/null @@ -1,574 +0,0 @@ -/* a_strex.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <string.h> -#include "cryptlib.h" -#include <openssl/crypto.h> -#include <openssl/x509.h> -#include <openssl/asn1.h> - -#include "charmap.h" - -/* ASN1_STRING_print_ex() and X509_NAME_print_ex(). - * Enhanced string and name printing routines handling - * multibyte characters, RFC2253 and a host of other - * options. - */ - - -#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) - -#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) - - -/* Three IO functions for sending data to memory, a BIO and - * and a FILE pointer. - */ -#if 0 /* never used */ -static int send_mem_chars(void *arg, const void *buf, int len) -{ - unsigned char **out = arg; - if(!out) return 1; - memcpy(*out, buf, len); - *out += len; - return 1; -} -#endif - -static int send_bio_chars(void *arg, const void *buf, int len) -{ - if(!arg) return 1; - if(BIO_write(arg, buf, len) != len) return 0; - return 1; -} - -static int send_fp_chars(void *arg, const void *buf, int len) -{ - if(!arg) return 1; - if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; - return 1; -} - -typedef int char_io(void *arg, const void *buf, int len); - -/* This function handles display of - * strings, one character at a time. - * It is passed an unsigned long for each - * character because it could come from 2 or even - * 4 byte forms. - */ - -static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) -{ - unsigned char chflgs, chtmp; - char tmphex[HEX_SIZE(long)+3]; - - if(c > 0xffffffffL) - return -1; - if(c > 0xffff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); - if(!io_ch(arg, tmphex, 10)) return -1; - return 10; - } - if(c > 0xff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); - if(!io_ch(arg, tmphex, 6)) return -1; - return 6; - } - chtmp = (unsigned char)c; - if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB; - else chflgs = char_type[chtmp] & flags; - if(chflgs & CHARTYPE_BS_ESC) { - /* If we don't escape with quotes, signal we need quotes */ - if(chflgs & ASN1_STRFLGS_ESC_QUOTE) { - if(do_quotes) *do_quotes = 1; - if(!io_ch(arg, &chtmp, 1)) return -1; - return 1; - } - if(!io_ch(arg, "\\", 1)) return -1; - if(!io_ch(arg, &chtmp, 1)) return -1; - return 2; - } - if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) { - BIO_snprintf(tmphex, 11, "\\%02X", chtmp); - if(!io_ch(arg, tmphex, 3)) return -1; - return 3; - } - /* If we get this far and do any escaping at all must escape - * the escape character itself: backslash. - */ - if (chtmp == '\\' && flags & ESC_FLAGS) { - if(!io_ch(arg, "\\\\", 2)) return -1; - return 2; - } - if(!io_ch(arg, &chtmp, 1)) return -1; - return 1; -} - -#define BUF_TYPE_WIDTH_MASK 0x7 -#define BUF_TYPE_CONVUTF8 0x8 - -/* This function sends each character in a buffer to - * do_esc_char(). It interprets the content formats - * and converts to or from UTF8 as appropriate. - */ - -static int do_buf(unsigned char *buf, int buflen, - int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) -{ - int i, outlen, len; - unsigned char orflags, *p, *q; - unsigned long c; - p = buf; - q = buf + buflen; - outlen = 0; - while(p != q) { - if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; - else orflags = 0; - switch(type & BUF_TYPE_WIDTH_MASK) { - case 4: - c = ((unsigned long)*p++) << 24; - c |= ((unsigned long)*p++) << 16; - c |= ((unsigned long)*p++) << 8; - c |= *p++; - break; - - case 2: - c = ((unsigned long)*p++) << 8; - c |= *p++; - break; - - case 1: - c = *p++; - break; - - case 0: - i = UTF8_getc(p, buflen, &c); - if(i < 0) return -1; /* Invalid UTF8String */ - p += i; - break; - default: - return -1; /* invalid width */ - } - if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253; - if(type & BUF_TYPE_CONVUTF8) { - unsigned char utfbuf[6]; - int utflen; - utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); - for(i = 0; i < utflen; i++) { - /* We don't need to worry about setting orflags correctly - * because if utflen==1 its value will be correct anyway - * otherwise each character will be > 0x7f and so the - * character will never be escaped on first and last. - */ - len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg); - if(len < 0) return -1; - outlen += len; - } - } else { - len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg); - if(len < 0) return -1; - outlen += len; - } - } - return outlen; -} - -/* This function hex dumps a buffer of characters */ - -static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) -{ - static const char hexdig[] = "0123456789ABCDEF"; - unsigned char *p, *q; - char hextmp[2]; - if(arg) { - p = buf; - q = buf + buflen; - while(p != q) { - hextmp[0] = hexdig[*p >> 4]; - hextmp[1] = hexdig[*p & 0xf]; - if(!io_ch(arg, hextmp, 2)) return -1; - p++; - } - } - return buflen << 1; -} - -/* "dump" a string. This is done when the type is unknown, - * or the flags request it. We can either dump the content - * octets or the entire DER encoding. This uses the RFC2253 - * #01234 format. - */ - -static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) -{ - /* Placing the ASN1_STRING in a temp ASN1_TYPE allows - * the DER encoding to readily obtained - */ - ASN1_TYPE t; - unsigned char *der_buf, *p; - int outlen, der_len; - - if(!io_ch(arg, "#", 1)) return -1; - /* If we don't dump DER encoding just dump content octets */ - if(!(lflags & ASN1_STRFLGS_DUMP_DER)) { - outlen = do_hex_dump(io_ch, arg, str->data, str->length); - if(outlen < 0) return -1; - return outlen + 1; - } - t.type = str->type; - t.value.ptr = (char *)str; - der_len = i2d_ASN1_TYPE(&t, NULL); - der_buf = OPENSSL_malloc(der_len); - if(!der_buf) return -1; - p = der_buf; - i2d_ASN1_TYPE(&t, &p); - outlen = do_hex_dump(io_ch, arg, der_buf, der_len); - OPENSSL_free(der_buf); - if(outlen < 0) return -1; - return outlen + 1; -} - -/* Lookup table to convert tags to character widths, - * 0 = UTF8 encoded, -1 is used for non string types - * otherwise it is the number of bytes per character - */ - -static const signed char tag2nbyte[] = { - -1, -1, -1, -1, -1, /* 0-4 */ - -1, -1, -1, -1, -1, /* 5-9 */ - -1, -1, 0, -1, /* 10-13 */ - -1, -1, -1, -1, /* 15-17 */ - -1, 1, 1, /* 18-20 */ - -1, 1, 1, 1, /* 21-24 */ - -1, 1, -1, /* 25-27 */ - 4, -1, 2 /* 28-30 */ -}; - -/* This is the main function, print out an - * ASN1_STRING taking note of various escape - * and display options. Returns number of - * characters written or -1 if an error - * occurred. - */ - -static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) -{ - int outlen, len; - int type; - char quotes; - unsigned char flags; - quotes = 0; - /* Keep a copy of escape flags */ - flags = (unsigned char)(lflags & ESC_FLAGS); - - type = str->type; - - outlen = 0; - - - if(lflags & ASN1_STRFLGS_SHOW_TYPE) { - const char *tagname; - tagname = ASN1_tag2str(type); - outlen += strlen(tagname); - if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; - outlen++; - } - - /* Decide what to do with type, either dump content or display it */ - - /* Dump everything */ - if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1; - /* Ignore the string type */ - else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1; - else { - /* Else determine width based on type */ - if((type > 0) && (type < 31)) type = tag2nbyte[type]; - else type = -1; - if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; - } - - if(type == -1) { - len = do_dump(lflags, io_ch, arg, str); - if(len < 0) return -1; - outlen += len; - return outlen; - } - - if(lflags & ASN1_STRFLGS_UTF8_CONVERT) { - /* Note: if string is UTF8 and we want - * to convert to UTF8 then we just interpret - * it as 1 byte per character to avoid converting - * twice. - */ - if(!type) type = 1; - else type |= BUF_TYPE_CONVUTF8; - } - - len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); - if(len < 0) return -1; - outlen += len; - if(quotes) outlen += 2; - if(!arg) return outlen; - if(quotes && !io_ch(arg, "\"", 1)) return -1; - if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) - return -1; - if(quotes && !io_ch(arg, "\"", 1)) return -1; - return outlen; -} - -/* Used for line indenting: print 'indent' spaces */ - -static int do_indent(char_io *io_ch, void *arg, int indent) -{ - int i; - for(i = 0; i < indent; i++) - if(!io_ch(arg, " ", 1)) return 0; - return 1; -} - -#define FN_WIDTH_LN 25 -#define FN_WIDTH_SN 10 - -static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, - int indent, unsigned long flags) -{ - int i, prev = -1, orflags, cnt; - int fn_opt, fn_nid; - ASN1_OBJECT *fn; - ASN1_STRING *val; - X509_NAME_ENTRY *ent; - char objtmp[80]; - const char *objbuf; - int outlen, len; - char *sep_dn, *sep_mv, *sep_eq; - int sep_dn_len, sep_mv_len, sep_eq_len; - if(indent < 0) indent = 0; - outlen = indent; - if(!do_indent(io_ch, arg, indent)) return -1; - switch (flags & XN_FLAG_SEP_MASK) - { - case XN_FLAG_SEP_MULTILINE: - sep_dn = "\n"; - sep_dn_len = 1; - sep_mv = " + "; - sep_mv_len = 3; - break; - - case XN_FLAG_SEP_COMMA_PLUS: - sep_dn = ","; - sep_dn_len = 1; - sep_mv = "+"; - sep_mv_len = 1; - indent = 0; - break; - - case XN_FLAG_SEP_CPLUS_SPC: - sep_dn = ", "; - sep_dn_len = 2; - sep_mv = " + "; - sep_mv_len = 3; - indent = 0; - break; - - case XN_FLAG_SEP_SPLUS_SPC: - sep_dn = "; "; - sep_dn_len = 2; - sep_mv = " + "; - sep_mv_len = 3; - indent = 0; - break; - - default: - return -1; - } - - if(flags & XN_FLAG_SPC_EQ) { - sep_eq = " = "; - sep_eq_len = 3; - } else { - sep_eq = "="; - sep_eq_len = 1; - } - - fn_opt = flags & XN_FLAG_FN_MASK; - - cnt = X509_NAME_entry_count(n); - for(i = 0; i < cnt; i++) { - if(flags & XN_FLAG_DN_REV) - ent = X509_NAME_get_entry(n, cnt - i - 1); - else ent = X509_NAME_get_entry(n, i); - if(prev != -1) { - if(prev == ent->set) { - if(!io_ch(arg, sep_mv, sep_mv_len)) return -1; - outlen += sep_mv_len; - } else { - if(!io_ch(arg, sep_dn, sep_dn_len)) return -1; - outlen += sep_dn_len; - if(!do_indent(io_ch, arg, indent)) return -1; - outlen += indent; - } - } - prev = ent->set; - fn = X509_NAME_ENTRY_get_object(ent); - val = X509_NAME_ENTRY_get_data(ent); - fn_nid = OBJ_obj2nid(fn); - if(fn_opt != XN_FLAG_FN_NONE) { - int objlen, fld_len; - if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { - OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); - fld_len = 0; /* XXX: what should this be? */ - objbuf = objtmp; - } else { - if(fn_opt == XN_FLAG_FN_SN) { - fld_len = FN_WIDTH_SN; - objbuf = OBJ_nid2sn(fn_nid); - } else if(fn_opt == XN_FLAG_FN_LN) { - fld_len = FN_WIDTH_LN; - objbuf = OBJ_nid2ln(fn_nid); - } else { - fld_len = 0; /* XXX: what should this be? */ - objbuf = ""; - } - } - objlen = strlen(objbuf); - if(!io_ch(arg, objbuf, objlen)) return -1; - if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { - if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; - outlen += fld_len - objlen; - } - if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; - outlen += objlen + sep_eq_len; - } - /* If the field name is unknown then fix up the DER dump - * flag. We might want to limit this further so it will - * DER dump on anything other than a few 'standard' fields. - */ - if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) - orflags = ASN1_STRFLGS_DUMP_ALL; - else orflags = 0; - - len = do_print_ex(io_ch, arg, flags | orflags, val); - if(len < 0) return -1; - outlen += len; - } - return outlen; -} - -/* Wrappers round the main functions */ - -int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) -{ - if(flags == XN_FLAG_COMPAT) - return X509_NAME_print(out, nm, indent); - return do_name_ex(send_bio_chars, out, nm, indent, flags); -} - -#ifndef OPENSSL_NO_FP_API -int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) -{ - if(flags == XN_FLAG_COMPAT) - { - BIO *btmp; - int ret; - btmp = BIO_new_fp(fp, BIO_NOCLOSE); - if(!btmp) return -1; - ret = X509_NAME_print(btmp, nm, indent); - BIO_free(btmp); - return ret; - } - return do_name_ex(send_fp_chars, fp, nm, indent, flags); -} -#endif - -int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) -{ - return do_print_ex(send_bio_chars, out, flags, str); -} - -#ifndef OPENSSL_NO_FP_API -int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) -{ - return do_print_ex(send_fp_chars, fp, flags, str); -} -#endif - -/* Utility function: convert any string type to UTF8, returns number of bytes - * in output string or a negative error code - */ - -int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) -{ - ASN1_STRING stmp, *str = &stmp; - int mbflag, type, ret; - if(!in) return -1; - type = in->type; - if((type < 0) || (type > 30)) return -1; - mbflag = tag2nbyte[type]; - if(mbflag == -1) return -1; - mbflag |= MBSTRING_FLAG; - stmp.data = NULL; - ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); - if(ret < 0) return ret; - *out = stmp.data; - return stmp.length; -} diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c deleted file mode 100755 index b68ae433..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +++ /dev/null @@ -1,290 +0,0 @@ -/* a_strnid.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <ctype.h> -#include "cryptlib.h" -#include <openssl/asn1.h> -#include <openssl/objects.h> - - -static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; -static void st_free(ASN1_STRING_TABLE *tbl); -static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, - const ASN1_STRING_TABLE * const *b); -static int table_cmp(const void *a, const void *b); - - -/* This is the global mask for the mbstring functions: this is use to - * mask out certain types (such as BMPString and UTF8String) because - * certain software (e.g. Netscape) has problems with them. - */ - -static unsigned long global_mask = 0xFFFFFFFFL; - -void ASN1_STRING_set_default_mask(unsigned long mask) -{ - global_mask = mask; -} - -unsigned long ASN1_STRING_get_default_mask(void) -{ - return global_mask; -} - -/* This function sets the default to various "flavours" of configuration. - * based on an ASCII string. Currently this is: - * MASK:XXXX : a numerical mask value. - * nobmp : Don't use BMPStrings (just Printable, T61). - * pkix : PKIX recommendation in RFC2459. - * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). - * default: the default value, Printable, T61, BMP. - */ - -int ASN1_STRING_set_default_mask_asc(const char *p) -{ - unsigned long mask; - char *end; - if(!strncmp(p, "MASK:", 5)) { - if(!p[5]) return 0; - mask = strtoul(p + 5, &end, 0); - if(*end) return 0; - } else if(!strcmp(p, "nombstr")) - mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); - else if(!strcmp(p, "pkix")) - mask = ~((unsigned long)B_ASN1_T61STRING); - else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; - else if(!strcmp(p, "default")) - mask = 0xFFFFFFFFL; - else return 0; - ASN1_STRING_set_default_mask(mask); - return 1; -} - -/* The following function generates an ASN1_STRING based on limits in a table. - * Frequently the types and length of an ASN1_STRING are restricted by a - * corresponding OID. For example certificates and certificate requests. - */ - -ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, - int inlen, int inform, int nid) -{ - ASN1_STRING_TABLE *tbl; - ASN1_STRING *str = NULL; - unsigned long mask; - int ret; - if(!out) out = &str; - tbl = ASN1_STRING_TABLE_get(nid); - if(tbl) { - mask = tbl->mask; - if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; - ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, - tbl->minsize, tbl->maxsize); - } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); - if(ret <= 0) return NULL; - return *out; -} - -/* Now the tables and helper functions for the string table: - */ - -/* size limits: this stuff is taken straight from RFC3280 */ - -#define ub_name 32768 -#define ub_common_name 64 -#define ub_locality_name 128 -#define ub_state_name 128 -#define ub_organization_name 64 -#define ub_organization_unit_name 64 -#define ub_title 64 -#define ub_email_address 128 -#define ub_serial_number 64 - - -/* This table must be kept in NID order */ - -static ASN1_STRING_TABLE tbl_standard[] = { -{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, -{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, -{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, -{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, -{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, -{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, -{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, -{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, -{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, -{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, -{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, -{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} -}; - -static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, - const ASN1_STRING_TABLE * const *b) -{ - return (*a)->nid - (*b)->nid; -} - -static int table_cmp(const void *a, const void *b) -{ - const ASN1_STRING_TABLE *sa = a, *sb = b; - return sa->nid - sb->nid; -} - -ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) -{ - int idx; - ASN1_STRING_TABLE *ttmp; - ASN1_STRING_TABLE fnd; - fnd.nid = nid; - ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, - (char *)tbl_standard, - sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), - sizeof(ASN1_STRING_TABLE), table_cmp); - if(ttmp) return ttmp; - if(!stable) return NULL; - idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); - if(idx < 0) return NULL; - return sk_ASN1_STRING_TABLE_value(stable, idx); -} - -int ASN1_STRING_TABLE_add(int nid, - long minsize, long maxsize, unsigned long mask, - unsigned long flags) -{ - ASN1_STRING_TABLE *tmp; - char new_nid = 0; - flags &= ~STABLE_FLAGS_MALLOC; - if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if(!stable) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); - return 0; - } - if(!(tmp = ASN1_STRING_TABLE_get(nid))) { - tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); - if(!tmp) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, - ERR_R_MALLOC_FAILURE); - return 0; - } - tmp->flags = flags | STABLE_FLAGS_MALLOC; - tmp->nid = nid; - new_nid = 1; - } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; - if(minsize != -1) tmp->minsize = minsize; - if(maxsize != -1) tmp->maxsize = maxsize; - tmp->mask = mask; - if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); - return 1; -} - -void ASN1_STRING_TABLE_cleanup(void) -{ - STACK_OF(ASN1_STRING_TABLE) *tmp; - tmp = stable; - if(!tmp) return; - stable = NULL; - sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); -} - -static void st_free(ASN1_STRING_TABLE *tbl) -{ - if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); -} - - -IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) - -#ifdef STRING_TABLE_TEST - -main() -{ - ASN1_STRING_TABLE *tmp; - int i, last_nid = -1; - - for (tmp = tbl_standard, i = 0; - i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) - { - if (tmp->nid < last_nid) - { - last_nid = 0; - break; - } - last_nid = tmp->nid; - } - - if (last_nid != 0) - { - printf("Table order OK\n"); - exit(0); - } - - for (tmp = tbl_standard, i = 0; - i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) - printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, - OBJ_nid2ln(tmp->nid)); - -} - -#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_verify.c deleted file mode 100755 index da3efaaf..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +++ /dev/null @@ -1,186 +0,0 @@ -/* crypto/asn1/a_verify.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <time.h> - -#include "cryptlib.h" - -#ifndef NO_SYS_TYPES_H -# include <sys/types.h> -#endif - -#include <openssl/bn.h> -#include <openssl/x509.h> -#include <openssl/objects.h> -#include <openssl/buffer.h> -#include <openssl/evp.h> - -#ifndef NO_ASN1_OLD - -int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, - char *data, EVP_PKEY *pkey) - { - EVP_MD_CTX ctx; - const EVP_MD *type; - unsigned char *p,*buf_in=NULL; - int ret= -1,i,inl; - - EVP_MD_CTX_init(&ctx); - i=OBJ_obj2nid(a->algorithm); - type=EVP_get_digestbyname(OBJ_nid2sn(i)); - if (type == NULL) - { - ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); - goto err; - } - - inl=i2d(data,NULL); - buf_in=OPENSSL_malloc((unsigned int)inl); - if (buf_in == NULL) - { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); - goto err; - } - p=buf_in; - - i2d(data,&p); - if (!EVP_VerifyInit_ex(&ctx,type, NULL)) - { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); - ret=0; - goto err; - } - EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); - - OPENSSL_cleanse(buf_in,(unsigned int)inl); - OPENSSL_free(buf_in); - - if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, - (unsigned int)signature->length,pkey) <= 0) - { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); - ret=0; - goto err; - } - /* we don't need to zero the 'ctx' because we just checked - * public information */ - /* memset(&ctx,0,sizeof(ctx)); */ - ret=1; -err: - EVP_MD_CTX_cleanup(&ctx); - return(ret); - } - -#endif - - -int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, - void *asn, EVP_PKEY *pkey) - { - EVP_MD_CTX ctx; - const EVP_MD *type; - unsigned char *buf_in=NULL; - int ret= -1,i,inl; - - EVP_MD_CTX_init(&ctx); - i=OBJ_obj2nid(a->algorithm); - type=EVP_get_digestbyname(OBJ_nid2sn(i)); - if (type == NULL) - { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); - goto err; - } - - if (!EVP_VerifyInit_ex(&ctx,type, NULL)) - { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); - ret=0; - goto err; - } - - inl = ASN1_item_i2d(asn, &buf_in, it); - - if (buf_in == NULL) - { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); - goto err; - } - - EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); - - OPENSSL_cleanse(buf_in,(unsigned int)inl); - OPENSSL_free(buf_in); - - if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, - (unsigned int)signature->length,pkey) <= 0) - { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); - ret=0; - goto err; - } - /* we don't need to zero the 'ctx' because we just checked - * public information */ - /* memset(&ctx,0,sizeof(ctx)); */ - ret=1; -err: - EVP_MD_CTX_cleanup(&ctx); - return(ret); - } - - diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c deleted file mode 100755 index afb95d67..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +++ /dev/null @@ -1,839 +0,0 @@ -/* crypto/asn1/t_pkey.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Binary polynomial ECC support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/objects.h> -#include <openssl/buffer.h> -#include <openssl/bn.h> -#ifndef OPENSSL_NO_RSA -#include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif -#ifndef OPENSSL_NO_DSA -#include <openssl/dsa.h> -#endif -#ifndef OPENSSL_NO_EC -#include <openssl/ec.h> -#endif - -static int print(BIO *fp,const char *str, const BIGNUM *num, - unsigned char *buf,int off); -#ifndef OPENSSL_NO_EC -static int print_bin(BIO *fp, const char *str, const unsigned char *num, - size_t len, int off); -#endif -#ifndef OPENSSL_NO_RSA -#ifndef OPENSSL_NO_FP_API -int RSA_print_fp(FILE *fp, const RSA *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=RSA_print(b,x,off); - BIO_free(b); - return(ret); - } -#endif - -int RSA_print(BIO *bp, const RSA *x, int off) - { - char str[128]; - const char *s; - unsigned char *m=NULL; - int ret=0, mod_len = 0; - size_t buf_len=0, i; - - if (x->n) - buf_len = (size_t)BN_num_bytes(x->n); - if (x->e) - if (buf_len < (i = (size_t)BN_num_bytes(x->e))) - buf_len = i; - if (x->d) - if (buf_len < (i = (size_t)BN_num_bytes(x->d))) - buf_len = i; - if (x->p) - if (buf_len < (i = (size_t)BN_num_bytes(x->p))) - buf_len = i; - if (x->q) - if (buf_len < (i = (size_t)BN_num_bytes(x->q))) - buf_len = i; - if (x->dmp1) - if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1))) - buf_len = i; - if (x->dmq1) - if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1))) - buf_len = i; - if (x->iqmp) - if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp))) - buf_len = i; - - m=(unsigned char *)OPENSSL_malloc(buf_len+10); - if (m == NULL) - { - RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (x->n != NULL) - mod_len = BN_num_bits(x->n); - - if (x->d != NULL) - { - if(!BIO_indent(bp,off,128)) - goto err; - if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) - <= 0) goto err; - } - - if (x->d == NULL) - BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len); - else - BUF_strlcpy(str,"modulus:",sizeof str); - if (!print(bp,str,x->n,m,off)) goto err; - s=(x->d == NULL)?"Exponent:":"publicExponent:"; - if ((x->e != NULL) && !print(bp,s,x->e,m,off)) - goto err; - if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off)) - goto err; - if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off)) - goto err; - if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off)) - goto err; - if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off)) - goto err; - if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off)) - goto err; - if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off)) - goto err; - ret=1; -err: - if (m != NULL) OPENSSL_free(m); - return(ret); - } -#endif /* OPENSSL_NO_RSA */ - -#ifndef OPENSSL_NO_DSA -#ifndef OPENSSL_NO_FP_API -int DSA_print_fp(FILE *fp, const DSA *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSA_print(b,x,off); - BIO_free(b); - return(ret); - } -#endif - -int DSA_print(BIO *bp, const DSA *x, int off) - { - unsigned char *m=NULL; - int ret=0; - size_t buf_len=0,i; - - if (x->p) - buf_len = (size_t)BN_num_bytes(x->p); - else - { - DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); - goto err; - } - if (x->q) - if (buf_len < (i = (size_t)BN_num_bytes(x->q))) - buf_len = i; - if (x->g) - if (buf_len < (i = (size_t)BN_num_bytes(x->g))) - buf_len = i; - if (x->priv_key) - if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key))) - buf_len = i; - if (x->pub_key) - if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key))) - buf_len = i; - - m=(unsigned char *)OPENSSL_malloc(buf_len+10); - if (m == NULL) - { - DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (x->priv_key != NULL) - { - if(!BIO_indent(bp,off,128)) - goto err; - if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) - <= 0) goto err; - } - - if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off)) - goto err; - if ((x->pub_key != NULL) && !print(bp,"pub: ",x->pub_key,m,off)) - goto err; - if ((x->p != NULL) && !print(bp,"P: ",x->p,m,off)) goto err; - if ((x->q != NULL) && !print(bp,"Q: ",x->q,m,off)) goto err; - if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err; - ret=1; -err: - if (m != NULL) OPENSSL_free(m); - return(ret); - } -#endif /* !OPENSSL_NO_DSA */ - -#ifndef OPENSSL_NO_EC -#ifndef OPENSSL_NO_FP_API -int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = ECPKParameters_print(b, x, off); - BIO_free(b); - return(ret); - } - -int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); - return(0); - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = EC_KEY_print(b, x, off); - BIO_free(b); - return(ret); - } -#endif - -int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) - { - unsigned char *buffer=NULL; - size_t buf_len=0, i; - int ret=0, reason=ERR_R_BIO_LIB; - BN_CTX *ctx=NULL; - const EC_POINT *point=NULL; - BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, - *order=NULL, *cofactor=NULL; - const unsigned char *seed; - size_t seed_len=0; - - static const char *gen_compressed = "Generator (compressed):"; - static const char *gen_uncompressed = "Generator (uncompressed):"; - static const char *gen_hybrid = "Generator (hybrid):"; - - if (!x) - { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - if (EC_GROUP_get_asn1_flag(x)) - { - /* the curve parameter are given by an asn1 OID */ - int nid; - - if (!BIO_indent(bp, off, 128)) - goto err; - - nid = EC_GROUP_get_curve_name(x); - if (nid == 0) - goto err; - - if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) - goto err; - if (BIO_printf(bp, "\n") <= 0) - goto err; - } - else - { - /* explicit parameters */ - int is_char_two = 0; - point_conversion_form_t form; - int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); - - if (tmp_nid == NID_X9_62_characteristic_two_field) - is_char_two = 1; - - if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || - (b = BN_new()) == NULL || (order = BN_new()) == NULL || - (cofactor = BN_new()) == NULL) - { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (is_char_two) - { - if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) - { - reason = ERR_R_EC_LIB; - goto err; - } - } - else /* prime field */ - { - if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) - { - reason = ERR_R_EC_LIB; - goto err; - } - } - - if ((point = EC_GROUP_get0_generator(x)) == NULL) - { - reason = ERR_R_EC_LIB; - goto err; - } - if (!EC_GROUP_get_order(x, order, NULL) || - !EC_GROUP_get_cofactor(x, cofactor, NULL)) - { - reason = ERR_R_EC_LIB; - goto err; - } - - form = EC_GROUP_get_point_conversion_form(x); - - if ((gen = EC_POINT_point2bn(x, point, - form, NULL, ctx)) == NULL) - { - reason = ERR_R_EC_LIB; - goto err; - } - - buf_len = (size_t)BN_num_bytes(p); - if (buf_len < (i = (size_t)BN_num_bytes(a))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(b))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(gen))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(order))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) - buf_len = i; - - if ((seed = EC_GROUP_get0_seed(x)) != NULL) - seed_len = EC_GROUP_get_seed_len(x); - - buf_len += 10; - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) - { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (!BIO_indent(bp, off, 128)) - goto err; - - /* print the 'short name' of the field type */ - if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) - <= 0) - goto err; - - if (is_char_two) - { - /* print the 'short name' of the base type OID */ - int basis_type = EC_GROUP_get_basis_type(x); - if (basis_type == 0) - goto err; - - if (!BIO_indent(bp, off, 128)) - goto err; - - if (BIO_printf(bp, "Basis Type: %s\n", - OBJ_nid2sn(basis_type)) <= 0) - goto err; - - /* print the polynomial */ - if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, - off)) - goto err; - } - else - { - if ((p != NULL) && !print(bp, "Prime:", p, buffer,off)) - goto err; - } - if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) - goto err; - if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) - goto err; - if (form == POINT_CONVERSION_COMPRESSED) - { - if ((gen != NULL) && !print(bp, gen_compressed, gen, - buffer, off)) - goto err; - } - else if (form == POINT_CONVERSION_UNCOMPRESSED) - { - if ((gen != NULL) && !print(bp, gen_uncompressed, gen, - buffer, off)) - goto err; - } - else /* form == POINT_CONVERSION_HYBRID */ - { - if ((gen != NULL) && !print(bp, gen_hybrid, gen, - buffer, off)) - goto err; - } - if ((order != NULL) && !print(bp, "Order: ", order, - buffer, off)) goto err; - if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, - buffer, off)) goto err; - if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) - goto err; - } - ret=1; -err: - if (!ret) - ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); - if (p) - BN_free(p); - if (a) - BN_free(a); - if (b) - BN_free(b); - if (gen) - BN_free(gen); - if (order) - BN_free(order); - if (cofactor) - BN_free(cofactor); - if (ctx) - BN_CTX_free(ctx); - if (buffer != NULL) - OPENSSL_free(buffer); - return(ret); - } - -int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) - { - unsigned char *buffer=NULL; - size_t buf_len=0, i; - int ret=0, reason=ERR_R_BIO_LIB; - BIGNUM *pub_key=NULL, *order=NULL; - BN_CTX *ctx=NULL; - const EC_GROUP *group; - const EC_POINT *public_key; - const BIGNUM *priv_key; - - if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) - { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - public_key = EC_KEY_get0_public_key(x); - if ((pub_key = EC_POINT_point2bn(group, public_key, - EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) - { - reason = ERR_R_EC_LIB; - goto err; - } - - buf_len = (size_t)BN_num_bytes(pub_key); - priv_key = EC_KEY_get0_private_key(x); - if (priv_key != NULL) - { - if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len) - buf_len = i; - } - - buf_len += 10; - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) - { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (priv_key != NULL) - { - if (!BIO_indent(bp, off, 128)) - goto err; - if ((order = BN_new()) == NULL) - goto err; - if (!EC_GROUP_get_order(group, order, NULL)) - goto err; - if (BIO_printf(bp, "Private-Key: (%d bit)\n", - BN_num_bits(order)) <= 0) goto err; - } - - if ((priv_key != NULL) && !print(bp, "priv:", priv_key, - buffer, off)) - goto err; - if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, - buffer, off)) - goto err; - if (!ECPKParameters_print(bp, group, off)) - goto err; - ret=1; -err: - if (!ret) - ECerr(EC_F_EC_KEY_PRINT, reason); - if (pub_key) - BN_free(pub_key); - if (order) - BN_free(order); - if (ctx) - BN_CTX_free(ctx); - if (buffer != NULL) - OPENSSL_free(buffer); - return(ret); - } -#endif /* OPENSSL_NO_EC */ - -static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, - int off) - { - int n,i; - const char *neg; - - if (num == NULL) return(1); - neg = (BN_is_negative(num))?"-":""; - if(!BIO_indent(bp,off,128)) - return 0; - if (BN_is_zero(num)) - { - if (BIO_printf(bp, "%s 0\n", number) <= 0) - return 0; - return 1; - } - - if (BN_num_bytes(num) <= BN_BYTES) - { - if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg, - (unsigned long)num->d[0],neg,(unsigned long)num->d[0]) - <= 0) return(0); - } - else - { - buf[0]=0; - if (BIO_printf(bp,"%s%s",number, - (neg[0] == '-')?" (Negative)":"") <= 0) - return(0); - n=BN_bn2bin(num,&buf[1]); - - if (buf[1] & 0x80) - n++; - else buf++; - - for (i=0; i<n; i++) - { - if ((i%15) == 0) - { - if(BIO_puts(bp,"\n") <= 0 - || !BIO_indent(bp,off+4,128)) - return 0; - } - if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":") - <= 0) return(0); - } - if (BIO_write(bp,"\n",1) <= 0) return(0); - } - return(1); - } - -#ifndef OPENSSL_NO_EC -static int print_bin(BIO *fp, const char *name, const unsigned char *buf, - size_t len, int off) - { - size_t i; - char str[128]; - - if (buf == NULL) - return 1; - if (off) - { - if (off > 128) - off=128; - memset(str,' ',off); - if (BIO_write(fp, str, off) <= 0) - return 0; - } - - if (BIO_printf(fp,"%s", name) <= 0) - return 0; - - for (i=0; i<len; i++) - { - if ((i%15) == 0) - { - str[0]='\n'; - memset(&(str[1]),' ',off+4); - if (BIO_write(fp, str, off+1+4) <= 0) - return 0; - } - if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0) - return 0; - } - if (BIO_write(fp,"\n",1) <= 0) - return 0; - - return 1; - } -#endif - -#ifndef OPENSSL_NO_DH -#ifndef OPENSSL_NO_FP_API -int DHparams_print_fp(FILE *fp, const DH *x) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DHparams_print(b, x); - BIO_free(b); - return(ret); - } -#endif - -int DHparams_print(BIO *bp, const DH *x) - { - unsigned char *m=NULL; - int reason=ERR_R_BUF_LIB,ret=0; - size_t buf_len=0, i; - - if (x->p) - buf_len = (size_t)BN_num_bytes(x->p); - else - { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - if (x->g) - if (buf_len < (i = (size_t)BN_num_bytes(x->g))) - buf_len = i; - m=(unsigned char *)OPENSSL_malloc(buf_len+10); - if (m == NULL) - { - reason=ERR_R_MALLOC_FAILURE; - goto err; - } - - if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n", - BN_num_bits(x->p)) <= 0) - goto err; - if (!print(bp,"prime:",x->p,m,4)) goto err; - if (!print(bp,"generator:",x->g,m,4)) goto err; - if (x->length != 0) - { - if (BIO_printf(bp," recommended-private-length: %d bits\n", - (int)x->length) <= 0) goto err; - } - ret=1; - if (0) - { -err: - DHerr(DH_F_DHPARAMS_PRINT,reason); - } - if (m != NULL) OPENSSL_free(m); - return(ret); - } -#endif - -#ifndef OPENSSL_NO_DSA -#ifndef OPENSSL_NO_FP_API -int DSAparams_print_fp(FILE *fp, const DSA *x) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSAparams_print(b, x); - BIO_free(b); - return(ret); - } -#endif - -int DSAparams_print(BIO *bp, const DSA *x) - { - unsigned char *m=NULL; - int ret=0; - size_t buf_len=0,i; - - if (x->p) - buf_len = (size_t)BN_num_bytes(x->p); - else - { - DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS); - goto err; - } - if (x->q) - if (buf_len < (i = (size_t)BN_num_bytes(x->q))) - buf_len = i; - if (x->g) - if (buf_len < (i = (size_t)BN_num_bytes(x->g))) - buf_len = i; - m=(unsigned char *)OPENSSL_malloc(buf_len+10); - if (m == NULL) - { - DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n", - BN_num_bits(x->p)) <= 0) - goto err; - if (!print(bp,"p:",x->p,m,4)) goto err; - if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err; - if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err; - ret=1; -err: - if (m != NULL) OPENSSL_free(m); - return(ret); - } - -#endif /* !OPENSSL_NO_DSA */ - -#ifndef OPENSSL_NO_EC -#ifndef OPENSSL_NO_FP_API -int ECParameters_print_fp(FILE *fp, const EC_KEY *x) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); - return(0); - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = ECParameters_print(b, x); - BIO_free(b); - return(ret); - } -#endif - -int ECParameters_print(BIO *bp, const EC_KEY *x) - { - int reason=ERR_R_EC_LIB, ret=0; - BIGNUM *order=NULL; - const EC_GROUP *group; - - if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) - { - reason = ERR_R_PASSED_NULL_PARAMETER;; - goto err; - } - - if ((order = BN_new()) == NULL) - { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (!EC_GROUP_get_order(group, order, NULL)) - { - reason = ERR_R_EC_LIB; - goto err; - } - - if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", - BN_num_bits(order)) <= 0) - goto err; - if (!ECPKParameters_print(bp, group, 4)) - goto err; - ret=1; -err: - if (order) - BN_free(order); - ECerr(EC_F_ECPARAMETERS_PRINT, reason); - return(ret); - } - -#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c deleted file mode 100755 index 94d9f7eb..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +++ /dev/null @@ -1,540 +0,0 @@ -/* crypto/asn1/x_pubkey.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/asn1t.h> -#include <openssl/x509.h> -#ifndef OPENSSL_NO_RSA -#include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -#include <openssl/dsa.h> -#endif - -/* Minor tweak to operation: free up EVP_PKEY */ -static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { - if (operation == ASN1_OP_FREE_POST) - { - X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; - EVP_PKEY_free(pubkey->pkey); - } - return 1; - } - -ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { - ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), - ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) - -IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) - -int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) - { - X509_PUBKEY *pk=NULL; - X509_ALGOR *a; - ASN1_OBJECT *o; - unsigned char *s,*p = NULL; - int i; - - if (x == NULL) return(0); - - if ((pk=X509_PUBKEY_new()) == NULL) goto err; - a=pk->algor; - - /* set the algorithm id */ - if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; - ASN1_OBJECT_free(a->algorithm); - a->algorithm=o; - - /* Set the parameter list */ - if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) - { - if ((a->parameter == NULL) || - (a->parameter->type != V_ASN1_NULL)) - { - ASN1_TYPE_free(a->parameter); - if (!(a->parameter=ASN1_TYPE_new())) - { - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - a->parameter->type=V_ASN1_NULL; - } - } -#ifndef OPENSSL_NO_DSA - else if (pkey->type == EVP_PKEY_DSA) - { - unsigned char *pp; - DSA *dsa; - - dsa=pkey->pkey.dsa; - dsa->write_params=0; - ASN1_TYPE_free(a->parameter); - if ((i=i2d_DSAparams(dsa,NULL)) <= 0) - goto err; - if (!(p=(unsigned char *)OPENSSL_malloc(i))) - { - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - pp=p; - i2d_DSAparams(dsa,&pp); - if (!(a->parameter=ASN1_TYPE_new())) - { - OPENSSL_free(p); - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - a->parameter->type=V_ASN1_SEQUENCE; - if (!(a->parameter->value.sequence=ASN1_STRING_new())) - { - OPENSSL_free(p); - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) - { - OPENSSL_free(p); - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - OPENSSL_free(p); - } -#endif -#ifndef OPENSSL_NO_EC - else if (pkey->type == EVP_PKEY_EC) - { - int nid=0; - unsigned char *pp; - EC_KEY *ec_key; - const EC_GROUP *group; - - ec_key = pkey->pkey.ec; - ASN1_TYPE_free(a->parameter); - - if ((a->parameter = ASN1_TYPE_new()) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); - goto err; - } - - group = EC_KEY_get0_group(ec_key); - if (EC_GROUP_get_asn1_flag(group) - && (nid = EC_GROUP_get_curve_name(group))) - { - /* just set the OID */ - a->parameter->type = V_ASN1_OBJECT; - a->parameter->value.object = OBJ_nid2obj(nid); - } - else /* explicit parameters */ - { - if ((i = i2d_ECParameters(ec_key, NULL)) == 0) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); - goto err; - } - if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); - goto err; - } - pp = p; - if (!i2d_ECParameters(ec_key, &pp)) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); - OPENSSL_free(p); - goto err; - } - a->parameter->type = V_ASN1_SEQUENCE; - if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); - OPENSSL_free(p); - goto err; - } - ASN1_STRING_set(a->parameter->value.sequence, p, i); - OPENSSL_free(p); - } - } -#endif - else if (1) - { - X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); - goto err; - } - - if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; - if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - p=s; - i2d_PublicKey(pkey,&p); - if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) - { - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - /* Set number of unused bits to zero */ - pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; - - OPENSSL_free(s); - -#if 0 - CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - pk->pkey=pkey; -#endif - - if (*x != NULL) - X509_PUBKEY_free(*x); - - *x=pk; - - return 1; -err: - if (pk != NULL) X509_PUBKEY_free(pk); - return 0; - } - -EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) - { - EVP_PKEY *ret=NULL; - long j; - int type; - const unsigned char *p; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) - const unsigned char *cp; - X509_ALGOR *a; -#endif - - if (key == NULL) goto err; - - if (key->pkey != NULL) - { - CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - return(key->pkey); - } - - if (key->public_key == NULL) goto err; - - type=OBJ_obj2nid(key->algor->algorithm); - if ((ret = EVP_PKEY_new()) == NULL) - { - X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); - goto err; - } - ret->type = EVP_PKEY_type(type); - - /* the parameters must be extracted before the public key (ECDSA!) */ - -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) - a=key->algor; -#endif - - if (0) - ; -#ifndef OPENSSL_NO_DSA - else if (ret->type == EVP_PKEY_DSA) - { - if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) - { - if ((ret->pkey.dsa = DSA_new()) == NULL) - { - X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); - goto err; - } - ret->pkey.dsa->write_params=0; - cp=p=a->parameter->value.sequence->data; - j=a->parameter->value.sequence->length; - if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) - goto err; - } - ret->save_parameters=1; - } -#endif -#ifndef OPENSSL_NO_EC - else if (ret->type == EVP_PKEY_EC) - { - if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) - { - /* type == V_ASN1_SEQUENCE => we have explicit parameters - * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) - */ - if ((ret->pkey.ec= EC_KEY_new()) == NULL) - { - X509err(X509_F_X509_PUBKEY_GET, - ERR_R_MALLOC_FAILURE); - goto err; - } - cp = p = a->parameter->value.sequence->data; - j = a->parameter->value.sequence->length; - if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) - { - X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); - goto err; - } - } - else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) - { - /* type == V_ASN1_OBJECT => the parameters are given - * by an asn1 OID - */ - EC_KEY *ec_key; - EC_GROUP *group; - - if (ret->pkey.ec == NULL) - ret->pkey.ec = EC_KEY_new(); - ec_key = ret->pkey.ec; - if (ec_key == NULL) - goto err; - group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); - if (group == NULL) - goto err; - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - if (EC_KEY_set_group(ec_key, group) == 0) - goto err; - EC_GROUP_free(group); - } - /* the case implicitlyCA is currently not implemented */ - ret->save_parameters = 1; - } -#endif - - p=key->public_key->data; - j=key->public_key->length; - if (!d2i_PublicKey(type, &ret, &p, (long)j)) - { - X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); - goto err; - } - - /* Check to see if another thread set key->pkey first */ - CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); - if (key->pkey) - { - EVP_PKEY_free(ret); - ret = key->pkey; - } - else - key->pkey = ret; - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); - CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); - return(ret); -err: - if (ret != NULL) - EVP_PKEY_free(ret); - return(NULL); - } - -/* Now two pseudo ASN1 routines that take an EVP_PKEY structure - * and encode or decode as X509_PUBKEY - */ - -EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, - long length) - { - X509_PUBKEY *xpk; - EVP_PKEY *pktmp; - xpk = d2i_X509_PUBKEY(NULL, pp, length); - if(!xpk) return NULL; - pktmp = X509_PUBKEY_get(xpk); - X509_PUBKEY_free(xpk); - if(!pktmp) return NULL; - if(a) - { - EVP_PKEY_free(*a); - *a = pktmp; - } - return pktmp; - } - -int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) - { - X509_PUBKEY *xpk=NULL; - int ret; - if(!a) return 0; - if(!X509_PUBKEY_set(&xpk, a)) return 0; - ret = i2d_X509_PUBKEY(xpk, pp); - X509_PUBKEY_free(xpk); - return ret; - } - -/* The following are equivalents but which return RSA and DSA - * keys - */ -#ifndef OPENSSL_NO_RSA -RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, - long length) - { - EVP_PKEY *pkey; - RSA *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) return NULL; - key = EVP_PKEY_get1_RSA(pkey); - EVP_PKEY_free(pkey); - if (!key) return NULL; - *pp = q; - if (a) - { - RSA_free(*a); - *a = key; - } - return key; - } - -int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) - { - EVP_PKEY *pktmp; - int ret; - if (!a) return 0; - pktmp = EVP_PKEY_new(); - if (!pktmp) - { - ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); - return 0; - } - EVP_PKEY_set1_RSA(pktmp, a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return ret; - } -#endif - -#ifndef OPENSSL_NO_DSA -DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, - long length) - { - EVP_PKEY *pkey; - DSA *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) return NULL; - key = EVP_PKEY_get1_DSA(pkey); - EVP_PKEY_free(pkey); - if (!key) return NULL; - *pp = q; - if (a) - { - DSA_free(*a); - *a = key; - } - return key; - } - -int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) - { - EVP_PKEY *pktmp; - int ret; - if(!a) return 0; - pktmp = EVP_PKEY_new(); - if(!pktmp) - { - ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); - return 0; - } - EVP_PKEY_set1_DSA(pktmp, a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return ret; - } -#endif - -#ifndef OPENSSL_NO_EC -EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) - { - EVP_PKEY *pkey; - EC_KEY *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) return(NULL); - key = EVP_PKEY_get1_EC_KEY(pkey); - EVP_PKEY_free(pkey); - if (!key) return(NULL); - *pp = q; - if (a) - { - EC_KEY_free(*a); - *a = key; - } - return(key); - } - -int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) - { - EVP_PKEY *pktmp; - int ret; - if (!a) return(0); - if ((pktmp = EVP_PKEY_new()) == NULL) - { - ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); - return(0); - } - EVP_PKEY_set1_EC_KEY(pktmp, a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return(ret); - } -#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_lib.c deleted file mode 100755 index 32a8fbaf..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +++ /dev/null @@ -1,826 +0,0 @@ -/* crypto/bn/bn_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef BN_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - -#include <assert.h> -#include <limits.h> -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; - -/* This stuff appears to be completely unused, so is deprecated */ -#ifndef OPENSSL_NO_DEPRECATED -/* For a 32 bit machine - * 2 - 4 == 128 - * 3 - 8 == 256 - * 4 - 16 == 512 - * 5 - 32 == 1024 - * 6 - 64 == 2048 - * 7 - 128 == 4096 - * 8 - 256 == 8192 - */ -static int bn_limit_bits=0; -static int bn_limit_num=8; /* (1<<bn_limit_bits) */ -static int bn_limit_bits_low=0; -static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */ -static int bn_limit_bits_high=0; -static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */ -static int bn_limit_bits_mont=0; -static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */ - -void BN_set_params(int mult, int high, int low, int mont) - { - if (mult >= 0) - { - if (mult > (int)(sizeof(int)*8)-1) - mult=sizeof(int)*8-1; - bn_limit_bits=mult; - bn_limit_num=1<<mult; - } - if (high >= 0) - { - if (high > (int)(sizeof(int)*8)-1) - high=sizeof(int)*8-1; - bn_limit_bits_high=high; - bn_limit_num_high=1<<high; - } - if (low >= 0) - { - if (low > (int)(sizeof(int)*8)-1) - low=sizeof(int)*8-1; - bn_limit_bits_low=low; - bn_limit_num_low=1<<low; - } - if (mont >= 0) - { - if (mont > (int)(sizeof(int)*8)-1) - mont=sizeof(int)*8-1; - bn_limit_bits_mont=mont; - bn_limit_num_mont=1<<mont; - } - } - -int BN_get_params(int which) - { - if (which == 0) return(bn_limit_bits); - else if (which == 1) return(bn_limit_bits_high); - else if (which == 2) return(bn_limit_bits_low); - else if (which == 3) return(bn_limit_bits_mont); - else return(0); - } -#endif - -const BIGNUM *BN_value_one(void) - { - static BN_ULONG data_one=1L; - static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA}; - - return(&const_one); - } - -int BN_num_bits_word(BN_ULONG l) - { - static const char bits[256]={ - 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, - 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, - 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, - 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - }; - -#if defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffffffff00000000L) - { - if (l & 0xffff000000000000L) - { - if (l & 0xff00000000000000L) - { - return(bits[(int)(l>>56)]+56); - } - else return(bits[(int)(l>>48)]+48); - } - else - { - if (l & 0x0000ff0000000000L) - { - return(bits[(int)(l>>40)]+40); - } - else return(bits[(int)(l>>32)]+32); - } - } - else -#else -#ifdef SIXTY_FOUR_BIT - if (l & 0xffffffff00000000LL) - { - if (l & 0xffff000000000000LL) - { - if (l & 0xff00000000000000LL) - { - return(bits[(int)(l>>56)]+56); - } - else return(bits[(int)(l>>48)]+48); - } - else - { - if (l & 0x0000ff0000000000LL) - { - return(bits[(int)(l>>40)]+40); - } - else return(bits[(int)(l>>32)]+32); - } - } - else -#endif -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffff0000L) - { - if (l & 0xff000000L) - return(bits[(int)(l>>24L)]+24); - else return(bits[(int)(l>>16L)]+16); - } - else -#endif - { -#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xff00L) - return(bits[(int)(l>>8)]+8); - else -#endif - return(bits[(int)(l )] ); - } - } - } - -int BN_num_bits(const BIGNUM *a) - { - int i = a->top - 1; - bn_check_top(a); - - if (BN_is_zero(a)) return 0; - return ((i*BN_BITS2) + BN_num_bits_word(a->d[i])); - } - -void BN_clear_free(BIGNUM *a) - { - int i; - - if (a == NULL) return; - bn_check_top(a); - if (a->d != NULL) - { - OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); - if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) - OPENSSL_free(a->d); - } - i=BN_get_flags(a,BN_FLG_MALLOCED); - OPENSSL_cleanse(a,sizeof(BIGNUM)); - if (i) - OPENSSL_free(a); - } - -void BN_free(BIGNUM *a) - { - if (a == NULL) return; - bn_check_top(a); - if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) - OPENSSL_free(a->d); - if (a->flags & BN_FLG_MALLOCED) - OPENSSL_free(a); - else - { -#ifndef OPENSSL_NO_DEPRECATED - a->flags|=BN_FLG_FREE; -#endif - a->d = NULL; - } - } - -void BN_init(BIGNUM *a) - { - memset(a,0,sizeof(BIGNUM)); - bn_check_top(a); - } - -BIGNUM *BN_new(void) - { - BIGNUM *ret; - - if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) - { - BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->flags=BN_FLG_MALLOCED; - ret->top=0; - ret->neg=0; - ret->dmax=0; - ret->d=NULL; - bn_check_top(ret); - return(ret); - } - -/* This is used both by bn_expand2() and bn_dup_expand() */ -/* The caller MUST check that words > b->dmax before calling this */ -static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) - { - BN_ULONG *A,*a = NULL; - const BN_ULONG *B; - int i; - - bn_check_top(b); - - if (words > (INT_MAX/(4*BN_BITS2))) - { - BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); - return NULL; - } - if (BN_get_flags(b,BN_FLG_STATIC_DATA)) - { - BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); - return(NULL); - } - a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words); - if (A == NULL) - { - BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); - return(NULL); - } -#if 1 - B=b->d; - /* Check if the previous number needs to be copied */ - if (B != NULL) - { - for (i=b->top>>2; i>0; i--,A+=4,B+=4) - { - /* - * The fact that the loop is unrolled - * 4-wise is a tribute to Intel. It's - * the one that doesn't have enough - * registers to accomodate more data. - * I'd unroll it 8-wise otherwise:-) - * - * <appro@fy.chalmers.se> - */ - BN_ULONG a0,a1,a2,a3; - a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; - A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; - } - switch (b->top&3) - { - case 3: A[2]=B[2]; - case 2: A[1]=B[1]; - case 1: A[0]=B[0]; - case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 */ - ; - } - } - -#else - memset(A,0,sizeof(BN_ULONG)*words); - memcpy(A,b->d,sizeof(b->d[0])*b->top); -#endif - - return(a); - } - -/* This is an internal function that can be used instead of bn_expand2() - * when there is a need to copy BIGNUMs instead of only expanding the - * data part, while still expanding them. - * Especially useful when needing to expand BIGNUMs that are declared - * 'const' and should therefore not be changed. - * The reason to use this instead of a BN_dup() followed by a bn_expand2() - * is memory allocation overhead. A BN_dup() followed by a bn_expand2() - * will allocate new memory for the BIGNUM data twice, and free it once, - * while bn_dup_expand() makes sure allocation is made only once. - */ - -#ifndef OPENSSL_NO_DEPRECATED -BIGNUM *bn_dup_expand(const BIGNUM *b, int words) - { - BIGNUM *r = NULL; - - bn_check_top(b); - - /* This function does not work if - * words <= b->dmax && top < words - * because BN_dup() does not preserve 'dmax'! - * (But bn_dup_expand() is not used anywhere yet.) - */ - - if (words > b->dmax) - { - BN_ULONG *a = bn_expand_internal(b, words); - - if (a) - { - r = BN_new(); - if (r) - { - r->top = b->top; - r->dmax = words; - r->neg = b->neg; - r->d = a; - } - else - { - /* r == NULL, BN_new failure */ - OPENSSL_free(a); - } - } - /* If a == NULL, there was an error in allocation in - bn_expand_internal(), and NULL should be returned */ - } - else - { - r = BN_dup(b); - } - - bn_check_top(r); - return r; - } -#endif - -/* This is an internal function that should not be used in applications. - * It ensures that 'b' has enough room for a 'words' word number - * and initialises any unused part of b->d with leading zeros. - * It is mostly used by the various BIGNUM routines. If there is an error, - * NULL is returned. If not, 'b' is returned. */ - -BIGNUM *bn_expand2(BIGNUM *b, int words) - { - bn_check_top(b); - - if (words > b->dmax) - { - BN_ULONG *a = bn_expand_internal(b, words); - if(!a) return NULL; - if(b->d) OPENSSL_free(b->d); - b->d=a; - b->dmax=words; - } - -/* None of this should be necessary because of what b->top means! */ -#if 0 - /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ - if (b->top < b->dmax) - { - int i; - BN_ULONG *A = &(b->d[b->top]); - for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) - { - A[0]=0; A[1]=0; A[2]=0; A[3]=0; - A[4]=0; A[5]=0; A[6]=0; A[7]=0; - } - for (i=(b->dmax - b->top)&7; i>0; i--,A++) - A[0]=0; - assert(A == &(b->d[b->dmax])); - } -#endif - bn_check_top(b); - return b; - } - -BIGNUM *BN_dup(const BIGNUM *a) - { - BIGNUM *t; - - if (a == NULL) return NULL; - bn_check_top(a); - - t = BN_new(); - if (t == NULL) return NULL; - if(!BN_copy(t, a)) - { - BN_free(t); - return NULL; - } - bn_check_top(t); - return t; - } - -BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) - { - int i; - BN_ULONG *A; - const BN_ULONG *B; - - bn_check_top(b); - - if (a == b) return(a); - if (bn_wexpand(a,b->top) == NULL) return(NULL); - -#if 1 - A=a->d; - B=b->d; - for (i=b->top>>2; i>0; i--,A+=4,B+=4) - { - BN_ULONG a0,a1,a2,a3; - a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; - A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; - } - switch (b->top&3) - { - case 3: A[2]=B[2]; - case 2: A[1]=B[1]; - case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ - } -#else - memcpy(a->d,b->d,sizeof(b->d[0])*b->top); -#endif - - a->top=b->top; - a->neg=b->neg; - bn_check_top(a); - return(a); - } - -void BN_swap(BIGNUM *a, BIGNUM *b) - { - int flags_old_a, flags_old_b; - BN_ULONG *tmp_d; - int tmp_top, tmp_dmax, tmp_neg; - - bn_check_top(a); - bn_check_top(b); - - flags_old_a = a->flags; - flags_old_b = b->flags; - - tmp_d = a->d; - tmp_top = a->top; - tmp_dmax = a->dmax; - tmp_neg = a->neg; - - a->d = b->d; - a->top = b->top; - a->dmax = b->dmax; - a->neg = b->neg; - - b->d = tmp_d; - b->top = tmp_top; - b->dmax = tmp_dmax; - b->neg = tmp_neg; - - a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); - b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); - bn_check_top(a); - bn_check_top(b); - } - -void BN_clear(BIGNUM *a) - { - bn_check_top(a); - if (a->d != NULL) - memset(a->d,0,a->dmax*sizeof(a->d[0])); - a->top=0; - a->neg=0; - } - -BN_ULONG BN_get_word(const BIGNUM *a) - { - if (a->top > 1) - return BN_MASK2; - else if (a->top == 1) - return a->d[0]; - /* a->top == 0 */ - return 0; - } - -int BN_set_word(BIGNUM *a, BN_ULONG w) - { - bn_check_top(a); - if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); - a->neg = 0; - a->d[0] = w; - a->top = (w ? 1 : 0); - bn_check_top(a); - return(1); - } - -BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) - { - unsigned int i,m; - unsigned int n; - BN_ULONG l; - BIGNUM *bn = NULL; - - if (ret == NULL) - ret = bn = BN_new(); - if (ret == NULL) return(NULL); - bn_check_top(ret); - l=0; - n=len; - if (n == 0) - { - ret->top=0; - return(ret); - } - i=((n-1)/BN_BYTES)+1; - m=((n-1)%(BN_BYTES)); - if (bn_wexpand(ret, (int)i) == NULL) - { - if (bn) BN_free(bn); - return NULL; - } - ret->top=i; - ret->neg=0; - while (n--) - { - l=(l<<8L)| *(s++); - if (m-- == 0) - { - ret->d[--i]=l; - l=0; - m=BN_BYTES-1; - } - } - /* need to call this due to clear byte at top if avoiding - * having the top bit set (-ve number) */ - bn_correct_top(ret); - return(ret); - } - -/* ignore negative */ -int BN_bn2bin(const BIGNUM *a, unsigned char *to) - { - int n,i; - BN_ULONG l; - - bn_check_top(a); - n=i=BN_num_bytes(a); - while (i--) - { - l=a->d[i/BN_BYTES]; - *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; - } - return(n); - } - -int BN_ucmp(const BIGNUM *a, const BIGNUM *b) - { - int i; - BN_ULONG t1,t2,*ap,*bp; - - bn_check_top(a); - bn_check_top(b); - - i=a->top-b->top; - if (i != 0) return(i); - ap=a->d; - bp=b->d; - for (i=a->top-1; i>=0; i--) - { - t1= ap[i]; - t2= bp[i]; - if (t1 != t2) - return((t1 > t2) ? 1 : -1); - } - return(0); - } - -int BN_cmp(const BIGNUM *a, const BIGNUM *b) - { - int i; - int gt,lt; - BN_ULONG t1,t2; - - if ((a == NULL) || (b == NULL)) - { - if (a != NULL) - return(-1); - else if (b != NULL) - return(1); - else - return(0); - } - - bn_check_top(a); - bn_check_top(b); - - if (a->neg != b->neg) - { - if (a->neg) - return(-1); - else return(1); - } - if (a->neg == 0) - { gt=1; lt= -1; } - else { gt= -1; lt=1; } - - if (a->top > b->top) return(gt); - if (a->top < b->top) return(lt); - for (i=a->top-1; i>=0; i--) - { - t1=a->d[i]; - t2=b->d[i]; - if (t1 > t2) return(gt); - if (t1 < t2) return(lt); - } - return(0); - } - -int BN_set_bit(BIGNUM *a, int n) - { - int i,j,k; - - if (n < 0) - return 0; - - i=n/BN_BITS2; - j=n%BN_BITS2; - if (a->top <= i) - { - if (bn_wexpand(a,i+1) == NULL) return(0); - for(k=a->top; k<i+1; k++) - a->d[k]=0; - a->top=i+1; - } - - a->d[i]|=(((BN_ULONG)1)<<j); - bn_check_top(a); - return(1); - } - -int BN_clear_bit(BIGNUM *a, int n) - { - int i,j; - - bn_check_top(a); - if (n < 0) return 0; - - i=n/BN_BITS2; - j=n%BN_BITS2; - if (a->top <= i) return(0); - - a->d[i]&=(~(((BN_ULONG)1)<<j)); - bn_correct_top(a); - return(1); - } - -int BN_is_bit_set(const BIGNUM *a, int n) - { - int i,j; - - bn_check_top(a); - if (n < 0) return 0; - i=n/BN_BITS2; - j=n%BN_BITS2; - if (a->top <= i) return 0; - return(((a->d[i])>>j)&((BN_ULONG)1)); - } - -int BN_mask_bits(BIGNUM *a, int n) - { - int b,w; - - bn_check_top(a); - if (n < 0) return 0; - - w=n/BN_BITS2; - b=n%BN_BITS2; - if (w >= a->top) return 0; - if (b == 0) - a->top=w; - else - { - a->top=w+1; - a->d[w]&= ~(BN_MASK2<<b); - } - bn_correct_top(a); - return(1); - } - -void BN_set_negative(BIGNUM *a, int b) - { - if (b && !BN_is_zero(a)) - a->neg = 1; - else - a->neg = 0; - } - -int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) - { - int i; - BN_ULONG aa,bb; - - aa=a[n-1]; - bb=b[n-1]; - if (aa != bb) return((aa > bb)?1:-1); - for (i=n-2; i>=0; i--) - { - aa=a[i]; - bb=b[i]; - if (aa != bb) return((aa > bb)?1:-1); - } - return(0); - } - -/* Here follows a specialised variants of bn_cmp_words(). It has the - property of performing the operation on arrays of different sizes. - The sizes of those arrays is expressed through cl, which is the - common length ( basicall, min(len(a),len(b)) ), and dl, which is the - delta between the two lengths, calculated as len(a)-len(b). - All lengths are the number of BN_ULONGs... */ - -int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) - { - int n,i; - n = cl-1; - - if (dl < 0) - { - for (i=dl; i<0; i++) - { - if (b[n-i] != 0) - return -1; /* a < b */ - } - } - if (dl > 0) - { - for (i=dl; i>0; i--) - { - if (a[n+i] != 0) - return 1; /* a > b */ - } - } - return bn_cmp_words(a,b,cl); - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_mont.c deleted file mode 100755 index 4799b152..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +++ /dev/null @@ -1,732 +0,0 @@ -/* crypto/bn/bn_mont.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * Details about Montgomery multiplication algorithms can be found at - * http://security.ece.orst.edu/publications.html, e.g. - * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and - * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -#define MONT_WORD /* use the faster word-based algorithm */ - -#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) -/* This condition means we have a specific non-default build: - * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any - * BN_BITS2<=32 platform; an explicit "enable-montasm" is required. - * I.e., if we are here, the user intentionally deviates from the - * normal stable build to get better Montgomery performance from - * the 0.9.9-dev backport. - * - * In this case only, we also enable BN_from_montgomery_word() - * (another non-stable feature from 0.9.9-dev). - */ -#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD -#endif - -#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); -#endif - - - -int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx) - { - BIGNUM *tmp; - int ret=0; -#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) - int num = mont->N.top; - - if (num>1 && a->top==num && b->top==num) - { - if (bn_wexpand(r,num) == NULL) return(0); -#if 0 /* for OpenSSL 0.9.9 mont->n0 */ - if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num)) -#else - if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num)) -#endif - { - r->neg = a->neg^b->neg; - r->top = num; - bn_correct_top(r); - return(1); - } - } -#endif - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) goto err; - - bn_check_top(tmp); - if (a == b) - { - if (!BN_sqr(tmp,a,ctx)) goto err; - } - else - { - if (!BN_mul(tmp,a,b,ctx)) goto err; - } - /* reduce from aRR to aR */ -#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD - if (!BN_from_montgomery_word(r,tmp,mont)) goto err; -#else - if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; -#endif - bn_check_top(r); - ret=1; -err: - BN_CTX_end(ctx); - return(ret); - } - -#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) - { - BIGNUM *n; - BN_ULONG *ap,*np,*rp,n0,v,*nrp; - int al,nl,max,i,x,ri; - - n= &(mont->N); - /* mont->ri is the size of mont->N in bits (rounded up - to the word size) */ - al=ri=mont->ri/BN_BITS2; - - nl=n->top; - if ((al == 0) || (nl == 0)) { ret->top=0; return(1); } - - max=(nl+al+1); /* allow for overflow (no?) XXX */ - if (bn_wexpand(r,max) == NULL) return(0); - - r->neg^=n->neg; - np=n->d; - rp=r->d; - nrp= &(r->d[nl]); - - /* clear the top words of T */ - for (i=r->top; i<max; i++) /* memset? XXX */ - r->d[i]=0; - - r->top=max; -#if 0 /* for OpenSSL 0.9.9 mont->n0 */ - n0=mont->n0[0]; -#else - n0=mont->n0; -#endif - -#ifdef BN_COUNT - fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl); -#endif - for (i=0; i<nl; i++) - { -#ifdef __TANDEM - { - long long t1; - long long t2; - long long t3; - t1 = rp[0] * (n0 & 0177777); - t2 = 037777600000l; - t2 = n0 & t2; - t3 = rp[0] & 0177777; - t2 = (t3 * t2) & BN_MASK2; - t1 = t1 + t2; - v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1); - } -#else - v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); -#endif - nrp++; - rp++; - if (((nrp[-1]+=v)&BN_MASK2) >= v) - continue; - else - { - if (((++nrp[0])&BN_MASK2) != 0) continue; - if (((++nrp[1])&BN_MASK2) != 0) continue; - for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; - } - } - bn_correct_top(r); - - /* mont->ri will be a multiple of the word size and below code - * is kind of BN_rshift(ret,r,mont->ri) equivalent */ - if (r->top <= ri) - { - ret->top=0; - return(1); - } - al=r->top-ri; - - if (bn_wexpand(ret,ri) == NULL) return(0); - x=0-(((al-ri)>>(sizeof(al)*8-1))&1); - ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ - ret->neg=r->neg; - - rp=ret->d; - ap=&(r->d[ri]); - - { - size_t m1,m2; - - v=bn_sub_words(rp,ap,np,ri); - /* this ----------------^^ works even in al<ri case - * thanks to zealous zeroing of top of the vector in the - * beginning. */ - - /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */ - /* in other words if subtraction result is real, then - * trick unconditional memcpy below to perform in-place - * "refresh" instead of actual copy. */ - m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */ - m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */ - m1|=m2; /* (al!=ri) */ - m1|=(0-(size_t)v); /* (al!=ri || v) */ - m1&=~m2; /* (al!=ri || v) && !al>ri */ - nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); - } - - /* 'i<ri' is chosen to eliminate dependency on input data, even - * though it results in redundant copy in al<ri case. */ - for (i=0,ri-=4; i<ri; i+=4) - { - BN_ULONG t1,t2,t3,t4; - - t1=nrp[i+0]; - t2=nrp[i+1]; - t3=nrp[i+2]; ap[i+0]=0; - t4=nrp[i+3]; ap[i+1]=0; - rp[i+0]=t1; ap[i+2]=0; - rp[i+1]=t2; ap[i+3]=0; - rp[i+2]=t3; - rp[i+3]=t4; - } - for (ri+=4; i<ri; i++) - rp[i]=nrp[i], ap[i]=0; - bn_correct_top(r); - bn_correct_top(ret); - bn_check_top(ret); - - return(1); - } - -int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) - { - int retn=0; - BIGNUM *t; - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) && BN_copy(t,a)) - retn = BN_from_montgomery_word(ret,t,mont); - BN_CTX_end(ctx); - return retn; - } - -#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ - -int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) - { - int retn=0; - -#ifdef MONT_WORD - BIGNUM *n,*r; - BN_ULONG *ap,*np,*rp,n0,v,*nrp; - int al,nl,max,i,x,ri; - - BN_CTX_start(ctx); - if ((r = BN_CTX_get(ctx)) == NULL) goto err; - - if (!BN_copy(r,a)) goto err; - n= &(mont->N); - - ap=a->d; - /* mont->ri is the size of mont->N in bits (rounded up - to the word size) */ - al=ri=mont->ri/BN_BITS2; - - nl=n->top; - if ((al == 0) || (nl == 0)) { r->top=0; return(1); } - - max=(nl+al+1); /* allow for overflow (no?) XXX */ - if (bn_wexpand(r,max) == NULL) goto err; - - r->neg=a->neg^n->neg; - np=n->d; - rp=r->d; - nrp= &(r->d[nl]); - - /* clear the top words of T */ -#if 1 - for (i=r->top; i<max; i++) /* memset? XXX */ - r->d[i]=0; -#else - memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); -#endif - - r->top=max; - n0=mont->n0; - -#ifdef BN_COUNT - fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl); -#endif - for (i=0; i<nl; i++) - { -#ifdef __TANDEM - { - long long t1; - long long t2; - long long t3; - t1 = rp[0] * (n0 & 0177777); - t2 = 037777600000l; - t2 = n0 & t2; - t3 = rp[0] & 0177777; - t2 = (t3 * t2) & BN_MASK2; - t1 = t1 + t2; - v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1); - } -#else - v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); -#endif - nrp++; - rp++; - if (((nrp[-1]+=v)&BN_MASK2) >= v) - continue; - else - { - if (((++nrp[0])&BN_MASK2) != 0) continue; - if (((++nrp[1])&BN_MASK2) != 0) continue; - for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; - } - } - bn_correct_top(r); - - /* mont->ri will be a multiple of the word size and below code - * is kind of BN_rshift(ret,r,mont->ri) equivalent */ - if (r->top <= ri) - { - ret->top=0; - retn=1; - goto err; - } - al=r->top-ri; - -# define BRANCH_FREE 1 -# if BRANCH_FREE - if (bn_wexpand(ret,ri) == NULL) goto err; - x=0-(((al-ri)>>(sizeof(al)*8-1))&1); - ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ - ret->neg=r->neg; - - rp=ret->d; - ap=&(r->d[ri]); - - { - size_t m1,m2; - - v=bn_sub_words(rp,ap,np,ri); - /* this ----------------^^ works even in al<ri case - * thanks to zealous zeroing of top of the vector in the - * beginning. */ - - /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */ - /* in other words if subtraction result is real, then - * trick unconditional memcpy below to perform in-place - * "refresh" instead of actual copy. */ - m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */ - m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */ - m1|=m2; /* (al!=ri) */ - m1|=(0-(size_t)v); /* (al!=ri || v) */ - m1&=~m2; /* (al!=ri || v) && !al>ri */ - nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); - } - - /* 'i<ri' is chosen to eliminate dependency on input data, even - * though it results in redundant copy in al<ri case. */ - for (i=0,ri-=4; i<ri; i+=4) - { - BN_ULONG t1,t2,t3,t4; - - t1=nrp[i+0]; - t2=nrp[i+1]; - t3=nrp[i+2]; ap[i+0]=0; - t4=nrp[i+3]; ap[i+1]=0; - rp[i+0]=t1; ap[i+2]=0; - rp[i+1]=t2; ap[i+3]=0; - rp[i+2]=t3; - rp[i+3]=t4; - } - for (ri+=4; i<ri; i++) - rp[i]=nrp[i], ap[i]=0; - bn_correct_top(r); - bn_correct_top(ret); -# else - if (bn_wexpand(ret,al) == NULL) goto err; - ret->top=al; - ret->neg=r->neg; - - rp=ret->d; - ap=&(r->d[ri]); - al-=4; - for (i=0; i<al; i+=4) - { - BN_ULONG t1,t2,t3,t4; - - t1=ap[i+0]; - t2=ap[i+1]; - t3=ap[i+2]; - t4=ap[i+3]; - rp[i+0]=t1; - rp[i+1]=t2; - rp[i+2]=t3; - rp[i+3]=t4; - } - al+=4; - for (; i<al; i++) - rp[i]=ap[i]; -# endif -#else /* !MONT_WORD */ - BIGNUM *t1,*t2; - - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t1 == NULL || t2 == NULL) goto err; - - if (!BN_copy(t1,a)) goto err; - BN_mask_bits(t1,mont->ri); - - if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; - BN_mask_bits(t2,mont->ri); - - if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; - if (!BN_add(t2,a,t1)) goto err; - if (!BN_rshift(ret,t2,mont->ri)) goto err; -#endif /* MONT_WORD */ - -#if !defined(BRANCH_FREE) || BRANCH_FREE==0 - if (BN_ucmp(ret, &(mont->N)) >= 0) - { - if (!BN_usub(ret,ret,&(mont->N))) goto err; - } -#endif - retn=1; - bn_check_top(ret); - err: - BN_CTX_end(ctx); - return(retn); - } -#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ - -BN_MONT_CTX *BN_MONT_CTX_new(void) - { - BN_MONT_CTX *ret; - - if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) - return(NULL); - - BN_MONT_CTX_init(ret); - ret->flags=BN_FLG_MALLOCED; - return(ret); - } - -void BN_MONT_CTX_init(BN_MONT_CTX *ctx) - { - ctx->ri=0; - BN_init(&(ctx->RR)); - BN_init(&(ctx->N)); - BN_init(&(ctx->Ni)); -#if 0 /* for OpenSSL 0.9.9 mont->n0 */ - ctx->n0[0] = ctx->n0[1] = 0; -#else - ctx->n0 = 0; -#endif - ctx->flags=0; - } - -void BN_MONT_CTX_free(BN_MONT_CTX *mont) - { - if(mont == NULL) - return; - - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); - if (mont->flags & BN_FLG_MALLOCED) - OPENSSL_free(mont); - } - -int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) - { - int ret = 0; - BIGNUM *Ri,*R; - - BN_CTX_start(ctx); - if((Ri = BN_CTX_get(ctx)) == NULL) goto err; - R= &(mont->RR); /* grab RR as a temp */ - if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ - mont->N.neg = 0; - -#ifdef MONT_WORD - { - BIGNUM tmod; - BN_ULONG buf[2]; - - mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; - BN_zero(R); -#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)", - only certain BN_BITS2<=32 platforms actually need this */ - if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */ -#else - if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ -#endif - - buf[0]=mod->d[0]; /* tmod = N mod word size */ - buf[1]=0; - - BN_init(&tmod); - tmod.d=buf; - tmod.top = buf[0] != 0 ? 1 : 0; - tmod.dmax=2; - tmod.neg=0; - -#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)"; - only certain BN_BITS2<=32 platforms actually need this */ - tmod.top=0; - if ((buf[0] = mod->d[0])) tmod.top=1; - if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2; - - if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) - goto err; - if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */ - if (!BN_is_zero(Ri)) - { - if (!BN_sub_word(Ri,1)) goto err; - } - else /* if N mod word size == 1 */ - { - if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL) - goto err; - /* Ri-- (mod double word size) */ - Ri->neg=0; - Ri->d[0]=BN_MASK2; - Ri->d[1]=BN_MASK2; - Ri->top=2; - } - if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; - /* Ni = (R*Ri-1)/N, - * keep only couple of least significant words: */ - mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; - mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; -#else - /* Ri = R^-1 mod N*/ - if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) - goto err; - if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */ - if (!BN_is_zero(Ri)) - { - if (!BN_sub_word(Ri,1)) goto err; - } - else /* if N mod word size == 1 */ - { - if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ - } - if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; - /* Ni = (R*Ri-1)/N, - * keep only least significant word: */ -# if 0 /* for OpenSSL 0.9.9 mont->n0 */ - mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; - mont->n0[1] = 0; -# else - mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; -# endif -#endif - } -#else /* !MONT_WORD */ - { /* bignum version */ - mont->ri=BN_num_bits(&mont->N); - BN_zero(R); - if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ - /* Ri = R^-1 mod N*/ - if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL) - goto err; - if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */ - if (!BN_sub_word(Ri,1)) goto err; - /* Ni = (R*Ri-1) / N */ - if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err; - } -#endif - - /* setup RR for conversions */ - BN_zero(&(mont->RR)); - if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; - if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; - - ret = 1; -err: - BN_CTX_end(ctx); - return ret; - } - -BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) - { - if (to == from) return(to); - - if (!BN_copy(&(to->RR),&(from->RR))) return NULL; - if (!BN_copy(&(to->N),&(from->N))) return NULL; - if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; - to->ri=from->ri; -#if 0 /* for OpenSSL 0.9.9 mont->n0 */ - to->n0[0]=from->n0[0]; - to->n0[1]=from->n0[1]; -#else - to->n0=from->n0; -#endif - return(to); - } - -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, - const BIGNUM *mod, BN_CTX *ctx) - { - int got_write_lock = 0; - BN_MONT_CTX *ret; - - CRYPTO_r_lock(lock); - if (!*pmont) - { - CRYPTO_r_unlock(lock); - CRYPTO_w_lock(lock); - got_write_lock = 1; - - if (!*pmont) - { - ret = BN_MONT_CTX_new(); - if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) - BN_MONT_CTX_free(ret); - else - *pmont = ret; - } - } - - ret = *pmont; - - if (got_write_lock) - CRYPTO_w_unlock(lock); - else - CRYPTO_r_unlock(lock); - - return ret; - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_word.c deleted file mode 100755 index ee7b87c4..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_word.c +++ /dev/null @@ -1,247 +0,0 @@ -/* crypto/bn/bn_word.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) - { -#ifndef BN_LLONG - BN_ULONG ret=0; -#else - BN_ULLONG ret=0; -#endif - int i; - - if (w == 0) - return (BN_ULONG)-1; - - bn_check_top(a); - w&=BN_MASK2; - for (i=a->top-1; i>=0; i--) - { -#ifndef BN_LLONG - ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w; - ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w; -#else - ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% - (BN_ULLONG)w); -#endif - } - return((BN_ULONG)ret); - } - -BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) - { - BN_ULONG ret = 0; - int i, j; - - bn_check_top(a); - w &= BN_MASK2; - - if (!w) - /* actually this an error (division by zero) */ - return (BN_ULONG)-1; - if (a->top == 0) - return 0; - - /* normalize input (so bn_div_words doesn't complain) */ - j = BN_BITS2 - BN_num_bits_word(w); - w <<= j; - if (!BN_lshift(a, a, j)) - return (BN_ULONG)-1; - - for (i=a->top-1; i>=0; i--) - { - BN_ULONG l,d; - - l=a->d[i]; - d=bn_div_words(ret,l,w); - ret=(l-((d*w)&BN_MASK2))&BN_MASK2; - a->d[i]=d; - } - if ((a->top > 0) && (a->d[a->top-1] == 0)) - a->top--; - ret >>= j; - bn_check_top(a); - return(ret); - } - -int BN_add_word(BIGNUM *a, BN_ULONG w) - { - BN_ULONG l; - int i; - - bn_check_top(a); - w &= BN_MASK2; - - /* degenerate case: w is zero */ - if (!w) return 1; - /* degenerate case: a is zero */ - if(BN_is_zero(a)) return BN_set_word(a, w); - /* handle 'a' when negative */ - if (a->neg) - { - a->neg=0; - i=BN_sub_word(a,w); - if (!BN_is_zero(a)) - a->neg=!(a->neg); - return(i); - } - /* Only expand (and risk failing) if it's possibly necessary */ - if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && - (bn_wexpand(a,a->top+1) == NULL)) - return(0); - i=0; - for (;;) - { - if (i >= a->top) - l=w; - else - l=(a->d[i]+w)&BN_MASK2; - a->d[i]=l; - if (w > l) - w=1; - else - break; - i++; - } - if (i >= a->top) - a->top++; - bn_check_top(a); - return(1); - } - -int BN_sub_word(BIGNUM *a, BN_ULONG w) - { - int i; - - bn_check_top(a); - w &= BN_MASK2; - - /* degenerate case: w is zero */ - if (!w) return 1; - /* degenerate case: a is zero */ - if(BN_is_zero(a)) - { - i = BN_set_word(a,w); - if (i != 0) - BN_set_negative(a, 1); - return i; - } - /* handle 'a' when negative */ - if (a->neg) - { - a->neg=0; - i=BN_add_word(a,w); - a->neg=1; - return(i); - } - - if ((a->top == 1) && (a->d[0] < w)) - { - a->d[0]=w-a->d[0]; - a->neg=1; - return(1); - } - i=0; - for (;;) - { - if (a->d[i] >= w) - { - a->d[i]-=w; - break; - } - else - { - a->d[i]=(a->d[i]-w)&BN_MASK2; - i++; - w=1; - } - } - if ((a->d[i] == 0) && (i == (a->top-1))) - a->top--; - bn_check_top(a); - return(1); - } - -int BN_mul_word(BIGNUM *a, BN_ULONG w) - { - BN_ULONG ll; - - bn_check_top(a); - w&=BN_MASK2; - if (a->top) - { - if (w == 0) - BN_zero(a); - else - { - ll=bn_mul_words(a->d,a->d,a->top,w); - if (ll) - { - if (bn_wexpand(a,a->top+1) == NULL) return(0); - a->d[a->top++]=ll; - } - } - } - bn_check_top(a); - return(1); - } - diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/cryptlib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/cryptlib.c deleted file mode 100755 index dd74ea88..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/cryptlib.c +++ /dev/null @@ -1,544 +0,0 @@ -/* crypto/cryptlib.c */ -/* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -#include "cryptlib.h" -#include <openssl/safestack.h> - -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) -static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ -#endif - -static void (MS_FAR *locking_callback)(int mode,int type, - const char *file,int line)=NULL; -static int (MS_FAR *add_lock_callback)(int *pointer,int amount, - int type,const char *file,int line)=NULL; -static unsigned long (MS_FAR *id_callback)(void)=NULL; - -int CRYPTO_num_locks(void) - { - return CRYPTO_NUM_LOCKS; - } - -void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, - int line) - { - return(locking_callback); - } - -int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, - const char *file,int line) - { - return(add_lock_callback); - } - -void CRYPTO_set_locking_callback(void (*func)(int mode,int type, - const char *file,int line)) - { - locking_callback=func; - } - -void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, - const char *file,int line)) - { - add_lock_callback=func; - } - -unsigned long (*CRYPTO_get_id_callback(void))(void) - { - return(id_callback); - } - -void CRYPTO_set_id_callback(unsigned long (*func)(void)) - { - id_callback=func; - } - -unsigned long CRYPTO_thread_id(void) - { - unsigned long ret=0; - - if (id_callback == NULL) - { -#ifdef OPENSSL_SYS_WIN16 - ret=(unsigned long)GetCurrentTask(); -#elif defined(OPENSSL_SYS_WIN32) - ret=(unsigned long)GetCurrentThreadId(); -#elif defined(GETPID_IS_MEANINGLESS) - ret=1L; -#else - ret=(unsigned long)getpid(); -#endif - } - else - ret=id_callback(); - return(ret); - } - -static void (*do_dynlock_cb)(int mode, int type, const char *file, int line); - -void int_CRYPTO_set_do_dynlock_callback( - void (*dyn_cb)(int mode, int type, const char *file, int line)) - { - do_dynlock_cb = dyn_cb; - } - -void CRYPTO_lock(int mode, int type, const char *file, int line) - { -#ifdef LOCK_DEBUG - { - char *rw_text,*operation_text; - - if (mode & CRYPTO_LOCK) - operation_text="lock "; - else if (mode & CRYPTO_UNLOCK) - operation_text="unlock"; - else - operation_text="ERROR "; - - if (mode & CRYPTO_READ) - rw_text="r"; - else if (mode & CRYPTO_WRITE) - rw_text="w"; - else - rw_text="ERROR"; - - fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n", - CRYPTO_thread_id(), rw_text, operation_text, - CRYPTO_get_lock_name(type), file, line); - } -#endif - if (type < 0) - { - if (do_dynlock_cb) - do_dynlock_cb(mode, type, file, line); - } - else - if (locking_callback != NULL) - locking_callback(mode,type,file,line); - } - -int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, - int line) - { - int ret = 0; - - if (add_lock_callback != NULL) - { -#ifdef LOCK_DEBUG - int before= *pointer; -#endif - - ret=add_lock_callback(pointer,amount,type,file,line); -#ifdef LOCK_DEBUG - fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", - CRYPTO_thread_id(), - before,amount,ret, - CRYPTO_get_lock_name(type), - file,line); -#endif - } - else - { - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line); - - ret= *pointer+amount; -#ifdef LOCK_DEBUG - fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", - CRYPTO_thread_id(), - *pointer,amount,ret, - CRYPTO_get_lock_name(type), - file,line); -#endif - *pointer=ret; - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line); - } - return(ret); - } - -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__INTEL__) || \ - defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) - -unsigned long OPENSSL_ia32cap_P=0; -unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; } - -#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -#define OPENSSL_CPUID_SETUP -void OPENSSL_cpuid_setup(void) -{ static int trigger=0; - unsigned long OPENSSL_ia32_cpuid(void); - char *env; - - if (trigger) return; - - trigger=1; - if ((env=getenv("OPENSSL_ia32cap"))) - OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10); - else - OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10); - /* - * |(1<<10) sets a reserved bit to signal that variable - * was initialized already... This is to avoid interference - * with cpuid snippets in ELF .init segment. - */ -} -#endif - -#else -unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } -#endif -int OPENSSL_NONPIC_relocated = 0; -#if !defined(OPENSSL_CPUID_SETUP) -void OPENSSL_cpuid_setup(void) {} -#endif - -#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) - -#ifdef OPENSSL_FIPS - -#include <tlhelp32.h> -#if defined(__GNUC__) && __GNUC__>=2 -static int DllInit(void) __attribute__((constructor)); -#elif defined(_MSC_VER) -static int DllInit(void); -# ifdef _WIN64 -# pragma section(".CRT$XCU",read) - __declspec(allocate(".CRT$XCU")) -# else -# pragma data_seg(".CRT$XCU") -# endif - static int (*p)(void) = DllInit; -# pragma data_seg() -#endif - -static int DllInit(void) -{ -#if defined(_WIN32_WINNT) - union { int(*f)(void); BYTE *p; } t = { DllInit }; - HANDLE hModuleSnap = INVALID_HANDLE_VALUE; - IMAGE_DOS_HEADER *dos_header; - IMAGE_NT_HEADERS *nt_headers; - MODULEENTRY32 me32 = {sizeof(me32)}; - - hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0); - if (hModuleSnap != INVALID_HANDLE_VALUE && - Module32First(hModuleSnap,&me32)) do - { - if (t.p >= me32.modBaseAddr && - t.p < me32.modBaseAddr+me32.modBaseSize) - { - dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr; - if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) - { - nt_headers=(IMAGE_NT_HEADERS *) - ((BYTE *)dos_header+dos_header->e_lfanew); - if (nt_headers->Signature==IMAGE_NT_SIGNATURE && - me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase) - OPENSSL_NONPIC_relocated=1; - } - break; - } - } while (Module32Next(hModuleSnap,&me32)); - - if (hModuleSnap != INVALID_HANDLE_VALUE) - CloseHandle(hModuleSnap); -#endif - OPENSSL_cpuid_setup(); - return 0; -} - -#else - -#ifdef __CYGWIN__ -/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ -#include <windows.h> -#endif - -/* All we really need to do is remove the 'error' state when a thread - * detaches */ - -BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, - LPVOID lpvReserved) - { - switch(fdwReason) - { - case DLL_PROCESS_ATTACH: - OPENSSL_cpuid_setup(); -#if defined(_WIN32_WINNT) - { - IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL; - IMAGE_NT_HEADERS *nt_headers; - - if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) - { - nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header - + dos_header->e_lfanew); - if (nt_headers->Signature==IMAGE_NT_SIGNATURE && - hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase)) - OPENSSL_NONPIC_relocated=1; - } - } -#endif - break; - case DLL_THREAD_ATTACH: - break; - case DLL_THREAD_DETACH: - break; - case DLL_PROCESS_DETACH: - break; - } - return(TRUE); - } -#endif - -#endif - -#if defined(_WIN32) && !defined(__CYGWIN__) -#include <tchar.h> - -#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 -int OPENSSL_isservice(void) -{ HWINSTA h; - DWORD len; - WCHAR *name; - - (void)GetDesktopWindow(); /* return value is ignored */ - - h = GetProcessWindowStation(); - if (h==NULL) return -1; - - if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) || - GetLastError() != ERROR_INSUFFICIENT_BUFFER) - return -1; - - if (len>512) return -1; /* paranoia */ - len++,len&=~1; /* paranoia */ -#ifdef _MSC_VER - name=(WCHAR *)_alloca(len+sizeof(WCHAR)); -#else - name=(WCHAR *)alloca(len+sizeof(WCHAR)); -#endif - if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len)) - return -1; - - len++,len&=~1; /* paranoia */ - name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */ -#if 1 - /* This doesn't cover "interactive" services [working with real - * WinSta0's] nor programs started non-interactively by Task - * Scheduler [those are working with SAWinSta]. */ - if (wcsstr(name,L"Service-0x")) return 1; -#else - /* This covers all non-interactive programs such as services. */ - if (!wcsstr(name,L"WinSta0")) return 1; -#endif - else return 0; -} -#else -int OPENSSL_isservice(void) { return 0; } -#endif - -void OPENSSL_showfatal (const char *fmta,...) -{ va_list ap; - TCHAR buf[256]; - const TCHAR *fmt; -#ifdef STD_ERROR_HANDLE /* what a dirty trick! */ - HANDLE h; - - if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL && - GetFileType(h)!=FILE_TYPE_UNKNOWN) - { /* must be console application */ - va_start (ap,fmta); - vfprintf (stderr,fmta,ap); - va_end (ap); - return; - } -#endif - - if (sizeof(TCHAR)==sizeof(char)) - fmt=(const TCHAR *)fmta; - else do - { int keepgoing; - size_t len_0=strlen(fmta)+1,i; - WCHAR *fmtw; - -#ifdef _MSC_VER - fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); -#else - fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); -#endif - if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } - -#ifndef OPENSSL_NO_MULTIBYTE - if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0)) -#endif - for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i]; - - for (i=0;i<len_0;i++) - { if (fmtw[i]==L'%') do - { keepgoing=0; - switch (fmtw[i+1]) - { case L'0': case L'1': case L'2': case L'3': case L'4': - case L'5': case L'6': case L'7': case L'8': case L'9': - case L'.': case L'*': - case L'-': i++; keepgoing=1; break; - case L's': fmtw[i+1]=L'S'; break; - case L'S': fmtw[i+1]=L's'; break; - case L'c': fmtw[i+1]=L'C'; break; - case L'C': fmtw[i+1]=L'c'; break; - } - } while (keepgoing); - } - fmt = (const TCHAR *)fmtw; - } while (0); - - va_start (ap,fmta); - _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap); - buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0'); - va_end (ap); - -#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 - /* this -------------v--- guards NT-specific calls */ - if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) - { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); - const TCHAR *pmsg=buf; - ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); - DeregisterEventSource(h); - } - else -#endif - MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); -} -#else -void OPENSSL_showfatal (const char *fmta,...) -{ va_list ap; - - va_start (ap,fmta); - vfprintf (stderr,fmta,ap); - va_end (ap); -} -int OPENSSL_isservice (void) { return 0; } -#endif - -void OpenSSLDie(const char *file,int line,const char *assertion) - { - OPENSSL_showfatal( - "%s(%d): OpenSSL internal error, assertion failed: %s\n", - file,line,assertion); - abort(); - } - -void *OPENSSL_stderr(void) { return stderr; } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c deleted file mode 100755 index 7dca5e4b..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +++ /dev/null @@ -1,385 +0,0 @@ -/* crypto/ec/ec2_mult.c */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * The Elliptic Curve Public-Key Crypto Library (ECC Code) included - * herein is developed by SUN MICROSYSTEMS, INC., and is contributed - * to the OpenSSL project. - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. - * - * The software is originally written by Sheueling Chang Shantz and - * Douglas Stebila of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <openssl/err.h> - -#include "ec_lcl.h" - - -/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective - * coordinates. - * Uses algorithm Mdouble in appendix of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - * modified to not require precomputation of c=b^{2^{m-1}}. - */ -static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx) - { - BIGNUM *t1; - int ret = 0; - - /* Since Mdouble is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - if (t1 == NULL) goto err; - - if (!group->meth->field_sqr(group, x, x, ctx)) goto err; - if (!group->meth->field_sqr(group, t1, z, ctx)) goto err; - if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err; - if (!group->meth->field_sqr(group, x, x, ctx)) goto err; - if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err; - if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err; - if (!BN_GF2m_add(x, x, t1)) goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; - } - -/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery - * projective coordinates. - * Uses algorithm Madd in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - */ -static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, - const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx) - { - BIGNUM *t1, *t2; - int ret = 0; - - /* Since Madd is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t2 == NULL) goto err; - - if (!BN_copy(t1, x)) goto err; - if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err; - if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err; - if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err; - if (!BN_GF2m_add(z1, z1, x1)) goto err; - if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err; - if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err; - if (!BN_GF2m_add(x1, x1, t2)) goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; - } - -/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) - * using Montgomery point multiplication algorithm Mxy() in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - * Returns: - * 0 on error - * 1 if return value should be the point at infinity - * 2 otherwise - */ -static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, - BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx) - { - BIGNUM *t3, *t4, *t5; - int ret = 0; - - if (BN_is_zero(z1)) - { - BN_zero(x2); - BN_zero(z2); - return 1; - } - - if (BN_is_zero(z2)) - { - if (!BN_copy(x2, x)) return 0; - if (!BN_GF2m_add(z2, x, y)) return 0; - return 2; - } - - /* Since Mxy is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - t3 = BN_CTX_get(ctx); - t4 = BN_CTX_get(ctx); - t5 = BN_CTX_get(ctx); - if (t5 == NULL) goto err; - - if (!BN_one(t5)) goto err; - - if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err; - - if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err; - if (!BN_GF2m_add(z1, z1, x1)) goto err; - if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err; - if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err; - if (!BN_GF2m_add(z2, z2, x2)) goto err; - - if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err; - if (!group->meth->field_sqr(group, t4, x, ctx)) goto err; - if (!BN_GF2m_add(t4, t4, y)) goto err; - if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err; - if (!BN_GF2m_add(t4, t4, z2)) goto err; - - if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err; - if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err; - if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err; - if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err; - if (!BN_GF2m_add(z2, x2, x)) goto err; - - if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err; - if (!BN_GF2m_add(z2, z2, y)) goto err; - - ret = 2; - - err: - BN_CTX_end(ctx); - return ret; - } - -/* Computes scalar*point and stores the result in r. - * point can not equal r. - * Uses algorithm 2P of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - */ -static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - const EC_POINT *point, BN_CTX *ctx) - { - BIGNUM *x1, *x2, *z1, *z2; - int ret = 0, i, j; - BN_ULONG mask; - - if (r == point) - { - ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); - return 0; - } - - /* if result should be point at infinity */ - if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || - EC_POINT_is_at_infinity(group, point)) - { - return EC_POINT_set_to_infinity(group, r); - } - - /* only support affine coordinates */ - if (!point->Z_is_one) return 0; - - /* Since point_multiply is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - x1 = BN_CTX_get(ctx); - z1 = BN_CTX_get(ctx); - if (z1 == NULL) goto err; - - x2 = &r->X; - z2 = &r->Y; - - if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ - if (!BN_one(z1)) goto err; /* z1 = 1 */ - if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ - if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err; - if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */ - - /* find top most bit and go one past it */ - i = scalar->top - 1; j = BN_BITS2 - 1; - mask = BN_TBIT; - while (!(scalar->d[i] & mask)) { mask >>= 1; j--; } - mask >>= 1; j--; - /* if top most bit was at word break, go to next word */ - if (!mask) - { - i--; j = BN_BITS2 - 1; - mask = BN_TBIT; - } - - for (; i >= 0; i--) - { - for (; j >= 0; j--) - { - if (scalar->d[i] & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } - mask >>= 1; - } - j = BN_BITS2 - 1; - mask = BN_TBIT; - } - - /* convert out of "projective" coordinates */ - i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx); - if (i == 0) goto err; - else if (i == 1) - { - if (!EC_POINT_set_to_infinity(group, r)) goto err; - } - else - { - if (!BN_one(&r->Z)) goto err; - r->Z_is_one = 1; - } - - /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ - BN_set_negative(&r->X, 0); - BN_set_negative(&r->Y, 0); - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; - } - - -/* Computes the sum - * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] - * gracefully ignoring NULL scalar values. - */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) - { - BN_CTX *new_ctx = NULL; - int ret = 0; - size_t i; - EC_POINT *p=NULL; - EC_POINT *acc = NULL; - - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } - - /* This implementation is more efficient than the wNAF implementation for 2 - * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points, - * or if we can perform a fast multiplication based on precomputation. - */ - if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group))) - { - ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - goto err; - } - - if ((p = EC_POINT_new(group)) == NULL) goto err; - if ((acc = EC_POINT_new(group)) == NULL) goto err; - - if (!EC_POINT_set_to_infinity(group, acc)) goto err; - - if (scalar) - { - if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err; - if (BN_is_negative(scalar)) - if (!group->meth->invert(group, p, ctx)) goto err; - if (!group->meth->add(group, acc, acc, p, ctx)) goto err; - } - - for (i = 0; i < num; i++) - { - if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err; - if (BN_is_negative(scalars[i])) - if (!group->meth->invert(group, p, ctx)) goto err; - if (!group->meth->add(group, acc, acc, p, ctx)) goto err; - } - - if (!EC_POINT_copy(r, acc)) goto err; - - ret = 1; - - err: - if (p) EC_POINT_free(p); - if (acc) EC_POINT_free(acc); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - return ret; - } - - -/* Precomputation for point multiplication: fall back to wNAF methods - * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */ - -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) - { - return ec_wNAF_precompute_mult(group, ctx); - } - -int ec_GF2m_have_precompute_mult(const EC_GROUP *group) - { - return ec_wNAF_have_precompute_mult(group); - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_key.c deleted file mode 100755 index 522802c0..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_key.c +++ /dev/null @@ -1,463 +0,0 @@ -/* crypto/ec/ec_key.c */ -/* - * Written by Nils Larsch for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Portions originally developed by SUN MICROSYSTEMS, INC., and - * contributed to the OpenSSL project. - */ - -#include <string.h> -#include "ec_lcl.h" -#include <openssl/err.h> -#include <string.h> - -EC_KEY *EC_KEY_new(void) - { - EC_KEY *ret; - - ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY)); - if (ret == NULL) - { - ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); - return(NULL); - } - - ret->version = 1; - ret->group = NULL; - ret->pub_key = NULL; - ret->priv_key= NULL; - ret->enc_flag= 0; - ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; - ret->references= 1; - ret->method_data = NULL; - return(ret); - } - -EC_KEY *EC_KEY_new_by_curve_name(int nid) - { - EC_KEY *ret = EC_KEY_new(); - if (ret == NULL) - return NULL; - ret->group = EC_GROUP_new_by_curve_name(nid); - if (ret->group == NULL) - { - EC_KEY_free(ret); - return NULL; - } - return ret; - } - -void EC_KEY_free(EC_KEY *r) - { - int i; - - if (r == NULL) return; - - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC); -#ifdef REF_PRINT - REF_PRINT("EC_KEY",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"EC_KEY_free, bad reference count\n"); - abort(); - } -#endif - - if (r->group != NULL) - EC_GROUP_free(r->group); - if (r->pub_key != NULL) - EC_POINT_free(r->pub_key); - if (r->priv_key != NULL) - BN_clear_free(r->priv_key); - - EC_EX_DATA_free_all_data(&r->method_data); - - OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); - - OPENSSL_free(r); - } - -EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) - { - EC_EXTRA_DATA *d; - - if (dest == NULL || src == NULL) - { - ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - /* copy the parameters */ - if (src->group) - { - const EC_METHOD *meth = EC_GROUP_method_of(src->group); - /* clear the old group */ - if (dest->group) - EC_GROUP_free(dest->group); - dest->group = EC_GROUP_new(meth); - if (dest->group == NULL) - return NULL; - if (!EC_GROUP_copy(dest->group, src->group)) - return NULL; - } - /* copy the public key */ - if (src->pub_key && src->group) - { - if (dest->pub_key) - EC_POINT_free(dest->pub_key); - dest->pub_key = EC_POINT_new(src->group); - if (dest->pub_key == NULL) - return NULL; - if (!EC_POINT_copy(dest->pub_key, src->pub_key)) - return NULL; - } - /* copy the private key */ - if (src->priv_key) - { - if (dest->priv_key == NULL) - { - dest->priv_key = BN_new(); - if (dest->priv_key == NULL) - return NULL; - } - if (!BN_copy(dest->priv_key, src->priv_key)) - return NULL; - } - /* copy method/extra data */ - EC_EX_DATA_free_all_data(&dest->method_data); - - for (d = src->method_data; d != NULL; d = d->next) - { - void *t = d->dup_func(d->data); - - if (t == NULL) - return 0; - if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func)) - return 0; - } - - /* copy the rest */ - dest->enc_flag = src->enc_flag; - dest->conv_form = src->conv_form; - dest->version = src->version; - - return dest; - } - -EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) - { - EC_KEY *ret = EC_KEY_new(); - if (ret == NULL) - return NULL; - if (EC_KEY_copy(ret, ec_key) == NULL) - { - EC_KEY_free(ret); - return NULL; - } - return ret; - } - -int EC_KEY_up_ref(EC_KEY *r) - { - int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); -#ifdef REF_PRINT - REF_PRINT("EC_KEY",r); -#endif -#ifdef REF_CHECK - if (i < 2) - { - fprintf(stderr, "EC_KEY_up, bad reference count\n"); - abort(); - } -#endif - return ((i > 1) ? 1 : 0); - } - -int EC_KEY_generate_key(EC_KEY *eckey) - { - int ok = 0; - BN_CTX *ctx = NULL; - BIGNUM *priv_key = NULL, *order = NULL; - EC_POINT *pub_key = NULL; - - if (!eckey || !eckey->group) - { - ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if ((order = BN_new()) == NULL) goto err; - if ((ctx = BN_CTX_new()) == NULL) goto err; - - if (eckey->priv_key == NULL) - { - priv_key = BN_new(); - if (priv_key == NULL) - goto err; - } - else - priv_key = eckey->priv_key; - - if (!EC_GROUP_get_order(eckey->group, order, ctx)) - goto err; - - do - if (!BN_rand_range(priv_key, order)) - goto err; - while (BN_is_zero(priv_key)); - - if (eckey->pub_key == NULL) - { - pub_key = EC_POINT_new(eckey->group); - if (pub_key == NULL) - goto err; - } - else - pub_key = eckey->pub_key; - - if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) - goto err; - - eckey->priv_key = priv_key; - eckey->pub_key = pub_key; - - ok=1; - -err: - if (order) - BN_free(order); - if (pub_key != NULL && eckey->pub_key == NULL) - EC_POINT_free(pub_key); - if (priv_key != NULL && eckey->priv_key == NULL) - BN_free(priv_key); - if (ctx != NULL) - BN_CTX_free(ctx); - return(ok); - } - -int EC_KEY_check_key(const EC_KEY *eckey) - { - int ok = 0; - BN_CTX *ctx = NULL; - const BIGNUM *order = NULL; - EC_POINT *point = NULL; - - if (!eckey || !eckey->group || !eckey->pub_key) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); - goto err; - } - - if ((ctx = BN_CTX_new()) == NULL) - goto err; - if ((point = EC_POINT_new(eckey->group)) == NULL) - goto err; - - /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } - /* testing whether pub_key * order is the point at infinity */ - order = &eckey->group->order; - if (BN_is_zero(order)) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); - goto err; - } - if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); - goto err; - } - if (!EC_POINT_is_at_infinity(eckey->group, point)) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); - goto err; - } - /* in case the priv_key is present : - * check if generator * priv_key == pub_key - */ - if (eckey->priv_key) - { - if (BN_cmp(eckey->priv_key, order) >= 0) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); - goto err; - } - if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, - NULL, NULL, ctx)) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, - ctx) != 0) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); - goto err; - } - } - ok = 1; -err: - if (ctx != NULL) - BN_CTX_free(ctx); - if (point != NULL) - EC_POINT_free(point); - return(ok); - } - -const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) - { - return key->group; - } - -int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) - { - if (key->group != NULL) - EC_GROUP_free(key->group); - key->group = EC_GROUP_dup(group); - return (key->group == NULL) ? 0 : 1; - } - -const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) - { - return key->priv_key; - } - -int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) - { - if (key->priv_key) - BN_clear_free(key->priv_key); - key->priv_key = BN_dup(priv_key); - return (key->priv_key == NULL) ? 0 : 1; - } - -const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) - { - return key->pub_key; - } - -int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) - { - if (key->pub_key != NULL) - EC_POINT_free(key->pub_key); - key->pub_key = EC_POINT_dup(pub_key, key->group); - return (key->pub_key == NULL) ? 0 : 1; - } - -unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) - { - return key->enc_flag; - } - -void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) - { - key->enc_flag = flags; - } - -point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) - { - return key->conv_form; - } - -void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) - { - key->conv_form = cform; - if (key->group != NULL) - EC_GROUP_set_point_conversion_form(key->group, cform); - } - -void *EC_KEY_get_key_method_data(EC_KEY *key, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) - { - return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); - } - -void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) - { - EC_EXTRA_DATA *ex_data; - CRYPTO_w_lock(CRYPTO_LOCK_EC); - ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); - if (ex_data == NULL) - EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); - CRYPTO_w_unlock(CRYPTO_LOCK_EC); - } - -void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) - { - if (key->group != NULL) - EC_GROUP_set_asn1_flag(key->group, flag); - } - -int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) - { - if (key->group == NULL) - return 0; - return EC_GROUP_precompute_mult(key->group, ctx); - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_lib.c deleted file mode 100755 index 5af84376..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +++ /dev/null @@ -1,1164 +0,0 @@ -/* crypto/ec/ec_lib.c */ -/* - * Originally written by Bodo Moeller for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Binary polynomial ECC support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -#include <string.h> - -#include <openssl/err.h> -#include <openssl/opensslv.h> - -#include "ec_lcl.h" - -static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; - - -/* functions for EC_GROUP objects */ - -EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) - { - EC_GROUP *ret; - - if (meth == NULL) - { - ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (meth->group_init == 0) - { - ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return NULL; - } - - ret = OPENSSL_malloc(sizeof *ret); - if (ret == NULL) - { - ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->meth = meth; - - ret->extra_data = NULL; - - ret->generator = NULL; - BN_init(&ret->order); - BN_init(&ret->cofactor); - - ret->curve_name = 0; - ret->asn1_flag = 0; - ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; - - ret->seed = NULL; - ret->seed_len = 0; - - if (!meth->group_init(ret)) - { - OPENSSL_free(ret); - return NULL; - } - - return ret; - } - - -void EC_GROUP_free(EC_GROUP *group) - { - if (!group) return; - - if (group->meth->group_finish != 0) - group->meth->group_finish(group); - - EC_EX_DATA_free_all_data(&group->extra_data); - - if (group->generator != NULL) - EC_POINT_free(group->generator); - BN_free(&group->order); - BN_free(&group->cofactor); - - if (group->seed) - OPENSSL_free(group->seed); - - OPENSSL_free(group); - } - - -void EC_GROUP_clear_free(EC_GROUP *group) - { - if (!group) return; - - if (group->meth->group_clear_finish != 0) - group->meth->group_clear_finish(group); - else if (group->meth->group_finish != 0) - group->meth->group_finish(group); - - EC_EX_DATA_clear_free_all_data(&group->extra_data); - - if (group->generator != NULL) - EC_POINT_clear_free(group->generator); - BN_clear_free(&group->order); - BN_clear_free(&group->cofactor); - - if (group->seed) - { - OPENSSL_cleanse(group->seed, group->seed_len); - OPENSSL_free(group->seed); - } - - OPENSSL_cleanse(group, sizeof *group); - OPENSSL_free(group); - } - - -int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) - { - EC_EXTRA_DATA *d; - - if (dest->meth->group_copy == 0) - { - ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (dest->meth != src->meth) - { - ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (dest == src) - return 1; - - EC_EX_DATA_free_all_data(&dest->extra_data); - - for (d = src->extra_data; d != NULL; d = d->next) - { - void *t = d->dup_func(d->data); - - if (t == NULL) - return 0; - if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func)) - return 0; - } - - if (src->generator != NULL) - { - if (dest->generator == NULL) - { - dest->generator = EC_POINT_new(dest); - if (dest->generator == NULL) return 0; - } - if (!EC_POINT_copy(dest->generator, src->generator)) return 0; - } - else - { - /* src->generator == NULL */ - if (dest->generator != NULL) - { - EC_POINT_clear_free(dest->generator); - dest->generator = NULL; - } - } - - if (!BN_copy(&dest->order, &src->order)) return 0; - if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0; - - dest->curve_name = src->curve_name; - dest->asn1_flag = src->asn1_flag; - dest->asn1_form = src->asn1_form; - - if (src->seed) - { - if (dest->seed) - OPENSSL_free(dest->seed); - dest->seed = OPENSSL_malloc(src->seed_len); - if (dest->seed == NULL) - return 0; - if (!memcpy(dest->seed, src->seed, src->seed_len)) - return 0; - dest->seed_len = src->seed_len; - } - else - { - if (dest->seed) - OPENSSL_free(dest->seed); - dest->seed = NULL; - dest->seed_len = 0; - } - - - return dest->meth->group_copy(dest, src); - } - - -EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) - { - EC_GROUP *t = NULL; - int ok = 0; - - if (a == NULL) return NULL; - - if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL); - if (!EC_GROUP_copy(t, a)) goto err; - - ok = 1; - - err: - if (!ok) - { - if (t) EC_GROUP_free(t); - return NULL; - } - else return t; - } - - -const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) - { - return group->meth; - } - - -int EC_METHOD_get_field_type(const EC_METHOD *meth) - { - return meth->field_type; - } - - -int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) - { - if (generator == NULL) - { - ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); - return 0 ; - } - - if (group->generator == NULL) - { - group->generator = EC_POINT_new(group); - if (group->generator == NULL) return 0; - } - if (!EC_POINT_copy(group->generator, generator)) return 0; - - if (order != NULL) - { if (!BN_copy(&group->order, order)) return 0; } - else - BN_zero(&group->order); - - if (cofactor != NULL) - { if (!BN_copy(&group->cofactor, cofactor)) return 0; } - else - BN_zero(&group->cofactor); - - return 1; - } - - -const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) - { - return group->generator; - } - - -int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) - { - if (!BN_copy(order, &group->order)) - return 0; - - return !BN_is_zero(order); - } - - -int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) - { - if (!BN_copy(cofactor, &group->cofactor)) - return 0; - - return !BN_is_zero(&group->cofactor); - } - - -void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) - { - group->curve_name = nid; - } - - -int EC_GROUP_get_curve_name(const EC_GROUP *group) - { - return group->curve_name; - } - - -void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) - { - group->asn1_flag = flag; - } - - -int EC_GROUP_get_asn1_flag(const EC_GROUP *group) - { - return group->asn1_flag; - } - - -void EC_GROUP_set_point_conversion_form(EC_GROUP *group, - point_conversion_form_t form) - { - group->asn1_form = form; - } - - -point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group) - { - return group->asn1_form; - } - - -size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) - { - if (group->seed) - { - OPENSSL_free(group->seed); - group->seed = NULL; - group->seed_len = 0; - } - - if (!len || !p) - return 1; - - if ((group->seed = OPENSSL_malloc(len)) == NULL) - return 0; - memcpy(group->seed, p, len); - group->seed_len = len; - - return len; - } - - -unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group) - { - return group->seed; - } - - -size_t EC_GROUP_get_seed_len(const EC_GROUP *group) - { - return group->seed_len; - } - - -int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { - if (group->meth->group_set_curve == 0) - { - ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_set_curve(group, p, a, b, ctx); - } - - -int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) - { - if (group->meth->group_get_curve == 0) - { - ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_get_curve(group, p, a, b, ctx); - } - - -int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { - if (group->meth->group_set_curve == 0) - { - ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_set_curve(group, p, a, b, ctx); - } - - -int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) - { - if (group->meth->group_get_curve == 0) - { - ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_get_curve(group, p, a, b, ctx); - } - - -int EC_GROUP_get_degree(const EC_GROUP *group) - { - if (group->meth->group_get_degree == 0) - { - ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_get_degree(group); - } - - -int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) - { - if (group->meth->group_check_discriminant == 0) - { - ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_check_discriminant(group, ctx); - } - - -int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) - { - int r = 0; - BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; - BN_CTX *ctx_new = NULL; - - /* compare the field types*/ - if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != - EC_METHOD_get_field_type(EC_GROUP_method_of(b))) - return 1; - /* compare the curve name (if present) */ - if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && - EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) - return 0; - - if (!ctx) - ctx_new = ctx = BN_CTX_new(); - if (!ctx) - return -1; - - BN_CTX_start(ctx); - a1 = BN_CTX_get(ctx); - a2 = BN_CTX_get(ctx); - a3 = BN_CTX_get(ctx); - b1 = BN_CTX_get(ctx); - b2 = BN_CTX_get(ctx); - b3 = BN_CTX_get(ctx); - if (!b3) - { - BN_CTX_end(ctx); - if (ctx_new) - BN_CTX_free(ctx); - return -1; - } - - /* XXX This approach assumes that the external representation - * of curves over the same field type is the same. - */ - if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || - !b->meth->group_get_curve(b, b1, b2, b3, ctx)) - r = 1; - - if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) - r = 1; - - /* XXX EC_POINT_cmp() assumes that the methods are equal */ - if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), - EC_GROUP_get0_generator(b), ctx)) - r = 1; - - if (!r) - { - /* compare the order and cofactor */ - if (!EC_GROUP_get_order(a, a1, ctx) || - !EC_GROUP_get_order(b, b1, ctx) || - !EC_GROUP_get_cofactor(a, a2, ctx) || - !EC_GROUP_get_cofactor(b, b2, ctx)) - { - BN_CTX_end(ctx); - if (ctx_new) - BN_CTX_free(ctx); - return -1; - } - if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) - r = 1; - } - - BN_CTX_end(ctx); - if (ctx_new) - BN_CTX_free(ctx); - - return r; - } - - -/* this has 'package' visibility */ -int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) - { - EC_EXTRA_DATA *d; - - if (ex_data == NULL) - return 0; - - for (d = *ex_data; d != NULL; d = d->next) - { - if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) - { - ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); - return 0; - } - } - - if (data == NULL) - /* no explicit entry needed */ - return 1; - - d = OPENSSL_malloc(sizeof *d); - if (d == NULL) - return 0; - - d->data = data; - d->dup_func = dup_func; - d->free_func = free_func; - d->clear_free_func = clear_free_func; - - d->next = *ex_data; - *ex_data = d; - - return 1; - } - -/* this has 'package' visibility */ -void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) - { - const EC_EXTRA_DATA *d; - - for (d = ex_data; d != NULL; d = d->next) - { - if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) - return d->data; - } - - return NULL; - } - -/* this has 'package' visibility */ -void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) - { - EC_EXTRA_DATA **p; - - if (ex_data == NULL) - return; - - for (p = ex_data; *p != NULL; p = &((*p)->next)) - { - if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) - { - EC_EXTRA_DATA *next = (*p)->next; - - (*p)->free_func((*p)->data); - OPENSSL_free(*p); - - *p = next; - return; - } - } - } - -/* this has 'package' visibility */ -void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) - { - EC_EXTRA_DATA **p; - - if (ex_data == NULL) - return; - - for (p = ex_data; *p != NULL; p = &((*p)->next)) - { - if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) - { - EC_EXTRA_DATA *next = (*p)->next; - - (*p)->clear_free_func((*p)->data); - OPENSSL_free(*p); - - *p = next; - return; - } - } - } - -/* this has 'package' visibility */ -void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data) - { - EC_EXTRA_DATA *d; - - if (ex_data == NULL) - return; - - d = *ex_data; - while (d) - { - EC_EXTRA_DATA *next = d->next; - - d->free_func(d->data); - OPENSSL_free(d); - - d = next; - } - *ex_data = NULL; - } - -/* this has 'package' visibility */ -void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data) - { - EC_EXTRA_DATA *d; - - if (ex_data == NULL) - return; - - d = *ex_data; - while (d) - { - EC_EXTRA_DATA *next = d->next; - - d->clear_free_func(d->data); - OPENSSL_free(d); - - d = next; - } - *ex_data = NULL; - } - - -/* functions for EC_POINT objects */ - -EC_POINT *EC_POINT_new(const EC_GROUP *group) - { - EC_POINT *ret; - - if (group == NULL) - { - ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (group->meth->point_init == 0) - { - ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return NULL; - } - - ret = OPENSSL_malloc(sizeof *ret); - if (ret == NULL) - { - ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->meth = group->meth; - - if (!ret->meth->point_init(ret)) - { - OPENSSL_free(ret); - return NULL; - } - - return ret; - } - - -void EC_POINT_free(EC_POINT *point) - { - if (!point) return; - - if (point->meth->point_finish != 0) - point->meth->point_finish(point); - OPENSSL_free(point); - } - - -void EC_POINT_clear_free(EC_POINT *point) - { - if (!point) return; - - if (point->meth->point_clear_finish != 0) - point->meth->point_clear_finish(point); - else if (point->meth != NULL && point->meth->point_finish != 0) - point->meth->point_finish(point); - OPENSSL_cleanse(point, sizeof *point); - OPENSSL_free(point); - } - - -int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) - { - if (dest->meth->point_copy == 0) - { - ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (dest->meth != src->meth) - { - ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (dest == src) - return 1; - return dest->meth->point_copy(dest, src); - } - - -EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) - { - EC_POINT *t; - int r; - - if (a == NULL) return NULL; - - t = EC_POINT_new(group); - if (t == NULL) return(NULL); - r = EC_POINT_copy(t, a); - if (!r) - { - EC_POINT_free(t); - return NULL; - } - else return t; - } - - -const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) - { - return point->meth; - } - - -int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) - { - if (group->meth->point_set_to_infinity == 0) - { - ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_to_infinity(group, point); - } - - -int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) - { - if (group->meth->point_set_Jprojective_coordinates_GFp == 0) - { - ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); - } - - -int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) - { - if (group->meth->point_get_Jprojective_coordinates_GFp == 0) - { - ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); - } - - -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) - { - if (group->meth->point_set_affine_coordinates == 0) - { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); - } - - -int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) - { - if (group->meth->point_set_affine_coordinates == 0) - { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); - } - - -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx) - { - if (group->meth->point_get_affine_coordinates == 0) - { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); - } - - -int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx) - { - if (group->meth->point_get_affine_coordinates == 0) - { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); - } - - -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, int y_bit, BN_CTX *ctx) - { - if (group->meth->point_set_compressed_coordinates == 0) - { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); - } - - -int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, int y_bit, BN_CTX *ctx) - { - if (group->meth->point_set_compressed_coordinates == 0) - { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); - } - - -size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *ctx) - { - if (group->meth->point2oct == 0) - { - ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point2oct(group, point, form, buf, len, ctx); - } - - -int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, - const unsigned char *buf, size_t len, BN_CTX *ctx) - { - if (group->meth->oct2point == 0) - { - ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->oct2point(group, point, buf, len, ctx); - } - - -int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) - { - if (group->meth->add == 0) - { - ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) - { - ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->add(group, r, a, b, ctx); - } - - -int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) - { - if (group->meth->dbl == 0) - { - ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if ((group->meth != r->meth) || (r->meth != a->meth)) - { - ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->dbl(group, r, a, ctx); - } - - -int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) - { - if (group->meth->dbl == 0) - { - ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != a->meth) - { - ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->invert(group, a, ctx); - } - - -int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) - { - if (group->meth->is_at_infinity == 0) - { - ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->is_at_infinity(group, point); - } - - -int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) - { - if (group->meth->is_on_curve == 0) - { - ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->is_on_curve(group, point, ctx); - } - - -int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) - { - if (group->meth->point_cmp == 0) - { - ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if ((group->meth != a->meth) || (a->meth != b->meth)) - { - ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_cmp(group, a, b, ctx); - } - - -int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) - { - if (group->meth->make_affine == 0) - { - ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->make_affine(group, point, ctx); - } - - -int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) - { - size_t i; - - if (group->meth->points_make_affine == 0) - { - ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - for (i = 0; i < num; i++) - { - if (group->meth != points[i]->meth) - { - ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - } - return group->meth->points_make_affine(group, num, points, ctx); - } - - -/* Functions for point multiplication. - * - * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; - * otherwise we dispatch through methods. - */ - -int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) - { - if (group->meth->mul == 0) - /* use default */ - return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - - return group->meth->mul(group, r, scalar, num, points, scalars, ctx); - } - -int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, - const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) - { - /* just a convenient interface to EC_POINTs_mul() */ - - const EC_POINT *points[1]; - const BIGNUM *scalars[1]; - - points[0] = point; - scalars[0] = p_scalar; - - return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); - } - -int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) - { - if (group->meth->mul == 0) - /* use default */ - return ec_wNAF_precompute_mult(group, ctx); - - if (group->meth->precompute_mult != 0) - return group->meth->precompute_mult(group, ctx); - else - return 1; /* nothing to do, so report success */ - } - -int EC_GROUP_have_precompute_mult(const EC_GROUP *group) - { - if (group->meth->mul == 0) - /* use default */ - return ec_wNAF_have_precompute_mult(group); - - if (group->meth->have_precompute_mult != 0) - return group->meth->have_precompute_mult(group); - else - return 0; /* cannot tell whether precomputation has been performed */ - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c deleted file mode 100755 index bf222347..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +++ /dev/null @@ -1,241 +0,0 @@ -/* crypto/ecdh/ech_lib.c */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * The Elliptic Curve Public-Key Crypto Library (ECC Code) included - * herein is developed by SUN MICROSYSTEMS, INC., and is contributed - * to the OpenSSL project. - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. - * - * The ECDH software is originally written by Douglas Stebila of - * Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "ech_locl.h" -#include <string.h> -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -#endif -#include <openssl/err.h> - -const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT; - -static const ECDH_METHOD *default_ECDH_method = NULL; - -static void *ecdh_data_new(void); -static void *ecdh_data_dup(void *); -static void ecdh_data_free(void *); - -void ECDH_set_default_method(const ECDH_METHOD *meth) - { - default_ECDH_method = meth; - } - -const ECDH_METHOD *ECDH_get_default_method(void) - { - if(!default_ECDH_method) - default_ECDH_method = ECDH_OpenSSL(); - return default_ECDH_method; - } - -int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) - { - ECDH_DATA *ecdh; - - ecdh = ecdh_check(eckey); - - if (ecdh == NULL) - return 0; - -#ifndef OPENSSL_NO_ENGINE - if (ecdh->engine) - { - ENGINE_finish(ecdh->engine); - ecdh->engine = NULL; - } -#endif - ecdh->meth = meth; -#if 0 - if (meth->init) - meth->init(eckey); -#endif - return 1; - } - -static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) - { - ECDH_DATA *ret; - - ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); - if (ret == NULL) - { - ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return(NULL); - } - - ret->init = NULL; - - ret->meth = ECDH_get_default_method(); - ret->engine = engine; -#ifndef OPENSSL_NO_ENGINE - if (!ret->engine) - ret->engine = ENGINE_get_default_ECDH(); - if (ret->engine) - { - ret->meth = ENGINE_get_ECDH(ret->engine); - if (!ret->meth) - { - ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; - } - } -#endif - - ret->flags = ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); -#if 0 - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } -#endif - return(ret); - } - -static void *ecdh_data_new(void) - { - return (void *)ECDH_DATA_new_method(NULL); - } - -static void *ecdh_data_dup(void *data) -{ - ECDH_DATA *r = (ECDH_DATA *)data; - - /* XXX: dummy operation */ - if (r == NULL) - return NULL; - - return (void *)ecdh_data_new(); -} - -void ecdh_data_free(void *data) - { - ECDH_DATA *r = (ECDH_DATA *)data; - -#ifndef OPENSSL_NO_ENGINE - if (r->engine) - ENGINE_finish(r->engine); -#endif - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); - - OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); - - OPENSSL_free(r); - } - -ECDH_DATA *ecdh_check(EC_KEY *key) - { - ECDH_DATA *ecdh_data; - - void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, - ecdh_data_free, ecdh_data_free); - if (data == NULL) - { - ecdh_data = (ECDH_DATA *)ecdh_data_new(); - if (ecdh_data == NULL) - return NULL; - EC_KEY_insert_key_method_data(key, (void *)ecdh_data, - ecdh_data_dup, ecdh_data_free, ecdh_data_free); - } - else - ecdh_data = (ECDH_DATA *)data; - - - return ecdh_data; - } - -int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, - new_func, dup_func, free_func); - } - -int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) - { - ECDH_DATA *ecdh; - ecdh = ecdh_check(d); - if (ecdh == NULL) - return 0; - return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg)); - } - -void *ECDH_get_ex_data(EC_KEY *d, int idx) - { - ECDH_DATA *ecdh; - ecdh = ecdh_check(d); - if (ecdh == NULL) - return NULL; - return(CRYPTO_get_ex_data(&ecdh->ex_data,idx)); - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c deleted file mode 100755 index 2ebae3aa..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +++ /dev/null @@ -1,259 +0,0 @@ -/* crypto/ecdsa/ecs_lib.c */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <string.h> -#include "ecs_locl.h" -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -#endif -#include <openssl/err.h> -#include <openssl/bn.h> - -const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT; - -static const ECDSA_METHOD *default_ECDSA_method = NULL; - -static void *ecdsa_data_new(void); -static void *ecdsa_data_dup(void *); -static void ecdsa_data_free(void *); - -void ECDSA_set_default_method(const ECDSA_METHOD *meth) -{ - default_ECDSA_method = meth; -} - -const ECDSA_METHOD *ECDSA_get_default_method(void) -{ - if(!default_ECDSA_method) - default_ECDSA_method = ECDSA_OpenSSL(); - return default_ECDSA_method; -} - -int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) -{ - ECDSA_DATA *ecdsa; - - ecdsa = ecdsa_check(eckey); - - if (ecdsa == NULL) - return 0; - -#ifndef OPENSSL_NO_ENGINE - if (ecdsa->engine) - { - ENGINE_finish(ecdsa->engine); - ecdsa->engine = NULL; - } -#endif - ecdsa->meth = meth; - - return 1; -} - -static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) -{ - ECDSA_DATA *ret; - - ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); - if (ret == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return(NULL); - } - - ret->init = NULL; - - ret->meth = ECDSA_get_default_method(); - ret->engine = engine; -#ifndef OPENSSL_NO_ENGINE - if (!ret->engine) - ret->engine = ENGINE_get_default_ECDSA(); - if (ret->engine) - { - ret->meth = ENGINE_get_ECDSA(ret->engine); - if (!ret->meth) - { - ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; - } - } -#endif - - ret->flags = ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); -#if 0 - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } -#endif - return(ret); -} - -static void *ecdsa_data_new(void) -{ - return (void *)ECDSA_DATA_new_method(NULL); -} - -static void *ecdsa_data_dup(void *data) -{ - ECDSA_DATA *r = (ECDSA_DATA *)data; - - /* XXX: dummy operation */ - if (r == NULL) - return NULL; - - return ecdsa_data_new(); -} - -static void ecdsa_data_free(void *data) -{ - ECDSA_DATA *r = (ECDSA_DATA *)data; - -#ifndef OPENSSL_NO_ENGINE - if (r->engine) - ENGINE_finish(r->engine); -#endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); - - OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); - - OPENSSL_free(r); -} - -ECDSA_DATA *ecdsa_check(EC_KEY *key) -{ - ECDSA_DATA *ecdsa_data; - - void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, - ecdsa_data_free, ecdsa_data_free); - if (data == NULL) - { - ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); - if (ecdsa_data == NULL) - return NULL; - EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, - ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); - } - else - ecdsa_data = (ECDSA_DATA *)data; - - - return ecdsa_data; -} - -int ECDSA_size(const EC_KEY *r) -{ - int ret,i; - ASN1_INTEGER bs; - BIGNUM *order=NULL; - unsigned char buf[4]; - const EC_GROUP *group; - - if (r == NULL) - return 0; - group = EC_KEY_get0_group(r); - if (group == NULL) - return 0; - - if ((order = BN_new()) == NULL) return 0; - if (!EC_GROUP_get_order(group,order,NULL)) - { - BN_clear_free(order); - return 0; - } - i=BN_num_bits(order); - bs.length=(i+7)/8; - bs.data=buf; - bs.type=V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0]=0xff; - - i=i2d_ASN1_INTEGER(&bs,NULL); - i+=i; /* r and s */ - ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - BN_clear_free(order); - return(ret); -} - - -int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, - new_func, dup_func, free_func); -} - -int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) -{ - ECDSA_DATA *ecdsa; - ecdsa = ecdsa_check(d); - if (ecdsa == NULL) - return 0; - return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg)); -} - -void *ECDSA_get_ex_data(EC_KEY *d, int idx) -{ - ECDSA_DATA *ecdsa; - ecdsa = ecdsa_check(d); - if (ecdsa == NULL) - return NULL; - return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); -} diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/engine/eng_all.c deleted file mode 100755 index f29c167c..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/engine/eng_all.c +++ /dev/null @@ -1,125 +0,0 @@ -/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */ -/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include "eng_int.h" - -void ENGINE_load_builtin_engines(void) - { - /* There's no longer any need for an "openssl" ENGINE unless, one day, - * it is the *only* way for standard builtin implementations to be be - * accessed (ie. it would be possible to statically link binaries with - * *no* builtin implementations). */ -#if 0 - ENGINE_load_openssl(); -#endif -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) - ENGINE_load_padlock(); -#endif - ENGINE_load_dynamic(); -#ifndef OPENSSL_NO_STATIC_ENGINE -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_4758_CCA - ENGINE_load_4758cca(); -#endif -#ifndef OPENSSL_NO_HW_AEP - ENGINE_load_aep(); -#endif -#ifndef OPENSSL_NO_HW_ATALLA - ENGINE_load_atalla(); -#endif -#ifndef OPENSSL_NO_HW_CSWIFT - ENGINE_load_cswift(); -#endif -#ifndef OPENSSL_NO_HW_NCIPHER - ENGINE_load_chil(); -#endif -#ifndef OPENSSL_NO_HW_NURON - ENGINE_load_nuron(); -#endif -#ifndef OPENSSL_NO_HW_SUREWARE - ENGINE_load_sureware(); -#endif -#ifndef OPENSSL_NO_HW_UBSEC - ENGINE_load_ubsec(); -#endif -#endif -#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) - ENGINE_load_gmp(); -#endif -#endif -#ifndef OPENSSL_NO_HW -#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) - ENGINE_load_cryptodev(); -#endif -#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) - ENGINE_load_capi(); -#endif -#endif - } - -#if defined(__OpenBSD__) || defined(__FreeBSD__) -void ENGINE_setup_bsd_cryptodev(void) { - static int bsd_cryptodev_default_loaded = 0; - if (!bsd_cryptodev_default_loaded) { - ENGINE_load_cryptodev(); - ENGINE_register_all_complete(); - } - bsd_cryptodev_default_loaded=1; -} -#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/err/err_all.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/err/err_all.c deleted file mode 100755 index 39796f7c..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/err/err_all.c +++ /dev/null @@ -1,163 +0,0 @@ -/* crypto/err/err_all.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <openssl/asn1.h> -#include <openssl/bn.h> -#ifndef OPENSSL_NO_EC -#include <openssl/ec.h> -#endif -#include <openssl/buffer.h> -#include <openssl/bio.h> -#ifndef OPENSSL_NO_RSA -#include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif -#ifndef OPENSSL_NO_DSA -#include <openssl/dsa.h> -#endif -#ifndef OPENSSL_NO_ECDSA -#include <openssl/ecdsa.h> -#endif -#ifndef OPENSSL_NO_ECDH -#include <openssl/ecdh.h> -#endif -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/pem2.h> -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/conf.h> -#include <openssl/pkcs12.h> -#include <openssl/rand.h> -#include <openssl/dso.h> -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -#endif -#include <openssl/ui.h> -#include <openssl/ocsp.h> -#include <openssl/err.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif - -#ifndef OPENSSL_NO_CMS -#include <openssl/cms.h> -#endif -#ifndef OPENSSL_NO_JPAKE -#include <openssl/jpake.h> -#endif -#include <openssl/comp.h> - -void ERR_load_crypto_strings(void) - { -#ifndef OPENSSL_NO_ERR - ERR_load_ERR_strings(); /* include error strings for SYSerr */ - ERR_load_BN_strings(); -#ifndef OPENSSL_NO_RSA - ERR_load_RSA_strings(); -#endif -#ifndef OPENSSL_NO_DH - ERR_load_DH_strings(); -#endif - ERR_load_EVP_strings(); - ERR_load_BUF_strings(); - ERR_load_OBJ_strings(); - ERR_load_PEM_strings(); -#ifndef OPENSSL_NO_DSA - ERR_load_DSA_strings(); -#endif - ERR_load_X509_strings(); - ERR_load_ASN1_strings(); - ERR_load_CONF_strings(); - ERR_load_CRYPTO_strings(); -#ifndef OPENSSL_NO_EC - ERR_load_EC_strings(); -#endif -#ifndef OPENSSL_NO_ECDSA - ERR_load_ECDSA_strings(); -#endif -#ifndef OPENSSL_NO_ECDH - ERR_load_ECDH_strings(); -#endif - /* skip ERR_load_SSL_strings() because it is not in this library */ - ERR_load_BIO_strings(); - ERR_load_PKCS7_strings(); - ERR_load_X509V3_strings(); - ERR_load_PKCS12_strings(); - ERR_load_RAND_strings(); - ERR_load_DSO_strings(); -#ifndef OPENSSL_NO_ENGINE - ERR_load_ENGINE_strings(); -#endif - ERR_load_OCSP_strings(); - ERR_load_UI_strings(); -#ifdef OPENSSL_FIPS - ERR_load_FIPS_strings(); -#endif -#ifndef OPENSSL_NO_CMS - ERR_load_CMS_strings(); -#endif -#ifndef OPENSSL_NO_JPAKE - ERR_load_JPAKE_strings(); -#endif - ERR_load_COMP_strings(); -#endif - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/bio_b64.c deleted file mode 100755 index 72a2a672..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +++ /dev/null @@ -1,598 +0,0 @@ -/* crypto/evp/bio_b64.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <errno.h> -#include "cryptlib.h" -#include <openssl/buffer.h> -#include <openssl/evp.h> - -static int b64_write(BIO *h, const char *buf, int num); -static int b64_read(BIO *h, char *buf, int size); -static int b64_puts(BIO *h, const char *str); -/*static int b64_gets(BIO *h, char *str, int size); */ -static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int b64_new(BIO *h); -static int b64_free(BIO *data); -static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); -#define B64_BLOCK_SIZE 1024 -#define B64_BLOCK_SIZE2 768 -#define B64_NONE 0 -#define B64_ENCODE 1 -#define B64_DECODE 2 - -typedef struct b64_struct - { - /*BIO *bio; moved to the BIO structure */ - int buf_len; - int buf_off; - int tmp_len; /* used to find the start when decoding */ - int tmp_nl; /* If true, scan until '\n' */ - int encode; - int start; /* have we started decoding yet? */ - int cont; /* <= 0 when finished */ - EVP_ENCODE_CTX base64; - char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10]; - char tmp[B64_BLOCK_SIZE]; - } BIO_B64_CTX; - -static BIO_METHOD methods_b64= - { - BIO_TYPE_BASE64,"base64 encoding", - b64_write, - b64_read, - b64_puts, - NULL, /* b64_gets, */ - b64_ctrl, - b64_new, - b64_free, - b64_callback_ctrl, - }; - -BIO_METHOD *BIO_f_base64(void) - { - return(&methods_b64); - } - -static int b64_new(BIO *bi) - { - BIO_B64_CTX *ctx; - - ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); - if (ctx == NULL) return(0); - - ctx->buf_len=0; - ctx->tmp_len=0; - ctx->tmp_nl=0; - ctx->buf_off=0; - ctx->cont=1; - ctx->start=1; - ctx->encode=0; - - bi->init=1; - bi->ptr=(char *)ctx; - bi->flags=0; - bi->num = 0; - return(1); - } - -static int b64_free(BIO *a) - { - if (a == NULL) return(0); - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -static int b64_read(BIO *b, char *out, int outl) - { - int ret=0,i,ii,j,k,x,n,num,ret_code=0; - BIO_B64_CTX *ctx; - unsigned char *p,*q; - - if (out == NULL) return(0); - ctx=(BIO_B64_CTX *)b->ptr; - - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); - - BIO_clear_retry_flags(b); - - if (ctx->encode != B64_DECODE) - { - ctx->encode=B64_DECODE; - ctx->buf_len=0; - ctx->buf_off=0; - ctx->tmp_len=0; - EVP_DecodeInit(&(ctx->base64)); - } - - /* First check if there are bytes decoded/encoded */ - if (ctx->buf_len > 0) - { - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - i=ctx->buf_len-ctx->buf_off; - if (i > outl) i=outl; - OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); - memcpy(out,&(ctx->buf[ctx->buf_off]),i); - ret=i; - out+=i; - outl-=i; - ctx->buf_off+=i; - if (ctx->buf_len == ctx->buf_off) - { - ctx->buf_len=0; - ctx->buf_off=0; - } - } - - /* At this point, we have room of outl bytes and an empty - * buffer, so we should read in some more. */ - - ret_code=0; - while (outl > 0) - { - if (ctx->cont <= 0) - break; - - i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), - B64_BLOCK_SIZE-ctx->tmp_len); - - if (i <= 0) - { - ret_code=i; - - /* Should we continue next time we are called? */ - if (!BIO_should_retry(b->next_bio)) - { - ctx->cont=i; - /* If buffer empty break */ - if(ctx->tmp_len == 0) - break; - /* Fall through and process what we have */ - else - i = 0; - } - /* else we retry and add more data to buffer */ - else - break; - } - i+=ctx->tmp_len; - ctx->tmp_len = i; - - /* We need to scan, a line at a time until we - * have a valid line if we are starting. */ - if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) - { - /* ctx->start=1; */ - ctx->tmp_len=0; - } - else if (ctx->start) - { - q=p=(unsigned char *)ctx->tmp; - for (j=0; j<i; j++) - { - if (*(q++) != '\n') continue; - - /* due to a previous very long line, - * we need to keep on scanning for a '\n' - * before we even start looking for - * base64 encoded stuff. */ - if (ctx->tmp_nl) - { - p=q; - ctx->tmp_nl=0; - continue; - } - - k=EVP_DecodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf, - &num,p,q-p); - if ((k <= 0) && (num == 0) && (ctx->start)) - EVP_DecodeInit(&ctx->base64); - else - { - if (p != (unsigned char *) - &(ctx->tmp[0])) - { - i-=(p- (unsigned char *) - &(ctx->tmp[0])); - for (x=0; x < i; x++) - ctx->tmp[x]=p[x]; - } - EVP_DecodeInit(&ctx->base64); - ctx->start=0; - break; - } - p=q; - } - - /* we fell off the end without starting */ - if (j == i) - { - /* Is this is one long chunk?, if so, keep on - * reading until a new line. */ - if (p == (unsigned char *)&(ctx->tmp[0])) - { - /* Check buffer full */ - if (i == B64_BLOCK_SIZE) - { - ctx->tmp_nl=1; - ctx->tmp_len=0; - } - } - else if (p != q) /* finished on a '\n' */ - { - n=q-p; - for (ii=0; ii<n; ii++) - ctx->tmp[ii]=p[ii]; - ctx->tmp_len=n; - } - /* else finished on a '\n' */ - continue; - } - else - { - ctx->tmp_len=0; - } - } - else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) - { - /* If buffer isn't full and we can retry then - * restart to read in more data. - */ - continue; - } - - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) - { - int z,jj; - -#if 0 - jj=(i>>2)<<2; -#else - jj = i & ~3; /* process per 4 */ -#endif - z=EVP_DecodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp,jj); - if (jj > 2) - { - if (ctx->tmp[jj-1] == '=') - { - z--; - if (ctx->tmp[jj-2] == '=') - z--; - } - } - /* z is now number of output bytes and jj is the - * number consumed */ - if (jj != i) - { - memmove(ctx->tmp, &ctx->tmp[jj], i-jj); - ctx->tmp_len=i-jj; - } - ctx->buf_len=0; - if (z > 0) - { - ctx->buf_len=z; - } - i=z; - } - else - { - i=EVP_DecodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)ctx->tmp,i); - ctx->tmp_len = 0; - } - ctx->buf_off=0; - if (i < 0) - { - ret_code=0; - ctx->buf_len=0; - break; - } - - if (ctx->buf_len <= outl) - i=ctx->buf_len; - else - i=outl; - - memcpy(out,ctx->buf,i); - ret+=i; - ctx->buf_off=i; - if (ctx->buf_off == ctx->buf_len) - { - ctx->buf_len=0; - ctx->buf_off=0; - } - outl-=i; - out+=i; - } - /* BIO_clear_retry_flags(b); */ - BIO_copy_next_retry(b); - return((ret == 0)?ret_code:ret); - } - -static int b64_write(BIO *b, const char *in, int inl) - { - int ret=0; - int n; - int i; - BIO_B64_CTX *ctx; - - ctx=(BIO_B64_CTX *)b->ptr; - BIO_clear_retry_flags(b); - - if (ctx->encode != B64_ENCODE) - { - ctx->encode=B64_ENCODE; - ctx->buf_len=0; - ctx->buf_off=0; - ctx->tmp_len=0; - EVP_EncodeInit(&(ctx->base64)); - } - - OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - n=ctx->buf_len-ctx->buf_off; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { - BIO_copy_next_retry(b); - return(i); - } - OPENSSL_assert(i <= n); - ctx->buf_off+=i; - OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - n-=i; - } - /* at this point all pending data has been written */ - ctx->buf_off=0; - ctx->buf_len=0; - - if ((in == NULL) || (inl <= 0)) return(0); - - while (inl > 0) - { - n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl; - - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) - { - if (ctx->tmp_len > 0) - { - OPENSSL_assert(ctx->tmp_len <= 3); - n=3-ctx->tmp_len; - /* There's a theoretical possibility for this */ - if (n > inl) - n=inl; - memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); - ctx->tmp_len+=n; - ret += n; - if (ctx->tmp_len < 3) - break; - ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - /* Since we're now done using the temporary - buffer, the length should be 0'd */ - ctx->tmp_len=0; - } - else - { - if (n < 3) - { - memcpy(ctx->tmp,in,n); - ctx->tmp_len=n; - ret += n; - break; - } - n-=n%3; - ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret += n; - } - } - else - { - EVP_EncodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)in,n); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret += n; - } - inl-=n; - in+=n; - - ctx->buf_off=0; - n=ctx->buf_len; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { - BIO_copy_next_retry(b); - return((ret == 0)?i:ret); - } - OPENSSL_assert(i <= n); - n-=i; - ctx->buf_off+=i; - OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - } - ctx->buf_len=0; - ctx->buf_off=0; - } - return(ret); - } - -static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) - { - BIO_B64_CTX *ctx; - long ret=1; - int i; - - ctx=(BIO_B64_CTX *)b->ptr; - - switch (cmd) - { - case BIO_CTRL_RESET: - ctx->cont=1; - ctx->start=1; - ctx->encode=B64_NONE; - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret=1; - else - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_WPENDING: /* More to write in buffer */ - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret=ctx->buf_len-ctx->buf_off; - if ((ret == 0) && (ctx->encode != B64_NONE) - && (ctx->base64.num != 0)) - ret=1; - else if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret=ctx->buf_len-ctx->buf_off; - if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ -again: - while (ctx->buf_len != ctx->buf_off) - { - i=b64_write(b,NULL,0); - if (i < 0) - return i; - } - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) - { - if (ctx->tmp_len != 0) - { - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, - ctx->tmp_len); - ctx->buf_off=0; - ctx->tmp_len=0; - goto again; - } - } - else if (ctx->encode != B64_NONE && ctx->base64.num != 0) - { - ctx->buf_off=0; - EVP_EncodeFinal(&(ctx->base64), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - /* push out the bytes */ - goto again; - } - /* Finally flush the underlying BIO */ - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - BIO_copy_next_retry(b); - break; - - case BIO_CTRL_DUP: - break; - case BIO_CTRL_INFO: - case BIO_CTRL_GET: - case BIO_CTRL_SET: - default: - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - } - return(ret); - } - -static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; - - if (b->next_bio == NULL) return(0); - switch (cmd) - { - default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); - break; - } - return(ret); - } - -static int b64_puts(BIO *b, const char *str) - { - return b64_write(b,str,strlen(str)); - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/encode.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/encode.c deleted file mode 100755 index e8a52181..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/encode.c +++ /dev/null @@ -1,445 +0,0 @@ -/* crypto/evp/encode.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/evp.h> - -#ifndef CHARSET_EBCDIC -#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -#define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) -#else -/* We assume that PEM encoded files are EBCDIC files - * (i.e., printable text files). Convert them here while decoding. - * When encoding, output is EBCDIC (text) format again. - * (No need for conversion in the conv_bin2ascii macro, as the - * underlying textstring data_bin2ascii[] is already EBCDIC) - */ -#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -#define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) -#endif - -/* 64 char lines - * pad input with 0 - * left over chars are set to = - * 1 byte => xx== - * 2 bytes => xxx= - * 3 bytes => xxxx - */ -#define BIN_PER_LINE (64/4*3) -#define CHUNKS_PER_LINE (64/4) -#define CHAR_PER_LINE (64+1) - -static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ -abcdefghijklmnopqrstuvwxyz0123456789+/"; - -/* 0xF0 is a EOLN - * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing). - * 0xF2 is EOF - * 0xE0 is ignore at start of line. - * 0xFF is error - */ - -#define B64_EOLN 0xF0 -#define B64_CR 0xF1 -#define B64_EOF 0xF2 -#define B64_WS 0xE0 -#define B64_ERROR 0xFF -#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) - -static unsigned char data_ascii2bin[128]={ - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F, - 0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B, - 0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF, - 0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06, - 0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E, - 0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16, - 0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20, - 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28, - 0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30, - 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF, - }; - -void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) - { - ctx->length=48; - ctx->num=0; - ctx->line_num=0; - } - -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) - { - int i,j; - unsigned int total=0; - - *outl=0; - if (inl == 0) return; - OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); - if ((ctx->num+inl) < ctx->length) - { - memcpy(&(ctx->enc_data[ctx->num]),in,inl); - ctx->num+=inl; - return; - } - if (ctx->num != 0) - { - i=ctx->length-ctx->num; - memcpy(&(ctx->enc_data[ctx->num]),in,i); - in+=i; - inl-=i; - j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length); - ctx->num=0; - out+=j; - *(out++)='\n'; - *out='\0'; - total=j+1; - } - while (inl >= ctx->length) - { - j=EVP_EncodeBlock(out,in,ctx->length); - in+=ctx->length; - inl-=ctx->length; - out+=j; - *(out++)='\n'; - *out='\0'; - total+=j+1; - } - if (inl != 0) - memcpy(&(ctx->enc_data[0]),in,inl); - ctx->num=inl; - *outl=total; - } - -void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) - { - unsigned int ret=0; - - if (ctx->num != 0) - { - ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num); - out[ret++]='\n'; - out[ret]='\0'; - ctx->num=0; - } - *outl=ret; - } - -int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) - { - int i,ret=0; - unsigned long l; - - for (i=dlen; i > 0; i-=3) - { - if (i >= 3) - { - l= (((unsigned long)f[0])<<16L)| - (((unsigned long)f[1])<< 8L)|f[2]; - *(t++)=conv_bin2ascii(l>>18L); - *(t++)=conv_bin2ascii(l>>12L); - *(t++)=conv_bin2ascii(l>> 6L); - *(t++)=conv_bin2ascii(l ); - } - else - { - l=((unsigned long)f[0])<<16L; - if (i == 2) l|=((unsigned long)f[1]<<8L); - - *(t++)=conv_bin2ascii(l>>18L); - *(t++)=conv_bin2ascii(l>>12L); - *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L); - *(t++)='='; - } - ret+=4; - f+=3; - } - - *t='\0'; - return(ret); - } - -void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) - { - ctx->length=30; - ctx->num=0; - ctx->line_num=0; - ctx->expect_nl=0; - } - -/* -1 for error - * 0 for last line - * 1 for full line - */ -int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) - { - int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; - unsigned char *d; - - n=ctx->num; - d=ctx->enc_data; - ln=ctx->line_num; - exp_nl=ctx->expect_nl; - - /* last line of input. */ - if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) - { rv=0; goto end; } - - /* We parse the input data */ - for (i=0; i<inl; i++) - { - /* If the current line is > 80 characters, scream alot */ - if (ln >= 80) { rv= -1; goto end; } - - /* Get char and put it into the buffer */ - tmp= *(in++); - v=conv_ascii2bin(tmp); - /* only save the good data :-) */ - if (!B64_NOT_BASE64(v)) - { - OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); - d[n++]=tmp; - ln++; - } - else if (v == B64_ERROR) - { - rv= -1; - goto end; - } - - /* have we seen a '=' which is 'definitly' the last - * input line. seof will point to the character that - * holds it. and eof will hold how many characters to - * chop off. */ - if (tmp == '=') - { - if (seof == -1) seof=n; - eof++; - } - - if (v == B64_CR) - { - ln = 0; - if (exp_nl) - continue; - } - - /* eoln */ - if (v == B64_EOLN) - { - ln=0; - if (exp_nl) - { - exp_nl=0; - continue; - } - } - exp_nl=0; - - /* If we are at the end of input and it looks like a - * line, process it. */ - if (((i+1) == inl) && (((n&3) == 0) || eof)) - { - v=B64_EOF; - /* In case things were given us in really small - records (so two '=' were given in separate - updates), eof may contain the incorrect number - of ending bytes to skip, so let's redo the count */ - eof = 0; - if (d[n-1] == '=') eof++; - if (d[n-2] == '=') eof++; - /* There will never be more than two '=' */ - } - - if ((v == B64_EOF && (n&3) == 0) || (n >= 64)) - { - /* This is needed to work correctly on 64 byte input - * lines. We process the line and then need to - * accept the '\n' */ - if ((v != B64_EOF) && (n >= 64)) exp_nl=1; - if (n > 0) - { - v=EVP_DecodeBlock(out,d,n); - n=0; - if (v < 0) { rv=0; goto end; } - ret+=(v-eof); - } - else - { - eof=1; - v=0; - } - - /* This is the case where we have had a short - * but valid input line */ - if ((v < ctx->length) && eof) - { - rv=0; - goto end; - } - else - ctx->length=v; - - if (seof >= 0) { rv=0; goto end; } - out+=v; - } - } - rv=1; -end: - *outl=ret; - ctx->num=n; - ctx->line_num=ln; - ctx->expect_nl=exp_nl; - return(rv); - } - -int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) - { - int i,ret=0,a,b,c,d; - unsigned long l; - - /* trim white space from the start of the line. */ - while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) - { - f++; - n--; - } - - /* strip off stuff at the end of the line - * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */ - while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1])))) - n--; - - if (n%4 != 0) return(-1); - - for (i=0; i<n; i+=4) - { - a=conv_ascii2bin(*(f++)); - b=conv_ascii2bin(*(f++)); - c=conv_ascii2bin(*(f++)); - d=conv_ascii2bin(*(f++)); - if ( (a & 0x80) || (b & 0x80) || - (c & 0x80) || (d & 0x80)) - return(-1); - l=( (((unsigned long)a)<<18L)| - (((unsigned long)b)<<12L)| - (((unsigned long)c)<< 6L)| - (((unsigned long)d) )); - *(t++)=(unsigned char)(l>>16L)&0xff; - *(t++)=(unsigned char)(l>> 8L)&0xff; - *(t++)=(unsigned char)(l )&0xff; - ret+=3; - } - return(ret); - } - -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) - { - int i; - - *outl=0; - if (ctx->num != 0) - { - i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num); - if (i < 0) return(-1); - ctx->num=0; - *outl=i; - return(1); - } - else - return(1); - } - -#ifdef undef -int EVP_DecodeValid(unsigned char *buf, int len) - { - int i,num=0,bad=0; - - if (len == 0) return(-1); - while (conv_ascii2bin(*buf) == B64_WS) - { - buf++; - len--; - if (len == 0) return(-1); - } - - for (i=len; i >= 4; i-=4) - { - if ( (conv_ascii2bin(buf[0]) >= 0x40) || - (conv_ascii2bin(buf[1]) >= 0x40) || - (conv_ascii2bin(buf[2]) >= 0x40) || - (conv_ascii2bin(buf[3]) >= 0x40)) - return(-1); - buf+=4; - num+=1+(buf[2] != '=')+(buf[3] != '='); - } - if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) - return(num); - if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && - (conv_ascii2bin(buf[0]) == B64_EOLN)) - return(num); - return(1); - } -#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/o_init.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/o_init.c deleted file mode 100755 index d767a90a..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/o_init.c +++ /dev/null @@ -1,96 +0,0 @@ -/* o_init.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <e_os.h> -#include <openssl/err.h> - -/* Internal only functions: only ever used here */ -#ifdef OPENSSL_FIPS -extern void int_ERR_lib_init(void); -# ifndef OPENSSL_NO_ENGINE -extern void int_EVP_MD_init_engine_callbacks(void ); -extern void int_EVP_CIPHER_init_engine_callbacks(void ); -extern void int_RAND_init_engine_callbacks(void ); -# endif -#endif - -/* Perform any essential OpenSSL initialization operations. - * Currently only sets FIPS callbacks - */ - -void OPENSSL_init(void) - { -#ifdef OPENSSL_FIPS - static int done = 0; - if (!done) - { - int_ERR_lib_init(); -#ifdef CRYPTO_MDEBUG - CRYPTO_malloc_debug_init(); -#endif -#ifndef OPENSSL_NO_ENGINE - int_EVP_MD_init_engine_callbacks(); - int_EVP_CIPHER_init_engine_callbacks(); - int_RAND_init_engine_callbacks(); -#endif - done = 1; - } -#endif - } - - diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c deleted file mode 100755 index 4a0c3870..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +++ /dev/null @@ -1,444 +0,0 @@ -/* ocsp_vfy.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <openssl/ocsp.h> -#include <openssl/err.h> -#include <string.h> - -static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags); -static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); -static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags); -static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); -static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp); -static int ocsp_check_delegated(X509 *x, int flags); -static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags); - -/* Verify a basic response message */ - -int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags) - { - X509 *signer, *x; - STACK_OF(X509) *chain = NULL; - X509_STORE_CTX ctx; - int i, ret = 0; - ret = ocsp_find_signer(&signer, bs, certs, st, flags); - if (!ret) - { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); - goto end; - } - if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) - flags |= OCSP_NOVERIFY; - if (!(flags & OCSP_NOSIGS)) - { - EVP_PKEY *skey; - skey = X509_get_pubkey(signer); - ret = OCSP_BASICRESP_verify(bs, skey, 0); - EVP_PKEY_free(skey); - if(ret <= 0) - { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); - goto end; - } - } - if (!(flags & OCSP_NOVERIFY)) - { - int init_res; - if(flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); - else - init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); - if(!init_res) - { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); - goto end; - } - - X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); - ret = X509_verify_cert(&ctx); - chain = X509_STORE_CTX_get1_chain(&ctx); - X509_STORE_CTX_cleanup(&ctx); - if (ret <= 0) - { - i = X509_STORE_CTX_get_error(&ctx); - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); - ERR_add_error_data(2, "Verify error:", - X509_verify_cert_error_string(i)); - goto end; - } - if(flags & OCSP_NOCHECKS) - { - ret = 1; - goto end; - } - /* At this point we have a valid certificate chain - * need to verify it against the OCSP issuer criteria. - */ - ret = ocsp_check_issuer(bs, chain, flags); - - /* If fatal error or valid match then finish */ - if (ret != 0) goto end; - - /* Easy case: explicitly trusted. Get root CA and - * check for explicit trust - */ - if(flags & OCSP_NOEXPLICIT) goto end; - - x = sk_X509_value(chain, sk_X509_num(chain) - 1); - if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) - { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED); - goto end; - } - ret = 1; - } - - - - end: - if(chain) sk_X509_pop_free(chain, X509_free); - return ret; - } - - -static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags) - { - X509 *signer; - OCSP_RESPID *rid = bs->tbsResponseData->responderId; - if ((signer = ocsp_find_signer_sk(certs, rid))) - { - *psigner = signer; - return 2; - } - if(!(flags & OCSP_NOINTERN) && - (signer = ocsp_find_signer_sk(bs->certs, rid))) - { - *psigner = signer; - return 1; - } - /* Maybe lookup from store if by subject name */ - - *psigner = NULL; - return 0; - } - - -static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) - { - int i; - unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; - X509 *x; - - /* Easy if lookup by name */ - if (id->type == V_OCSP_RESPID_NAME) - return X509_find_by_subject(certs, id->value.byName); - - /* Lookup by key hash */ - - /* If key hash isn't SHA1 length then forget it */ - if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL; - keyhash = id->value.byKey->data; - /* Calculate hash of each key and compare */ - for (i = 0; i < sk_X509_num(certs); i++) - { - x = sk_X509_value(certs, i); - X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); - if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) - return x; - } - return NULL; - } - - -static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags) - { - STACK_OF(OCSP_SINGLERESP) *sresp; - X509 *signer, *sca; - OCSP_CERTID *caid = NULL; - int i; - sresp = bs->tbsResponseData->responses; - - if (sk_X509_num(chain) <= 0) - { - OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); - return -1; - } - - /* See if the issuer IDs match. */ - i = ocsp_check_ids(sresp, &caid); - - /* If ID mismatch or other error then return */ - if (i <= 0) return i; - - signer = sk_X509_value(chain, 0); - /* Check to see if OCSP responder CA matches request CA */ - if (sk_X509_num(chain) > 1) - { - sca = sk_X509_value(chain, 1); - i = ocsp_match_issuerid(sca, caid, sresp); - if (i < 0) return i; - if (i) - { - /* We have a match, if extensions OK then success */ - if (ocsp_check_delegated(signer, flags)) return 1; - return 0; - } - } - - /* Otherwise check if OCSP request signed directly by request CA */ - return ocsp_match_issuerid(signer, caid, sresp); - } - - -/* Check the issuer certificate IDs for equality. If there is a mismatch with the same - * algorithm then there's no point trying to match any certificates against the issuer. - * If the issuer IDs all match then we just need to check equality against one of them. - */ - -static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) - { - OCSP_CERTID *tmpid, *cid; - int i, idcount; - - idcount = sk_OCSP_SINGLERESP_num(sresp); - if (idcount <= 0) - { - OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); - return -1; - } - - cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; - - *ret = NULL; - - for (i = 1; i < idcount; i++) - { - tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; - /* Check to see if IDs match */ - if (OCSP_id_issuer_cmp(cid, tmpid)) - { - /* If algoritm mismatch let caller deal with it */ - if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, - cid->hashAlgorithm->algorithm)) - return 2; - /* Else mismatch */ - return 0; - } - } - - /* All IDs match: only need to check one ID */ - *ret = cid; - return 1; - } - - -static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - STACK_OF(OCSP_SINGLERESP) *sresp) - { - /* If only one ID to match then do it */ - if(cid) - { - const EVP_MD *dgst; - X509_NAME *iname; - int mdlen; - unsigned char md[EVP_MAX_MD_SIZE]; - if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) - { - OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST); - return -1; - } - - mdlen = EVP_MD_size(dgst); - if ((cid->issuerNameHash->length != mdlen) || - (cid->issuerKeyHash->length != mdlen)) - return 0; - iname = X509_get_subject_name(cert); - if (!X509_NAME_digest(iname, dgst, md, NULL)) - return -1; - if (memcmp(md, cid->issuerNameHash->data, mdlen)) - return 0; - X509_pubkey_digest(cert, EVP_sha1(), md, NULL); - if (memcmp(md, cid->issuerKeyHash->data, mdlen)) - return 0; - - return 1; - - } - else - { - /* We have to match the whole lot */ - int i, ret; - OCSP_CERTID *tmpid; - for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) - { - tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; - ret = ocsp_match_issuerid(cert, tmpid, NULL); - if (ret <= 0) return ret; - } - return 1; - } - - } - -static int ocsp_check_delegated(X509 *x, int flags) - { - X509_check_purpose(x, -1, 0); - if ((x->ex_flags & EXFLAG_XKUSAGE) && - (x->ex_xkusage & XKU_OCSP_SIGN)) - return 1; - OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); - return 0; - } - -/* Verify an OCSP request. This is fortunately much easier than OCSP - * response verify. Just find the signers certificate and verify it - * against a given trust value. - */ - -int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags) - { - X509 *signer; - X509_NAME *nm; - GENERAL_NAME *gen; - int ret; - X509_STORE_CTX ctx; - if (!req->optionalSignature) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); - return 0; - } - gen = req->tbsRequest->requestorName; - if (!gen || gen->type != GEN_DIRNAME) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); - return 0; - } - nm = gen->d.directoryName; - ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); - if (ret <= 0) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); - return 0; - } - if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) - flags |= OCSP_NOVERIFY; - if (!(flags & OCSP_NOSIGS)) - { - EVP_PKEY *skey; - skey = X509_get_pubkey(signer); - ret = OCSP_REQUEST_verify(req, skey); - EVP_PKEY_free(skey); - if(ret <= 0) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); - return 0; - } - } - if (!(flags & OCSP_NOVERIFY)) - { - int init_res; - if(flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); - else - init_res = X509_STORE_CTX_init(&ctx, store, signer, - req->optionalSignature->certs); - if(!init_res) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); - return 0; - } - - X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); - X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); - ret = X509_verify_cert(&ctx); - X509_STORE_CTX_cleanup(&ctx); - if (ret <= 0) - { - ret = X509_STORE_CTX_get_error(&ctx); - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); - ERR_add_error_data(2, "Verify error:", - X509_verify_cert_error_string(ret)); - return 0; - } - } - return 1; - } - -static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags) - { - X509 *signer; - if(!(flags & OCSP_NOINTERN)) - { - signer = X509_find_by_subject(req->optionalSignature->certs, nm); - *psigner = signer; - return 1; - } - - signer = X509_find_by_subject(certs, nm); - if (signer) - { - *psigner = signer; - return 2; - } - return 0; - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c deleted file mode 100755 index 9522342f..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +++ /dev/null @@ -1,370 +0,0 @@ -/* p12_crt.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/pkcs12.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif - - - -static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); - -static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) - { - int idx; - X509_ATTRIBUTE *attr; - idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); - if (idx < 0) - return 1; - attr = EVP_PKEY_get_attr(pkey, idx); - if (!X509at_add1_attr(&bag->attrib, attr)) - return 0; - return 1; - } - -PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, - STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, - int keytype) -{ - PKCS12 *p12 = NULL; - STACK_OF(PKCS7) *safes = NULL; - STACK_OF(PKCS12_SAFEBAG) *bags = NULL; - PKCS12_SAFEBAG *bag = NULL; - int i; - unsigned char keyid[EVP_MAX_MD_SIZE]; - unsigned int keyidlen = 0; - - /* Set defaults */ - if (!nid_cert) - { -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else -#endif - nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; - } - if (!nid_key) - nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - if (!iter) - iter = PKCS12_DEFAULT_ITER; - if (!mac_iter) - mac_iter = 1; - - if(!pkey && !cert && !ca) - { - PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); - return NULL; - } - - if (pkey && cert) - { - if(!X509_check_private_key(cert, pkey)) - return NULL; - X509_digest(cert, EVP_sha1(), keyid, &keyidlen); - } - - if (cert) - { - bag = PKCS12_add_cert(&bags, cert); - if(name && !PKCS12_add_friendlyname(bag, name, -1)) - goto err; - if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) - goto err; - } - - /* Add all other certificates */ - for(i = 0; i < sk_X509_num(ca); i++) - { - if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) - goto err; - } - - if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) - goto err; - - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - - if (pkey) - { - bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); - - if (!bag) - goto err; - - if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) - goto err; - if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) - goto err; - - if(name && !PKCS12_add_friendlyname(bag, name, -1)) - goto err; - if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) - goto err; - } - - if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) - goto err; - - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - - p12 = PKCS12_add_safes(safes, 0); - - if (!p12) - goto err; - - sk_PKCS7_pop_free(safes, PKCS7_free); - - safes = NULL; - - if ((mac_iter != -1) && - !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) - goto err; - - return p12; - - err: - - if (p12) - PKCS12_free(p12); - if (safes) - sk_PKCS7_pop_free(safes, PKCS7_free); - if (bags) - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - return NULL; - -} - -PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) - { - PKCS12_SAFEBAG *bag = NULL; - char *name; - int namelen = -1; - unsigned char *keyid; - int keyidlen = -1; - - /* Add user certificate */ - if(!(bag = PKCS12_x5092certbag(cert))) - goto err; - - /* Use friendlyName and localKeyID in certificate. - * (if present) - */ - - name = (char *)X509_alias_get0(cert, &namelen); - - if(name && !PKCS12_add_friendlyname(bag, name, namelen)) - goto err; - - keyid = X509_keyid_get0(cert, &keyidlen); - - if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) - goto err; - - if (!pkcs12_add_bag(pbags, bag)) - goto err; - - return bag; - - err: - - if (bag) - PKCS12_SAFEBAG_free(bag); - - return NULL; - - } - -PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, - int key_usage, int iter, - int nid_key, char *pass) - { - - PKCS12_SAFEBAG *bag = NULL; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - - /* Make a PKCS#8 structure */ - if(!(p8 = EVP_PKEY2PKCS8(key))) - goto err; - if(key_usage && !PKCS8_add_keyusage(p8, key_usage)) - goto err; - if (nid_key != -1) - { - bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); - PKCS8_PRIV_KEY_INFO_free(p8); - } - else - bag = PKCS12_MAKE_KEYBAG(p8); - - if(!bag) - goto err; - - if (!pkcs12_add_bag(pbags, bag)) - goto err; - - return bag; - - err: - - if (bag) - PKCS12_SAFEBAG_free(bag); - - return NULL; - - } - -int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int nid_safe, int iter, char *pass) - { - PKCS7 *p7 = NULL; - int free_safes = 0; - - if (!*psafes) - { - *psafes = sk_PKCS7_new_null(); - if (!*psafes) - return 0; - free_safes = 1; - } - else - free_safes = 0; - - if (nid_safe == 0) - nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; - - if (nid_safe == -1) - p7 = PKCS12_pack_p7data(bags); - else - p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, - iter, bags); - if (!p7) - goto err; - - if (!sk_PKCS7_push(*psafes, p7)) - goto err; - - return 1; - - err: - if (free_safes) - { - sk_PKCS7_free(*psafes); - *psafes = NULL; - } - - if (p7) - PKCS7_free(p7); - - return 0; - - } - -static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag) - { - int free_bags; - if (!pbags) - return 1; - if (!*pbags) - { - *pbags = sk_PKCS12_SAFEBAG_new_null(); - if (!*pbags) - return 0; - free_bags = 1; - } - else - free_bags = 0; - - if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) - { - if (free_bags) - { - sk_PKCS12_SAFEBAG_free(*pbags); - *pbags = NULL; - } - return 0; - } - - return 1; - - } - - -PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) - { - PKCS12 *p12; - if (nid_p7 <= 0) - nid_p7 = NID_pkcs7_data; - p12 = PKCS12_init(nid_p7); - - if (!p12) - return NULL; - - if(!PKCS12_pack_authsafes(p12, safes)) - { - PKCS12_free(p12); - return NULL; - } - - return p12; - - } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c deleted file mode 100755 index 5c4c6ec9..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +++ /dev/null @@ -1,297 +0,0 @@ -/* p12_kiss.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/pkcs12.h> - -/* Simplified PKCS#12 routines */ - -static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); - -static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch); - -static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, char *keymatch); - -/* Parse and decrypt a PKCS#12 structure returning user key, user cert - * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, - * or it should point to a valid STACK structure. pkey and cert can be - * passed unitialised. - */ - -int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca) -{ - - /* Check for NULL PKCS12 structure */ - - if(!p12) { - PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); - return 0; - } - - /* Allocate stack for ca certificates if needed */ - if ((ca != NULL) && (*ca == NULL)) { - if (!(*ca = sk_X509_new_null())) { - PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); - return 0; - } - } - - if(pkey) *pkey = NULL; - if(cert) *cert = NULL; - - /* Check the mac */ - - /* If password is zero length or NULL then try verifying both cases - * to determine which password is correct. The reason for this is that - * under PKCS#12 password based encryption no password and a zero length - * password are two different things... - */ - - if(!pass || !*pass) { - if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL; - else if(PKCS12_verify_mac(p12, "", 0)) pass = ""; - else { - PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); - goto err; - } - } else if (!PKCS12_verify_mac(p12, pass, -1)) { - PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); - goto err; - } - - if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) - { - PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); - goto err; - } - - return 1; - - err: - - if (pkey && *pkey) EVP_PKEY_free(*pkey); - if (cert && *cert) X509_free(*cert); - if (ca) sk_X509_pop_free(*ca, X509_free); - return 0; - -} - -/* Parse the outer PKCS#12 structure */ - -static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) -{ - STACK_OF(PKCS7) *asafes; - STACK_OF(PKCS12_SAFEBAG) *bags; - int i, bagnid; - PKCS7 *p7; - ASN1_OCTET_STRING *keyid = NULL; - - char keymatch = 0; - if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; - for (i = 0; i < sk_PKCS7_num (asafes); i++) { - p7 = sk_PKCS7_value (asafes, i); - bagnid = OBJ_obj2nid (p7->type); - if (bagnid == NID_pkcs7_data) { - bags = PKCS12_unpack_p7data(p7); - } else if (bagnid == NID_pkcs7_encrypted) { - bags = PKCS12_unpack_p7encdata(p7, pass, passlen); - } else continue; - if (!bags) { - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; - } - if (!parse_bags(bags, pass, passlen, pkey, cert, ca, - &keyid, &keymatch)) { - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; - } - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - } - sk_PKCS7_pop_free(asafes, PKCS7_free); - if (keyid) M_ASN1_OCTET_STRING_free(keyid); - return 1; -} - - -static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch) -{ - int i; - for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { - if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), - pass, passlen, pkey, cert, ca, keyid, - keymatch)) return 0; - } - return 1; -} - -#define MATCH_KEY 0x1 -#define MATCH_CERT 0x2 -#define MATCH_ALL 0x3 - -static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, - char *keymatch) -{ - PKCS8_PRIV_KEY_INFO *p8; - X509 *x509; - ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; - ASN1_TYPE *attrib; - ASN1_BMPSTRING *fname = NULL; - - if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) - fname = attrib->value.bmpstring; - - if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { - lkey = attrib->value.octet_string; - ckid = lkey; - } - - /* Check for any local key id matching (if needed) */ - if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { - if (*keyid) { - if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; - } else { - if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { - PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); - return 0; - } - } - } - - switch (M_PKCS12_bag_type(bag)) - { - case NID_keyBag: - if (!lkey || !pkey) return 1; - if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0; - *keymatch |= MATCH_KEY; - break; - - case NID_pkcs8ShroudedKeyBag: - if (!lkey || !pkey) return 1; - if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) - return 0; - *pkey = EVP_PKCS82PKEY(p8); - PKCS8_PRIV_KEY_INFO_free(p8); - if (!(*pkey)) return 0; - *keymatch |= MATCH_KEY; - break; - - case NID_certBag: - if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) - return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) return 0; - if(ckid) - { - if (!X509_keyid_set1(x509, ckid->data, ckid->length)) - { - X509_free(x509); - return 0; - } - } - if(fname) { - int len, r; - unsigned char *data; - len = ASN1_STRING_to_UTF8(&data, fname); - if(len > 0) { - r = X509_alias_set1(x509, data, len); - OPENSSL_free(data); - if (!r) - { - X509_free(x509); - return 0; - } - } - } - - - if (lkey) { - *keymatch |= MATCH_CERT; - if (cert) *cert = x509; - else X509_free(x509); - } else { - if(ca) sk_X509_push (*ca, x509); - else X509_free(x509); - } - break; - - case NID_safeContentsBag: - return parse_bags(bag->value.safes, pass, passlen, - pkey, cert, ca, keyid, keymatch); - break; - - default: - return 1; - break; - } - return 1; -} - diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c deleted file mode 100755 index b0ff89aa..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +++ /dev/null @@ -1,533 +0,0 @@ -/* pk7_smime.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* Simple PKCS#7 processing functions */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/x509.h> -#include <openssl/x509v3.h> - -PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags) -{ - PKCS7 *p7 = NULL; - PKCS7_SIGNER_INFO *si; - BIO *p7bio = NULL; - STACK_OF(X509_ALGOR) *smcap = NULL; - int i; - - if(!X509_check_private_key(signcert, pkey)) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return NULL; - } - - if(!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!PKCS7_set_type(p7, NID_pkcs7_signed)) - goto err; - - if (!PKCS7_content_new(p7, NID_pkcs7_data)) - goto err; - - /* - NOTE: Update to SHA-256 digest algorithm for UEFI version. - */ - if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); - goto err; - } - - if(!(flags & PKCS7_NOCERTS)) { - if (!PKCS7_add_certificate(p7, signcert)) - goto err; - if(certs) for(i = 0; i < sk_X509_num(certs); i++) - if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) - goto err; - } - - if(!(flags & PKCS7_NOATTR)) { - if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data))) - goto err; - /* Add SMIMECapabilities */ - if(!(flags & PKCS7_NOSMIMECAP)) - { - if(!(smcap = sk_X509_ALGOR_new_null())) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - goto err; - } -#ifndef OPENSSL_NO_DES - if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1)) - goto err; -#endif -#ifndef OPENSSL_NO_RC2 - if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128)) - goto err; - if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64)) - goto err; -#endif -#ifndef OPENSSL_NO_DES - if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1)) - goto err; -#endif -#ifndef OPENSSL_NO_RC2 - if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40)) - goto err; -#endif - if (!PKCS7_add_attrib_smimecap (si, smcap)) - goto err; - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - smcap = NULL; - } - } - - if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); - - if (flags & PKCS7_STREAM) - return p7; - - - if (!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - goto err; - } - - SMIME_crlf_copy(data, p7bio, flags); - - - if (!PKCS7_dataFinal(p7,p7bio)) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); - goto err; - } - - BIO_free_all(p7bio); - return p7; -err: - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - BIO_free_all(p7bio); - PKCS7_free(p7); - return NULL; -} - -int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags) -{ - STACK_OF(X509) *signers; - X509 *signer; - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *si; - X509_STORE_CTX cert_ctx; - char *buf = NULL; - int bufsiz; - int i, j=0, k, ret = 0; - BIO *p7bio; - BIO *tmpin, *tmpout; - - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); - return 0; - } - - if(!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); - return 0; - } - - /* Check for no data and no content: no data to verify signature */ - if(PKCS7_get_detached(p7) && !indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); - return 0; - } -#if 0 - /* NB: this test commented out because some versions of Netscape - * illegally include zero length content when signing data. - */ - - /* Check for data and content: two sets of data */ - if(!PKCS7_get_detached(p7) && indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); - return 0; - } -#endif - - sinfos = PKCS7_get_signer_info(p7); - - if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); - return 0; - } - - - signers = PKCS7_get0_signers(p7, certs, flags); - - if(!signers) return 0; - - /* Now verify the certificates */ - - if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { - signer = sk_X509_value (signers, k); - if (!(flags & PKCS7_NOCHAIN)) { - if(!X509_STORE_CTX_init(&cert_ctx, store, signer, - p7->d.sign->cert)) - { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); - sk_X509_free(signers); - return 0; - } - X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); - } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); - sk_X509_free(signers); - return 0; - } - if (!(flags & PKCS7_NOCRL)) - X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); - i = X509_verify_cert(&cert_ctx); - if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); - X509_STORE_CTX_cleanup(&cert_ctx); - if (i <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); - ERR_add_error_data(2, "Verify error:", - X509_verify_cert_error_string(j)); - sk_X509_free(signers); - return 0; - } - /* Check for revocation status here */ - } - - /* Performance optimization: if the content is a memory BIO then - * store its contents in a temporary read only memory BIO. This - * avoids potentially large numbers of slow copies of data which will - * occur when reading from a read write memory BIO when signatures - * are calculated. - */ - - if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) - { - char *ptr; - long len; - len = BIO_get_mem_data(indata, &ptr); - tmpin = BIO_new_mem_buf(ptr, len); - if (tmpin == NULL) - { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); - return 0; - } - } - else - tmpin = indata; - - - if (!(p7bio=PKCS7_dataInit(p7,tmpin))) - goto err; - - if(flags & PKCS7_TEXT) { - if(!(tmpout = BIO_new(BIO_s_mem()))) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); - goto err; - } - BIO_set_mem_eof_return(tmpout, 0); - } else tmpout = out; - - bufsiz = 4096; - buf = OPENSSL_malloc (bufsiz); - if (buf == NULL) { - goto err; - } - - /* We now have to 'read' from p7bio to calculate digests etc. */ - for (;;) - { - i=BIO_read(p7bio,buf,bufsiz); - if (i <= 0) break; - if (tmpout) BIO_write(tmpout, buf, i); - } - - if(flags & PKCS7_TEXT) { - if(!SMIME_text(tmpout, out)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); - BIO_free(tmpout); - goto err; - } - BIO_free(tmpout); - } - - /* Now Verify All Signatures */ - if (!(flags & PKCS7_NOSIGS)) - for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++) - { - si=sk_PKCS7_SIGNER_INFO_value(sinfos,i); - signer = sk_X509_value (signers, i); - j=PKCS7_signatureVerify(p7bio,p7,si, signer); - if (j <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE); - goto err; - } - } - - ret = 1; - - err: - - if (tmpin == indata) - { - if (indata) BIO_pop(p7bio); - } - BIO_free_all(p7bio); - - sk_X509_free(signers); - - if (buf != NULL) { - OPENSSL_free (buf); - } - - return ret; -} - -STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) -{ - STACK_OF(X509) *signers; - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *si; - PKCS7_ISSUER_AND_SERIAL *ias; - X509 *signer; - int i; - - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); - return NULL; - } - - if(!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); - return NULL; - } - - /* Collect all the signers together */ - - sinfos = PKCS7_get_signer_info(p7); - - if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); - return NULL; - } - - if(!(signers = sk_X509_new_null())) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) - { - si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); - ias = si->issuer_and_serial; - signer = NULL; - /* If any certificates passed they take priority */ - if (certs) signer = X509_find_by_issuer_and_serial (certs, - ias->issuer, ias->serial); - if (!signer && !(flags & PKCS7_NOINTERN) - && p7->d.sign->cert) signer = - X509_find_by_issuer_and_serial (p7->d.sign->cert, - ias->issuer, ias->serial); - if (!signer) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); - sk_X509_free(signers); - return NULL; - } - - if (!sk_X509_push(signers, signer)) { - sk_X509_free(signers); - return NULL; - } - } - return signers; -} - - -/* Build a complete PKCS#7 enveloped data */ - -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags) -{ - PKCS7 *p7; - BIO *p7bio = NULL; - int i; - X509 *x509; - if(!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) - goto err; - if(!PKCS7_set_cipher(p7, cipher)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); - goto err; - } - - for(i = 0; i < sk_X509_num(certs); i++) { - x509 = sk_X509_value(certs, i); - if(!PKCS7_add_recipient(p7, x509)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT, - PKCS7_R_ERROR_ADDING_RECIPIENT); - goto err; - } - } - - if(!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); - goto err; - } - - SMIME_crlf_copy(in, p7bio, flags); - - (void)BIO_flush(p7bio); - - if (!PKCS7_dataFinal(p7,p7bio)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); - goto err; - } - BIO_free_all(p7bio); - - return p7; - - err: - - BIO_free_all(p7bio); - PKCS7_free(p7); - return NULL; - -} - -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) -{ - BIO *tmpmem; - int ret, i; - char buf[4096]; - - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); - return 0; - } - - if(!PKCS7_type_is_enveloped(p7)) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); - return 0; - } - - if(cert && !X509_check_private_key(cert, pkey)) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return 0; - } - - if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); - return 0; - } - - if (flags & PKCS7_TEXT) { - BIO *tmpbuf, *bread; - /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ - if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); - BIO_free_all(tmpmem); - return 0; - } - if(!(bread = BIO_push(tmpbuf, tmpmem))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); - BIO_free_all(tmpbuf); - BIO_free_all(tmpmem); - return 0; - } - ret = SMIME_text(bread, data); - if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) - { - if (!BIO_get_cipher_status(tmpmem)) - ret = 0; - } - BIO_free_all(bread); - return ret; - } else { - for(;;) { - i = BIO_read(tmpmem, buf, sizeof(buf)); - if(i <= 0) - { - ret = 1; - if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) - { - if (!BIO_get_cipher_status(tmpmem)) - ret = 0; - } - - break; - } - if (BIO_write(data, buf, i) != i) - { - ret = 0; - break; - } - } - BIO_free_all(tmpmem); - return ret; - } -} diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c deleted file mode 100755 index 546ae5fc..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +++ /dev/null @@ -1,220 +0,0 @@ -/* crypto/rsa/rsa_oaep.c */ -/* Written by Ulf Moeller. This software is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ - -/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ - -/* See Victor Shoup, "OAEP reconsidered," Nov. 2000, - * <URL: http://www.shoup.net/papers/oaep.ps.Z> - * for problems with the security proof for the - * original OAEP scheme, which EME-OAEP is based on. - * - * A new proof can be found in E. Fujisaki, T. Okamoto, - * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!", - * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>. - * The new proof has stronger requirements for the - * underlying permutation: "partial-one-wayness" instead - * of one-wayness. For the RSA function, this is - * an equivalent notion. - */ - - -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/bn.h> -#include <openssl/rsa.h> -#include <openssl/evp.h> -#include <openssl/rand.h> -#include <openssl/sha.h> - -int MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen); - -int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen) - { - int i, emlen = tlen - 1; - unsigned char *db, *seed; - unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; - - if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, - RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return 0; - } - - if (emlen < 2 * SHA_DIGEST_LENGTH + 1) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); - return 0; - } - - to[0] = 0; - seed = to + 1; - db = to + SHA_DIGEST_LENGTH + 1; - - EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); - memset(db + SHA_DIGEST_LENGTH, 0, - emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); - db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; - memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); - if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) - return 0; -#ifdef PKCS_TESTVECT - memcpy(seed, - "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", - 20); -#endif - - dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); - if (dbmask == NULL) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); - return 0; - } - - MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); - for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) - db[i] ^= dbmask[i]; - - MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); - for (i = 0; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= seedmask[i]; - - OPENSSL_free(dbmask); - return 1; - } - -int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num, - const unsigned char *param, int plen) - { - int i, dblen, mlen = -1; - const unsigned char *maskeddb; - int lzero; - unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; - unsigned char *padded_from; - int bad = 0; - - if (--num < 2 * SHA_DIGEST_LENGTH + 1) - /* 'num' is the length of the modulus, i.e. does not depend on the - * particular ciphertext. */ - goto decoding_err; - - lzero = num - flen; - if (lzero < 0) - { - /* signalling this error immediately after detection might allow - * for side-channel attacks (e.g. timing if 'plen' is huge - * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal - * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), - * so we use a 'bad' flag */ - bad = 1; - lzero = 0; - flen = num; /* don't overflow the memcpy to padded_from */ - } - - dblen = num - SHA_DIGEST_LENGTH; - db = OPENSSL_malloc(dblen + num); - if (db == NULL) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); - return -1; - } - - /* Always do this zero-padding copy (even when lzero == 0) - * to avoid leaking timing info about the value of lzero. */ - padded_from = db + dblen; - memset(padded_from, 0, lzero); - memcpy(padded_from + lzero, from, flen); - - maskeddb = padded_from + SHA_DIGEST_LENGTH; - - MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); - for (i = 0; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= padded_from[i]; - - MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); - for (i = 0; i < dblen; i++) - db[i] ^= maskeddb[i]; - - EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); - - if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) - goto decoding_err; - else - { - for (i = SHA_DIGEST_LENGTH; i < dblen; i++) - if (db[i] != 0x00) - break; - if (i == dblen || db[i] != 0x01) - goto decoding_err; - else - { - /* everything looks OK */ - - mlen = dblen - ++i; - if (tlen < mlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); - mlen = -1; - } - else - memcpy(to, db + i, mlen); - } - } - OPENSSL_free(db); - return mlen; - -decoding_err: - /* to avoid chosen ciphertext attacks, the error message should not reveal - * which kind of decoding error happened */ - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); - if (db != NULL) OPENSSL_free(db); - return -1; - } - -int PKCS1_MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen, const EVP_MD *dgst) - { - long i, outlen = 0; - unsigned char cnt[4]; - EVP_MD_CTX c; - unsigned char md[EVP_MAX_MD_SIZE]; - int mdlen; - - EVP_MD_CTX_init(&c); - mdlen = M_EVP_MD_size(dgst); - for (i = 0; outlen < len; i++) - { - cnt[0] = (unsigned char)((i >> 24) & 255); - cnt[1] = (unsigned char)((i >> 16) & 255); - cnt[2] = (unsigned char)((i >> 8)) & 255; - cnt[3] = (unsigned char)(i & 255); - EVP_DigestInit_ex(&c,dgst, NULL); - EVP_DigestUpdate(&c, seed, seedlen); - EVP_DigestUpdate(&c, cnt, 4); - if (outlen + mdlen <= len) - { - EVP_DigestFinal_ex(&c, mask + outlen, NULL); - outlen += mdlen; - } - else - { - EVP_DigestFinal_ex(&c, md, NULL); - memcpy(mask + outlen, md, len - outlen); - outlen = len; - } - } - EVP_MD_CTX_cleanup(&c); - return 0; - } - -int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) - { - return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); - } -#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c deleted file mode 100755 index af12520f..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +++ /dev/null @@ -1,1554 +0,0 @@ -/* crypto/x509/x509_vfy.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <time.h> -#include <errno.h> - -#include "cryptlib.h" -#include <openssl/crypto.h> -#include <openssl/lhash.h> -#include <openssl/buffer.h> -#include <openssl/evp.h> -#include <openssl/asn1.h> -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/objects.h> - -static int null_callback(int ok,X509_STORE_CTX *e); -static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); -static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); -static int check_chain_extensions(X509_STORE_CTX *ctx); -static int check_trust(X509_STORE_CTX *ctx); -static int check_revocation(X509_STORE_CTX *ctx); -static int check_cert(X509_STORE_CTX *ctx); -static int check_policy(X509_STORE_CTX *ctx); -static int internal_verify(X509_STORE_CTX *ctx); -const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT; - - -static int null_callback(int ok, X509_STORE_CTX *e) - { - return ok; - } - -#if 0 -static int x509_subject_cmp(X509 **a, X509 **b) - { - return X509_subject_name_cmp(*a,*b); - } -#endif - -int X509_verify_cert(X509_STORE_CTX *ctx) - { - X509 *x,*xtmp,*chain_ss=NULL; - int bad_chain = 0; - X509_VERIFY_PARAM *param = ctx->param; - int depth,i,ok=0; - int num; - int (*cb)(int xok,X509_STORE_CTX *xctx); - STACK_OF(X509) *sktmp=NULL; - if (ctx->cert == NULL) - { - X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); - return -1; - } - - cb=ctx->verify_cb; - - /* first we make sure the chain we are going to build is - * present and that the first entry is in place */ - if (ctx->chain == NULL) - { - if ( ((ctx->chain=sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain,ctx->cert))) - { - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); - goto end; - } - CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509); - ctx->last_untrusted=1; - } - - /* We use a temporary STACK so we can chop and hack at it */ - if (ctx->untrusted != NULL - && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) - { - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); - goto end; - } - - num=sk_X509_num(ctx->chain); - x=sk_X509_value(ctx->chain,num-1); - depth=param->depth; - - - for (;;) - { - /* If we have enough, we break */ - if (depth < num) break; /* FIXME: If this happens, we should take - * note of it and, if appropriate, use the - * X509_V_ERR_CERT_CHAIN_TOO_LONG error - * code later. - */ - - /* If we are self signed, we break */ - if (ctx->check_issued(ctx, x,x)) break; - - /* If we were passed a cert chain, use it first */ - if (ctx->untrusted != NULL) - { - xtmp=find_issuer(ctx, sktmp,x); - if (xtmp != NULL) - { - if (!sk_X509_push(ctx->chain,xtmp)) - { - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); - goto end; - } - CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); - (void)sk_X509_delete_ptr(sktmp,xtmp); - ctx->last_untrusted++; - x=xtmp; - num++; - /* reparse the full chain for - * the next one */ - continue; - } - } - break; - } - - /* at this point, chain should contain a list of untrusted - * certificates. We now need to add at least one trusted one, - * if possible, otherwise we complain. */ - - /* Examine last certificate in chain and see if it - * is self signed. - */ - - i=sk_X509_num(ctx->chain); - x=sk_X509_value(ctx->chain,i-1); - if (ctx->check_issued(ctx, x, x)) - { - /* we have a self signed certificate */ - if (sk_X509_num(ctx->chain) == 1) - { - /* We have a single self signed certificate: see if - * we can find it in the store. We must have an exact - * match to avoid possible impersonation. - */ - ok = ctx->get_issuer(&xtmp, ctx, x); - if ((ok <= 0) || X509_cmp(x, xtmp)) - { - ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - ctx->current_cert=x; - ctx->error_depth=i-1; - if (ok == 1) X509_free(xtmp); - bad_chain = 1; - ok=cb(0,ctx); - if (!ok) goto end; - } - else - { - /* We have a match: replace certificate with store version - * so we get any trust settings. - */ - X509_free(x); - x = xtmp; - (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted=0; - } - } - else - { - /* extract and save self signed certificate for later use */ - chain_ss=sk_X509_pop(ctx->chain); - ctx->last_untrusted--; - num--; - x=sk_X509_value(ctx->chain,num-1); - } - } - - /* We now lookup certs from the certificate store */ - for (;;) - { - /* If we have enough, we break */ - if (depth < num) break; - - /* If we are self signed, we break */ - if (ctx->check_issued(ctx,x,x)) break; - - ok = ctx->get_issuer(&xtmp, ctx, x); - - if (ok < 0) return ok; - if (ok == 0) break; - - x = xtmp; - if (!sk_X509_push(ctx->chain,x)) - { - X509_free(xtmp); - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); - return 0; - } - num++; - } - - /* we now have our chain, lets check it... */ - - /* Is last certificate looked up self signed? */ - if (!ctx->check_issued(ctx,x,x)) - { - if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) - { - if (ctx->last_untrusted >= num) - ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; - else - ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; - ctx->current_cert=x; - } - else - { - - sk_X509_push(ctx->chain,chain_ss); - num++; - ctx->last_untrusted=num; - ctx->current_cert=chain_ss; - ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; - chain_ss=NULL; - } - - ctx->error_depth=num-1; - bad_chain = 1; - ok=cb(0,ctx); - if (!ok) goto end; - } - - /* We have the chain complete: now we need to check its purpose */ - ok = check_chain_extensions(ctx); - - if (!ok) goto end; - - /* The chain extensions are OK: check trust */ - - if (param->trust > 0) ok = check_trust(ctx); - - if (!ok) goto end; - - /* We may as well copy down any DSA parameters that are required */ - X509_get_pubkey_parameters(NULL,ctx->chain); - - /* Check revocation status: we do this after copying parameters - * because they may be needed for CRL signature verification. - */ - - ok = ctx->check_revocation(ctx); - if(!ok) goto end; - - /* At this point, we have a chain and need to verify it */ - if (ctx->verify != NULL) - ok=ctx->verify(ctx); - else - ok=internal_verify(ctx); - if(!ok) goto end; - -#ifndef OPENSSL_NO_RFC3779 - /* RFC 3779 path validation, now that CRL check has been done */ - ok = v3_asid_validate_path(ctx); - if (!ok) goto end; - ok = v3_addr_validate_path(ctx); - if (!ok) goto end; -#endif - - /* If we get this far evaluate policies */ - if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) - ok = ctx->check_policy(ctx); - if(!ok) goto end; - if (0) - { -end: - X509_get_pubkey_parameters(NULL,ctx->chain); - } - if (sktmp != NULL) sk_X509_free(sktmp); - if (chain_ss != NULL) X509_free(chain_ss); - return ok; - } - - -/* Given a STACK_OF(X509) find the issuer of cert (if any) - */ - -static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) -{ - int i; - X509 *issuer; - for (i = 0; i < sk_X509_num(sk); i++) - { - issuer = sk_X509_value(sk, i); - if (ctx->check_issued(ctx, x, issuer)) - return issuer; - } - return NULL; -} - -/* Given a possible certificate and issuer check them */ - -static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) -{ - int ret; - ret = X509_check_issued(issuer, x); - if (ret == X509_V_OK) - return 1; - /* If we haven't asked for issuer errors don't set ctx */ - if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) - return 0; - - ctx->error = ret; - ctx->current_cert = x; - ctx->current_issuer = issuer; - return ctx->verify_cb(0, ctx); - return 0; -} - -/* Alternative lookup method: look from a STACK stored in other_ctx */ - -static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) -{ - *issuer = find_issuer(ctx, ctx->other_ctx, x); - if (*issuer) - { - CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509); - return 1; - } - else - return 0; -} - - -/* Check a certificate chains extensions for consistency - * with the supplied purpose - */ - -static int check_chain_extensions(X509_STORE_CTX *ctx) -{ -#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) - /* - NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting - in Authenticode Signing Certificates. - */ - return 1; -#else - int i, ok=0, must_be_ca, plen = 0; - X509 *x; - int (*cb)(int xok,X509_STORE_CTX *xctx); - int proxy_path_length = 0; - int allow_proxy_certs = - !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); - cb=ctx->verify_cb; - - /* must_be_ca can have 1 of 3 values: - -1: we accept both CA and non-CA certificates, to allow direct - use of self-signed certificates (which are marked as CA). - 0: we only accept non-CA certificates. This is currently not - used, but the possibility is present for future extensions. - 1: we only accept CA certificates. This is currently used for - all certificates in the chain except the leaf certificate. - */ - must_be_ca = -1; - - /* A hack to keep people who don't want to modify their software - happy */ - if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) - allow_proxy_certs = 1; - - /* Check all untrusted certificates */ - for (i = 0; i < ctx->last_untrusted; i++) - { - int ret; - x = sk_X509_value(ctx->chain, i); - if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) - && (x->ex_flags & EXFLAG_CRITICAL)) - { - ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; - ctx->error_depth = i; - ctx->current_cert = x; - ok=cb(0,ctx); - if (!ok) goto end; - } - if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) - { - ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; - ctx->error_depth = i; - ctx->current_cert = x; - ok=cb(0,ctx); - if (!ok) goto end; - } - ret = X509_check_ca(x); - switch(must_be_ca) - { - case -1: - if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) - && (ret != 1) && (ret != 0)) - { - ret = 0; - ctx->error = X509_V_ERR_INVALID_CA; - } - else - ret = 1; - break; - case 0: - if (ret != 0) - { - ret = 0; - ctx->error = X509_V_ERR_INVALID_NON_CA; - } - else - ret = 1; - break; - default: - if ((ret == 0) - || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) - && (ret != 1))) - { - ret = 0; - ctx->error = X509_V_ERR_INVALID_CA; - } - else - ret = 1; - break; - } - if (ret == 0) - { - ctx->error_depth = i; - ctx->current_cert = x; - ok=cb(0,ctx); - if (!ok) goto end; - } - if (ctx->param->purpose > 0) - { - ret = X509_check_purpose(x, ctx->param->purpose, - must_be_ca > 0); - if ((ret == 0) - || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) - && (ret != 1))) - { - ctx->error = X509_V_ERR_INVALID_PURPOSE; - ctx->error_depth = i; - ctx->current_cert = x; - ok=cb(0,ctx); - if (!ok) goto end; - } - } - /* Check pathlen if not self issued */ - if ((i > 1) && !(x->ex_flags & EXFLAG_SI) - && (x->ex_pathlen != -1) - && (plen > (x->ex_pathlen + proxy_path_length + 1))) - { - ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; - ctx->error_depth = i; - ctx->current_cert = x; - ok=cb(0,ctx); - if (!ok) goto end; - } - /* Increment path length if not self issued */ - if (!(x->ex_flags & EXFLAG_SI)) - plen++; - /* If this certificate is a proxy certificate, the next - certificate must be another proxy certificate or a EE - certificate. If not, the next certificate must be a - CA certificate. */ - if (x->ex_flags & EXFLAG_PROXY) - { - if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) - { - ctx->error = - X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; - ctx->error_depth = i; - ctx->current_cert = x; - ok=cb(0,ctx); - if (!ok) goto end; - } - proxy_path_length++; - must_be_ca = 0; - } - else - must_be_ca = 1; - } - ok = 1; - end: - return ok; -#endif -} - -static int check_trust(X509_STORE_CTX *ctx) -{ -#ifdef OPENSSL_NO_CHAIN_VERIFY - return 1; -#else - int i, ok; - X509 *x; - int (*cb)(int xok,X509_STORE_CTX *xctx); - cb=ctx->verify_cb; -/* For now just check the last certificate in the chain */ - i = sk_X509_num(ctx->chain) - 1; - x = sk_X509_value(ctx->chain, i); - ok = X509_check_trust(x, ctx->param->trust, 0); - if (ok == X509_TRUST_TRUSTED) - return 1; - ctx->error_depth = i; - ctx->current_cert = x; - if (ok == X509_TRUST_REJECTED) - ctx->error = X509_V_ERR_CERT_REJECTED; - else - ctx->error = X509_V_ERR_CERT_UNTRUSTED; - ok = cb(0, ctx); - return ok; -#endif -} - -static int check_revocation(X509_STORE_CTX *ctx) - { - int i, last, ok; - if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) - return 1; - if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) - last = sk_X509_num(ctx->chain) - 1; - else - last = 0; - for(i = 0; i <= last; i++) - { - ctx->error_depth = i; - ok = check_cert(ctx); - if (!ok) return ok; - } - return 1; - } - -static int check_cert(X509_STORE_CTX *ctx) - { - X509_CRL *crl = NULL; - X509 *x; - int ok, cnum; - cnum = ctx->error_depth; - x = sk_X509_value(ctx->chain, cnum); - ctx->current_cert = x; - /* Try to retrieve relevant CRL */ - ok = ctx->get_crl(ctx, &crl, x); - /* If error looking up CRL, nothing we can do except - * notify callback - */ - if(!ok) - { - ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; - ok = ctx->verify_cb(0, ctx); - goto err; - } - ctx->current_crl = crl; - ok = ctx->check_crl(ctx, crl); - if (!ok) goto err; - ok = ctx->cert_crl(ctx, crl, x); - err: - ctx->current_crl = NULL; - X509_CRL_free(crl); - return ok; - - } - -/* Check CRL times against values in X509_STORE_CTX */ - -static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) - { - time_t *ptime; - int i; - ctx->current_crl = crl; - if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->param->check_time; - else - ptime = NULL; - - i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; - if (!notify || !ctx->verify_cb(0, ctx)) - return 0; - } - - if (i > 0) - { - ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; - if (!notify || !ctx->verify_cb(0, ctx)) - return 0; - } - - if(X509_CRL_get_nextUpdate(crl)) - { - i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); - - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; - if (!notify || !ctx->verify_cb(0, ctx)) - return 0; - } - - if (i < 0) - { - ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; - if (!notify || !ctx->verify_cb(0, ctx)) - return 0; - } - } - - ctx->current_crl = NULL; - - return 1; - } - -/* Lookup CRLs from the supplied list. Look for matching isser name - * and validity. If we can't find a valid CRL return the last one - * with matching name. This gives more meaningful error codes. Otherwise - * we'd get a CRL not found error if a CRL existed with matching name but - * was invalid. - */ - -static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, - X509_NAME *nm, STACK_OF(X509_CRL) *crls) - { - int i; - X509_CRL *crl, *best_crl = NULL; - for (i = 0; i < sk_X509_CRL_num(crls); i++) - { - crl = sk_X509_CRL_value(crls, i); - if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) - continue; - if (check_crl_time(ctx, crl, 0)) - { - *pcrl = crl; - CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); - return 1; - } - best_crl = crl; - } - if (best_crl) - { - *pcrl = best_crl; - CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); - } - - return 0; - } - -/* Retrieve CRL corresponding to certificate: currently just a - * subject lookup: maybe use AKID later... - */ -static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) - { - int ok; - X509_CRL *crl = NULL; - X509_OBJECT xobj; - X509_NAME *nm; - nm = X509_get_issuer_name(x); - ok = get_crl_sk(ctx, &crl, nm, ctx->crls); - if (ok) - { - *pcrl = crl; - return 1; - } - - ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); - - if (!ok) - { - /* If we got a near match from get_crl_sk use that */ - if (crl) - { - *pcrl = crl; - return 1; - } - return 0; - } - - *pcrl = xobj.data.crl; - if (crl) - X509_CRL_free(crl); - return 1; - } - -/* Check CRL validity */ -static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) - { - X509 *issuer = NULL; - EVP_PKEY *ikey = NULL; - int ok = 0, chnum, cnum; - cnum = ctx->error_depth; - chnum = sk_X509_num(ctx->chain) - 1; - /* Find CRL issuer: if not last certificate then issuer - * is next certificate in chain. - */ - if(cnum < chnum) - issuer = sk_X509_value(ctx->chain, cnum + 1); - else - { - issuer = sk_X509_value(ctx->chain, chnum); - /* If not self signed, can't check signature */ - if(!ctx->check_issued(ctx, issuer, issuer)) - { - ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; - ok = ctx->verify_cb(0, ctx); - if(!ok) goto err; - } - } - - if(issuer) - { - /* Check for cRLSign bit if keyUsage present */ - if ((issuer->ex_flags & EXFLAG_KUSAGE) && - !(issuer->ex_kusage & KU_CRL_SIGN)) - { - ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; - ok = ctx->verify_cb(0, ctx); - if(!ok) goto err; - } - - /* Attempt to get issuer certificate public key */ - ikey = X509_get_pubkey(issuer); - - if(!ikey) - { - ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; - } - else - { - /* Verify CRL signature */ - if(X509_CRL_verify(crl, ikey) <= 0) - { - ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; - } - } - } - - ok = check_crl_time(ctx, crl, 1); - if (!ok) - goto err; - - ok = 1; - - err: - EVP_PKEY_free(ikey); - return ok; - } - -/* Check certificate against CRL */ -static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) - { - int idx, ok; - X509_REVOKED rtmp; - STACK_OF(X509_EXTENSION) *exts; - X509_EXTENSION *ext; - /* Look for serial number of certificate in CRL */ - rtmp.serialNumber = X509_get_serialNumber(x); - /* Sort revoked into serial number order if not already sorted. - * Do this under a lock to avoid race condition. - */ - if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) - { - CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); - sk_X509_REVOKED_sort(crl->crl->revoked); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); - } - idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); - /* If found assume revoked: want something cleverer than - * this to handle entry extensions in V2 CRLs. - */ - if(idx >= 0) - { - ctx->error = X509_V_ERR_CERT_REVOKED; - ok = ctx->verify_cb(0, ctx); - if (!ok) return 0; - } - - if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) - return 1; - - /* See if we have any critical CRL extensions: since we - * currently don't handle any CRL extensions the CRL must be - * rejected. - * This code accesses the X509_CRL structure directly: applications - * shouldn't do this. - */ - - exts = crl->crl->extensions; - - for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) - { - ext = sk_X509_EXTENSION_value(exts, idx); - if (ext->critical > 0) - { - ctx->error = - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; - ok = ctx->verify_cb(0, ctx); - if(!ok) return 0; - break; - } - } - return 1; - } - -static int check_policy(X509_STORE_CTX *ctx) - { - int ret; - ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, - ctx->param->policies, ctx->param->flags); - if (ret == 0) - { - X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE); - return 0; - } - /* Invalid or inconsistent extensions */ - if (ret == -1) - { - /* Locate certificates with bad extensions and notify - * callback. - */ - X509 *x; - int i; - for (i = 1; i < sk_X509_num(ctx->chain); i++) - { - x = sk_X509_value(ctx->chain, i); - if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) - continue; - ctx->current_cert = x; - ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; - ret = ctx->verify_cb(0, ctx); - } - return 1; - } - if (ret == -2) - { - ctx->current_cert = NULL; - ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; - return ctx->verify_cb(0, ctx); - } - - if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) - { - ctx->current_cert = NULL; - ctx->error = X509_V_OK; - if (!ctx->verify_cb(2, ctx)) - return 0; - } - - return 1; - } - -static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) - { -#if defined(OPENSSL_SYS_UEFI) - /* Bypass Certificate Time Checking for UEFI version. */ - return 1; -#else - time_t *ptime; - int i; - - if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->param->check_time; - else - ptime = NULL; - - i=X509_cmp_time(X509_get_notBefore(x), ptime); - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; - ctx->current_cert=x; - if (!ctx->verify_cb(0, ctx)) - return 0; - } - - if (i > 0) - { - ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; - ctx->current_cert=x; - if (!ctx->verify_cb(0, ctx)) - return 0; - } - - i=X509_cmp_time(X509_get_notAfter(x), ptime); - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; - ctx->current_cert=x; - if (!ctx->verify_cb(0, ctx)) - return 0; - } - - if (i < 0) - { - ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; - ctx->current_cert=x; - if (!ctx->verify_cb(0, ctx)) - return 0; - } - - return 1; -#endif - } - -static int internal_verify(X509_STORE_CTX *ctx) - { - int ok=0,n; - X509 *xs,*xi; - EVP_PKEY *pkey=NULL; - int (*cb)(int xok,X509_STORE_CTX *xctx); - - cb=ctx->verify_cb; - - n=sk_X509_num(ctx->chain); - ctx->error_depth=n-1; - n--; - xi=sk_X509_value(ctx->chain,n); - - if (ctx->check_issued(ctx, xi, xi)) - xs=xi; - else - { - if (n <= 0) - { - ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; - ctx->current_cert=xi; - ok=cb(0,ctx); - goto end; - } - else - { - n--; - ctx->error_depth=n; - xs=sk_X509_value(ctx->chain,n); - } - } - -/* ctx->error=0; not needed */ - while (n >= 0) - { - ctx->error_depth=n; - - /* Skip signature check for self signed certificates unless - * explicitly asked for. It doesn't add any security and - * just wastes time. - */ - if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) - { - if ((pkey=X509_get_pubkey(xi)) == NULL) - { - ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; - ctx->current_cert=xi; - ok=(*cb)(0,ctx); - if (!ok) goto end; - } - else if (X509_verify(xs,pkey) <= 0) - { - ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) - { - EVP_PKEY_free(pkey); - goto end; - } - } - EVP_PKEY_free(pkey); - pkey=NULL; - } - - xs->valid = 1; - - ok = check_cert_time(ctx, xs); - if (!ok) - goto end; - - /* The last error (if any) is still in the error value */ - ctx->current_issuer=xi; - ctx->current_cert=xs; - ok=(*cb)(1,ctx); - if (!ok) goto end; - - n--; - if (n >= 0) - { - xi=xs; - xs=sk_X509_value(ctx->chain,n); - } - } - ok=1; -end: - return ok; - } - -int X509_cmp_current_time(ASN1_TIME *ctm) -{ - return X509_cmp_time(ctm, NULL); -} - -int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) - { - char *str; - ASN1_TIME atm; - long offset; - char buff1[24],buff2[24],*p; - int i,j; - - p=buff1; - i=ctm->length; - str=(char *)ctm->data; - if (ctm->type == V_ASN1_UTCTIME) - { - if ((i < 11) || (i > 17)) return 0; - memcpy(p,str,10); - p+=10; - str+=10; - } - else - { - if (i < 13) return 0; - memcpy(p,str,12); - p+=12; - str+=12; - } - - if ((*str == 'Z') || (*str == '-') || (*str == '+')) - { *(p++)='0'; *(p++)='0'; } - else - { - *(p++)= *(str++); - *(p++)= *(str++); - /* Skip any fractional seconds... */ - if (*str == '.') - { - str++; - while ((*str >= '0') && (*str <= '9')) str++; - } - - } - *(p++)='Z'; - *(p++)='\0'; - - if (*str == 'Z') - offset=0; - else - { - if ((*str != '+') && (*str != '-')) - return 0; - offset=((str[1]-'0')*10+(str[2]-'0'))*60; - offset+=(str[3]-'0')*10+(str[4]-'0'); - if (*str == '-') - offset= -offset; - } - atm.type=ctm->type; - atm.length=sizeof(buff2); - atm.data=(unsigned char *)buff2; - - if (X509_time_adj(&atm, offset*60, cmp_time) == NULL) - return 0; - - if (ctm->type == V_ASN1_UTCTIME) - { - i=(buff1[0]-'0')*10+(buff1[1]-'0'); - if (i < 50) i+=100; /* cf. RFC 2459 */ - j=(buff2[0]-'0')*10+(buff2[1]-'0'); - if (j < 50) j+=100; - - if (i < j) return -1; - if (i > j) return 1; - } - i=strcmp(buff1,buff2); - if (i == 0) /* wait a second then return younger :-) */ - return -1; - else - return i; - } - -ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) -{ - return X509_time_adj(s, adj, NULL); -} - -ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) - { - time_t t; - int type = -1; - - if (in_tm) t = *in_tm; - else time(&t); - - t+=adj; - if (s) type = s->type; - if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); - if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); - return ASN1_TIME_set(s, t); - } - -int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) - { - EVP_PKEY *ktmp=NULL,*ktmp2; - int i,j; - - if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1; - - for (i=0; i<sk_X509_num(chain); i++) - { - ktmp=X509_get_pubkey(sk_X509_value(chain,i)); - if (ktmp == NULL) - { - X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); - return 0; - } - if (!EVP_PKEY_missing_parameters(ktmp)) - break; - else - { - EVP_PKEY_free(ktmp); - ktmp=NULL; - } - } - if (ktmp == NULL) - { - X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); - return 0; - } - - /* first, populate the other certs */ - for (j=i-1; j >= 0; j--) - { - ktmp2=X509_get_pubkey(sk_X509_value(chain,j)); - EVP_PKEY_copy_parameters(ktmp2,ktmp); - EVP_PKEY_free(ktmp2); - } - - if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); - EVP_PKEY_free(ktmp); - return 1; - } - -int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - /* This function is (usually) called only once, by - * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, - new_func, dup_func, free_func); - } - -int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) - { - return CRYPTO_set_ex_data(&ctx->ex_data,idx,data); - } - -void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) - { - return CRYPTO_get_ex_data(&ctx->ex_data,idx); - } - -int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) - { - return ctx->error; - } - -void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) - { - ctx->error=err; - } - -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) - { - return ctx->error_depth; - } - -X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) - { - return ctx->current_cert; - } - -STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) - { - return ctx->chain; - } - -STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) - { - int i; - X509 *x; - STACK_OF(X509) *chain; - if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; - for (i = 0; i < sk_X509_num(chain); i++) - { - x = sk_X509_value(chain, i); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } - return chain; - } - -void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) - { - ctx->cert=x; - } - -void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) - { - ctx->untrusted=sk; - } - -void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) - { - ctx->crls=sk; - } - -int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) - { - return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); - } - -int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) - { - return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); - } - -/* This function is used to set the X509_STORE_CTX purpose and trust - * values. This is intended to be used when another structure has its - * own trust and purpose values which (if set) will be inherited by - * the ctx. If they aren't set then we will usually have a default - * purpose in mind which should then be used to set the trust value. - * An example of this is SSL use: an SSL structure will have its own - * purpose and trust settings which the application can set: if they - * aren't set then we use the default of SSL client/server. - */ - -int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust) -{ - int idx; - /* If purpose not set use default */ - if (!purpose) purpose = def_purpose; - /* If we have a purpose then check it is valid */ - if (purpose) - { - X509_PURPOSE *ptmp; - idx = X509_PURPOSE_get_by_id(purpose); - if (idx == -1) - { - X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, - X509_R_UNKNOWN_PURPOSE_ID); - return 0; - } - ptmp = X509_PURPOSE_get0(idx); - if (ptmp->trust == X509_TRUST_DEFAULT) - { - idx = X509_PURPOSE_get_by_id(def_purpose); - if (idx == -1) - { - X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, - X509_R_UNKNOWN_PURPOSE_ID); - return 0; - } - ptmp = X509_PURPOSE_get0(idx); - } - /* If trust not set then get from purpose default */ - if (!trust) trust = ptmp->trust; - } - if (trust) - { - idx = X509_TRUST_get_by_id(trust); - if (idx == -1) - { - X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, - X509_R_UNKNOWN_TRUST_ID); - return 0; - } - } - - if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose; - if (trust && !ctx->param->trust) ctx->param->trust = trust; - return 1; -} - -X509_STORE_CTX *X509_STORE_CTX_new(void) -{ - X509_STORE_CTX *ctx; - ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); - if (!ctx) - { - X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE); - return NULL; - } - memset(ctx, 0, sizeof(X509_STORE_CTX)); - return ctx; -} - -void X509_STORE_CTX_free(X509_STORE_CTX *ctx) -{ - X509_STORE_CTX_cleanup(ctx); - OPENSSL_free(ctx); -} - -int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, - STACK_OF(X509) *chain) - { - int ret = 1; - ctx->ctx=store; - ctx->current_method=0; - ctx->cert=x509; - ctx->untrusted=chain; - ctx->crls = NULL; - ctx->last_untrusted=0; - ctx->other_ctx=NULL; - ctx->valid=0; - ctx->chain=NULL; - ctx->error=0; - ctx->explicit_policy=0; - ctx->error_depth=0; - ctx->current_cert=NULL; - ctx->current_issuer=NULL; - ctx->tree = NULL; - - ctx->param = X509_VERIFY_PARAM_new(); - - if (!ctx->param) - { - X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); - return 0; - } - - /* Inherit callbacks and flags from X509_STORE if not set - * use defaults. - */ - - - if (store) - ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); - else - ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; - - if (store) - { - ctx->verify_cb = store->verify_cb; - ctx->cleanup = store->cleanup; - } - else - ctx->cleanup = 0; - - if (ret) - ret = X509_VERIFY_PARAM_inherit(ctx->param, - X509_VERIFY_PARAM_lookup("default")); - - if (ret == 0) - { - X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); - return 0; - } - - if (store && store->check_issued) - ctx->check_issued = store->check_issued; - else - ctx->check_issued = check_issued; - - if (store && store->get_issuer) - ctx->get_issuer = store->get_issuer; - else - ctx->get_issuer = X509_STORE_CTX_get1_issuer; - - if (store && store->verify_cb) - ctx->verify_cb = store->verify_cb; - else - ctx->verify_cb = null_callback; - - if (store && store->verify) - ctx->verify = store->verify; - else - ctx->verify = internal_verify; - - if (store && store->check_revocation) - ctx->check_revocation = store->check_revocation; - else - ctx->check_revocation = check_revocation; - - if (store && store->get_crl) - ctx->get_crl = store->get_crl; - else - ctx->get_crl = get_crl; - - if (store && store->check_crl) - ctx->check_crl = store->check_crl; - else - ctx->check_crl = check_crl; - - if (store && store->cert_crl) - ctx->cert_crl = store->cert_crl; - else - ctx->cert_crl = cert_crl; - - ctx->check_policy = check_policy; - - - /* This memset() can't make any sense anyway, so it's removed. As - * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a - * corresponding "new" here and remove this bogus initialisation. */ - /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ - if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, - &(ctx->ex_data))) - { - OPENSSL_free(ctx); - X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; - } - -/* Set alternative lookup method: just a STACK of trusted certificates. - * This avoids X509_STORE nastiness where it isn't needed. - */ - -void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) -{ - ctx->other_ctx = sk; - ctx->get_issuer = get_issuer_sk; -} - -void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) - { - if (ctx->cleanup) ctx->cleanup(ctx); - if (ctx->param != NULL) - { - X509_VERIFY_PARAM_free(ctx->param); - ctx->param=NULL; - } - if (ctx->tree != NULL) - { - X509_policy_tree_free(ctx->tree); - ctx->tree=NULL; - } - if (ctx->chain != NULL) - { - sk_X509_pop_free(ctx->chain,X509_free); - ctx->chain=NULL; - } - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); - memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); - } - -void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) - { - X509_VERIFY_PARAM_set_depth(ctx->param, depth); - } - -void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) - { - X509_VERIFY_PARAM_set_flags(ctx->param, flags); - } - -void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) - { - X509_VERIFY_PARAM_set_time(ctx->param, t); - } - -void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, - int (*verify_cb)(int, X509_STORE_CTX *)) - { - ctx->verify_cb=verify_cb; - } - -X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) - { - return ctx->tree; - } - -int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) - { - return ctx->explicit_policy; - } - -int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) - { - const X509_VERIFY_PARAM *param; - param = X509_VERIFY_PARAM_lookup(name); - if (!param) - return 0; - return X509_VERIFY_PARAM_inherit(ctx->param, param); - } - -X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) - { - return ctx->param; - } - -void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) - { - if (ctx->param) - X509_VERIFY_PARAM_free(ctx->param); - ctx->param = param; - } - -IMPLEMENT_STACK_OF(X509) -IMPLEMENT_ASN1_SET_OF(X509) - -IMPLEMENT_STACK_OF(X509_NAME) - -IMPLEMENT_STACK_OF(X509_ATTRIBUTE) -IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/update.sh b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/update.sh deleted file mode 100755 index cb25ccd2..00000000 --- a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/update.sh +++ /dev/null @@ -1,499 +0,0 @@ -#/bin/sh -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/e_os.h e_os.h -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cryptlib.c crypto/cryptlib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dyn_lck.c crypto/dyn_lck.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem.c crypto/mem.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_clr.c crypto/mem_clr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_dbg.c crypto/mem_dbg.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cversion.c crypto/cversion.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ex_data.c crypto/ex_data.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cpt_err.c crypto/cpt_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ebcdic.c crypto/ebcdic.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/uid.c crypto/uid.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_time.c crypto/o_time.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_str.c crypto/o_str.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_dir.c crypto/o_dir.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_init.c crypto/o_init.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/fips_err.c crypto/fips_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_one.c crypto/md2/md2_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_one.c crypto/md4/md4_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_one.c crypto/md5/md5_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_one.c crypto/sha/sha_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1_one.c crypto/sha/sha1_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha256.c crypto/sha/sha256.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha512.c crypto/sha/sha512.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/hmac/hmac.c crypto/hmac/hmac.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_lib.c crypto/des/des_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/set_key.c crypto/des/set_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb_enc.c crypto/des/ecb_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_enc.c crypto/des/cbc_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64enc.c crypto/des/cfb64enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64ede.c crypto/des/cfb64ede.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb_enc.c crypto/des/cfb_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64ede.c crypto/des/ofb64ede.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_read.c crypto/des/enc_read.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_writ.c crypto/des/enc_writ.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64enc.c crypto/des/ofb64enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb_enc.c crypto/des/ofb_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/str2key.c crypto/des/str2key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/qud_cksm.c crypto/des/qud_cksm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rand_key.c crypto/des/rand_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_enc.c crypto/des/des_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt.c crypto/des/fcrypt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rpc_enc.c crypto/des/rpc_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old.c crypto/des/des_old.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old2.c crypto/des/des_old2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/read2pwd.c crypto/des/read2pwd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cbc.c crypto/idea/i_cbc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ecb.c crypto/idea/i_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_skey.c crypto/idea/i_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_skey.c crypto/bf/bf_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_enc.c crypto/bf/bf_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_skey.c crypto/cast/c_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ecb.c crypto/cast/c_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_enc.c crypto/cast/c_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_misc.c crypto/aes/aes_misc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ige.c crypto/aes/aes_ige.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_core.c crypto/aes/aes_core.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_add.c crypto/bn/bn_add.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_div.c crypto/bn/bn_div.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp.c crypto/bn/bn_exp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_lib.c crypto/bn/bn_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mul.c crypto/bn/bn_mul.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mod.c crypto/bn/bn_mod.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_print.c crypto/bn/bn_print.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_rand.c crypto/bn/bn_rand.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_shift.c crypto/bn/bn_shift.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_word.c crypto/bn/bn_word.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_blind.c crypto/bn/bn_blind.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_kron.c crypto/bn/bn_kron.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_prime.c crypto/bn/bn_prime.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_err.c crypto/bn/bn_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_asm.c crypto/bn/bn_asm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_recp.c crypto/bn/bn_recp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mont.c crypto/bn/bn_mont.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_nist.c crypto/bn/bn_nist.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_depr.c crypto/bn/bn_depr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_const.c crypto/bn/bn_const.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_opt.c crypto/bn/bn_opt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dl.c crypto/dso/dso_dl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_err.c crypto/dso/dso_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_lib.c crypto/dso/dso_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_null.c crypto/dso/dso_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_win32.c crypto/dso/dso_win32.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_vms.c crypto/dso/dso_vms.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_gen.c crypto/dh/dh_gen.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_key.c crypto/dh/dh_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_lib.c crypto/dh/dh_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_check.c crypto/dh/dh_check.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_err.c crypto/dh/dh_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_depr.c crypto/dh/dh_depr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_lib.c crypto/ec/ec_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_mult.c crypto/ec/ec_mult.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_err.c crypto/ec/ec_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_curve.c crypto/ec/ec_curve.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_check.c crypto/ec/ec_check.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_print.c crypto/ec/ec_print.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_key.c crypto/ec/ec_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buffer.c crypto/buffer/buffer.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_str.c crypto/buffer/buf_str.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_err.c crypto/buffer/buf_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_lib.c crypto/bio/bio_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_cb.c crypto/bio/bio_cb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_err.c crypto/bio/bio_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_mem.c crypto/bio/bss_mem.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_null.c crypto/bio/bss_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_fd.c crypto/bio/bss_fd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_file.c crypto/bio/bss_file.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_null.c crypto/bio/bf_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_buff.c crypto/bio/bf_buff.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/b_dump.c crypto/bio/b_dump.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_log.c crypto/bio/bss_log.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_bio.c crypto/bio/bss_bio.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/stack/stack.c crypto/stack/stack.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lhash.c crypto/lhash/lhash.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/md_rand.c crypto/rand/md_rand.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/randfile.c crypto/rand/randfile.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_lib.c crypto/rand/rand_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_eng.c crypto/rand/rand_eng.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_err.c crypto/rand/rand_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_egd.c crypto/rand/rand_egd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_win.c crypto/rand/rand_win.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_unix.c crypto/rand/rand_unix.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_os2.c crypto/rand/rand_os2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_nw.c crypto/rand/rand_nw.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err.c crypto/err/err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_def.c crypto/err/err_def.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_all.c crypto/err/err_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_prn.c crypto/err/err_prn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_str.c crypto/err/err_str.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_bio.c crypto/err/err_bio.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/o_names.c crypto/objects/o_names.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_dat.c crypto/objects/obj_dat.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_lib.c crypto/objects/obj_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_err.c crypto/objects/obj_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/encode.c crypto/evp/encode.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/digest.c crypto/evp/digest.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/dig_eng.c crypto/evp/dig_eng.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_enc.c crypto/evp/evp_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_key.c crypto/evp/evp_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des.c crypto/evp/e_des.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_bf.c crypto/evp/e_bf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_idea.c crypto/evp/e_idea.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des3.c crypto/evp/e_des3.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc4.c crypto/evp/e_rc4.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_aes.c crypto/evp/e_aes.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/names.c crypto/evp/names.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc2.c crypto/evp/e_rc2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_cast.c crypto/evp/e_cast.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc5.c crypto/evp/e_rc5.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/enc_min.c crypto/evp/enc_min.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_null.c crypto/evp/m_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md2.c crypto/evp/m_md2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md4.c crypto/evp/m_md4.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md5.c crypto/evp/m_md5.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha.c crypto/evp/m_sha.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha1.c crypto/evp/m_sha1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss.c crypto/evp/m_dss.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss1.c crypto/evp/m_dss1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_open.c crypto/evp/p_open.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_seal.c crypto/evp/p_seal.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_sign.c crypto/evp/p_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_verify.c crypto/evp/p_verify.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_lib.c crypto/evp/p_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_enc.c crypto/evp/p_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_dec.c crypto/evp/p_dec.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_md.c crypto/evp/bio_md.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_b64.c crypto/evp/bio_b64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_enc.c crypto/evp/bio_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_err.c crypto/evp/evp_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_null.c crypto/evp/e_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_all.c crypto/evp/c_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_allc.c crypto/evp/c_allc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_alld.c crypto/evp/c_alld.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_lib.c crypto/evp/evp_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_ok.c crypto/evp/bio_ok.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_old.c crypto/evp/e_old.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_object.c crypto/asn1/a_object.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_time.c crypto/asn1/a_time.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_int.c crypto/asn1/a_int.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_octet.c crypto/asn1/a_octet.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_print.c crypto/asn1/a_print.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_type.c crypto/asn1/a_type.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_set.c crypto/asn1/a_set.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_dup.c crypto/asn1/a_dup.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_enum.c crypto/asn1/a_enum.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_sign.c crypto/asn1/a_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_digest.c crypto/asn1/a_digest.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_verify.c crypto/asn1/a_verify.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strex.c crypto/asn1/a_strex.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_algor.c crypto/asn1/x_algor.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_val.c crypto/asn1/x_val.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_sig.c crypto/asn1/x_sig.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_req.c crypto/asn1/x_req.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_long.c crypto/asn1/x_long.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_name.c crypto/asn1/x_name.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509.c crypto/asn1/x_x509.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_crl.c crypto/asn1/x_crl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_info.c crypto/asn1/x_info.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_spki.c crypto/asn1/x_spki.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/nsseq.c crypto/asn1/nsseq.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_req.c crypto/asn1/t_req.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509.c crypto/asn1/t_x509.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_crl.c crypto/asn1/t_crl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_spki.c crypto/asn1/t_spki.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_int.c crypto/asn1/f_int.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_string.c crypto/asn1/f_string.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_enum.c crypto/asn1/f_enum.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bool.c crypto/asn1/a_bool.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_exten.c crypto/asn1/x_exten.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_meth.c crypto/asn1/a_meth.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_sign.c crypto/pem/pem_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_seal.c crypto/pem/pem_seal.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_info.c crypto/pem/pem_info.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_lib.c crypto/pem/pem_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_all.c crypto/pem/pem_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_err.c crypto/pem/pem_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_x509.c crypto/pem/pem_x509.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_oth.c crypto/pem/pem_oth.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_def.c crypto/x509/x509_def.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_d2.c crypto/x509/x509_d2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_obj.c crypto/x509/x509_obj.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_req.c crypto/x509/x509_req.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509spki.c crypto/x509/x509spki.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_set.c crypto/x509/x509_set.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509cset.c crypto/x509/x509cset.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509rset.c crypto/x509/x509rset.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_err.c crypto/x509/x509_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509name.c crypto/x509/x509name.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_v3.c crypto/x509/x509_v3.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_ext.c crypto/x509/x509_ext.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_att.c crypto/x509/x509_att.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509type.c crypto/x509/x509type.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_lu.c crypto/x509/x509_lu.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x_all.c crypto/x509/x_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_txt.c crypto/x509/x509_txt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_trs.c crypto/x509/x509_trs.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_file.c crypto/x509/by_file.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_dir.c crypto/x509/by_dir.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3err.c crypto/x509v3/v3err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_err.c crypto/conf/conf_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_lib.c crypto/conf/conf_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_api.c crypto/conf/conf_api.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_def.c crypto/conf/conf_def.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mod.c crypto/conf/conf_mod.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mall.c crypto/conf/conf_mall.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_sap.c crypto/conf/conf_sap.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_lib.c crypto/comp/comp_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_err.c crypto/comp/comp_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_rle.c crypto/comp/c_rle.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_zlib.c crypto/comp/c_zlib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_err.c crypto/engine/eng_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_lib.c crypto/engine/eng_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_list.c crypto/engine/eng_list.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_init.c crypto/engine/eng_init.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_table.c crypto/engine/eng_table.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_fat.c crypto/engine/eng_fat.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_all.c crypto/engine/eng_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dh.c crypto/engine/tb_dh.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rand.c crypto/engine/tb_rand.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_store.c crypto/engine/tb_store.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_digest.c crypto/engine/tb_digest.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_err.c crypto/ui/ui_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_lib.c crypto/ui/ui_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_util.c crypto/ui/ui_util.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_compat.c crypto/ui/ui_compat.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_err.c crypto/store/str_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_lib.c crypto/store/str_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_meth.c crypto/store/str_meth.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_mem.c crypto/store/str_mem.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c |