diff options
Diffstat (limited to '.pc/0001-Update-openssl-to-0.9.8za.patch')
46 files changed, 20518 insertions, 0 deletions
diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Cryptlib.diff b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Cryptlib.diff new file mode 100644 index 00000000..9663d90a --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Cryptlib.diff @@ -0,0 +1,57 @@ +diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c +index 68bc25a..1abe78e 100644 +--- a/Cryptlib/SysCall/BaseMemAllocation.c ++++ b/Cryptlib/SysCall/BaseMemAllocation.c +@@ -32,7 +32,7 @@ void *realloc (void *ptr, size_t size) + // BUG: hardcode OldSize == size! We have no any knowledge about
+ // memory size of original pointer ptr.
+ //
+- return ReallocatePool ((UINTN)size, (UINTN)size, ptr);
++ return ReallocatePool (ptr, (UINTN)size, (UINTN)size);
+ }
+
+ /* De-allocates or frees a memory block */
+diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c +index 805e6b4..bb7bcba 100644 +--- a/Cryptlib/SysCall/TimerWrapper.c ++++ b/Cryptlib/SysCall/TimerWrapper.c +@@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +
+ **/
+
+-#include <Uefi.h>
+ #include <OpenSslSupport.h>
+-#include <Library/UefiRuntimeServicesTableLib.h>
+
+ //
+ // -- Time Management Routines --
+@@ -78,7 +76,7 @@ time_t time (time_t *timer) + //
+ // Get the current time and date information
+ //
+- gRT->GetTime (&Time, NULL);
++ uefi_call_wrapper(RT->GetTime, 2, &Time, NULL);
+
+ //
+ // Years Handling
+diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c +index fb446b6..5a8322d 100644 +--- a/Cryptlib/SysCall/CrtWrapper.c ++++ b/Cryptlib/SysCall/CrtWrapper.c +@@ -293,16 +293,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) + // -- Dummy OpenSSL Support Routines --
+ //
+
+-int BIO_printf (void *bio, const char *format, ...)
+-{
+- return 0;
+-}
+-
+-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+-{
+- return 0;
+-}
+-
+ void *UI_OpenSSL(void)
+ {
+ return NULL;
diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/bn.h b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/bn.h new file mode 100644 index 00000000..f1719a58 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/bn.h @@ -0,0 +1,855 @@ +/* crypto/bn/bn.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#ifndef HEADER_BN_H +#define HEADER_BN_H + +#include <openssl/e_os2.h> +#ifndef OPENSSL_NO_FP_API +#include <stdio.h> /* FILE */ +#endif +#include <openssl/ossl_typ.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* These preprocessor symbols control various aspects of the bignum headers and + * library code. They're not defined by any "normal" configuration, as they are + * intended for development and testing purposes. NB: defining all three can be + * useful for debugging application code as well as openssl itself. + * + * BN_DEBUG - turn on various debugging alterations to the bignum code + * BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ + +#define BN_MUL_COMBA +#define BN_SQR_COMBA +#define BN_RECURSION + +/* This next option uses the C libraries (2 word)/(1 word) function. + * If it is not defined, I use my C version (which is slower). + * The reason for this flag is that when the particular C compiler + * library routine is used, and the library is linked with a different + * compiler, the library is missing. This mostly happens when the + * library is built with gcc and then linked using normal cc. This would + * be a common occurrence because gcc normally produces code that is + * 2 times faster than system compilers for the big number stuff. + * For machines with only one compiler (or shared libraries), this should + * be on. Again this in only really a problem on machines + * using "long long's", are 32bit, and are not using my assembler code. */ +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ + defined(OPENSSL_SYS_WIN32) || defined(linux) +# ifndef BN_DIV2W +# define BN_DIV2W +# endif +#endif + +/* assuming long is 64bit - this is the DEC Alpha + * unsigned long long is only 64 bits :-(, don't define + * BN_LLONG for the DEC Alpha */ +#ifdef SIXTY_FOUR_BIT_LONG +#define BN_ULLONG unsigned long long +#define BN_ULONG unsigned long +#define BN_LONG long +#define BN_BITS 128 +#define BN_BYTES 8 +#define BN_BITS2 64 +#define BN_BITS4 32 +#define BN_MASK (0xffffffffffffffffffffffffffffffffLL) +#define BN_MASK2 (0xffffffffffffffffL) +#define BN_MASK2l (0xffffffffL) +#define BN_MASK2h (0xffffffff00000000L) +#define BN_MASK2h1 (0xffffffff80000000L) +#define BN_TBIT (0x8000000000000000L) +#define BN_DEC_CONV (10000000000000000000UL) +#define BN_DEC_FMT1 "%lu" +#define BN_DEC_FMT2 "%019lu" +#define BN_DEC_NUM 19 +#endif + +/* This is where the long long data type is 64 bits, but long is 32. + * For machines where there are 64bit registers, this is the mode to use. + * IRIX, on R4000 and above should use this mode, along with the relevant + * assembler code :-). Do NOT define BN_LLONG. + */ +#ifdef SIXTY_FOUR_BIT +#undef BN_LLONG +#undef BN_ULLONG +#define BN_ULONG unsigned long long +#define BN_LONG long long +#define BN_BITS 128 +#define BN_BYTES 8 +#define BN_BITS2 64 +#define BN_BITS4 32 +#define BN_MASK2 (0xffffffffffffffffLL) +#define BN_MASK2l (0xffffffffL) +#define BN_MASK2h (0xffffffff00000000LL) +#define BN_MASK2h1 (0xffffffff80000000LL) +#define BN_TBIT (0x8000000000000000LL) +#define BN_DEC_CONV (10000000000000000000ULL) +#define BN_DEC_FMT1 "%llu" +#define BN_DEC_FMT2 "%019llu" +#define BN_DEC_NUM 19 +#endif + +#ifdef THIRTY_TWO_BIT +#ifdef BN_LLONG +# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) +# define BN_ULLONG unsigned __int64 +# else +# define BN_ULLONG unsigned long long +# endif +#endif +#define BN_ULONG unsigned long +#define BN_LONG long +#define BN_BITS 64 +#define BN_BYTES 4 +#define BN_BITS2 32 +#define BN_BITS4 16 +#ifdef OPENSSL_SYS_WIN32 +/* VC++ doesn't like the LL suffix */ +#define BN_MASK (0xffffffffffffffffL) +#else +#define BN_MASK (0xffffffffffffffffLL) +#endif +#define BN_MASK2 (0xffffffffL) +#define BN_MASK2l (0xffff) +#define BN_MASK2h1 (0xffff8000L) +#define BN_MASK2h (0xffff0000L) +#define BN_TBIT (0x80000000L) +#define BN_DEC_CONV (1000000000L) +#define BN_DEC_FMT1 "%lu" +#define BN_DEC_FMT2 "%09lu" +#define BN_DEC_NUM 9 +#endif + +#ifdef SIXTEEN_BIT +#ifndef BN_DIV2W +#define BN_DIV2W +#endif +#define BN_ULLONG unsigned long +#define BN_ULONG unsigned short +#define BN_LONG short +#define BN_BITS 32 +#define BN_BYTES 2 +#define BN_BITS2 16 +#define BN_BITS4 8 +#define BN_MASK (0xffffffff) +#define BN_MASK2 (0xffff) +#define BN_MASK2l (0xff) +#define BN_MASK2h1 (0xff80) +#define BN_MASK2h (0xff00) +#define BN_TBIT (0x8000) +#define BN_DEC_CONV (100000) +#define BN_DEC_FMT1 "%u" +#define BN_DEC_FMT2 "%05u" +#define BN_DEC_NUM 5 +#endif + +#ifdef EIGHT_BIT +#ifndef BN_DIV2W +#define BN_DIV2W +#endif +#define BN_ULLONG unsigned short +#define BN_ULONG unsigned char +#define BN_LONG char +#define BN_BITS 16 +#define BN_BYTES 1 +#define BN_BITS2 8 +#define BN_BITS4 4 +#define BN_MASK (0xffff) +#define BN_MASK2 (0xff) +#define BN_MASK2l (0xf) +#define BN_MASK2h1 (0xf8) +#define BN_MASK2h (0xf0) +#define BN_TBIT (0x80) +#define BN_DEC_CONV (100) +#define BN_DEC_FMT1 "%u" +#define BN_DEC_FMT2 "%02u" +#define BN_DEC_NUM 2 +#endif + +#define BN_DEFAULT_BITS 1280 + +#define BN_FLG_MALLOCED 0x01 +#define BN_FLG_STATIC_DATA 0x02 +#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ + +#ifndef OPENSSL_NO_DEPRECATED +#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ + /* avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +#endif + +#ifndef OPENSSL_NO_DEPRECATED +#define BN_FLG_FREE 0x8000 /* used for debuging */ +#endif +#define BN_set_flags(b,n) ((b)->flags|=(n)) +#define BN_get_flags(b,n) ((b)->flags&(n)) + +/* get a clone of a BIGNUM with changed flags, for *temporary* use only + * (the two BIGNUMs cannot not be used in parallel!) */ +#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ + (dest)->top=(b)->top, \ + (dest)->dmax=(b)->dmax, \ + (dest)->neg=(b)->neg, \ + (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ + | ((b)->flags & ~BN_FLG_MALLOCED) \ + | BN_FLG_STATIC_DATA \ + | (n))) + +/* Already declared in ossl_typ.h */ +#if 0 +typedef struct bignum_st BIGNUM; +/* Used for temp variables (declaration hidden in bn_lcl.h) */ +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; +#endif + +struct bignum_st + { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; + }; + +/* Used for montgomery multiplication */ +struct bn_mont_ctx_st + { + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 + * (Ni is only stored for bignum algorithm) */ +#if 0 + /* OpenSSL 0.9.9 preview: */ + BN_ULONG n0[2];/* least significant word(s) of Ni */ +#else + BN_ULONG n0; /* least significant word of Ni */ +#endif + int flags; + }; + +/* Used for reciprocal division/mod functions + * It cannot be shared between threads + */ +struct bn_recp_ctx_st + { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; + }; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st + { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union + { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1)(int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2)(int, int, BN_GENCB *); + } cb; + }; +/* Wrapper function to make using BN_GENCB easier, */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); +/* Macro to populate a BN_GENCB structure with an "old"-style callback */ +#define BN_GENCB_set_old(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 1; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_1 = (callback); } +/* Macro to populate a BN_GENCB structure with a "new"-style callback */ +#define BN_GENCB_set(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 2; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_2 = (callback); } + +#define BN_prime_checks 0 /* default: select number of iterations + based on the size of the number */ + +/* number of Miller-Rabin iterations for an error rate of less than 2^-80 + * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook + * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; + * original paper: Damgaard, Landrock, Pomerance: Average case error estimates + * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ +#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ + (b) >= 850 ? 3 : \ + (b) >= 650 ? 4 : \ + (b) >= 550 ? 5 : \ + (b) >= 450 ? 6 : \ + (b) >= 400 ? 7 : \ + (b) >= 350 ? 8 : \ + (b) >= 300 ? 9 : \ + (b) >= 250 ? 12 : \ + (b) >= 200 ? 15 : \ + (b) >= 150 ? 18 : \ + /* b >= 100 */ 27) + +#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ + (((w) == 0) && ((a)->top == 0))) +#define BN_is_zero(a) ((a)->top == 0) +#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) +#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) +#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) + +#define BN_one(a) (BN_set_word((a),1)) +#define BN_zero_ex(a) \ + do { \ + BIGNUM *_tmp_bn = (a); \ + _tmp_bn->top = 0; \ + _tmp_bn->neg = 0; \ + } while(0) +#ifdef OPENSSL_NO_DEPRECATED +#define BN_zero(a) BN_zero_ex(a) +#else +#define BN_zero(a) (BN_set_word((a),0)) +#endif + +const BIGNUM *BN_value_one(void); +char * BN_options(void); +BN_CTX *BN_CTX_new(void); +#ifndef OPENSSL_NO_DEPRECATED +void BN_CTX_init(BN_CTX *c); +#endif +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG); +BIGNUM *BN_new(void); +void BN_init(BIGNUM *); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +#define BN_is_negative(a) ((a)->neg != 0) + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m,BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m, + BN_CTX *ctx,BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m,BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a,int n); +#ifndef OPENSSL_NO_FP_API +int BN_print_fp(FILE *fp, const BIGNUM *a); +#endif +#ifdef HEADER_BIO_H +int BN_print(BIO *fp, const BIGNUM *a); +#else +int BN_print(void *fp, const BIGNUM *a); +#endif +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char * BN_bn2hex(const BIGNUM *a); +char * BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); + +/* Deprecated versions */ +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int,int,void *),void *cb_arg); +int BN_is_prime(const BIGNUM *p,int nchecks, + void (*callback)(int,int,void *), + BN_CTX *ctx,void *cb_arg); +int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, + void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, + int do_trial_division); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + BIGNUM *Xp1, BIGNUM *Xp2, + const BIGNUM *Xp, + const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void ); +void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ + (r),(a),&((mont)->RR),(mont),(ctx)) +int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, + BN_MONT_CTX *mont, BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +#define BN_BLINDING_NO_UPDATE 0x00000001 +#define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); +unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); +void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +#ifndef OPENSSL_NO_DEPRECATED +void BN_set_params(int mul,int high,int low,int mont); +int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ +#endif + +void BN_RECP_CTX_init(BN_RECP_CTX *recp); +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp,BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +/* Functions for arithmetic over binary polynomials represented by BIGNUMs. + * + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. + * + * Note that input arguments are not const so that their bit arrays can + * be expanded to the appropriate size if needed. + */ + +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/ +#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r = (a * a) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, + BN_CTX *ctx); /* r = (1 / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r = sqrt(a) mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r^2 + r = a mod p */ +#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/* Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); + /* r = a mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], + BN_CTX *ctx); /* r = (a * a) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], + BN_CTX *ctx); /* r = (1 / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ +int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); +int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); + +/* faster mod functions for the 'NIST primes' + * 0 <= a < p^2 */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +/* library internal functions */ + +#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ + (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) +#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) +BIGNUM *bn_expand2(BIGNUM *a, int words); +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ +#endif + +/* Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ + +#ifdef BN_DEBUG + +/* We only need assert() when debugging */ +#include <assert.h> + +#ifdef BN_DEBUG_RAND +/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +#ifndef RAND_pseudo_bytes +int RAND_pseudo_bytes(unsigned char *buf,int num); +#define BN_DEBUG_TRIX +#endif +#define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if(_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + RAND_pseudo_bytes(&_tmp_char, 1); \ + memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ + } \ + } while(0) +#ifdef BN_DEBUG_TRIX +#undef RAND_pseudo_bytes +#endif +#else +#define bn_pollute(a) +#endif +#define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + if (_bnum2 != NULL) { \ + assert((_bnum2->top == 0) || \ + (_bnum2->d[_bnum2->top - 1] != 0)); \ + bn_pollute(_bnum2); \ + } \ + } while(0) + +#define bn_fix_top(a) bn_check_top(a) + +#else /* !BN_DEBUG */ + +#define bn_pollute(a) +#define bn_check_top(a) +#define bn_fix_top(a) bn_correct_top(a) + +#endif + +#define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ + if ((a)->top > 0) \ + { \ + for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ + if (*(ftl--)) break; \ + } \ + bn_pollute(a); \ + } + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); +BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); + +/* Primes from RFC 2409 */ +BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_BN_strings(void); + +/* Error codes for the BN functions. */ + +/* Function codes. */ +#define BN_F_BNRAND 127 +#define BN_F_BN_BLINDING_CONVERT_EX 100 +#define BN_F_BN_BLINDING_CREATE_PARAM 128 +#define BN_F_BN_BLINDING_INVERT_EX 101 +#define BN_F_BN_BLINDING_NEW 102 +#define BN_F_BN_BLINDING_UPDATE 103 +#define BN_F_BN_BN2DEC 104 +#define BN_F_BN_BN2HEX 105 +#define BN_F_BN_CTX_GET 116 +#define BN_F_BN_CTX_NEW 106 +#define BN_F_BN_CTX_START 129 +#define BN_F_BN_DIV 107 +#define BN_F_BN_DIV_NO_BRANCH 138 +#define BN_F_BN_DIV_RECP 130 +#define BN_F_BN_EXP 123 +#define BN_F_BN_EXPAND2 108 +#define BN_F_BN_EXPAND_INTERNAL 120 +#define BN_F_BN_GF2M_MOD 131 +#define BN_F_BN_GF2M_MOD_EXP 132 +#define BN_F_BN_GF2M_MOD_MUL 133 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +#define BN_F_BN_GF2M_MOD_SQR 136 +#define BN_F_BN_GF2M_MOD_SQRT 137 +#define BN_F_BN_MOD_EXP2_MONT 118 +#define BN_F_BN_MOD_EXP_MONT 109 +#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +#define BN_F_BN_MOD_EXP_MONT_WORD 117 +#define BN_F_BN_MOD_EXP_RECP 125 +#define BN_F_BN_MOD_EXP_SIMPLE 126 +#define BN_F_BN_MOD_INVERSE 110 +#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +#define BN_F_BN_MOD_LSHIFT_QUICK 119 +#define BN_F_BN_MOD_MUL_RECIPROCAL 111 +#define BN_F_BN_MOD_SQRT 121 +#define BN_F_BN_MPI2BN 112 +#define BN_F_BN_NEW 113 +#define BN_F_BN_RAND 114 +#define BN_F_BN_RAND_RANGE 122 +#define BN_F_BN_USUB 115 + +/* Reason codes. */ +#define BN_R_ARG2_LT_ARG3 100 +#define BN_R_BAD_RECIPROCAL 101 +#define BN_R_BIGNUM_TOO_LONG 114 +#define BN_R_CALLED_WITH_EVEN_MODULUS 102 +#define BN_R_DIV_BY_ZERO 103 +#define BN_R_ENCODING_ERROR 104 +#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +#define BN_R_INPUT_NOT_REDUCED 110 +#define BN_R_INVALID_LENGTH 106 +#define BN_R_INVALID_RANGE 115 +#define BN_R_NOT_A_SQUARE 111 +#define BN_R_NOT_INITIALIZED 107 +#define BN_R_NO_INVERSE 108 +#define BN_R_NO_SOLUTION 116 +#define BN_R_P_IS_NOT_PRIME 112 +#define BN_R_TOO_MANY_ITERATIONS 113 +#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/crypto.h b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/crypto.h new file mode 100644 index 00000000..fc1374fa --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/crypto.h @@ -0,0 +1,619 @@ +/* crypto/crypto.h */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_CRYPTO_H +#define HEADER_CRYPTO_H + +#include <stdlib.h> + +#include <openssl/e_os2.h> + +#ifndef OPENSSL_NO_FP_API +#include <stdio.h> +#endif + +#include <openssl/stack.h> +#include <openssl/safestack.h> +#include <openssl/opensslv.h> +#include <openssl/ossl_typ.h> + +#ifdef CHARSET_EBCDIC +#include <openssl/ebcdic.h> +#endif + +/* Resolve problems on some operating systems with symbol names that clash + one way or another */ +#include <openssl/symhacks.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* Backward compatibility to SSLeay */ +/* This is more to be used to check the correct DLL is being used + * in the MS world. */ +#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +#define SSLEAY_VERSION 0 +/* #define SSLEAY_OPTIONS 1 no longer supported */ +#define SSLEAY_CFLAGS 2 +#define SSLEAY_BUILT_ON 3 +#define SSLEAY_PLATFORM 4 +#define SSLEAY_DIR 5 + +/* Already declared in ossl_typ.h */ +#if 0 +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; +/* Called when a new object is created */ +typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +/* Called when an object is free()ed */ +typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +/* Called when we need to dup an object */ +typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); +#endif + +/* A generic structure to pass assorted data in a expandable way */ +typedef struct openssl_item_st + { + int code; + void *value; /* Not used for flag attributes */ + size_t value_size; /* Max size of value for output, length for input */ + size_t *value_length; /* Returned length of value for output */ + } OPENSSL_ITEM; + + +/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock + * names in cryptlib.c + */ + +#define CRYPTO_LOCK_ERR 1 +#define CRYPTO_LOCK_EX_DATA 2 +#define CRYPTO_LOCK_X509 3 +#define CRYPTO_LOCK_X509_INFO 4 +#define CRYPTO_LOCK_X509_PKEY 5 +#define CRYPTO_LOCK_X509_CRL 6 +#define CRYPTO_LOCK_X509_REQ 7 +#define CRYPTO_LOCK_DSA 8 +#define CRYPTO_LOCK_RSA 9 +#define CRYPTO_LOCK_EVP_PKEY 10 +#define CRYPTO_LOCK_X509_STORE 11 +#define CRYPTO_LOCK_SSL_CTX 12 +#define CRYPTO_LOCK_SSL_CERT 13 +#define CRYPTO_LOCK_SSL_SESSION 14 +#define CRYPTO_LOCK_SSL_SESS_CERT 15 +#define CRYPTO_LOCK_SSL 16 +#define CRYPTO_LOCK_SSL_METHOD 17 +#define CRYPTO_LOCK_RAND 18 +#define CRYPTO_LOCK_RAND2 19 +#define CRYPTO_LOCK_MALLOC 20 +#define CRYPTO_LOCK_BIO 21 +#define CRYPTO_LOCK_GETHOSTBYNAME 22 +#define CRYPTO_LOCK_GETSERVBYNAME 23 +#define CRYPTO_LOCK_READDIR 24 +#define CRYPTO_LOCK_RSA_BLINDING 25 +#define CRYPTO_LOCK_DH 26 +#define CRYPTO_LOCK_MALLOC2 27 +#define CRYPTO_LOCK_DSO 28 +#define CRYPTO_LOCK_DYNLOCK 29 +#define CRYPTO_LOCK_ENGINE 30 +#define CRYPTO_LOCK_UI 31 +#define CRYPTO_LOCK_ECDSA 32 +#define CRYPTO_LOCK_EC 33 +#define CRYPTO_LOCK_ECDH 34 +#define CRYPTO_LOCK_BN 35 +#define CRYPTO_LOCK_EC_PRE_COMP 36 +#define CRYPTO_LOCK_STORE 37 +#define CRYPTO_LOCK_COMP 38 +#ifndef OPENSSL_FIPS +#define CRYPTO_NUM_LOCKS 39 +#else +#define CRYPTO_LOCK_FIPS 39 +#define CRYPTO_LOCK_FIPS2 40 +#define CRYPTO_NUM_LOCKS 41 +#endif + +#define CRYPTO_LOCK 1 +#define CRYPTO_UNLOCK 2 +#define CRYPTO_READ 4 +#define CRYPTO_WRITE 8 + +#ifndef OPENSSL_NO_LOCKING +#ifndef CRYPTO_w_lock +#define CRYPTO_w_lock(type) \ + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +#define CRYPTO_w_unlock(type) \ + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +#define CRYPTO_r_lock(type) \ + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) +#define CRYPTO_r_unlock(type) \ + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) +#define CRYPTO_add(addr,amount,type) \ + CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) +#endif +#else +#define CRYPTO_w_lock(a) +#define CRYPTO_w_unlock(a) +#define CRYPTO_r_lock(a) +#define CRYPTO_r_unlock(a) +#define CRYPTO_add(a,b,c) ((*(a))+=(b)) +#endif + +/* Some applications as well as some parts of OpenSSL need to allocate + and deallocate locks in a dynamic fashion. The following typedef + makes this possible in a type-safe manner. */ +/* struct CRYPTO_dynlock_value has to be defined by the application. */ +typedef struct + { + int references; + struct CRYPTO_dynlock_value *data; + } CRYPTO_dynlock; + + +/* The following can be used to detect memory leaks in the SSLeay library. + * It used, it turns on malloc checking */ + +#define CRYPTO_MEM_CHECK_OFF 0x0 /* an enume */ +#define CRYPTO_MEM_CHECK_ON 0x1 /* a bit */ +#define CRYPTO_MEM_CHECK_ENABLE 0x2 /* a bit */ +#define CRYPTO_MEM_CHECK_DISABLE 0x3 /* an enume */ + +/* The following are bit values to turn on or off options connected to the + * malloc checking functionality */ + +/* Adds time to the memory checking information */ +#define V_CRYPTO_MDEBUG_TIME 0x1 /* a bit */ +/* Adds thread number to the memory checking information */ +#define V_CRYPTO_MDEBUG_THREAD 0x2 /* a bit */ + +#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) + + +/* predec of the BIO type */ +typedef struct bio_st BIO_dummy; + +struct crypto_ex_data_st + { + STACK *sk; + int dummy; /* gcc is screwing up this data structure :-( */ + }; + +/* This stuff is basically class callback functions + * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ + +typedef struct crypto_ex_data_func_st + { + long argl; /* Arbitary long */ + void *argp; /* Arbitary void * */ + CRYPTO_EX_new *new_func; + CRYPTO_EX_free *free_func; + CRYPTO_EX_dup *dup_func; + } CRYPTO_EX_DATA_FUNCS; + +DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) + +/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA + * entry. + */ + +#define CRYPTO_EX_INDEX_BIO 0 +#define CRYPTO_EX_INDEX_SSL 1 +#define CRYPTO_EX_INDEX_SSL_CTX 2 +#define CRYPTO_EX_INDEX_SSL_SESSION 3 +#define CRYPTO_EX_INDEX_X509_STORE 4 +#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +#define CRYPTO_EX_INDEX_RSA 6 +#define CRYPTO_EX_INDEX_DSA 7 +#define CRYPTO_EX_INDEX_DH 8 +#define CRYPTO_EX_INDEX_ENGINE 9 +#define CRYPTO_EX_INDEX_X509 10 +#define CRYPTO_EX_INDEX_UI 11 +#define CRYPTO_EX_INDEX_ECDSA 12 +#define CRYPTO_EX_INDEX_ECDH 13 +#define CRYPTO_EX_INDEX_COMP 14 +#define CRYPTO_EX_INDEX_STORE 15 + +/* Dynamically assigned indexes start from this value (don't use directly, use + * via CRYPTO_ex_data_new_class). */ +#define CRYPTO_EX_INDEX_USER 100 + + +/* This is the default callbacks, but we can have others as well: + * this is needed in Win32 where the application malloc and the + * library malloc may not be the same. + */ +#define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ + malloc, realloc, free) + +#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD +# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ +# define CRYPTO_MDEBUG +# endif +#endif + +/* Set standard debugging functions (not done by default + * unless CRYPTO_MDEBUG is defined) */ +void CRYPTO_malloc_debug_init(void); + +int CRYPTO_mem_ctrl(int mode); +int CRYPTO_is_mem_check_on(void); + +/* for applications */ +#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) +#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) + +/* for library-internal use */ +#define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) +#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) +#define is_MemCheck_on() CRYPTO_is_mem_check_on() + +#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) +#define OPENSSL_realloc(addr,num) \ + CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) +#define OPENSSL_realloc_clean(addr,old_num,num) \ + CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) +#define OPENSSL_remalloc(addr,num) \ + CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) +#define OPENSSL_freeFunc CRYPTO_free +#define OPENSSL_free(addr) CRYPTO_free(addr) + +#define OPENSSL_malloc_locked(num) \ + CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) +#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) + + +const char *SSLeay_version(int type); +unsigned long SSLeay(void); + +int OPENSSL_issetugid(void); + +/* An opaque type representing an implementation of "ex_data" support */ +typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; +/* Return an opaque pointer to the current "ex_data" implementation */ +const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); +/* Sets the "ex_data" implementation to be used (if it's not too late) */ +int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); +/* Get a new "ex_data" class, and return the corresponding "class_index" */ +int CRYPTO_ex_data_new_class(void); +/* Within a given class, get/register a new index */ +int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given + * class (invokes whatever per-class callbacks are applicable) */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + CRYPTO_EX_DATA *from); +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index + * (relative to the class type involved) */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx); +/* This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. */ +void CRYPTO_cleanup_all_ex_data(void); + +int CRYPTO_get_new_lockid(char *name); + +int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ +void CRYPTO_lock(int mode, int type,const char *file,int line); +void CRYPTO_set_locking_callback(void (*func)(int mode,int type, + const char *file,int line)); +void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, + int line); +void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, + const char *file, int line)); +int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, + const char *file,int line); +void CRYPTO_set_id_callback(unsigned long (*func)(void)); +unsigned long (*CRYPTO_get_id_callback(void))(void); +unsigned long CRYPTO_thread_id(void); +const char *CRYPTO_get_lock_name(int type); +int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, + int line); + +void int_CRYPTO_set_do_dynlock_callback( + void (*do_dynlock_cb)(int mode, int type, const char *file, int line)); + +int CRYPTO_get_new_dynlockid(void); +void CRYPTO_destroy_dynlockid(int i); +struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); +void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line)); +void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)); +void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line)); +struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line); +void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line); +void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line); + +/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- + * call the latter last if you need different functions */ +int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *)); +int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *)); +int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int), + void *(*r)(void *,size_t,const char *,int), + void (*f)(void *)); +int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int), + void (*free_func)(void *)); +int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), + void (*r)(void *,void *,int,const char *,int,int), + void (*f)(void *,int), + void (*so)(long), + long (*go)(void)); +void CRYPTO_set_mem_info_functions( + int (*push_info_fn)(const char *info, const char *file, int line), + int (*pop_info_fn)(void), + int (*remove_all_info_fn)(void)); +void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); +void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); +void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), + void *(**r)(void *, size_t,const char *,int), + void (**f)(void *)); +void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int), + void (**f)(void *)); +void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), + void (**r)(void *,void *,int,const char *,int,int), + void (**f)(void *,int), + void (**so)(long), + long (**go)(void)); + +void *CRYPTO_malloc_locked(int num, const char *file, int line); +void CRYPTO_free_locked(void *); +void *CRYPTO_malloc(int num, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +void CRYPTO_free(void *); +void *CRYPTO_realloc(void *addr,int num, const char *file, int line); +void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, + int line); +void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); + +void OPENSSL_cleanse(void *ptr, size_t len); + +void CRYPTO_set_mem_debug_options(long bits); +long CRYPTO_get_mem_debug_options(void); + +#define CRYPTO_push_info(info) \ + CRYPTO_push_info_(info, __FILE__, __LINE__); +int CRYPTO_push_info_(const char *info, const char *file, int line); +int CRYPTO_pop_info(void); +int CRYPTO_remove_all_info(void); + + +/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; + * used as default in CRYPTO_MDEBUG compilations): */ +/* The last argument has the following significance: + * + * 0: called before the actual memory allocation has taken place + * 1: called after the actual memory allocation has taken place + */ +void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); +void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); +void CRYPTO_dbg_free(void *addr,int before_p); +/* Tell the debugging code about options. By default, the following values + * apply: + * + * 0: Clear all options. + * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option. + * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. + * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 + */ +void CRYPTO_dbg_set_options(long bits); +long CRYPTO_dbg_get_options(void); + +int CRYPTO_dbg_push_info(const char *info, const char *file, int line); +int CRYPTO_dbg_pop_info(void); +int CRYPTO_dbg_remove_all_info(void); + +#ifndef OPENSSL_NO_FP_API +void CRYPTO_mem_leaks_fp(FILE *); +#endif +void CRYPTO_mem_leaks(struct bio_st *bio); +/* unsigned long order, char *file, int line, int num_bytes, char *addr */ +typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); +void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); + +/* die if we have to */ +void OpenSSLDie(const char *file,int line,const char *assertion); +#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) + +unsigned long *OPENSSL_ia32cap_loc(void); +#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) +int OPENSSL_isservice(void); + +#ifdef OPENSSL_FIPS +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ + alg " previous FIPS forbidden algorithm error ignored"); + +#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ + #alg " Algorithm forbidden in FIPS mode"); + +#ifdef OPENSSL_FIPS_STRICT +#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) +#else +#define FIPS_BAD_ALGORITHM(alg) \ + { \ + FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ + ERR_add_error_data(2, "Algorithm=", #alg); \ + return 0; \ + } +#endif + +/* Low level digest API blocking macro */ + +#define FIPS_NON_FIPS_MD_Init(alg) \ + int alg##_Init(alg##_CTX *c) \ + { \ + if (FIPS_mode()) \ + FIPS_BAD_ALGORITHM(alg) \ + return private_##alg##_Init(c); \ + } \ + int private_##alg##_Init(alg##_CTX *c) + +/* For ciphers the API often varies from cipher to cipher and each needs to + * be treated as a special case. Variable key length ciphers (Blowfish, RC4, + * CAST) however are very similar and can use a blocking macro. + */ + +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ + { \ + if (FIPS_mode()) \ + FIPS_BAD_ABORT(alg) \ + private_##alg##_set_key(key, len, data); \ + } \ + void private_##alg##_set_key(alg##_KEY *key, int len, \ + const unsigned char *data) + +#else + +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) + +#define FIPS_NON_FIPS_MD_Init(alg) \ + int alg##_Init(alg##_CTX *c) + +#endif /* def OPENSSL_FIPS */ + +#define OPENSSL_HAVE_INIT 1 +void OPENSSL_init(void); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CRYPTO_strings(void); + +/* Error codes for the CRYPTO functions. */ + +/* Function codes. */ +#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 +#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 +#define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +#define CRYPTO_F_DEF_ADD_INDEX 104 +#define CRYPTO_F_DEF_GET_CLASS 105 +#define CRYPTO_F_INT_DUP_EX_DATA 106 +#define CRYPTO_F_INT_FREE_EX_DATA 107 +#define CRYPTO_F_INT_NEW_EX_DATA 108 + +/* Reason codes. */ +#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/ec.h b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/ec.h new file mode 100644 index 00000000..8bc2a235 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/ec.h @@ -0,0 +1,526 @@ +/* crypto/ec/ec.h */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#ifndef HEADER_EC_H +#define HEADER_EC_H + +#include <openssl/opensslconf.h> + +#ifdef OPENSSL_NO_EC +#error EC is disabled. +#endif + +#include <openssl/asn1.h> +#include <openssl/symhacks.h> +#ifndef OPENSSL_NO_DEPRECATED +#include <openssl/bn.h> +#endif + +#ifdef __cplusplus +extern "C" { +#elif defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +#endif + + +#ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +#endif + +typedef enum { + /* values as defined in X9.62 (ECDSA) and elsewhere */ + POINT_CONVERSION_COMPRESSED = 2, + POINT_CONVERSION_UNCOMPRESSED = 4, + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + + +typedef struct ec_method_st EC_METHOD; + +typedef struct ec_group_st + /* + EC_METHOD *meth; + -- field definition + -- curve coefficients + -- optional generator with associated information (order, cofactor) + -- optional extra data (precomputed table for fast computation of multiples of generator) + -- ASN1 stuff + */ + EC_GROUP; + +typedef struct ec_point_st EC_POINT; + + +/* EC_METHODs for curves over GF(p). + * EC_GFp_simple_method provides the basis for the optimized methods. + */ +const EC_METHOD *EC_GFp_simple_method(void); +const EC_METHOD *EC_GFp_mont_method(void); +const EC_METHOD *EC_GFp_nist_method(void); + +/* EC_METHOD for curves over GF(2^m). + */ +const EC_METHOD *EC_GF2m_simple_method(void); + + +EC_GROUP *EC_GROUP_new(const EC_METHOD *); +void EC_GROUP_free(EC_GROUP *); +void EC_GROUP_clear_free(EC_GROUP *); +int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *); +EC_GROUP *EC_GROUP_dup(const EC_GROUP *); + +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); +int EC_METHOD_get_field_type(const EC_METHOD *); + +int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); +int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); +int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); + +void EC_GROUP_set_curve_name(EC_GROUP *, int nid); +int EC_GROUP_get_curve_name(const EC_GROUP *); + +void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); + +/* returns the number of bits needed to represent a field element */ +int EC_GROUP_get_degree(const EC_GROUP *); + +/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the + * elliptic curve is not zero, 0 otherwise */ +int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); + +/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ +int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); + +/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() + * after choosing an appropriate EC_METHOD */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); + +/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure + * specified by a curve name (in form of a NID) */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); +/* handling of internal curves */ +typedef struct { + int nid; + const char *comment; + } EC_builtin_curve; +/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number + * of all available curves or zero if a error occurred. + * In case r ist not zero nitems EC_builtin_curve structures + * are filled with the data of the first nitems internal groups */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + + +/* EC_POINT functions */ + +EC_POINT *EC_POINT_new(const EC_GROUP *); +void EC_POINT_free(EC_POINT *); +void EC_POINT_clear_free(EC_POINT *); +int EC_POINT_copy(EC_POINT *, const EC_POINT *); +EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); + +const EC_METHOD *EC_POINT_method_of(const EC_POINT *); + +int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *); +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, + BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, const BIGNUM *y, BN_CTX *); +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, + BIGNUM *x, BIGNUM *y, BN_CTX *); +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, int y_bit, BN_CTX *); + +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, const BIGNUM *y, BN_CTX *); +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *, + BIGNUM *x, BIGNUM *y, BN_CTX *); +int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, int y_bit, BN_CTX *); + +size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *); +int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, + const unsigned char *buf, size_t len, BN_CTX *); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); +int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); + +int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *); +int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); +int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); + +int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); +int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); + + +int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); +int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); + +/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ +int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); +/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *); + + + +/* ASN1 stuff */ + +/* EC_GROUP_get_basis_type() returns the NID of the basis type + * used to represent the field elements */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); + +#define OPENSSL_EC_NAMED_CURVE 0x001 + +typedef struct ecpk_parameters_st ECPKPARAMETERS; + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + +#ifndef OPENSSL_NO_BIO +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +#endif +#ifndef OPENSSL_NO_FP_API +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +#endif + +/* the EC_KEY stuff */ +typedef struct ec_key_st EC_KEY; + +/* some values for the encoding_flag */ +#define EC_PKEY_NO_PARAMETERS 0x001 +#define EC_PKEY_NO_PUBKEY 0x002 + +EC_KEY *EC_KEY_new(void); +EC_KEY *EC_KEY_new_by_curve_name(int nid); +void EC_KEY_free(EC_KEY *); +EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *); +EC_KEY *EC_KEY_dup(const EC_KEY *); + +int EC_KEY_up_ref(EC_KEY *); + +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *); +int EC_KEY_set_group(EC_KEY *, const EC_GROUP *); +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *); +int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *); +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); +int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); +unsigned EC_KEY_get_enc_flags(const EC_KEY *); +void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); +void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); +/* functions to set/get method specific data */ +void *EC_KEY_get_key_method_data(EC_KEY *, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_KEY_insert_key_method_data(EC_KEY *, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *, int); +int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx); + +/* EC_KEY_generate_key() creates a ec private (public) key */ +int EC_KEY_generate_key(EC_KEY *); +/* EC_KEY_check_key() */ +int EC_KEY_check_key(const EC_KEY *); + +/* de- and encoding functions for SEC1 ECPrivateKey */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); +int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); +/* de- and encoding functions for EC parameters */ +EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); +int i2d_ECParameters(EC_KEY *a, unsigned char **out); +/* de- and encoding functions for EC public key + * (octet string, not DER -- hence 'o2i' and 'i2o') */ +EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); +int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); + +#ifndef OPENSSL_NO_BIO +int ECParameters_print(BIO *bp, const EC_KEY *x); +int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); +#endif +#ifndef OPENSSL_NO_FP_API +int ECParameters_print_fp(FILE *fp, const EC_KEY *x); +int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); +#endif + +#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +#ifndef __cplusplus +#if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_EC_strings(void); + +/* Error codes for the EC functions. */ + +/* Function codes. */ +#define EC_F_COMPUTE_WNAF 143 +#define EC_F_D2I_ECPARAMETERS 144 +#define EC_F_D2I_ECPKPARAMETERS 145 +#define EC_F_D2I_ECPRIVATEKEY 146 +#define EC_F_ECPARAMETERS_PRINT 147 +#define EC_F_ECPARAMETERS_PRINT_FP 148 +#define EC_F_ECPKPARAMETERS_PRINT 149 +#define EC_F_ECPKPARAMETERS_PRINT_FP 150 +#define EC_F_ECP_NIST_MOD_192 203 +#define EC_F_ECP_NIST_MOD_224 204 +#define EC_F_ECP_NIST_MOD_256 205 +#define EC_F_ECP_NIST_MOD_521 206 +#define EC_F_EC_ASN1_GROUP2CURVE 153 +#define EC_F_EC_ASN1_GROUP2FIELDID 154 +#define EC_F_EC_ASN1_GROUP2PARAMETERS 155 +#define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 +#define EC_F_EC_ASN1_PARAMETERS2GROUP 157 +#define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 +#define EC_F_EC_EX_DATA_SET_DATA 211 +#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +#define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +#define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +#define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +#define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +#define EC_F_EC_GFP_MONT_FIELD_MUL 131 +#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +#define EC_F_EC_GFP_MONT_FIELD_SQR 132 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 +#define EC_F_EC_GFP_NIST_FIELD_MUL 200 +#define EC_F_EC_GFP_NIST_FIELD_SQR 201 +#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 +#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +#define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +#define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 +#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 +#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 +#define EC_F_EC_GROUP_CHECK 170 +#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +#define EC_F_EC_GROUP_COPY 106 +#define EC_F_EC_GROUP_GET0_GENERATOR 139 +#define EC_F_EC_GROUP_GET_COFACTOR 140 +#define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +#define EC_F_EC_GROUP_GET_CURVE_GFP 130 +#define EC_F_EC_GROUP_GET_DEGREE 173 +#define EC_F_EC_GROUP_GET_ORDER 141 +#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +#define EC_F_EC_GROUP_NEW 108 +#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +#define EC_F_EC_GROUP_NEW_FROM_DATA 175 +#define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 +#define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +#define EC_F_EC_GROUP_SET_CURVE_GFP 109 +#define EC_F_EC_GROUP_SET_EXTRA_DATA 110 +#define EC_F_EC_GROUP_SET_GENERATOR 111 +#define EC_F_EC_KEY_CHECK_KEY 177 +#define EC_F_EC_KEY_COPY 178 +#define EC_F_EC_KEY_GENERATE_KEY 179 +#define EC_F_EC_KEY_NEW 182 +#define EC_F_EC_KEY_PRINT 180 +#define EC_F_EC_KEY_PRINT_FP 181 +#define EC_F_EC_POINTS_MAKE_AFFINE 136 +#define EC_F_EC_POINTS_MUL 138 +#define EC_F_EC_POINT_ADD 112 +#define EC_F_EC_POINT_CMP 113 +#define EC_F_EC_POINT_COPY 114 +#define EC_F_EC_POINT_DBL 115 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +#define EC_F_EC_POINT_INVERT 210 +#define EC_F_EC_POINT_IS_AT_INFINITY 118 +#define EC_F_EC_POINT_IS_ON_CURVE 119 +#define EC_F_EC_POINT_MAKE_AFFINE 120 +#define EC_F_EC_POINT_MUL 184 +#define EC_F_EC_POINT_NEW 121 +#define EC_F_EC_POINT_OCT2POINT 122 +#define EC_F_EC_POINT_POINT2OCT 123 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +#define EC_F_EC_POINT_SET_TO_INFINITY 127 +#define EC_F_EC_PRE_COMP_DUP 207 +#define EC_F_EC_PRE_COMP_NEW 196 +#define EC_F_EC_WNAF_MUL 187 +#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +#define EC_F_I2D_ECPARAMETERS 190 +#define EC_F_I2D_ECPKPARAMETERS 191 +#define EC_F_I2D_ECPRIVATEKEY 192 +#define EC_F_I2O_ECPUBLICKEY 151 +#define EC_F_O2I_ECPUBLICKEY 152 + +/* Reason codes. */ +#define EC_R_ASN1_ERROR 115 +#define EC_R_ASN1_UNKNOWN_FIELD 116 +#define EC_R_BUFFER_TOO_SMALL 100 +#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +#define EC_R_DISCRIMINANT_IS_ZERO 118 +#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +#define EC_R_FIELD_TOO_LARGE 138 +#define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +#define EC_R_INCOMPATIBLE_OBJECTS 101 +#define EC_R_INVALID_ARGUMENT 112 +#define EC_R_INVALID_COMPRESSED_POINT 110 +#define EC_R_INVALID_COMPRESSION_BIT 109 +#define EC_R_INVALID_ENCODING 102 +#define EC_R_INVALID_FIELD 103 +#define EC_R_INVALID_FORM 104 +#define EC_R_INVALID_GROUP_ORDER 122 +#define EC_R_INVALID_PENTANOMIAL_BASIS 132 +#define EC_R_INVALID_PRIVATE_KEY 123 +#define EC_R_INVALID_TRINOMIAL_BASIS 137 +#define EC_R_MISSING_PARAMETERS 124 +#define EC_R_MISSING_PRIVATE_KEY 125 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +#define EC_R_NOT_IMPLEMENTED 126 +#define EC_R_NOT_INITIALIZED 111 +#define EC_R_NO_FIELD_MOD 133 +#define EC_R_PASSED_NULL_PARAMETER 134 +#define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +#define EC_R_POINT_AT_INFINITY 106 +#define EC_R_POINT_IS_NOT_ON_CURVE 107 +#define EC_R_SLOT_FULL 108 +#define EC_R_UNDEFINED_GENERATOR 113 +#define EC_R_UNDEFINED_ORDER 128 +#define EC_R_UNKNOWN_GROUP 129 +#define EC_R_UNKNOWN_ORDER 114 +#define EC_R_UNSUPPORTED_FIELD 131 +#define EC_R_WRONG_ORDER 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/engine.h b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/engine.h new file mode 100644 index 00000000..d4bc1efc --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/engine.h @@ -0,0 +1,804 @@ +/* openssl/engine.h */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_ENGINE_H +#define HEADER_ENGINE_H + +#include <openssl/opensslconf.h> + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + +#ifndef OPENSSL_NO_DEPRECATED +#include <openssl/bn.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif +#ifndef OPENSSL_NO_ECDH +#include <openssl/ecdh.h> +#endif +#ifndef OPENSSL_NO_ECDSA +#include <openssl/ecdsa.h> +#endif +#include <openssl/rand.h> +#include <openssl/store.h> +#include <openssl/ui.h> +#include <openssl/err.h> +#endif + +#include <openssl/x509.h> + +#include <openssl/ossl_typ.h> +#include <openssl/symhacks.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* These flags are used to control combinations of algorithm (methods) + * by bitwise "OR"ing. */ +#define ENGINE_METHOD_RSA (unsigned int)0x0001 +#define ENGINE_METHOD_DSA (unsigned int)0x0002 +#define ENGINE_METHOD_DH (unsigned int)0x0004 +#define ENGINE_METHOD_RAND (unsigned int)0x0008 +#define ENGINE_METHOD_ECDH (unsigned int)0x0010 +#define ENGINE_METHOD_ECDSA (unsigned int)0x0020 +#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +#define ENGINE_METHOD_STORE (unsigned int)0x0100 +/* Obvious all-or-nothing cases. */ +#define ENGINE_METHOD_ALL (unsigned int)0xFFFF +#define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be set + * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. */ +#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */ + +/* This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles these + * control commands on behalf of the ENGINE using their "cmd_defns" data. */ +#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* This flag is for ENGINEs who return new duplicate structures when found via + * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl() + * commands are called in sequence as part of some stateful process like + * key-generation setup and execution), it can set this flag - then each attempt + * to obtain the ENGINE will result in it being copied into a new structure. + * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments + * the existing ENGINE's structural reference count. */ +#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each + * command expects. Currently only numeric and string input is supported. If a + * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options, + * then it is regarded as an "internal" control command - and not for use in + * config setting situations. As such, they're not available to the + * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to + * this list of 'command types' should be reflected carefully in + * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to + * ENGINE_ctrl) */ +#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* Indicates that the control command takes *no* input. Ie. the control command + * is unparameterised. */ +#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. */ +#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* NB: These 3 control commands are deprecated and should not be used. ENGINEs + * relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate the + * same functionality to their own ENGINE-specific control functions that can be + * "discovered" by calling applications. The fact these control commands + * wouldn't be "executable" (ie. usable by text-based config) doesn't change the + * fact that application code can find and use them without requiring per-ENGINE + * hacking. */ + +/* These flags are used to tell the ctrl function what should be done. + * All command numbers are shared between all engines, even if some don't + * make sense to some engines. In such a case, they do nothing but return + * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ +#define ENGINE_CTRL_SET_LOGSTREAM 1 +#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any + handles/connections etc. */ +#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ +#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used + when calling the password + callback and the user + interface */ +#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given + a string that represents a + file name or so */ +#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given + section in the already loaded + configuration */ + +/* These control commands allow an application to deal with an arbitrary engine + * in a dynamic way. Warn: Negative return values indicate errors FOR THESE + * COMMANDS because zero is used to indicate 'end-of-list'. Other commands, + * including ENGINE-specific command types, return zero for an error. + * + * An ENGINE can choose to implement these ctrl functions, and can internally + * manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the + * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns + * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl() + * handler need only implement its own commands - the above "meta" commands will + * be taken care of. */ + +/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then + * all the remaining control commands will return failure, so it is worth + * checking this first if the caller is trying to "discover" the engine's + * capabilities and doesn't want errors generated unnecessarily. */ +#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. */ +#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. */ +#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. */ +#define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the NAME_LEN + * case, the return value is the length of the command name (not counting a + * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer + * large enough, and it will be populated with the name of the command (WITH a + * trailing EOL). */ +#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +#define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +#define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. */ +#define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ +#define ENGINE_CMD_BASE 200 + +/* NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before these + * are removed. */ + +/* Flags specific to the nCipher "chil" engine */ +#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +#define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. */ + +/* If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its + * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries + * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that + * supports the stated commands (ie. the "cmd_num" entries as described by the + * array). NB: The array must be ordered in increasing order of cmd_num. + * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set + * to zero and/or cmd_name set to NULL. */ +typedef struct ENGINE_CMD_DEFN_st + { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ + } ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR)(void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); +/* These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* Returns to a pointer to the array of supported cipher 'nid's. If the second + * parameter is non-NULL it is set to the size of the returned array. */ +typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int); +typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); + +/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE + * structures where the pointers have a "structural reference". This means that + * their reference is to allowed access to the structure but it does not imply + * that the structure is functional. To simply increment or decrement the + * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not + * required when iterating using ENGINE_get_next as it will automatically + * decrement the structural reference count of the "current" ENGINE and + * increment the structural reference count of the ENGINE it returns (unless it + * is NULL). */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); +/* Add all the built-in engines. */ +void ENGINE_load_openssl(void); +void ENGINE_load_dynamic(void); +#ifndef OPENSSL_NO_STATIC_ENGINE +void ENGINE_load_4758cca(void); +void ENGINE_load_aep(void); +void ENGINE_load_atalla(void); +void ENGINE_load_chil(void); +void ENGINE_load_cswift(void); +#ifndef OPENSSL_NO_GMP +void ENGINE_load_gmp(void); +#endif +void ENGINE_load_nuron(void); +void ENGINE_load_sureware(void); +void ENGINE_load_ubsec(void); +#endif +void ENGINE_load_cryptodev(void); +void ENGINE_load_padlock(void); +void ENGINE_load_builtin_engines(void); +#ifdef OPENSSL_SYS_WIN32 +#ifndef OPENSSL_NO_CAPIENG +void ENGINE_load_capi(void); +#endif +#endif + +/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/* Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required, so + * ENGINE_cleanup() will reverse any "register" operations. */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_ECDH(ENGINE *e); +void ENGINE_unregister_ECDH(ENGINE *e); +void ENGINE_register_all_ECDH(void); + +int ENGINE_register_ECDSA(ENGINE *e); +void ENGINE_unregister_ECDSA(ENGINE *e); +void ENGINE_register_all_ECDSA(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_STORE(ENGINE *e); +void ENGINE_unregister_STORE(ENGINE *e); +void ENGINE_register_all_STORE(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +/* These functions register all support from the above categories. Note, use of + * these functions can result in static linkage of code your application may not + * need. If you only need a subset of functionality, consider using more + * selective initialisation. */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* Send parametrised control commands to the engine. The possibilities to send + * down an integer, a pointer to data or a function pointer are provided. Any of + * the parameters may or may not be NULL, depending on the command number. In + * actuality, this function only requires a structural (rather than functional) + * reference to an engine, but many control commands may require the engine be + * functional. The caller should be aware of trying commands that require an + * operational ENGINE, and only use functional references in such situations. */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); + +/* This function tests if an ENGINE-specific command is usable as a "setting". + * Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional commands. + * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to + * use the cmd_name and cmd_optional. */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f)(void), int cmd_optional); + +/* This function passes a command-name and argument to an ENGINE. The cmd_name + * is converted to a command number and the control command is called using + * 'arg' as an argument (unless the ENGINE doesn't support such a command, in + * which case no control command is called). The command is checked for input + * flags, and if necessary the argument will be converted to a numeric value. If + * cmd_optional is non-zero, then if the ENGINE doesn't support the given + * cmd_name the return value will be success anyway. This function is intended + * for applications to use so that users (or config files) can supply + * engine-specific config data to the ENGINE at run-time to control behaviour of + * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl() + * functions that return data, deal with binary data, or that are otherwise + * supposed to be used directly through ENGINE_ctrl() in application code. Any + * "return" data from an ENGINE_ctrl() operation in this function will be lost - + * the return value is interpreted as failure if the return value is zero, + * success otherwise, and this function returns a boolean value as a result. In + * other words, vendors of 'ENGINE'-enabled devices should write ENGINE + * implementations with parameterisations that work in this scheme, so that + * compliant ENGINE-based applications can work consistently with the same + * configuration for the same ENGINE-enabled devices, across applications. */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an ENGINE + * structure with personalised implementations of things prior to using it + * directly or adding it to the builtin ENGINE list in OpenSSL. These are also + * here so that the ENGINE structure doesn't have to be exposed and break binary + * compatibility! */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); +int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +/* This function cleans up anything that needs it. Eg. the ENGINE_add() function + * automatically ensures the list cleanup function is registered to be called + * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure + * ENGINE_cleanup() will clean up after them. */ +void ENGINE_cleanup(void); + +/* These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); +const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* FUNCTIONAL functions. These functions deal with ENGINE structures + * that have (or will) be initialised for use. Broadly speaking, the + * structural functions are useful for iterating the list of available + * engine types, creating new engine types, and other "list" operations. + * These functions actually deal with ENGINEs that are to be used. As + * such these functions can fail (if applicable) when particular + * engines are unavailable - eg. if a hardware accelerator is not + * attached or not functioning correctly. Each ENGINE has 2 reference + * counts; structural and functional. Every time a functional reference + * is obtained or released, a corresponding structural reference is + * automatically obtained or released too. */ + +/* Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently + * operational and cannot initialise. */ +int ENGINE_init(ENGINE *e); +/* Free a functional reference to a engine type. This does not require + * a corresponding call to ENGINE_free as it also releases a structural + * reference. */ +int ENGINE_finish(ENGINE *e); + +/* The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* This returns a pointer for the current ENGINE structure that + * is (by default) performing any RSA operations. The value returned + * is an incremented reference, so it should be free'd (ENGINE_finish) + * before it is discarded. */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_ECDH(void); +ENGINE *ENGINE_get_default_ECDSA(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); + +/* This sets a new default ENGINE structure for performing RSA + * operations. If the result is non-zero (success) then the ENGINE + * structure will have had its reference count up'd so the caller + * should still free their own reference 'e'. */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_ECDH(ENGINE *e); +int ENGINE_set_default_ECDSA(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); + +/* The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 +/* Binary versions older than this are too old for us (whether we're a loader or + * a loadee) */ +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 + +/* When compiling an ENGINE entirely as an external shared library, loadable by + * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure + * type provides the calling application's (or library's) error functionality + * and memory management function pointers to the loaded library. These should + * be used/set in the loaded library code so that the loading application's + * 'state' will be used/changed in all operations. The 'static_state' pointer + * allows the loaded library to know if it shares the same static data as the + * calling application (or library), and thus whether these callbacks need to be + * set or not. */ +typedef void *(*dyn_MEM_malloc_cb)(size_t); +typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); +typedef void (*dyn_MEM_free_cb)(void *); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_cb malloc_cb; + dyn_MEM_realloc_cb realloc_cb; + dyn_MEM_free_cb free_cb; + } dynamic_MEM_fns; +/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use + * these types so we (and any other dependant code) can simplify a bit?? */ +typedef void (*dyn_lock_locking_cb)(int,int,const char *,int); +typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int); +typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)( + const char *,int); +typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *, + const char *,int); +typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *, + const char *,int); +typedef struct st_dynamic_LOCK_fns { + dyn_lock_locking_cb lock_locking_cb; + dyn_lock_add_lock_cb lock_add_lock_cb; + dyn_dynlock_create_cb dynlock_create_cb; + dyn_dynlock_lock_cb dynlock_lock_cb; + dyn_dynlock_destroy_cb dynlock_destroy_cb; + } dynamic_LOCK_fns; +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + const ERR_FNS *err_fns; + const CRYPTO_EX_DATA_IMPL *ex_data_fns; + dynamic_MEM_fns mem_fns; + dynamic_LOCK_fns lock_fns; + } dynamic_fns; + +/* The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code. + * If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's version + * is unsatisfactory and could veto the load. The function is expected to + * be implemented with the symbol name "v_check", and a default implementation + * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ +typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); +#define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load will + * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the + * structure, and (c) the shared library will be unloaded. So implementations + * should do their own internal cleanup in failure circumstances otherwise they + * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that + * the loader is looking for. If this is NULL, the shared library can choose to + * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared + * library must initialise only an ENGINE matching the passed 'id'. The function + * is expected to be implemented with the symbol name "bind_engine". A standard + * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where + * the parameter 'fn' is a callback function that populates the ENGINE structure + * and returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); */ +typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, + const dynamic_fns *fns); +#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ + fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ + return 0; \ + CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ + CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ + CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ + CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ + CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ + if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ + return 0; \ + if(!ERR_set_implementation(fns->err_fns)) return 0; \ + skip_cbs: \ + if(!fn(e,id)) return 0; \ + return 1; } + +/* If the loading application (or library) and the loaded ENGINE library share + * the same static data (eg. they're both dynamically linked to the same + * libcrypto.so) we need a way to avoid trying to set system callbacks - this + * would fail, and for the same reason that it's unnecessary to try. If the + * loaded ENGINE has (or gets from through the loader) its own copy of the + * libcrypto static data, we will need to set the callbacks. The easiest way to + * detect this is to have a function that returns a pointer to some static data + * and let the loading application and loaded ENGINE compare their respective + * values. */ +void *ENGINE_get_static_state(void); + +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void); +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ENGINE_strings(void); + +/* Error codes for the ENGINE functions. */ + +/* Function codes. */ +#define ENGINE_F_DYNAMIC_CTRL 180 +#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +#define ENGINE_F_DYNAMIC_LOAD 182 +#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +#define ENGINE_F_ENGINE_ADD 105 +#define ENGINE_F_ENGINE_BY_ID 106 +#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +#define ENGINE_F_ENGINE_CTRL 142 +#define ENGINE_F_ENGINE_CTRL_CMD 178 +#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +#define ENGINE_F_ENGINE_FINISH 107 +#define ENGINE_F_ENGINE_FREE_UTIL 108 +#define ENGINE_F_ENGINE_GET_CIPHER 185 +#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 +#define ENGINE_F_ENGINE_GET_DIGEST 186 +#define ENGINE_F_ENGINE_GET_NEXT 115 +#define ENGINE_F_ENGINE_GET_PREV 116 +#define ENGINE_F_ENGINE_INIT 119 +#define ENGINE_F_ENGINE_LIST_ADD 120 +#define ENGINE_F_ENGINE_LIST_REMOVE 121 +#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 +#define ENGINE_F_ENGINE_NEW 122 +#define ENGINE_F_ENGINE_REMOVE 123 +#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 +#define ENGINE_F_ENGINE_SET_ID 129 +#define ENGINE_F_ENGINE_SET_NAME 130 +#define ENGINE_F_ENGINE_TABLE_REGISTER 184 +#define ENGINE_F_ENGINE_UNLOAD_KEY 152 +#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +#define ENGINE_F_ENGINE_UP_REF 190 +#define ENGINE_F_INT_CTRL_HELPER 172 +#define ENGINE_F_INT_ENGINE_CONFIGURE 188 +#define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +#define ENGINE_F_LOG_MESSAGE 141 + +/* Reason codes. */ +#define ENGINE_R_ALREADY_LOADED 100 +#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +#define ENGINE_R_CMD_NOT_EXECUTABLE 134 +#define ENGINE_R_COMMAND_TAKES_INPUT 135 +#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +#define ENGINE_R_CONFLICTING_ENGINE_ID 103 +#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +#define ENGINE_R_DH_NOT_IMPLEMENTED 139 +#define ENGINE_R_DSA_NOT_IMPLEMENTED 140 +#define ENGINE_R_DSO_FAILURE 104 +#define ENGINE_R_DSO_NOT_FOUND 132 +#define ENGINE_R_ENGINES_SECTION_ERROR 148 +#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 +#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +#define ENGINE_R_ENGINE_SECTION_ERROR 149 +#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +#define ENGINE_R_FINISH_FAILED 106 +#define ENGINE_R_GET_HANDLE_FAILED 107 +#define ENGINE_R_ID_OR_NAME_MISSING 108 +#define ENGINE_R_INIT_FAILED 109 +#define ENGINE_R_INTERNAL_LIST_ERROR 110 +#define ENGINE_R_INVALID_ARGUMENT 143 +#define ENGINE_R_INVALID_CMD_NAME 137 +#define ENGINE_R_INVALID_CMD_NUMBER 138 +#define ENGINE_R_INVALID_INIT_VALUE 151 +#define ENGINE_R_INVALID_STRING 150 +#define ENGINE_R_NOT_INITIALISED 117 +#define ENGINE_R_NOT_LOADED 112 +#define ENGINE_R_NO_CONTROL_FUNCTION 120 +#define ENGINE_R_NO_INDEX 144 +#define ENGINE_R_NO_LOAD_FUNCTION 125 +#define ENGINE_R_NO_REFERENCE 130 +#define ENGINE_R_NO_SUCH_ENGINE 116 +#define ENGINE_R_NO_UNLOAD_FUNCTION 126 +#define ENGINE_R_PROVIDE_PARAMETERS 113 +#define ENGINE_R_RSA_NOT_IMPLEMENTED 141 +#define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +#define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +#define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/opensslv.h b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/opensslv.h new file mode 100644 index 00000000..4a5a5aee --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/opensslv.h @@ -0,0 +1,89 @@ +#ifndef HEADER_OPENSSLV_H +#define HEADER_OPENSSLV_H + +/* Numeric release version identifier: + * MNNFFPPS: major minor fix patch status + * The status nibble has one of the values 0 for development, 1 to e for betas + * 1 to 14, and f for release. The patch level is exactly that. + * For example: + * 0.9.3-dev 0x00903000 + * 0.9.3-beta1 0x00903001 + * 0.9.3-beta2-dev 0x00903002 + * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) + * 0.9.3 0x0090300f + * 0.9.3a 0x0090301f + * 0.9.4 0x0090400f + * 1.2.3z 0x102031af + * + * For continuity reasons (because 0.9.5 is already out, and is coded + * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level + * part is slightly different, by setting the highest bit. This means + * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start + * with 0x0090600S... + * + * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +#define OPENSSL_VERSION_NUMBER 0x0090817fL +#ifdef OPENSSL_FIPS +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w-fips 23 Apr 2012" +#else +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w 23 Apr 2012" +#endif +#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + + +/* The macros below are to be used for shared library (.so, .dll, ...) + * versioning. That kind of versioning works a bit differently between + * operating systems. The most usual scheme is to set a major and a minor + * number, and have the runtime loader check that the major number is equal + * to what it was at application link time, while the minor number has to + * be greater or equal to what it was at application link time. With this + * scheme, the version number is usually part of the file name, like this: + * + * libcrypto.so.0.9 + * + * Some unixen also make a softlink with the major verson number only: + * + * libcrypto.so.0 + * + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series + * of versions, separated by colons. The rightmost version present in the + * library when linking an application is stored in the application to be + * matched at run time. When the application is run, a check is done to + * see if the library version stored in the application matches any of the + * versions in the version string of the library itself. + * This version string can be constructed in any way, depending on what + * kind of matching is desired. However, to implement the same scheme as + * the one used in the other unixen, all compatible versions, from lowest + * to highest, should be part of the string. Consecutive builds would + * give the following versions strings: + * + * 3.0 + * 3.0:3.1 + * 3.0:3.1:3.2 + * 4.0 + * 4.0:4.1 + * + * Notice how version 4 is completely incompatible with version, and + * therefore give the breach you can see. + * + * There may be other schemes as well that I haven't yet discovered. + * + * So, here's the way it works here: first of all, the library version + * number doesn't need at all to match the overall OpenSSL version. + * However, it's nice and more understandable if it actually does. + * The current library version is stored in the macro SHLIB_VERSION_NUMBER, + * which is just a piece of text in the format "M.m.e" (Major, minor, edit). + * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, + * we need to keep a history of version numbers, which is done in the + * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and + * should only keep the versions that are binary compatible with the current. + */ +#define SHLIB_VERSION_HISTORY "" +#define SHLIB_VERSION_NUMBER "0.9.8" + + +#endif /* HEADER_OPENSSLV_H */ diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/ssl.h b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/ssl.h new file mode 100644 index 00000000..eb50e14e --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/ssl.h @@ -0,0 +1,2125 @@ +/* ssl/ssl.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_SSL_H +#define HEADER_SSL_H + +#include <openssl/e_os2.h> + +#ifndef OPENSSL_NO_COMP +#include <openssl/comp.h> +#endif +#ifndef OPENSSL_NO_BIO +#include <openssl/bio.h> +#endif +#ifndef OPENSSL_NO_DEPRECATED +#ifndef OPENSSL_NO_X509 +#include <openssl/x509.h> +#endif +#include <openssl/crypto.h> +#include <openssl/lhash.h> +#include <openssl/buffer.h> +#endif +#include <openssl/pem.h> +#include <openssl/hmac.h> + +#include <openssl/kssl.h> +#include <openssl/safestack.h> +#include <openssl/symhacks.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* SSLeay version number for ASN.1 encoding of the session information */ +/* Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +#define SSL_SESSION_ASN1_VERSION 0x0001 + +/* text strings for the ciphers */ +#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 +#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 +#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 +#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 +#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 +#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 +#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 +#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA +#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 +#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA + +/* VRS Additional Kerberos5 entries + */ +#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA +#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA +#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 +#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 + +#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA +#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA +#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 +#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 + +#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 + +#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +#define SSL_MAX_SID_CTX_LENGTH 32 + +#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +#define SSL_MAX_KEY_ARG_LENGTH 8 +#define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* These are used to specify which ciphers to use and not to use */ +#define SSL_TXT_LOW "LOW" +#define SSL_TXT_MEDIUM "MEDIUM" +#define SSL_TXT_HIGH "HIGH" +#define SSL_TXT_FIPS "FIPS" +#define SSL_TXT_kFZA "kFZA" +#define SSL_TXT_aFZA "aFZA" +#define SSL_TXT_eFZA "eFZA" +#define SSL_TXT_FZA "FZA" + +#define SSL_TXT_aNULL "aNULL" +#define SSL_TXT_eNULL "eNULL" +#define SSL_TXT_NULL "NULL" + +#define SSL_TXT_kKRB5 "kKRB5" +#define SSL_TXT_aKRB5 "aKRB5" +#define SSL_TXT_KRB5 "KRB5" + +#define SSL_TXT_kRSA "kRSA" +#define SSL_TXT_kDHr "kDHr" +#define SSL_TXT_kDHd "kDHd" +#define SSL_TXT_kEDH "kEDH" +#define SSL_TXT_aRSA "aRSA" +#define SSL_TXT_aDSS "aDSS" +#define SSL_TXT_aDH "aDH" +#define SSL_TXT_DSS "DSS" +#define SSL_TXT_DH "DH" +#define SSL_TXT_EDH "EDH" +#define SSL_TXT_ADH "ADH" +#define SSL_TXT_RSA "RSA" +#define SSL_TXT_DES "DES" +#define SSL_TXT_3DES "3DES" +#define SSL_TXT_RC4 "RC4" +#define SSL_TXT_RC2 "RC2" +#define SSL_TXT_IDEA "IDEA" +#define SSL_TXT_SEED "SEED" +#define SSL_TXT_AES "AES" +#define SSL_TXT_CAMELLIA "CAMELLIA" +#define SSL_TXT_MD5 "MD5" +#define SSL_TXT_SHA1 "SHA1" +#define SSL_TXT_SHA "SHA" +#define SSL_TXT_EXP "EXP" +#define SSL_TXT_EXPORT "EXPORT" +#define SSL_TXT_EXP40 "EXPORT40" +#define SSL_TXT_EXP56 "EXPORT56" +#define SSL_TXT_SSLV2 "SSLv2" +#define SSL_TXT_SSLV3 "SSLv3" +#define SSL_TXT_TLSV1 "TLSv1" +#define SSL_TXT_ALL "ALL" +#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */ + +/* + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +#define SSL_TXT_CMPALL "COMPLEMENTOFALL" +#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* The following cipher list is used by default. + * It also is substituted when an application-defined cipher list string + * starts with 'DEFAULT'. */ +#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +#define SSL_SENT_SHUTDOWN 1 +#define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) +#define OPENSSL_NO_SSL2 +#endif + +#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +#define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* This is needed to stop compilers complaining about the + * 'struct ssl_st *' function parameters used to prototype callbacks + * in SSL_CTX. */ +typedef struct ssl_st *ssl_crock_st; + +/* used to hold info on the particular ciphers used */ +typedef struct ssl_cipher_st + { + int valid; + const char *name; /* text name */ + unsigned long id; /* id, 4 bytes, first is version */ + unsigned long algorithms; /* what ciphers are used */ + unsigned long algo_strength; /* strength and export flags */ + unsigned long algorithm2; /* Extra flags */ + int strength_bits; /* Number of bits really used */ + int alg_bits; /* Number of bits for algorithm */ + unsigned long mask; /* used for matching */ + unsigned long mask_strength; /* also used for matching */ + } SSL_CIPHER; + +DECLARE_STACK_OF(SSL_CIPHER) + +/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ +typedef struct ssl_method_st + { + int version; + int (*ssl_new)(SSL *s); + void (*ssl_clear)(SSL *s); + void (*ssl_free)(SSL *s); + int (*ssl_accept)(SSL *s); + int (*ssl_connect)(SSL *s); + int (*ssl_read)(SSL *s,void *buf,int len); + int (*ssl_peek)(SSL *s,void *buf,int len); + int (*ssl_write)(SSL *s,const void *buf,int len); + int (*ssl_shutdown)(SSL *s); + int (*ssl_renegotiate)(SSL *s); + int (*ssl_renegotiate_check)(SSL *s); + long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long + max, int *ok); + int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, + int peek); + int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); + int (*ssl_dispatch_alert)(SSL *s); + long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); + long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); + SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); + int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); + int (*ssl_pending)(const SSL *s); + int (*num_ciphers)(void); + SSL_CIPHER *(*get_cipher)(unsigned ncipher); + struct ssl_method_st *(*get_ssl_method)(int version); + long (*get_timeout)(void); + struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ + int (*ssl_version)(void); + long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); + long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); + } SSL_METHOD; + +/* Lets make this into an ASN.1 type structure as follows + * SSL_SESSION_ID ::= SEQUENCE { + * version INTEGER, -- structure version number + * SSLversion INTEGER, -- SSL version number + * Cipher OCTET_STRING, -- the 3 byte cipher ID + * Session_ID OCTET_STRING, -- the Session ID + * Master_key OCTET_STRING, -- the master key + * KRB5_principal OCTET_STRING -- optional Kerberos principal + * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument + * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time + * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds + * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate + * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context + * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' + * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX + * } + * Look in ssl/ssl_asn1.c for more details + * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). + */ +typedef struct ssl_session_st + { + int ssl_version; /* what ssl version session info is + * being kept in here? */ + + /* only really used in SSLv2 */ + unsigned int key_arg_length; + unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; + int master_key_length; + unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + /* session_id - valid? */ + unsigned int session_id_length; + unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + /* this is used to determine whether the session is being reused in + * the appropriate context. It is up to the application to set this, + * via SSL_new */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + +#ifndef OPENSSL_NO_KRB5 + unsigned int krb5_client_princ_len; + unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; +#endif /* OPENSSL_NO_KRB5 */ + + int not_resumable; + + /* The cert is the certificate used to establish this connection */ + struct sess_cert_st /* SESS_CERT */ *sess_cert; + + /* This is the cert for the other end. + * On clients, it will be the same as sess_cert->peer_key->x509 + * (the latter is not enough as sess_cert is not retained + * in the external representation of sessions, see ssl_asn1.c). */ + X509 *peer; + /* when app_verify_callback accepts a session where the peer's certificate + * is not ok, we must remember the error for session reuse: */ + long verify_result; /* only for servers */ + + int references; + long timeout; + long time; + + int compress_meth; /* Need to lookup the method */ + + SSL_CIPHER *cipher; + unsigned long cipher_id; /* when ASN.1 loaded, this + * needs to be used to load + * the 'cipher' structure */ + + STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + + CRYPTO_EX_DATA ex_data; /* application specific data */ + + /* These are used to make removal of session-ids more + * efficient and to implement a maximum cache size. */ + struct ssl_session_st *prev,*next; +#ifndef OPENSSL_NO_TLSEXT + char *tlsext_hostname; + /* RFC4507 info */ + unsigned char *tlsext_tick; /* Session ticket */ + size_t tlsext_ticklen; /* Session ticket length */ + long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ +#endif + } SSL_SESSION; + + +#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L +#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L +/* Allow initial connection to servers that don't support RI */ +#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ +#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L +#define SSL_OP_TLS_D5_BUG 0x00000100L +#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L + +/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include + * it in SSL_OP_ALL. */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ + +/* SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. */ +#define SSL_OP_ALL 0x00000FFFL + +/* DTLS options */ +#define SSL_OP_NO_QUERY_MTU 0x00001000L +/* Turn on Cookie Exchange (on relevant for servers) */ +#define SSL_OP_COOKIE_EXCHANGE 0x00002000L +/* Don't use RFC4507 ticket extension */ +#define SSL_OP_NO_TICKET 0x00004000L +/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ +#define SSL_OP_CISCO_ANYCONNECT 0x00008000L + +/* As server, disallow session resumption on renegotiation */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L +/* Permit unsafe legacy renegotiation */ +#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L +/* If set, always create a new key when using tmp_ecdh parameters */ +#define SSL_OP_SINGLE_ECDH_USE 0x00080000L +/* If set, always create a new key when using tmp_dh parameters */ +#define SSL_OP_SINGLE_DH_USE 0x00100000L +/* Set to always use the tmp_rsa key when doing RSA operations, + * even when this violates protocol specs */ +#define SSL_OP_EPHEMERAL_RSA 0x00200000L +/* Set on servers to choose the cipher according to the server's + * preferences */ +#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L +/* If set, a server will allow a client to issue a SSLv3.0 version number + * as latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. */ +#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L + +#define SSL_OP_NO_SSLv2 0x01000000L +#define SSL_OP_NO_SSLv3 0x02000000L +#define SSL_OP_NO_TLSv1 0x04000000L + +/* The next flag deliberately changes the ciphertest, this is a check + * for the PKCS#1 attack */ +#define SSL_OP_PKCS1_CHECK_1 0x08000000L +#define SSL_OP_PKCS1_CHECK_2 0x10000000L +#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L +#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L + + +/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): */ +#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L +/* Make it possible to retry SSL_write() with changed buffer location + * (buffer contents must stay the same!); this is not the default to avoid + * the misconception that non-blocking SSL_write() behaves like + * non-blocking write(): */ +#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +/* Never bother the application with retries if the transport + * is blocking: */ +#define SSL_MODE_AUTO_RETRY 0x00000004L +/* Don't attempt to automatically build certificate chain */ +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L + + +/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, + * they cannot be used to clear bits. */ + +#define SSL_CTX_set_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) +#define SSL_CTX_clear_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +#define SSL_CTX_get_options(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) +#define SSL_set_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) +#define SSL_clear_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +#define SSL_get_options(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) + +#define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +#define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +#define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +#define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +#define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +#define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +#define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) + +#define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + + + +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) +#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ +#else +#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ +#endif + +#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* This callback type is used inside SSL_CTX, SSL, and in the functions that set + * them. It is used to override the generation of SSL/TLS session IDs in a + * server. Return value should be zero on an error, non-zero to proceed. Also, + * callbacks should themselves check if the id they generate is unique otherwise + * the SSL handshake will fail with an error - callbacks can do this using the + * 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) + * The length value passed in is set at the maximum size the session ID can be. + * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback + * can alter this length to be less if desired, but under SSLv2 session IDs are + * supposed to be fixed at 16 bytes so the id will be padded after the callback + * returns in this case. It is also an error for the callback to set the size to + * zero. */ +typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, + unsigned int *id_len); + +typedef struct ssl_comp_st + { + int id; + const char *name; +#ifndef OPENSSL_NO_COMP + COMP_METHOD *method; +#else + char *method; +#endif + } SSL_COMP; + +DECLARE_STACK_OF(SSL_COMP) + +struct ssl_ctx_st + { + SSL_METHOD *method; + + STACK_OF(SSL_CIPHER) *cipher_list; + /* same as above but sorted for lookup */ + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + + struct x509_store_st /* X509_STORE */ *cert_store; + struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ + /* Most session-ids that will be cached, default is + * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ + unsigned long session_cache_size; + struct ssl_session_st *session_cache_head; + struct ssl_session_st *session_cache_tail; + + /* This can have one of 2 values, ored together, + * SSL_SESS_CACHE_CLIENT, + * SSL_SESS_CACHE_SERVER, + * Default is SSL_SESSION_CACHE_SERVER, which means only + * SSL_accept which cache SSL_SESSIONS. */ + int session_cache_mode; + + /* If timeout is not 0, it is the default timeout value set + * when SSL_new() is called. This has been put in to make + * life easier to set things up */ + long session_timeout; + + /* If this callback is not null, it will be called each + * time a session id is added to the cache. If this function + * returns 1, it means that the callback will do a + * SSL_SESSION_free() when it has finished using it. Otherwise, + * on 0, it means the callback has finished with it. + * If remove_session_cb is not null, it will be called when + * a session-id is removed from the cache. After the call, + * OpenSSL will SSL_SESSION_free() it. */ + int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); + void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); + SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, + unsigned char *data,int len,int *copy); + + struct + { + int sess_connect; /* SSL new conn - started */ + int sess_connect_renegotiate;/* SSL reneg - requested */ + int sess_connect_good; /* SSL new conne/reneg - finished */ + int sess_accept; /* SSL new accept - started */ + int sess_accept_renegotiate;/* SSL reneg - requested */ + int sess_accept_good; /* SSL accept/reneg - finished */ + int sess_miss; /* session lookup misses */ + int sess_timeout; /* reuse attempt on timeouted session */ + int sess_cache_full; /* session removed due to full cache */ + int sess_hit; /* session reuse actually done */ + int sess_cb_hit; /* session-id that was not + * in the cache was + * passed back via the callback. This + * indicates that the application is + * supplying session-id's from other + * processes - spooky :-) */ + } stats; + + int references; + + /* if defined, these override the X509_verify_cert() calls */ + int (*app_verify_callback)(X509_STORE_CTX *, void *); + void *app_verify_arg; + /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored + * ('app_verify_callback' was called with just one argument) */ + + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; + + /* get client cert callback */ + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); + + /* cookie generate callback */ + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len); + + /* verify cookie callback */ + int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int cookie_len); + + CRYPTO_EX_DATA ex_data; + + const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ + const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ + const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ + + STACK_OF(X509) *extra_certs; + STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ + + + /* Default values used when no per-SSL value is defined follow */ + + void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ + + /* what we put in client cert requests */ + STACK_OF(X509_NAME) *client_CA; + + + /* Default values to use in SSL structures follow (these are copied by SSL_new) */ + + unsigned long options; + unsigned long mode; + long max_cert_list; + + struct cert_st /* CERT */ *cert; + int read_ahead; + + /* callback that allows applications to peek at protocol messages */ + void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); + void *msg_callback_arg; + + int verify_mode; + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ + + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; + + X509_VERIFY_PARAM *param; + +#if 0 + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ +#endif + + int quiet_shutdown; + +#ifndef OPENSSL_ENGINE + /* Engine to pass requests for client certs to + */ + ENGINE *client_cert_engine; +#endif + +#ifndef OPENSSL_NO_TLSEXT + /* TLS extensions servername callback */ + int (*tlsext_servername_callback)(SSL*, int *, void *); + void *tlsext_servername_arg; + /* RFC 4507 session ticket keys */ + unsigned char tlsext_tick_key_name[16]; + unsigned char tlsext_tick_hmac_key[16]; + unsigned char tlsext_tick_aes_key[16]; + /* Callback to support customisation of ticket key setting */ + int (*tlsext_ticket_key_cb)(SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, + HMAC_CTX *hctx, int enc); + + /* certificate status request info */ + /* Callback for status request */ + int (*tlsext_status_cb)(SSL *ssl, void *arg); + void *tlsext_status_arg; +#endif + + }; + +#define SSL_SESS_CACHE_OFF 0x0000 +#define SSL_SESS_CACHE_CLIENT 0x0001 +#define SSL_SESS_CACHE_SERVER 0x0002 +#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + + struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +#define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +#define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +#define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +#define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +#define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +#define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +#define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +#define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +#define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +#define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +#define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +#define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +#ifndef OPENSSL_NO_ENGINE +int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +#endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); + +#define SSL_NOTHING 1 +#define SSL_WRITING 2 +#define SSL_READING 3 +#define SSL_X509_LOOKUP 4 + +/* These will only be used when doing non-blocking IO */ +#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +#define SSL_want_read(s) (SSL_want(s) == SSL_READING) +#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) + +struct ssl_st + { + /* protocol version + * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) + */ + int version; + int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + + SSL_METHOD *method; /* SSLv3 */ + + /* There are 2 BIO's even though they are normally both the + * same. This is so data can be read and written to different + * handlers */ + +#ifndef OPENSSL_NO_BIO + BIO *rbio; /* used by SSL_read */ + BIO *wbio; /* used by SSL_write */ + BIO *bbio; /* used during session-id reuse to concatenate + * messages */ +#else + char *rbio; /* used by SSL_read */ + char *wbio; /* used by SSL_write */ + char *bbio; +#endif + /* This holds a variable that indicates what we were doing + * when a 0 or -1 is returned. This is needed for + * non-blocking IO so we know what request needs re-doing when + * in SSL_accept or SSL_connect */ + int rwstate; + + /* true when we are actually in SSL_accept() or SSL_connect() */ + int in_handshake; + int (*handshake_func)(SSL *); + + /* Imagine that here's a boolean member "init" that is + * switched as soon as SSL_set_{accept/connect}_state + * is called for the first time, so that "state" and + * "handshake_func" are properly initialized. But as + * handshake_func is == 0 until then, we use this + * test instead of an "init" member. + */ + + int server; /* are we the server side? - mostly used by SSL_clear*/ + + int new_session;/* 1 if we are to use a new session. + * 2 if we are a server and are inside a handshake + * (i.e. not just sending a HelloRequest) + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ + int quiet_shutdown;/* don't send shutdown packets */ + int shutdown; /* we have shut things down, 0x01 sent, 0x02 + * for received */ + int state; /* where we are */ + int rstate; /* where we are when reading */ + + BUF_MEM *init_buf; /* buffer used during init */ + void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ + int init_num; /* amount read/written */ + int init_off; /* amount read/written */ + + /* used internally to point at a raw packet */ + unsigned char *packet; + unsigned int packet_length; + + struct ssl2_state_st *s2; /* SSLv2 variables */ + struct ssl3_state_st *s3; /* SSLv3 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ + + int read_ahead; /* Read as many input bytes as possible + * (for non-blocking reads) */ + + /* callback that allows applications to peek at protocol messages */ + void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); + void *msg_callback_arg; + + int hit; /* reusing a previous session */ + + X509_VERIFY_PARAM *param; + +#if 0 + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ +#endif + + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list; + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + + /* These are the ones being used, the ones in SSL_SESSION are + * the ones to be 'copied' into these ones */ + + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + const EVP_MD *read_hash; /* used for mac generation */ +#ifndef OPENSSL_NO_COMP + COMP_CTX *expand; /* uncompress */ +#else + char *expand; +#endif + + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + const EVP_MD *write_hash; /* used for mac generation */ +#ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +#else + char *compress; +#endif + + /* session info */ + + /* client cert? */ + /* This is used to hold the server certificate used */ + struct cert_st /* CERT */ *cert; + + /* the session_id_context is used to ensure sessions are only reused + * in the appropriate context */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; + + /* Used in SSL2 and SSL3 */ + int verify_mode; /* 0 don't care about verify failure. + * 1 fail if verify fails */ + int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ + + void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ + + int error; /* error bytes to be written */ + int error_code; /* actual code */ + +#ifndef OPENSSL_NO_KRB5 + KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ +#endif /* OPENSSL_NO_KRB5 */ + + SSL_CTX *ctx; + /* set this flag to 1 and a sleep(1) is put into all SSL_read() + * and SSL_write() calls, good for nbio debuging :-) */ + int debug; + + /* extra application data */ + long verify_result; + CRYPTO_EX_DATA ex_data; + + /* for server side, keep the list of CA_dn we can use */ + STACK_OF(X509_NAME) *client_CA; + + int references; + unsigned long options; /* protocol behaviour */ + unsigned long mode; /* API behaviour */ + long max_cert_list; + int first_packet; + int client_version; /* what was passed, used for + * SSLv3/TLS rollback check */ +#ifndef OPENSSL_NO_TLSEXT + /* TLS extension debug callback */ + void (*tlsext_debug_cb)(SSL *s, int client_server, int type, + unsigned char *data, int len, + void *arg); + void *tlsext_debug_arg; + char *tlsext_hostname; + int servername_done; /* no further mod of servername + 0 : call the servername extension callback. + 1 : prepare 2, allow last ack just after in server callback. + 2 : don't call servername callback, no ack in server hello + */ + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + /* Expect OCSP CertificateStatus message */ + int tlsext_status_expected; + /* OCSP status request only */ + STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; + X509_EXTENSIONS *tlsext_ocsp_exts; + /* OCSP response received or to be sent */ + unsigned char *tlsext_ocsp_resp; + int tlsext_ocsp_resplen; + + /* RFC4507 session ticket expected to be received or sent */ + int tlsext_ticket_expected; + SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ +#define session_ctx initial_ctx +#else +#define session_ctx ctx +#endif + }; + +#ifdef __cplusplus +} +#endif + +#include <openssl/ssl2.h> +#include <openssl/ssl3.h> +#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ +#include <openssl/dtls1.h> /* Datagram TLS */ +#include <openssl/ssl23.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* compatibility */ +#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) +#define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) +#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) + +/* The following are the possible values for ssl->state are are + * used to indicate where we are up to in the SSL connection establishment. + * The macros that follow are about the only things you should need to use + * and even then, only when using non-blocking IO. + * It can also be useful to work out where you were when the connection + * failed */ + +#define SSL_ST_CONNECT 0x1000 +#define SSL_ST_ACCEPT 0x2000 +#define SSL_ST_MASK 0x0FFF +#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) +#define SSL_ST_BEFORE 0x4000 +#define SSL_ST_OK 0x03 +#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) + +#define SSL_CB_LOOP 0x01 +#define SSL_CB_EXIT 0x02 +#define SSL_CB_READ 0x04 +#define SSL_CB_WRITE 0x08 +#define SSL_CB_ALERT 0x4000 /* used in callback */ +#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +#define SSL_CB_HANDSHAKE_START 0x10 +#define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +#define SSL_get_state(a) SSL_state(a) +#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) +#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) +#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) +#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) +#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) + +/* The following 2 states are kept in ssl->rstate when reads fail, + * you should not need these */ +#define SSL_ST_READ_HEADER 0xF0 +#define SSL_ST_READ_BODY 0xF1 +#define SSL_ST_READ_DONE 0xF2 + +/* Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options + * are 'ored' with SSL_VERIFY_PEER if they are desired */ +#define SSL_VERIFY_NONE 0x00 +#define SSL_VERIFY_PEER 0x01 +#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +#define SSL_VERIFY_CLIENT_ONCE 0x04 + +#define OpenSSL_add_ssl_algorithms() SSL_library_init() +#define SSLeay_add_ssl_algorithms() SSL_library_init() + +/* this is for backward compatibility */ +#if 0 /* NEW_SSLEAY */ +#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) +#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) +#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) +#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) +#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) +#endif +/* More backward compatibility */ +#define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +#define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_time(a) SSL_SESSION_get_time(a) +#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +#if 1 /*SSLEAY_MACROS*/ +#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) +#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ + (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) +#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) +#define PEM_write_SSL_SESSION(fp,x) \ + PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ + PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) +#define PEM_write_bio_SSL_SESSION(bp,x) \ + PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) +#endif + +#define SSL_AD_REASON_OFFSET 1000 +/* These alert types are for SSLv3 and TLSv1 */ +#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ +#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ +#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ +#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ +#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ +#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ +#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ +#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ +#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ +#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ +#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ +#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ +#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ +#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE + +#define SSL_ERROR_NONE 0 +#define SSL_ERROR_SSL 1 +#define SSL_ERROR_WANT_READ 2 +#define SSL_ERROR_WANT_WRITE 3 +#define SSL_ERROR_WANT_X509_LOOKUP 4 +#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ +#define SSL_ERROR_ZERO_RETURN 6 +#define SSL_ERROR_WANT_CONNECT 7 +#define SSL_ERROR_WANT_ACCEPT 8 + +#define SSL_CTRL_NEED_TMP_RSA 1 +#define SSL_CTRL_SET_TMP_RSA 2 +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TMP_ECDH 4 +#define SSL_CTRL_SET_TMP_RSA_CB 5 +#define SSL_CTRL_SET_TMP_DH_CB 6 +#define SSL_CTRL_SET_TMP_ECDH_CB 7 + +#define SSL_CTRL_GET_SESSION_REUSED 8 +#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +#define SSL_CTRL_GET_FLAGS 13 +#define SSL_CTRL_EXTRA_CHAIN_CERT 14 + +#define SSL_CTRL_SET_MSG_CALLBACK 15 +#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 + +/* only applies to datagram connections */ +#define SSL_CTRL_SET_MTU 17 +/* Stats */ +#define SSL_CTRL_SESS_NUMBER 20 +#define SSL_CTRL_SESS_CONNECT 21 +#define SSL_CTRL_SESS_CONNECT_GOOD 22 +#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +#define SSL_CTRL_SESS_ACCEPT 24 +#define SSL_CTRL_SESS_ACCEPT_GOOD 25 +#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +#define SSL_CTRL_SESS_HIT 27 +#define SSL_CTRL_SESS_CB_HIT 28 +#define SSL_CTRL_SESS_MISSES 29 +#define SSL_CTRL_SESS_TIMEOUTS 30 +#define SSL_CTRL_SESS_CACHE_FULL 31 +#define SSL_CTRL_OPTIONS 32 +#define SSL_CTRL_MODE 33 + +#define SSL_CTRL_GET_READ_AHEAD 40 +#define SSL_CTRL_SET_READ_AHEAD 41 +#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +#define SSL_CTRL_SET_SESS_CACHE_MODE 44 +#define SSL_CTRL_GET_SESS_CACHE_MODE 45 + +#define SSL_CTRL_GET_MAX_CERT_LIST 50 +#define SSL_CTRL_SET_MAX_CERT_LIST 51 + +/* see tls1.h for macros based on these */ +#ifndef OPENSSL_NO_TLSEXT +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 + +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 + +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +#endif + +#define DTLS_CTRL_GET_TIMEOUT 73 +#define DTLS_CTRL_HANDLE_TIMEOUT 74 +#define DTLS_CTRL_LISTEN 75 + +#define SSL_CTRL_GET_RI_SUPPORT 76 +#define SSL_CTRL_CLEAR_OPTIONS 77 +#define SSL_CTRL_CLEAR_MODE 78 + +#define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) +#define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +#define DTLSv1_listen(ssl, peer) \ + SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) + +#define SSL_session_reused(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) +#define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +#define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +#define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) + +#define SSL_CTX_need_tmp_RSA(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) +#define SSL_CTX_set_tmp_rsa(ctx,rsa) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +#define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) + +#define SSL_need_tmp_RSA(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) +#define SSL_set_tmp_rsa(ssl,rsa) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +#define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +#define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) + +#define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) + +#ifndef OPENSSL_NO_BIO +BIO_METHOD *BIO_f_ssl(void); +BIO *BIO_new_ssl(SSL_CTX *ctx,int client); +BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +int BIO_ssl_copy_session_id(BIO *to,BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +#endif + +int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); +SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); +void SSL_CTX_free(SSL_CTX *); +long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); +long SSL_CTX_get_timeout(const SSL_CTX *ctx); +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); +int SSL_want(const SSL *s); +int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); + +SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); +char * SSL_CIPHER_get_version(const SSL_CIPHER *c); +const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); + +int SSL_get_fd(const SSL *s); +int SSL_get_rfd(const SSL *s); +int SSL_get_wfd(const SSL *s); +const char * SSL_get_cipher_list(const SSL *s,int n); +char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +int SSL_get_read_ahead(const SSL * s); +int SSL_pending(const SSL *s); +#ifndef OPENSSL_NO_SOCK +int SSL_set_fd(SSL *s, int fd); +int SSL_set_rfd(SSL *s, int fd); +int SSL_set_wfd(SSL *s, int fd); +#endif +#ifndef OPENSSL_NO_BIO +void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); +BIO * SSL_get_rbio(const SSL *s); +BIO * SSL_get_wbio(const SSL *s); +#endif +int SSL_set_cipher_list(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +int SSL_get_verify_mode(const SSL *s); +int SSL_get_verify_depth(const SSL *s); +int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); +void SSL_set_verify(SSL *s, int mode, + int (*callback)(int ok,X509_STORE_CTX *ctx)); +void SSL_set_verify_depth(SSL *s, int depth); +#ifndef OPENSSL_NO_RSA +int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +#endif +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); +int SSL_use_certificate(SSL *ssl, X509 *x); +int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); + +#ifndef OPENSSL_NO_STDIO +int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ +STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +#ifndef OPENSSL_SYS_VMS +#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); +#endif +#endif + +#endif + +void SSL_load_error_strings(void ); +const char *SSL_state_string(const SSL *s); +const char *SSL_rstate_string(const SSL *s); +const char *SSL_state_string_long(const SSL *s); +const char *SSL_rstate_string_long(const SSL *s); +long SSL_SESSION_get_time(const SSL_SESSION *s); +long SSL_SESSION_set_time(SSL_SESSION *s, long t); +long SSL_SESSION_get_timeout(const SSL_SESSION *s); +long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +void SSL_copy_session_id(SSL *to,const SSL *from); + +SSL_SESSION *SSL_SESSION_new(void); +unsigned long SSL_SESSION_hash(const SSL_SESSION *a); +int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); +#ifndef OPENSSL_NO_FP_API +int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); +#endif +#ifndef OPENSSL_NO_BIO +int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); +#endif +void SSL_SESSION_free(SSL_SESSION *ses); +int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); +int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); +int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); +int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); +int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, + long length); + +#ifdef HEADER_X509_H +X509 * SSL_get_peer_certificate(const SSL *s); +#endif + +STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); +void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, + int (*callback)(int, X509_STORE_CTX *)); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); +#ifndef OPENSSL_NO_RSA +int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +#endif +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, + const unsigned char *d, long len); +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); + +int SSL_CTX_check_private_key(const SSL_CTX *ctx); +int SSL_check_private_key(const SSL *ctx); + +int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL * SSL_new(SSL_CTX *ctx); +int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); +int SSL_set_purpose(SSL *s, int purpose); +int SSL_CTX_set_trust(SSL_CTX *s, int trust); +int SSL_set_trust(SSL *s, int trust); + +void SSL_free(SSL *ssl); +int SSL_accept(SSL *ssl); +int SSL_connect(SSL *ssl); +int SSL_read(SSL *ssl,void *buf,int num); +int SSL_peek(SSL *ssl,void *buf,int num); +int SSL_write(SSL *ssl,const void *buf,int num); +long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +int SSL_get_error(const SSL *s,int ret_code); +const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); + +SSL_METHOD *SSLv2_method(void); /* SSLv2 */ +SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ +SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ + +SSL_METHOD *SSLv3_method(void); /* SSLv3 */ +SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ +SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ + +SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ +SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ +SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ + +SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ +SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ +SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ + +SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ +SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ +SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ + +STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); + +int SSL_do_handshake(SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_pending(SSL *s); +int SSL_shutdown(SSL *s); + +SSL_METHOD *SSL_get_ssl_method(SSL *s); +int SSL_set_ssl_method(SSL *s,SSL_METHOD *method); +const char *SSL_alert_type_string_long(int value); +const char *SSL_alert_type_string(int value); +const char *SSL_alert_desc_string_long(int value); +const char *SSL_alert_desc_string(int value); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +int SSL_add_client_CA(SSL *ssl,X509 *x); +int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +long SSL_get_default_timeout(const SSL *s); + +int SSL_library_init(void ); + +char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); +STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); + +SSL *SSL_dup(SSL *ssl); + +X509 *SSL_get_certificate(const SSL *ssl); +/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl,int mode); +int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl,int mode); +int SSL_get_shutdown(const SSL *ssl); +int SSL_version(const SSL *ssl); +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); +#define SSL_get0_session SSL_get_session /* just peek at pointer */ +SSL_SESSION *SSL_get_session(const SSL *ssl); +SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb)(const SSL *ssl,int type,int val)); +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); +int SSL_state(const SSL *ssl); + +void SSL_set_verify_result(SSL *ssl,long v); +long SSL_get_verify_result(const SSL *ssl); + +int SSL_set_ex_data(SSL *ssl,int idx,void *data); +void *SSL_get_ex_data(const SSL *ssl,int idx); +int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); +int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); +int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +int SSL_get_ex_data_X509_STORE_CTX_idx(void ); + +#define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +#define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +#define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +#define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +#define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +#define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +#define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +#define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +#define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +#define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + + /* NB: the keylength is only applicable when is_export is true */ +#ifndef OPENSSL_NO_RSA +void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, + RSA *(*cb)(SSL *ssl,int is_export, + int keylength)); + +void SSL_set_tmp_rsa_callback(SSL *ssl, + RSA *(*cb)(SSL *ssl,int is_export, + int keylength)); +#endif +#ifndef OPENSSL_NO_DH +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh)(SSL *ssl,int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh)(SSL *ssl,int is_export, + int keylength)); +#endif +#ifndef OPENSSL_NO_ECDH +void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, + EC_KEY *(*ecdh)(SSL *ssl,int is_export, + int keylength)); +void SSL_set_tmp_ecdh_callback(SSL *ssl, + EC_KEY *(*ecdh)(SSL *ssl,int is_export, + int keylength)); +#endif + +#ifndef OPENSSL_NO_COMP +const COMP_METHOD *SSL_get_current_compression(SSL *s); +const COMP_METHOD *SSL_get_current_expansion(SSL *s); +const char *SSL_COMP_get_name(const COMP_METHOD *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); +#else +const void *SSL_get_current_compression(SSL *s); +const void *SSL_get_current_expansion(SSL *s); +const char *SSL_COMP_get_name(const void *comp); +void *SSL_COMP_get_compression_methods(void); +int SSL_COMP_add_compression_method(int id,void *cm); +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_SSL_strings(void); + +/* Error codes for the SSL functions. */ + +/* Function codes. */ +#define SSL_F_CLIENT_CERTIFICATE 100 +#define SSL_F_CLIENT_FINISHED 167 +#define SSL_F_CLIENT_HELLO 101 +#define SSL_F_CLIENT_MASTER_KEY 102 +#define SSL_F_D2I_SSL_SESSION 103 +#define SSL_F_DO_DTLS1_WRITE 245 +#define SSL_F_DO_SSL3_WRITE 104 +#define SSL_F_DTLS1_ACCEPT 246 +#define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 +#define SSL_F_DTLS1_BUFFER_RECORD 247 +#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293 +#define SSL_F_DTLS1_CLIENT_HELLO 248 +#define SSL_F_DTLS1_CONNECT 249 +#define SSL_F_DTLS1_ENC 250 +#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 +#define SSL_F_DTLS1_GET_MESSAGE 252 +#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 +#define SSL_F_DTLS1_GET_RECORD 254 +#define SSL_F_DTLS1_HANDLE_TIMEOUT 282 +#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 +#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 +#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 +#define SSL_F_DTLS1_PROCESS_RECORD 257 +#define SSL_F_DTLS1_READ_BYTES 258 +#define SSL_F_DTLS1_READ_FAILED 259 +#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 +#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 +#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 +#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 +#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 +#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 +#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 +#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 +#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +#define SSL_F_GET_CLIENT_FINISHED 105 +#define SSL_F_GET_CLIENT_HELLO 106 +#define SSL_F_GET_CLIENT_MASTER_KEY 107 +#define SSL_F_GET_SERVER_FINISHED 108 +#define SSL_F_GET_SERVER_HELLO 109 +#define SSL_F_GET_SERVER_VERIFY 110 +#define SSL_F_I2D_SSL_SESSION 111 +#define SSL_F_READ_N 112 +#define SSL_F_REQUEST_CERTIFICATE 113 +#define SSL_F_SERVER_FINISH 239 +#define SSL_F_SERVER_HELLO 114 +#define SSL_F_SERVER_VERIFY 240 +#define SSL_F_SSL23_ACCEPT 115 +#define SSL_F_SSL23_CLIENT_HELLO 116 +#define SSL_F_SSL23_CONNECT 117 +#define SSL_F_SSL23_GET_CLIENT_HELLO 118 +#define SSL_F_SSL23_GET_SERVER_HELLO 119 +#define SSL_F_SSL23_PEEK 237 +#define SSL_F_SSL23_READ 120 +#define SSL_F_SSL23_WRITE 121 +#define SSL_F_SSL2_ACCEPT 122 +#define SSL_F_SSL2_CONNECT 123 +#define SSL_F_SSL2_ENC_INIT 124 +#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 +#define SSL_F_SSL2_PEEK 234 +#define SSL_F_SSL2_READ 125 +#define SSL_F_SSL2_READ_INTERNAL 236 +#define SSL_F_SSL2_SET_CERTIFICATE 126 +#define SSL_F_SSL2_WRITE 127 +#define SSL_F_SSL3_ACCEPT 128 +#define SSL_F_SSL3_ADD_CERT_TO_BUF 281 +#define SSL_F_SSL3_CALLBACK_CTRL 233 +#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +#define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 +#define SSL_F_SSL3_CLIENT_HELLO 131 +#define SSL_F_SSL3_CONNECT 132 +#define SSL_F_SSL3_CTRL 213 +#define SSL_F_SSL3_CTX_CTRL 133 +#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 +#define SSL_F_SSL3_ENC 134 +#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +#define SSL_F_SSL3_GET_CERT_STATUS 288 +#define SSL_F_SSL3_GET_CERT_VERIFY 136 +#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 +#define SSL_F_SSL3_GET_CLIENT_HELLO 138 +#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 +#define SSL_F_SSL3_GET_FINISHED 140 +#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 +#define SSL_F_SSL3_GET_MESSAGE 142 +#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 +#define SSL_F_SSL3_GET_RECORD 143 +#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 +#define SSL_F_SSL3_GET_SERVER_DONE 145 +#define SSL_F_SSL3_GET_SERVER_HELLO 146 +#define SSL_F_SSL3_NEW_SESSION_TICKET 284 +#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +#define SSL_F_SSL3_PEEK 235 +#define SSL_F_SSL3_READ_BYTES 148 +#define SSL_F_SSL3_READ_N 149 +#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 +#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 +#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 +#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 +#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 +#define SSL_F_SSL3_SEND_SERVER_HELLO 242 +#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 +#define SSL_F_SSL3_SETUP_BUFFERS 156 +#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +#define SSL_F_SSL3_WRITE_BYTES 158 +#define SSL_F_SSL3_WRITE_PENDING 159 +#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 +#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 +#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 +#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 +#define SSL_F_SSL_BAD_METHOD 160 +#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +#define SSL_F_SSL_CERT_DUP 221 +#define SSL_F_SSL_CERT_INST 222 +#define SSL_F_SSL_CERT_INSTANTIATE 214 +#define SSL_F_SSL_CERT_NEW 162 +#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 +#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +#define SSL_F_SSL_CLEAR 164 +#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +#define SSL_F_SSL_CREATE_CIPHER_LIST 166 +#define SSL_F_SSL_CTRL 232 +#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +#define SSL_F_SSL_CTX_NEW 169 +#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 +#define SSL_F_SSL_CTX_SET_PURPOSE 226 +#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +#define SSL_F_SSL_CTX_SET_TRUST 229 +#define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +#define SSL_F_SSL_DO_HANDSHAKE 180 +#define SSL_F_SSL_GET_NEW_SESSION 181 +#define SSL_F_SSL_GET_PREV_SESSION 217 +#define SSL_F_SSL_GET_SERVER_SEND_CERT 182 +#define SSL_F_SSL_GET_SIGN_PKEY 183 +#define SSL_F_SSL_INIT_WBIO_BUFFER 184 +#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +#define SSL_F_SSL_NEW 186 +#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 +#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 +#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 +#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 +#define SSL_F_SSL_PEEK 270 +#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 +#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 +#define SSL_F_SSL_READ 223 +#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 +#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +#define SSL_F_SSL_SESSION_NEW 189 +#define SSL_F_SSL_SESSION_PRINT_FP 190 +#define SSL_F_SSL_SESS_CERT_NEW 225 +#define SSL_F_SSL_SET_CERT 191 +#define SSL_F_SSL_SET_CIPHER_LIST 271 +#define SSL_F_SSL_SET_FD 192 +#define SSL_F_SSL_SET_PKEY 193 +#define SSL_F_SSL_SET_PURPOSE 227 +#define SSL_F_SSL_SET_RFD 194 +#define SSL_F_SSL_SET_SESSION 195 +#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +#define SSL_F_SSL_SET_TRUST 228 +#define SSL_F_SSL_SET_WFD 196 +#define SSL_F_SSL_SHUTDOWN 224 +#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 +#define SSL_F_SSL_UNDEFINED_FUNCTION 197 +#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +#define SSL_F_SSL_USE_CERTIFICATE 198 +#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +#define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +#define SSL_F_SSL_USE_PRIVATEKEY 201 +#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +#define SSL_F_SSL_WRITE 208 +#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +#define SSL_F_TLS1_ENC 210 +#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +#define SSL_F_WRITE_PENDING 212 + +/* Reason codes. */ +#define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +#define SSL_R_BAD_ALERT_RECORD 101 +#define SSL_R_BAD_AUTHENTICATION_TYPE 102 +#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +#define SSL_R_BAD_CHECKSUM 104 +#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +#define SSL_R_BAD_DECOMPRESSION 107 +#define SSL_R_BAD_DH_G_LENGTH 108 +#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +#define SSL_R_BAD_DH_P_LENGTH 110 +#define SSL_R_BAD_DIGEST_LENGTH 111 +#define SSL_R_BAD_DSA_SIGNATURE 112 +#define SSL_R_BAD_ECC_CERT 304 +#define SSL_R_BAD_ECDSA_SIGNATURE 305 +#define SSL_R_BAD_ECPOINT 306 +#define SSL_R_BAD_HELLO_REQUEST 105 +#define SSL_R_BAD_LENGTH 271 +#define SSL_R_BAD_MAC_DECODE 113 +#define SSL_R_BAD_MESSAGE_TYPE 114 +#define SSL_R_BAD_PACKET_LENGTH 115 +#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +#define SSL_R_BAD_RESPONSE_ARGUMENT 117 +#define SSL_R_BAD_RSA_DECRYPT 118 +#define SSL_R_BAD_RSA_ENCRYPT 119 +#define SSL_R_BAD_RSA_E_LENGTH 120 +#define SSL_R_BAD_RSA_MODULUS_LENGTH 121 +#define SSL_R_BAD_RSA_SIGNATURE 122 +#define SSL_R_BAD_SIGNATURE 123 +#define SSL_R_BAD_SSL_FILETYPE 124 +#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 +#define SSL_R_BAD_STATE 126 +#define SSL_R_BAD_WRITE_RETRY 127 +#define SSL_R_BIO_NOT_SET 128 +#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +#define SSL_R_BN_LIB 130 +#define SSL_R_CA_DN_LENGTH_MISMATCH 131 +#define SSL_R_CA_DN_TOO_LONG 132 +#define SSL_R_CCS_RECEIVED_EARLY 133 +#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +#define SSL_R_CERT_LENGTH_MISMATCH 135 +#define SSL_R_CHALLENGE_IS_DIFFERENT 136 +#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 +#define SSL_R_CLIENTHELLO_TLSEXT 157 +#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +#define SSL_R_COMPRESSION_FAILURE 141 +#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 +#define SSL_R_CONNECTION_TYPE_NOT_SET 144 +#define SSL_R_COOKIE_MISMATCH 308 +#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +#define SSL_R_DATA_LENGTH_TOO_LONG 146 +#define SSL_R_DECRYPTION_FAILED 147 +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +#define SSL_R_DIGEST_CHECK_FAILED 149 +#define SSL_R_DTLS_MESSAGE_TOO_BIG 318 +#define SSL_R_DUPLICATE_COMPRESSION_ID 309 +#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 +#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +#define SSL_R_HTTPS_PROXY_REQUEST 155 +#define SSL_R_HTTP_REQUEST 156 +#define SSL_R_ILLEGAL_PADDING 283 +#define SSL_R_INVALID_CHALLENGE_LENGTH 158 +#define SSL_R_INVALID_COMMAND 280 +#define SSL_R_INVALID_PURPOSE 278 +#define SSL_R_INVALID_STATUS_RESPONSE 316 +#define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 +#define SSL_R_INVALID_TRUST 279 +#define SSL_R_KEY_ARG_TOO_LONG 284 +#define SSL_R_KRB5 285 +#define SSL_R_KRB5_C_CC_PRINC 286 +#define SSL_R_KRB5_C_GET_CRED 287 +#define SSL_R_KRB5_C_INIT 288 +#define SSL_R_KRB5_C_MK_REQ 289 +#define SSL_R_KRB5_S_BAD_TICKET 290 +#define SSL_R_KRB5_S_INIT 291 +#define SSL_R_KRB5_S_RD_REQ 292 +#define SSL_R_KRB5_S_TKT_EXPIRED 293 +#define SSL_R_KRB5_S_TKT_NYV 294 +#define SSL_R_KRB5_S_TKT_SKEW 295 +#define SSL_R_LENGTH_MISMATCH 159 +#define SSL_R_LENGTH_TOO_SHORT 160 +#define SSL_R_LIBRARY_BUG 274 +#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +#define SSL_R_MESSAGE_TOO_LONG 296 +#define SSL_R_MISSING_DH_DSA_CERT 162 +#define SSL_R_MISSING_DH_KEY 163 +#define SSL_R_MISSING_DH_RSA_CERT 164 +#define SSL_R_MISSING_DSA_SIGNING_CERT 165 +#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 +#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 +#define SSL_R_MISSING_RSA_CERTIFICATE 168 +#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +#define SSL_R_MISSING_RSA_SIGNING_CERT 170 +#define SSL_R_MISSING_TMP_DH_KEY 171 +#define SSL_R_MISSING_TMP_ECDH_KEY 311 +#define SSL_R_MISSING_TMP_RSA_KEY 172 +#define SSL_R_MISSING_TMP_RSA_PKEY 173 +#define SSL_R_MISSING_VERIFY_MESSAGE 174 +#define SSL_R_MULTIPLE_SGC_RESTARTS 325 +#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 +#define SSL_R_NO_CERTIFICATES_RETURNED 176 +#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +#define SSL_R_NO_CERTIFICATE_RETURNED 178 +#define SSL_R_NO_CERTIFICATE_SET 179 +#define SSL_R_NO_CERTIFICATE_SPECIFIED 180 +#define SSL_R_NO_CIPHERS_AVAILABLE 181 +#define SSL_R_NO_CIPHERS_PASSED 182 +#define SSL_R_NO_CIPHERS_SPECIFIED 183 +#define SSL_R_NO_CIPHER_LIST 184 +#define SSL_R_NO_CIPHER_MATCH 185 +#define SSL_R_NO_CLIENT_CERT_METHOD 317 +#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 +#define SSL_R_NO_COMPRESSION_SPECIFIED 187 +#define SSL_R_NO_METHOD_SPECIFIED 188 +#define SSL_R_NO_PRIVATEKEY 189 +#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +#define SSL_R_NO_PUBLICKEY 192 +#define SSL_R_NO_RENEGOTIATION 319 +#define SSL_R_NO_SHARED_CIPHER 193 +#define SSL_R_NO_VERIFY_CALLBACK 194 +#define SSL_R_NULL_SSL_CTX 195 +#define SSL_R_NULL_SSL_METHOD_PASSED 196 +#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 +#define SSL_R_PACKET_LENGTH_TOO_LONG 198 +#define SSL_R_PARSE_TLSEXT 223 +#define SSL_R_PATH_TOO_LONG 270 +#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +#define SSL_R_PEER_ERROR 200 +#define SSL_R_PEER_ERROR_CERTIFICATE 201 +#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 +#define SSL_R_PEER_ERROR_NO_CIPHER 203 +#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 +#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 +#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 +#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 +#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 +#define SSL_R_PUBLIC_KEY_NOT_RSA 210 +#define SSL_R_READ_BIO_NOT_SET 211 +#define SSL_R_READ_TIMEOUT_EXPIRED 312 +#define SSL_R_READ_WRONG_PACKET_TYPE 212 +#define SSL_R_RECORD_LENGTH_MISMATCH 213 +#define SSL_R_RECORD_TOO_LARGE 214 +#define SSL_R_RECORD_TOO_SMALL 298 +#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 +#define SSL_R_RENEGOTIATION_ENCODING_ERR 321 +#define SSL_R_RENEGOTIATION_MISMATCH 322 +#define SSL_R_REQUIRED_CIPHER_MISSING 215 +#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 +#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 +#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 +#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 +#define SSL_R_SERVERHELLO_TLSEXT 224 +#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +#define SSL_R_SHORT_READ 219 +#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 +#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +#define SSL_R_SSL_HANDSHAKE_FAILURE 229 +#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +#define SSL_R_SSL_SESSION_ID_CONFLICT 302 +#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 +#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 +#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 +#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 +#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 +#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 +#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 +#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 +#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 +#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 +#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 +#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 +#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +#define SSL_R_UNEXPECTED_MESSAGE 244 +#define SSL_R_UNEXPECTED_RECORD 245 +#define SSL_R_UNINITIALIZED 276 +#define SSL_R_UNKNOWN_ALERT_TYPE 246 +#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +#define SSL_R_UNKNOWN_CIPHER_TYPE 249 +#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +#define SSL_R_UNKNOWN_PKEY_TYPE 251 +#define SSL_R_UNKNOWN_PROTOCOL 252 +#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 +#define SSL_R_UNKNOWN_SSL_VERSION 254 +#define SSL_R_UNKNOWN_STATE 255 +#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 +#define SSL_R_UNSUPPORTED_CIPHER 256 +#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +#define SSL_R_UNSUPPORTED_PROTOCOL 258 +#define SSL_R_UNSUPPORTED_SSL_VERSION 259 +#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +#define SSL_R_WRITE_BIO_NOT_SET 260 +#define SSL_R_WRONG_CIPHER_RETURNED 261 +#define SSL_R_WRONG_MESSAGE_TYPE 262 +#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 +#define SSL_R_WRONG_SIGNATURE_LENGTH 264 +#define SSL_R_WRONG_SIGNATURE_SIZE 265 +#define SSL_R_WRONG_SSL_VERSION 266 +#define SSL_R_WRONG_VERSION_NUMBER 267 +#define SSL_R_X509_LIB 268 +#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/ssl3.h b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/ssl3.h new file mode 100644 index 00000000..b9a85eff --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/ssl3.h @@ -0,0 +1,585 @@ +/* ssl/ssl3.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_SSL3_H +#define HEADER_SSL3_H + +#ifndef OPENSSL_NO_COMP +#include <openssl/comp.h> +#endif +#include <openssl/buffer.h> +#include <openssl/evp.h> +#include <openssl/ssl.h> +#include <openssl/pq_compat.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +#define SSL3_CK_SCSV 0x030000FF + +#define SSL3_CK_RSA_NULL_MD5 0x03000001 +#define SSL3_CK_RSA_NULL_SHA 0x03000002 +#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 +#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 +#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 +#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 +#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 +#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 + +#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C +#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D +#if 0 /* Because it clashes with KRB5, is never used any more, and is safe + to remove according to David Hopwood <david.hopwood@zetnet.co.uk> + of the ietf-tls list */ +#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E +#endif + +/* VRS Additional Kerberos5 entries + */ +#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E +#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F +#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 +#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 +#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 +#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 +#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 +#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 + +#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 +#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 +#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 +#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 +#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A +#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B + +#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" +#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" +#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" + +#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" +#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" +#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" +#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" +#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" + +#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" +#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" +#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" +#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" + +#define SSL3_SSL_SESSION_ID_LENGTH 32 +#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +#define SSL3_MASTER_SECRET_SIZE 48 +#define SSL3_RANDOM_SIZE 32 +#define SSL3_SESSION_ID_SIZE 32 +#define SSL3_RT_HEADER_LENGTH 5 + +/* Due to MS stuffing up, this can change.... */ +#if defined(OPENSSL_SYS_WIN16) || \ + (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) +#define SSL3_RT_MAX_EXTRA (14000) +#else +#define SSL3_RT_MAX_EXTRA (16384) +#endif + +#define SSL3_RT_MAX_PLAIN_LENGTH 16384 +#ifdef OPENSSL_NO_COMP +#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +#else +#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) +#endif +#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) +#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) +#define SSL3_RT_MAX_DATA_SIZE (1024*1024) + +#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +#define SSL3_VERSION 0x0300 +#define SSL3_VERSION_MAJOR 0x03 +#define SSL3_VERSION_MINOR 0x00 + +#define SSL3_RT_CHANGE_CIPHER_SPEC 20 +#define SSL3_RT_ALERT 21 +#define SSL3_RT_HANDSHAKE 22 +#define SSL3_RT_APPLICATION_DATA 23 + +#define SSL3_AL_WARNING 1 +#define SSL3_AL_FATAL 2 + +#define SSL3_AD_CLOSE_NOTIFY 0 +#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ +#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ +#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ +#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ +#define SSL3_AD_NO_CERTIFICATE 41 +#define SSL3_AD_BAD_CERTIFICATE 42 +#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +#define SSL3_AD_CERTIFICATE_REVOKED 44 +#define SSL3_AD_CERTIFICATE_EXPIRED 45 +#define SSL3_AD_CERTIFICATE_UNKNOWN 46 +#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ + +typedef struct ssl3_record_st + { +/*r */ int type; /* type of record */ +/*rw*/ unsigned int length; /* How many bytes available */ +/*r */ unsigned int off; /* read/write offset into 'buf' */ +/*rw*/ unsigned char *data; /* pointer to the record data */ +/*rw*/ unsigned char *input; /* where the decode bytes are */ +/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ +/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ +/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ + } SSL3_RECORD; + +typedef struct ssl3_buffer_st + { + unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, + * see ssl3_setup_buffers() */ + size_t len; /* buffer size */ + int offset; /* where to 'copy from' */ + int left; /* how many bytes left */ + } SSL3_BUFFER; + +#define SSL3_CT_RSA_SIGN 1 +#define SSL3_CT_DSS_SIGN 2 +#define SSL3_CT_RSA_FIXED_DH 3 +#define SSL3_CT_DSS_FIXED_DH 4 +#define SSL3_CT_RSA_EPHEMERAL_DH 5 +#define SSL3_CT_DSS_EPHEMERAL_DH 6 +#define SSL3_CT_FORTEZZA_DMS 20 +/* SSL3_CT_NUMBER is used to size arrays and it must be large + * enough to contain all of the cert types defined either for + * SSLv3 and TLSv1. + */ +#define SSL3_CT_NUMBER 7 + + +#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +#define SSL3_FLAGS_POP_BUFFER 0x0004 +#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 + +/* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us + * from restarting the handshake in a loop. It's reset on a + * renegotiation, so effectively limits the client to one restart + * per negotiation. This limits the possibility of a DDoS + * attack where the client handshakes in a loop using SGC to + * restart. Servers which permit renegotiation can still be + * effected, but we can't prevent that. + */ +#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 + +typedef struct ssl3_state_st + { + long flags; + int delay_buf_pop_ret; + + unsigned char read_sequence[8]; + unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char write_sequence[8]; + unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; + + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; + + /* flags for countermeasure against known-IV weakness */ + int need_empty_fragments; + int empty_fragment_done; + + SSL3_BUFFER rbuf; /* read IO goes into here */ + SSL3_BUFFER wbuf; /* write IO goes into here */ + + SSL3_RECORD rrec; /* each decoded record goes in here */ + SSL3_RECORD wrec; /* goes out from here */ + + /* storage for Alert/Handshake protocol data received but not + * yet processed by ssl3_read_bytes: */ + unsigned char alert_fragment[2]; + unsigned int alert_fragment_len; + unsigned char handshake_fragment[4]; + unsigned int handshake_fragment_len; + + /* partial write - check the numbers match */ + unsigned int wnum; /* number of bytes sent so far */ + int wpend_tot; /* number bytes written */ + int wpend_type; + int wpend_ret; /* number of bytes submitted */ + const unsigned char *wpend_buf; + + /* used during startup, digest all incoming/outgoing packets */ + EVP_MD_CTX finish_dgst1; + EVP_MD_CTX finish_dgst2; + + /* this is set whenerver we see a change_cipher_spec message + * come in when we are not looking for one */ + int change_cipher_spec; + + int warn_alert; + int fatal_alert; + /* we allow one fatal and one warning alert to be outstanding, + * send close alert via the warning alert */ + int alert_dispatch; + unsigned char send_alert[2]; + + /* This flag is set when we should renegotiate ASAP, basically when + * there is no more data in the read or write buffers */ + int renegotiate; + int total_renegotiations; + int num_renegotiations; + + int in_read_app_data; + + struct { + /* actually only needs to be 16+20 */ + unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; + + /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ + unsigned char finish_md[EVP_MAX_MD_SIZE*2]; + int finish_md_len; + unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; + int peer_finish_md_len; + + unsigned long message_size; + int message_type; + + /* used to hold the new cipher we are going to use */ + SSL_CIPHER *new_cipher; +#ifndef OPENSSL_NO_DH + DH *dh; +#endif + +#ifndef OPENSSL_NO_ECDH + EC_KEY *ecdh; /* holds short lived ECDH key */ +#endif + + /* used when SSL_ST_FLUSH_DATA is entered */ + int next_state; + + int reuse_message; + + /* used for certificate requests */ + int cert_req; + int ctype_num; + char ctype[SSL3_CT_NUMBER]; + STACK_OF(X509_NAME) *ca_names; + + int use_rsa_tmp; + + int key_block_length; + unsigned char *key_block; + + const EVP_CIPHER *new_sym_enc; + const EVP_MD *new_hash; +#ifndef OPENSSL_NO_COMP + const SSL_COMP *new_compression; +#else + char *new_compression; +#endif + int cert_request; + } tmp; + + /* Connection binding to prevent renegotiation attacks */ + unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_client_finished_len; + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ + } SSL3_STATE; + + +/* SSLv3 */ +/*client */ +/* extra state */ +#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) +/* write to server */ +#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) +#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) +/* read from server */ +#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) +#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) +#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) +#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) +#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) +/* write to server */ +#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) +#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) +#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) +#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) +#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) +#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) +/* read from server */ +#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) +#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) +#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) +#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) +#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) + +/* server */ +/* extra state */ +#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) +/* read from client */ +/* Do not change the number values, they do matter */ +#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) +/* write to client */ +#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) +#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) +#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) +#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) +/* read from client */ +#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) +#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) +#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) +/* write to client */ +#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) + +#define SSL3_MT_HELLO_REQUEST 0 +#define SSL3_MT_CLIENT_HELLO 1 +#define SSL3_MT_SERVER_HELLO 2 +#define SSL3_MT_NEWSESSION_TICKET 4 +#define SSL3_MT_CERTIFICATE 11 +#define SSL3_MT_SERVER_KEY_EXCHANGE 12 +#define SSL3_MT_CERTIFICATE_REQUEST 13 +#define SSL3_MT_SERVER_DONE 14 +#define SSL3_MT_CERTIFICATE_VERIFY 15 +#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +#define SSL3_MT_FINISHED 20 +#define SSL3_MT_CERTIFICATE_STATUS 22 +#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + + +#define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +#define SSL3_CC_READ 0x01 +#define SSL3_CC_WRITE 0x02 +#define SSL3_CC_CLIENT 0x10 +#define SSL3_CC_SERVER 0x20 +#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/symhacks.h b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/symhacks.h new file mode 100644 index 00000000..0114093c --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/symhacks.h @@ -0,0 +1,429 @@ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_SYMHACKS_H +#define HEADER_SYMHACKS_H + +#include <openssl/e_os2.h> + +/* Hacks to solve the problem with linkers incapable of handling very long + symbol names. In the case of VMS, the limit is 31 characters on VMS for + VAX. */ +/* Note that this affects util/libeay.num and util/ssleay.num... you may + change those manually, but that's not recommended, as those files are + controlled centrally and updated on Unix, and the central definition + may disagree with yours, which in turn may come with shareable library + incompatibilities. */ +#ifdef OPENSSL_SYS_VMS + +/* Hack a long name in crypto/cryptlib.c */ +#undef int_CRYPTO_set_do_dynlock_callback +#define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb + +/* Hack a long name in crypto/ex_data.c */ +#undef CRYPTO_get_ex_data_implementation +#define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl +#undef CRYPTO_set_ex_data_implementation +#define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl + +/* Hack a long name in crypto/asn1/a_mbstr.c */ +#undef ASN1_STRING_set_default_mask_asc +#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc + +#if 0 /* No longer needed, since safestack macro magic does the job */ +/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ +#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO +#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF +#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO +#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF +#endif + +#if 0 /* No longer needed, since safestack macro magic does the job */ +/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ +#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO +#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF +#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO +#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF +#endif + +#if 0 /* No longer needed, since safestack macro magic does the job */ +/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ +#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION +#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC +#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION +#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC +#endif + +/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ +#undef PEM_read_NETSCAPE_CERT_SEQUENCE +#define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ +#undef PEM_write_NETSCAPE_CERT_SEQUENCE +#define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ +#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE +#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ +#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE +#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ +#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE +#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ + +/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */ +#undef PEM_read_PKCS8_PRIV_KEY_INFO +#define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO +#undef PEM_write_PKCS8_PRIV_KEY_INFO +#define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO +#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO +#define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO +#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO +#define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO +#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO +#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO + +/* Hack other PEM names */ +#undef PEM_write_bio_PKCS8PrivateKey_nid +#define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid + +/* Hack some long X509 names */ +#undef X509_REVOKED_get_ext_by_critical +#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic +#undef X509_policy_tree_get0_user_policies +#define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies +#undef X509_policy_node_get0_qualifiers +#define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers +#undef X509_STORE_CTX_get_explicit_policy +#define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy +#undef X509_STORE_CTX_get0_current_issuer +#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer + +/* Hack some long CRYPTO names */ +#undef CRYPTO_set_dynlock_destroy_callback +#define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb +#undef CRYPTO_set_dynlock_create_callback +#define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb +#undef CRYPTO_set_dynlock_lock_callback +#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb +#undef CRYPTO_get_dynlock_lock_callback +#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb +#undef CRYPTO_get_dynlock_destroy_callback +#define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb +#undef CRYPTO_get_dynlock_create_callback +#define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb +#undef CRYPTO_set_locked_mem_ex_functions +#define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs +#undef CRYPTO_get_locked_mem_ex_functions +#define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs + +/* Hack some long SSL names */ +#undef SSL_CTX_set_default_verify_paths +#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths +#undef SSL_get_ex_data_X509_STORE_CTX_idx +#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx +#undef SSL_add_file_cert_subjects_to_stack +#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk +#undef SSL_add_dir_cert_subjects_to_stack +#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk +#undef SSL_CTX_use_certificate_chain_file +#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file +#undef SSL_CTX_set_cert_verify_callback +#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb +#undef SSL_CTX_set_default_passwd_cb_userdata +#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud +#undef SSL_COMP_get_compression_methods +#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods + +#undef ssl_add_clienthello_renegotiate_ext +#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext +#undef ssl_add_serverhello_renegotiate_ext +#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext +#undef ssl_parse_clienthello_renegotiate_ext +#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext +#undef ssl_parse_serverhello_renegotiate_ext +#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext + +/* Hack some long ENGINE names */ +#undef ENGINE_get_default_BN_mod_exp_crt +#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt +#undef ENGINE_set_default_BN_mod_exp_crt +#define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt +#undef ENGINE_set_load_privkey_function +#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn +#undef ENGINE_get_load_privkey_function +#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +#undef ENGINE_set_load_ssl_client_cert_function +#define ENGINE_set_load_ssl_client_cert_function \ + ENGINE_set_ld_ssl_clnt_cert_fn +#undef ENGINE_get_ssl_client_cert_function +#define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn + +/* Hack some long OCSP names */ +#undef OCSP_REQUEST_get_ext_by_critical +#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit +#undef OCSP_BASICRESP_get_ext_by_critical +#define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit +#undef OCSP_SINGLERESP_get_ext_by_critical +#define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit + +/* Hack some long DES names */ +#undef _ossl_old_des_ede3_cfb64_encrypt +#define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt +#undef _ossl_old_des_ede3_ofb64_encrypt +#define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt + +/* Hack some long EVP names */ +#undef OPENSSL_add_all_algorithms_noconf +#define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf +#undef OPENSSL_add_all_algorithms_conf +#define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf + +/* Hack some long EC names */ +#undef EC_GROUP_set_point_conversion_form +#define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form +#undef EC_GROUP_get_point_conversion_form +#define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form +#undef EC_GROUP_clear_free_all_extra_data +#define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data +#undef EC_POINT_set_Jprojective_coordinates_GFp +#define EC_POINT_set_Jprojective_coordinates_GFp \ + EC_POINT_set_Jproj_coords_GFp +#undef EC_POINT_get_Jprojective_coordinates_GFp +#define EC_POINT_get_Jprojective_coordinates_GFp \ + EC_POINT_get_Jproj_coords_GFp +#undef EC_POINT_set_affine_coordinates_GFp +#define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp +#undef EC_POINT_get_affine_coordinates_GFp +#define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp +#undef EC_POINT_set_compressed_coordinates_GFp +#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp +#undef EC_POINT_set_affine_coordinates_GF2m +#define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m +#undef EC_POINT_get_affine_coordinates_GF2m +#define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m +#undef EC_POINT_set_compressed_coordinates_GF2m +#define EC_POINT_set_compressed_coordinates_GF2m \ + EC_POINT_set_compr_coords_GF2m +#undef ec_GF2m_simple_group_clear_finish +#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish +#undef ec_GF2m_simple_group_check_discriminant +#define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim +#undef ec_GF2m_simple_point_clear_finish +#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish +#undef ec_GF2m_simple_point_set_to_infinity +#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf +#undef ec_GF2m_simple_points_make_affine +#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine +#undef ec_GF2m_simple_point_set_affine_coordinates +#define ec_GF2m_simple_point_set_affine_coordinates \ + ec_GF2m_smp_pt_set_af_coords +#undef ec_GF2m_simple_point_get_affine_coordinates +#define ec_GF2m_simple_point_get_affine_coordinates \ + ec_GF2m_smp_pt_get_af_coords +#undef ec_GF2m_simple_set_compressed_coordinates +#define ec_GF2m_simple_set_compressed_coordinates \ + ec_GF2m_smp_set_compr_coords +#undef ec_GFp_simple_group_set_curve_GFp +#define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp +#undef ec_GFp_simple_group_get_curve_GFp +#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp +#undef ec_GFp_simple_group_clear_finish +#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish +#undef ec_GFp_simple_group_set_generator +#define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator +#undef ec_GFp_simple_group_get0_generator +#define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator +#undef ec_GFp_simple_group_get_cofactor +#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor +#undef ec_GFp_simple_point_clear_finish +#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish +#undef ec_GFp_simple_point_set_to_infinity +#define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf +#undef ec_GFp_simple_points_make_affine +#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine +#undef ec_GFp_simple_group_get_curve_GFp +#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp +#undef ec_GFp_simple_set_Jprojective_coordinates_GFp +#define ec_GFp_simple_set_Jprojective_coordinates_GFp \ + ec_GFp_smp_set_Jproj_coords_GFp +#undef ec_GFp_simple_get_Jprojective_coordinates_GFp +#define ec_GFp_simple_get_Jprojective_coordinates_GFp \ + ec_GFp_smp_get_Jproj_coords_GFp +#undef ec_GFp_simple_point_set_affine_coordinates_GFp +#define ec_GFp_simple_point_set_affine_coordinates_GFp \ + ec_GFp_smp_pt_set_af_coords_GFp +#undef ec_GFp_simple_point_get_affine_coordinates_GFp +#define ec_GFp_simple_point_get_affine_coordinates_GFp \ + ec_GFp_smp_pt_get_af_coords_GFp +#undef ec_GFp_simple_set_compressed_coordinates_GFp +#define ec_GFp_simple_set_compressed_coordinates_GFp \ + ec_GFp_smp_set_compr_coords_GFp +#undef ec_GFp_simple_point_set_affine_coordinates +#define ec_GFp_simple_point_set_affine_coordinates \ + ec_GFp_smp_pt_set_af_coords +#undef ec_GFp_simple_point_get_affine_coordinates +#define ec_GFp_simple_point_get_affine_coordinates \ + ec_GFp_smp_pt_get_af_coords +#undef ec_GFp_simple_set_compressed_coordinates +#define ec_GFp_simple_set_compressed_coordinates \ + ec_GFp_smp_set_compr_coords +#undef ec_GFp_simple_group_check_discriminant +#define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim + +/* Hack som long STORE names */ +#undef STORE_method_set_initialise_function +#define STORE_method_set_initialise_function STORE_meth_set_initialise_fn +#undef STORE_method_set_cleanup_function +#define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn +#undef STORE_method_set_generate_function +#define STORE_method_set_generate_function STORE_meth_set_generate_fn +#undef STORE_method_set_modify_function +#define STORE_method_set_modify_function STORE_meth_set_modify_fn +#undef STORE_method_set_revoke_function +#define STORE_method_set_revoke_function STORE_meth_set_revoke_fn +#undef STORE_method_set_delete_function +#define STORE_method_set_delete_function STORE_meth_set_delete_fn +#undef STORE_method_set_list_start_function +#define STORE_method_set_list_start_function STORE_meth_set_list_start_fn +#undef STORE_method_set_list_next_function +#define STORE_method_set_list_next_function STORE_meth_set_list_next_fn +#undef STORE_method_set_list_end_function +#define STORE_method_set_list_end_function STORE_meth_set_list_end_fn +#undef STORE_method_set_update_store_function +#define STORE_method_set_update_store_function STORE_meth_set_update_store_fn +#undef STORE_method_set_lock_store_function +#define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn +#undef STORE_method_set_unlock_store_function +#define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn +#undef STORE_method_get_initialise_function +#define STORE_method_get_initialise_function STORE_meth_get_initialise_fn +#undef STORE_method_get_cleanup_function +#define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn +#undef STORE_method_get_generate_function +#define STORE_method_get_generate_function STORE_meth_get_generate_fn +#undef STORE_method_get_modify_function +#define STORE_method_get_modify_function STORE_meth_get_modify_fn +#undef STORE_method_get_revoke_function +#define STORE_method_get_revoke_function STORE_meth_get_revoke_fn +#undef STORE_method_get_delete_function +#define STORE_method_get_delete_function STORE_meth_get_delete_fn +#undef STORE_method_get_list_start_function +#define STORE_method_get_list_start_function STORE_meth_get_list_start_fn +#undef STORE_method_get_list_next_function +#define STORE_method_get_list_next_function STORE_meth_get_list_next_fn +#undef STORE_method_get_list_end_function +#define STORE_method_get_list_end_function STORE_meth_get_list_end_fn +#undef STORE_method_get_update_store_function +#define STORE_method_get_update_store_function STORE_meth_get_update_store_fn +#undef STORE_method_get_lock_store_function +#define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn +#undef STORE_method_get_unlock_store_function +#define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn + +/* Hack some long CMS names */ +#undef CMS_RecipientInfo_ktri_get0_algs +#define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs +#undef CMS_RecipientInfo_ktri_get0_signer_id +#define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id +#undef CMS_OtherRevocationInfoFormat_it +#define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it +#undef CMS_KeyAgreeRecipientIdentifier_it +#define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it +#undef CMS_OriginatorIdentifierOrKey_it +#define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it +#undef cms_SignerIdentifier_get0_signer_id +#define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id + +/* Hack some long DTLS1 names */ +#undef dtls1_retransmit_buffered_messages +#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs + +#endif /* defined OPENSSL_SYS_VMS */ + + +/* Case insensiteve linking causes problems.... */ +#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) +#undef ERR_load_CRYPTO_strings +#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +#undef OCSP_crlID_new +#define OCSP_crlID_new OCSP_crlID2_new + +#undef d2i_ECPARAMETERS +#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +#undef i2d_ECPARAMETERS +#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +#undef d2i_ECPKPARAMETERS +#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +#undef i2d_ECPKPARAMETERS +#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* These functions do not seem to exist! However, I'm paranoid... + Original command in x509v3.h: + These functions are being redefined in another directory, + and clash when the linker is case-insensitive, so let's + hide them a little, by giving them an extra 'o' at the + beginning of the name... */ +#undef X509v3_cleanup_extensions +#define X509v3_cleanup_extensions oX509v3_cleanup_extensions +#undef X509v3_add_extension +#define X509v3_add_extension oX509v3_add_extension +#undef X509v3_add_netscape_extensions +#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions +#undef X509v3_add_standard_extensions +#define X509v3_add_standard_extensions oX509v3_add_standard_extensions + + +#endif + + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ +/* This one clashes with CMS_data_create */ +#undef cms_Data_create +#define cms_Data_create priv_cms_Data_create diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/tls1.h b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/tls1.h new file mode 100644 index 00000000..afe4807f --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Include/openssl/tls1.h @@ -0,0 +1,410 @@ +/* ssl/tls1.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * ECC cipher suite support in OpenSSL originally written by + * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. + * + */ + +#ifndef HEADER_TLS1_H +#define HEADER_TLS1_H + +#include <openssl/buffer.h> + +#ifdef __cplusplus +extern "C" { +#endif + +#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 + +#define TLS1_VERSION 0x0301 +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 + +#define TLS1_AD_DECRYPTION_FAILED 21 +#define TLS1_AD_RECORD_OVERFLOW 22 +#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ +#define TLS1_AD_ACCESS_DENIED 49 /* fatal */ +#define TLS1_AD_DECODE_ERROR 50 /* fatal */ +#define TLS1_AD_DECRYPT_ERROR 51 +#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ +#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ +#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ +#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_USER_CANCELLED 90 +#define TLS1_AD_NO_RENEGOTIATION 100 +/* codes 110-114 are from RFC3546 */ +#define TLS1_AD_UNSUPPORTED_EXTENSION 110 +#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +#define TLS1_AD_UNRECOGNIZED_NAME 112 +#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ + +/* ExtensionType values from RFC 3546 */ +#define TLSEXT_TYPE_server_name 0 +#define TLSEXT_TYPE_max_fragment_length 1 +#define TLSEXT_TYPE_client_certificate_url 2 +#define TLSEXT_TYPE_trusted_ca_keys 3 +#define TLSEXT_TYPE_truncated_hmac 4 +#define TLSEXT_TYPE_status_request 5 +#define TLSEXT_TYPE_elliptic_curves 10 +#define TLSEXT_TYPE_ec_point_formats 11 +#define TLSEXT_TYPE_session_ticket 35 + +/* Temporary extension type */ +#define TLSEXT_TYPE_renegotiate 0xff01 + +/* NameType value from RFC 3546 */ +#define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC 3546 */ +#define TLSEXT_STATUSTYPE_ocsp 1 + +#ifndef OPENSSL_NO_TLSEXT + +#define TLSEXT_MAXLEN_host_name 255 + +const char *SSL_get_servername(const SSL *s, const int type) ; +int SSL_get_servername_type(const SSL *s) ; + +#define SSL_set_tlsext_host_name(s,name) \ +SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) + +#define SSL_set_tlsext_debug_callback(ssl, cb) \ +SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) + +#define SSL_set_tlsext_debug_arg(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) + +#define SSL_set_tlsext_status_type(ssl, type) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) + +#define SSL_get_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_set_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_get_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_set_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) + +#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) + +#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ +SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) + +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_ALERT_WARNING 1 +#define SSL_TLSEXT_ERR_ALERT_FATAL 2 +#define SSL_TLSEXT_ERR_NOACK 3 + +#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ +SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) + +#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) +#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) + +#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + +#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ +SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + +#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + +#endif + +/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt + * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see + * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably + * shouldn't. */ +#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 +#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 +#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 +#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 +#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 +#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 +#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 + +/* AES ciphersuites from RFC3268 */ + +#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 + +#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* Camellia ciphersuites from RFC4132 */ +#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ +#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* XXX + * Inconsistency alert: + * The OpenSSL names of ciphers with ephemeral DH here include the string + * "DHE", while elsewhere it has always been "EDH". + * (The alias for the list of all such ciphers also is "EDH".) + * The specifications speak of "EDH"; maybe we should allow both forms + * for everything. */ +#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" +#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" +#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" +#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" +#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" +#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" +#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +/* AES ciphersuites from RFC3268 */ +#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ +#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* Camellia ciphersuites from RFC4132 */ +#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* SEED ciphersuites from RFC4162 */ +#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +#define TLS_CT_RSA_SIGN 1 +#define TLS_CT_DSS_SIGN 2 +#define TLS_CT_RSA_FIXED_DH 3 +#define TLS_CT_DSS_FIXED_DH 4 +#define TLS_CT_ECDSA_SIGN 64 +#define TLS_CT_RSA_FIXED_ECDH 65 +#define TLS_CT_ECDSA_FIXED_ECDH 66 +#define TLS_CT_NUMBER 7 + +#define TLS1_FINISH_MAC_LENGTH 12 + +#define TLS_MD_MAX_CONST_SIZE 20 +#define TLS_MD_CLIENT_FINISH_CONST "client finished" +#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +#define TLS_MD_SERVER_FINISH_CONST "server finished" +#define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_KEY_EXPANSION_CONST "key expansion" +#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_IV_BLOCK_CONST "IV block" +#define TLS_MD_IV_BLOCK_CONST_SIZE 8 +#define TLS_MD_MASTER_SECRET_CONST "master secret" +#define TLS_MD_MASTER_SECRET_CONST_SIZE 13 + +#ifdef CHARSET_EBCDIC +#undef TLS_MD_CLIENT_FINISH_CONST +#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/ +#undef TLS_MD_SERVER_FINISH_CONST +#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/ +#undef TLS_MD_SERVER_WRITE_KEY_CONST +#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ +#undef TLS_MD_KEY_EXPANSION_CONST +#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/ +#undef TLS_MD_CLIENT_WRITE_KEY_CONST +#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/ +#undef TLS_MD_SERVER_WRITE_KEY_CONST +#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ +#undef TLS_MD_IV_BLOCK_CONST +#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/ +#undef TLS_MD_MASTER_SECRET_CONST +#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ +#endif + +#ifdef __cplusplus +} +#endif +#endif + + + diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Makefile b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Makefile new file mode 100644 index 00000000..a05a4db0 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Makefile @@ -0,0 +1,47 @@ +ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) + +LIB_PATH = /usr/lib64 + +EFI_INCLUDE = /usr/include/efi +EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol +EFI_PATH = /usr/lib64/gnuefi + +LIB_GCC = $(shell $(CC) -print-libgcc-file-name) +EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) + +CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ + -Wall $(EFI_INCLUDES) -mno-red-zone -maccumulate-outgoing-args -mno-sse -mno-mmx +ifeq ($(ARCH),x86_64) + CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI +endif +LDFLAGS = -nostdlib -znocombreloc + +TARGET = libcryptlib.a +OBJS = Hash/CryptMd4.o \ + Hash/CryptMd5.o \ + Hash/CryptSha1.o \ + Hash/CryptSha256.o \ + Hmac/CryptHmacMd5.o \ + Hmac/CryptHmacSha1.o \ + Cipher/CryptAes.o \ + Cipher/CryptTdes.o \ + Cipher/CryptArc4.o \ + Rand/CryptRand.o \ + Pk/CryptRsaBasic.o \ + Pk/CryptRsaExt.o \ + Pk/CryptPkcs7.o \ + Pk/CryptDh.o \ + Pk/CryptX509.o \ + Pk/CryptAuthenticode.o \ + Pem/CryptPem.o \ + SysCall/CrtWrapper.o \ + SysCall/TimerWrapper.o \ + SysCall/BaseMemAllocation.o \ + SysCall/BaseStrings.o + +all: $(TARGET) + +libcryptlib.a: $(OBJS) + ar rcs libcryptlib.a $(OBJS) +clean: + rm -f $(TARGET) $(OBJS) diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_int.c new file mode 100755 index 00000000..f551bdba --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_int.c @@ -0,0 +1,458 @@ +/* crypto/asn1/a_int.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/bn.h> + +ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) +{ return M_ASN1_INTEGER_dup(x);} + +int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) + { + int neg, ret; + /* Compare signs */ + neg = x->type & V_ASN1_NEG; + if (neg != (y->type & V_ASN1_NEG)) + { + if (neg) + return -1; + else + return 1; + } + + ret = ASN1_STRING_cmp(x, y); + + if (neg) + return -ret; + else + return ret; + } + + +/* + * This converts an ASN1 INTEGER into its content encoding. + * The internal representation is an ASN1_STRING whose data is a big endian + * representation of the value, ignoring the sign. The sign is determined by + * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. + * + * Positive integers are no problem: they are almost the same as the DER + * encoding, except if the first byte is >= 0x80 we need to add a zero pad. + * + * Negative integers are a bit trickier... + * The DER representation of negative integers is in 2s complement form. + * The internal form is converted by complementing each octet and finally + * adding one to the result. This can be done less messily with a little trick. + * If the internal form has trailing zeroes then they will become FF by the + * complement and 0 by the add one (due to carry) so just copy as many trailing + * zeros to the destination as there are in the source. The carry will add one + * to the last none zero octet: so complement this octet and add one and finally + * complement any left over until you get to the start of the string. + * + * Padding is a little trickier too. If the first bytes is > 0x80 then we pad + * with 0xff. However if the first byte is 0x80 and one of the following bytes + * is non-zero we pad with 0xff. The reason for this distinction is that 0x80 + * followed by optional zeros isn't padded. + */ + +int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) + { + int pad=0,ret,i,neg; + unsigned char *p,*n,pb=0; + + if ((a == NULL) || (a->data == NULL)) return(0); + neg=a->type & V_ASN1_NEG; + if (a->length == 0) + ret=1; + else + { + ret=a->length; + i=a->data[0]; + if (!neg && (i > 127)) { + pad=1; + pb=0; + } else if(neg) { + if(i>128) { + pad=1; + pb=0xFF; + } else if(i == 128) { + /* + * Special case: if any other bytes non zero we pad: + * otherwise we don't. + */ + for(i = 1; i < a->length; i++) if(a->data[i]) { + pad=1; + pb=0xFF; + break; + } + } + } + ret+=pad; + } + if (pp == NULL) return(ret); + p= *pp; + + if (pad) *(p++)=pb; + if (a->length == 0) *(p++)=0; + else if (!neg) memcpy(p,a->data,(unsigned int)a->length); + else { + /* Begin at the end of the encoding */ + n=a->data + a->length - 1; + p += a->length - 1; + i = a->length; + /* Copy zeros to destination as long as source is zero */ + while(!*n) { + *(p--) = 0; + n--; + i--; + } + /* Complement and increment next octet */ + *(p--) = ((*(n--)) ^ 0xff) + 1; + i--; + /* Complement any octets left */ + for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; + } + + *pp+=ret; + return(ret); + } + +/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ + +ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long len) + { + ASN1_INTEGER *ret=NULL; + const unsigned char *p, *pend; + unsigned char *to,*s; + int i; + + if ((a == NULL) || ((*a) == NULL)) + { + if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); + ret->type=V_ASN1_INTEGER; + } + else + ret=(*a); + + p= *pp; + pend = p + len; + + /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it + * signifies a missing NULL parameter. */ + s=(unsigned char *)OPENSSL_malloc((int)len+1); + if (s == NULL) + { + i=ERR_R_MALLOC_FAILURE; + goto err; + } + to=s; + if(!len) { + /* Strictly speaking this is an illegal INTEGER but we + * tolerate it. + */ + ret->type=V_ASN1_INTEGER; + } else if (*p & 0x80) /* a negative number */ + { + ret->type=V_ASN1_NEG_INTEGER; + if ((*p == 0xff) && (len != 1)) { + p++; + len--; + } + i = len; + p += i - 1; + to += i - 1; + while((!*p) && i) { + *(to--) = 0; + i--; + p--; + } + /* Special case: if all zeros then the number will be of + * the form FF followed by n zero bytes: this corresponds to + * 1 followed by n zero bytes. We've already written n zeros + * so we just append an extra one and set the first byte to + * a 1. This is treated separately because it is the only case + * where the number of bytes is larger than len. + */ + if(!i) { + *s = 1; + s[len] = 0; + len++; + } else { + *(to--) = (*(p--) ^ 0xff) + 1; + i--; + for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; + } + } else { + ret->type=V_ASN1_INTEGER; + if ((*p == 0) && (len != 1)) + { + p++; + len--; + } + memcpy(s,p,(int)len); + } + + if (ret->data != NULL) OPENSSL_free(ret->data); + ret->data=s; + ret->length=(int)len; + if (a != NULL) (*a)=ret; + *pp=pend; + return(ret); +err: + ASN1err(ASN1_F_C2I_ASN1_INTEGER,i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_INTEGER_free(ret); + return(NULL); + } + + +/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of + * ASN1 integers: some broken software can encode a positive INTEGER + * with its MSB set as negative (it doesn't add a padding zero). + */ + +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length) + { + ASN1_INTEGER *ret=NULL; + const unsigned char *p; + unsigned char *s; + long len; + int inf,tag,xclass; + int i; + + if ((a == NULL) || ((*a) == NULL)) + { + if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); + ret->type=V_ASN1_INTEGER; + } + else + ret=(*a); + + p= *pp; + inf=ASN1_get_object(&p,&len,&tag,&xclass,length); + if (inf & 0x80) + { + i=ASN1_R_BAD_OBJECT_HEADER; + goto err; + } + + if (tag != V_ASN1_INTEGER) + { + i=ASN1_R_EXPECTING_AN_INTEGER; + goto err; + } + + /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it + * signifies a missing NULL parameter. */ + s=(unsigned char *)OPENSSL_malloc((int)len+1); + if (s == NULL) + { + i=ERR_R_MALLOC_FAILURE; + goto err; + } + ret->type=V_ASN1_INTEGER; + if(len) { + if ((*p == 0) && (len != 1)) + { + p++; + len--; + } + memcpy(s,p,(int)len); + p+=len; + } + + if (ret->data != NULL) OPENSSL_free(ret->data); + ret->data=s; + ret->length=(int)len; + if (a != NULL) (*a)=ret; + *pp=p; + return(ret); +err: + ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_INTEGER_free(ret); + return(NULL); + } + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) + { + int j,k; + unsigned int i; + unsigned char buf[sizeof(long)+1]; + long d; + + a->type=V_ASN1_INTEGER; + if (a->length < (int)(sizeof(long)+1)) + { + if (a->data != NULL) + OPENSSL_free(a->data); + if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) + memset((char *)a->data,0,sizeof(long)+1); + } + if (a->data == NULL) + { + ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE); + return(0); + } + d=v; + if (d < 0) + { + d= -d; + a->type=V_ASN1_NEG_INTEGER; + } + + for (i=0; i<sizeof(long); i++) + { + if (d == 0) break; + buf[i]=(int)d&0xff; + d>>=8; + } + j=0; + for (k=i-1; k >=0; k--) + a->data[j++]=buf[k]; + a->length=j; + return(1); + } + +long ASN1_INTEGER_get(ASN1_INTEGER *a) + { + int neg=0,i; + long r=0; + + if (a == NULL) return(0L); + i=a->type; + if (i == V_ASN1_NEG_INTEGER) + neg=1; + else if (i != V_ASN1_INTEGER) + return -1; + + if (a->length > (int)sizeof(long)) + { + /* hmm... a bit ugly */ + return(0xffffffffL); + } + if (a->data == NULL) + return 0; + + for (i=0; i<a->length; i++) + { + r<<=8; + r|=(unsigned char)a->data[i]; + } + if (neg) r= -r; + return(r); + } + +ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) + { + ASN1_INTEGER *ret; + int len,j; + + if (ai == NULL) + ret=M_ASN1_INTEGER_new(); + else + ret=ai; + if (ret == NULL) + { + ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); + goto err; + } + if (BN_is_negative(bn)) + ret->type = V_ASN1_NEG_INTEGER; + else ret->type=V_ASN1_INTEGER; + j=BN_num_bits(bn); + len=((j == 0)?0:((j/8)+1)); + if (ret->length < len+4) + { + unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); + if (!new_data) + { + ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); + goto err; + } + ret->data=new_data; + } + ret->length=BN_bn2bin(bn,ret->data); + /* Correct zero case */ + if(!ret->length) + { + ret->data[0] = 0; + ret->length = 1; + } + return(ret); +err: + if (ret != ai) M_ASN1_INTEGER_free(ret); + return(NULL); + } + +BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) + { + BIGNUM *ret; + + if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) + ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); + else if(ai->type == V_ASN1_NEG_INTEGER) + BN_set_negative(ret, 1); + return(ret); + } + +IMPLEMENT_STACK_OF(ASN1_INTEGER) +IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strex.c new file mode 100755 index 00000000..264ebf23 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strex.c @@ -0,0 +1,574 @@ +/* a_strex.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <string.h> +#include "cryptlib.h" +#include <openssl/crypto.h> +#include <openssl/x509.h> +#include <openssl/asn1.h> + +#include "charmap.h" + +/* ASN1_STRING_print_ex() and X509_NAME_print_ex(). + * Enhanced string and name printing routines handling + * multibyte characters, RFC2253 and a host of other + * options. + */ + + +#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) + +#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB) + + +/* Three IO functions for sending data to memory, a BIO and + * and a FILE pointer. + */ +#if 0 /* never used */ +static int send_mem_chars(void *arg, const void *buf, int len) +{ + unsigned char **out = arg; + if(!out) return 1; + memcpy(*out, buf, len); + *out += len; + return 1; +} +#endif + +static int send_bio_chars(void *arg, const void *buf, int len) +{ + if(!arg) return 1; + if(BIO_write(arg, buf, len) != len) return 0; + return 1; +} + +static int send_fp_chars(void *arg, const void *buf, int len) +{ + if(!arg) return 1; + if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; + return 1; +} + +typedef int char_io(void *arg, const void *buf, int len); + +/* This function handles display of + * strings, one character at a time. + * It is passed an unsigned long for each + * character because it could come from 2 or even + * 4 byte forms. + */ + +static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) +{ + unsigned char chflgs, chtmp; + char tmphex[HEX_SIZE(long)+3]; + + if(c > 0xffffffffL) + return -1; + if(c > 0xffff) { + BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); + if(!io_ch(arg, tmphex, 10)) return -1; + return 10; + } + if(c > 0xff) { + BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); + if(!io_ch(arg, tmphex, 6)) return -1; + return 6; + } + chtmp = (unsigned char)c; + if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB; + else chflgs = char_type[chtmp] & flags; + if(chflgs & CHARTYPE_BS_ESC) { + /* If we don't escape with quotes, signal we need quotes */ + if(chflgs & ASN1_STRFLGS_ESC_QUOTE) { + if(do_quotes) *do_quotes = 1; + if(!io_ch(arg, &chtmp, 1)) return -1; + return 1; + } + if(!io_ch(arg, "\\", 1)) return -1; + if(!io_ch(arg, &chtmp, 1)) return -1; + return 2; + } + if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) { + BIO_snprintf(tmphex, 11, "\\%02X", chtmp); + if(!io_ch(arg, tmphex, 3)) return -1; + return 3; + } + /* If we get this far and do any escaping at all must escape + * the escape character itself: backslash. + */ + if (chtmp == '\\' && flags & ESC_FLAGS) { + if(!io_ch(arg, "\\\\", 2)) return -1; + return 2; + } + if(!io_ch(arg, &chtmp, 1)) return -1; + return 1; +} + +#define BUF_TYPE_WIDTH_MASK 0x7 +#define BUF_TYPE_CONVUTF8 0x8 + +/* This function sends each character in a buffer to + * do_esc_char(). It interprets the content formats + * and converts to or from UTF8 as appropriate. + */ + +static int do_buf(unsigned char *buf, int buflen, + int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) +{ + int i, outlen, len; + unsigned char orflags, *p, *q; + unsigned long c; + p = buf; + q = buf + buflen; + outlen = 0; + while(p != q) { + if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; + else orflags = 0; + switch(type & BUF_TYPE_WIDTH_MASK) { + case 4: + c = ((unsigned long)*p++) << 24; + c |= ((unsigned long)*p++) << 16; + c |= ((unsigned long)*p++) << 8; + c |= *p++; + break; + + case 2: + c = ((unsigned long)*p++) << 8; + c |= *p++; + break; + + case 1: + c = *p++; + break; + + case 0: + i = UTF8_getc(p, buflen, &c); + if(i < 0) return -1; /* Invalid UTF8String */ + p += i; + break; + default: + return -1; /* invalid width */ + } + if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253; + if(type & BUF_TYPE_CONVUTF8) { + unsigned char utfbuf[6]; + int utflen; + utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); + for(i = 0; i < utflen; i++) { + /* We don't need to worry about setting orflags correctly + * because if utflen==1 its value will be correct anyway + * otherwise each character will be > 0x7f and so the + * character will never be escaped on first and last. + */ + len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg); + if(len < 0) return -1; + outlen += len; + } + } else { + len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg); + if(len < 0) return -1; + outlen += len; + } + } + return outlen; +} + +/* This function hex dumps a buffer of characters */ + +static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) +{ + static const char hexdig[] = "0123456789ABCDEF"; + unsigned char *p, *q; + char hextmp[2]; + if(arg) { + p = buf; + q = buf + buflen; + while(p != q) { + hextmp[0] = hexdig[*p >> 4]; + hextmp[1] = hexdig[*p & 0xf]; + if(!io_ch(arg, hextmp, 2)) return -1; + p++; + } + } + return buflen << 1; +} + +/* "dump" a string. This is done when the type is unknown, + * or the flags request it. We can either dump the content + * octets or the entire DER encoding. This uses the RFC2253 + * #01234 format. + */ + +static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) +{ + /* Placing the ASN1_STRING in a temp ASN1_TYPE allows + * the DER encoding to readily obtained + */ + ASN1_TYPE t; + unsigned char *der_buf, *p; + int outlen, der_len; + + if(!io_ch(arg, "#", 1)) return -1; + /* If we don't dump DER encoding just dump content octets */ + if(!(lflags & ASN1_STRFLGS_DUMP_DER)) { + outlen = do_hex_dump(io_ch, arg, str->data, str->length); + if(outlen < 0) return -1; + return outlen + 1; + } + t.type = str->type; + t.value.ptr = (char *)str; + der_len = i2d_ASN1_TYPE(&t, NULL); + der_buf = OPENSSL_malloc(der_len); + if(!der_buf) return -1; + p = der_buf; + i2d_ASN1_TYPE(&t, &p); + outlen = do_hex_dump(io_ch, arg, der_buf, der_len); + OPENSSL_free(der_buf); + if(outlen < 0) return -1; + return outlen + 1; +} + +/* Lookup table to convert tags to character widths, + * 0 = UTF8 encoded, -1 is used for non string types + * otherwise it is the number of bytes per character + */ + +static const signed char tag2nbyte[] = { + -1, -1, -1, -1, -1, /* 0-4 */ + -1, -1, -1, -1, -1, /* 5-9 */ + -1, -1, 0, -1, /* 10-13 */ + -1, -1, -1, -1, /* 15-17 */ + -1, 1, 1, /* 18-20 */ + -1, 1, 1, 1, /* 21-24 */ + -1, 1, -1, /* 25-27 */ + 4, -1, 2 /* 28-30 */ +}; + +/* This is the main function, print out an + * ASN1_STRING taking note of various escape + * and display options. Returns number of + * characters written or -1 if an error + * occurred. + */ + +static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) +{ + int outlen, len; + int type; + char quotes; + unsigned char flags; + quotes = 0; + /* Keep a copy of escape flags */ + flags = (unsigned char)(lflags & ESC_FLAGS); + + type = str->type; + + outlen = 0; + + + if(lflags & ASN1_STRFLGS_SHOW_TYPE) { + const char *tagname; + tagname = ASN1_tag2str(type); + outlen += strlen(tagname); + if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; + outlen++; + } + + /* Decide what to do with type, either dump content or display it */ + + /* Dump everything */ + if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1; + /* Ignore the string type */ + else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1; + else { + /* Else determine width based on type */ + if((type > 0) && (type < 31)) type = tag2nbyte[type]; + else type = -1; + if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; + } + + if(type == -1) { + len = do_dump(lflags, io_ch, arg, str); + if(len < 0) return -1; + outlen += len; + return outlen; + } + + if(lflags & ASN1_STRFLGS_UTF8_CONVERT) { + /* Note: if string is UTF8 and we want + * to convert to UTF8 then we just interpret + * it as 1 byte per character to avoid converting + * twice. + */ + if(!type) type = 1; + else type |= BUF_TYPE_CONVUTF8; + } + + len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); + if(len < 0) return -1; + outlen += len; + if(quotes) outlen += 2; + if(!arg) return outlen; + if(quotes && !io_ch(arg, "\"", 1)) return -1; + if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) + return -1; + if(quotes && !io_ch(arg, "\"", 1)) return -1; + return outlen; +} + +/* Used for line indenting: print 'indent' spaces */ + +static int do_indent(char_io *io_ch, void *arg, int indent) +{ + int i; + for(i = 0; i < indent; i++) + if(!io_ch(arg, " ", 1)) return 0; + return 1; +} + +#define FN_WIDTH_LN 25 +#define FN_WIDTH_SN 10 + +static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, + int indent, unsigned long flags) +{ + int i, prev = -1, orflags, cnt; + int fn_opt, fn_nid; + ASN1_OBJECT *fn; + ASN1_STRING *val; + X509_NAME_ENTRY *ent; + char objtmp[80]; + const char *objbuf; + int outlen, len; + char *sep_dn, *sep_mv, *sep_eq; + int sep_dn_len, sep_mv_len, sep_eq_len; + if(indent < 0) indent = 0; + outlen = indent; + if(!do_indent(io_ch, arg, indent)) return -1; + switch (flags & XN_FLAG_SEP_MASK) + { + case XN_FLAG_SEP_MULTILINE: + sep_dn = "\n"; + sep_dn_len = 1; + sep_mv = " + "; + sep_mv_len = 3; + break; + + case XN_FLAG_SEP_COMMA_PLUS: + sep_dn = ","; + sep_dn_len = 1; + sep_mv = "+"; + sep_mv_len = 1; + indent = 0; + break; + + case XN_FLAG_SEP_CPLUS_SPC: + sep_dn = ", "; + sep_dn_len = 2; + sep_mv = " + "; + sep_mv_len = 3; + indent = 0; + break; + + case XN_FLAG_SEP_SPLUS_SPC: + sep_dn = "; "; + sep_dn_len = 2; + sep_mv = " + "; + sep_mv_len = 3; + indent = 0; + break; + + default: + return -1; + } + + if(flags & XN_FLAG_SPC_EQ) { + sep_eq = " = "; + sep_eq_len = 3; + } else { + sep_eq = "="; + sep_eq_len = 1; + } + + fn_opt = flags & XN_FLAG_FN_MASK; + + cnt = X509_NAME_entry_count(n); + for(i = 0; i < cnt; i++) { + if(flags & XN_FLAG_DN_REV) + ent = X509_NAME_get_entry(n, cnt - i - 1); + else ent = X509_NAME_get_entry(n, i); + if(prev != -1) { + if(prev == ent->set) { + if(!io_ch(arg, sep_mv, sep_mv_len)) return -1; + outlen += sep_mv_len; + } else { + if(!io_ch(arg, sep_dn, sep_dn_len)) return -1; + outlen += sep_dn_len; + if(!do_indent(io_ch, arg, indent)) return -1; + outlen += indent; + } + } + prev = ent->set; + fn = X509_NAME_ENTRY_get_object(ent); + val = X509_NAME_ENTRY_get_data(ent); + fn_nid = OBJ_obj2nid(fn); + if(fn_opt != XN_FLAG_FN_NONE) { + int objlen, fld_len; + if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { + OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); + fld_len = 0; /* XXX: what should this be? */ + objbuf = objtmp; + } else { + if(fn_opt == XN_FLAG_FN_SN) { + fld_len = FN_WIDTH_SN; + objbuf = OBJ_nid2sn(fn_nid); + } else if(fn_opt == XN_FLAG_FN_LN) { + fld_len = FN_WIDTH_LN; + objbuf = OBJ_nid2ln(fn_nid); + } else { + fld_len = 0; /* XXX: what should this be? */ + objbuf = ""; + } + } + objlen = strlen(objbuf); + if(!io_ch(arg, objbuf, objlen)) return -1; + if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { + if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; + outlen += fld_len - objlen; + } + if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; + outlen += objlen + sep_eq_len; + } + /* If the field name is unknown then fix up the DER dump + * flag. We might want to limit this further so it will + * DER dump on anything other than a few 'standard' fields. + */ + if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) + orflags = ASN1_STRFLGS_DUMP_ALL; + else orflags = 0; + + len = do_print_ex(io_ch, arg, flags | orflags, val); + if(len < 0) return -1; + outlen += len; + } + return outlen; +} + +/* Wrappers round the main functions */ + +int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) +{ + if(flags == XN_FLAG_COMPAT) + return X509_NAME_print(out, nm, indent); + return do_name_ex(send_bio_chars, out, nm, indent, flags); +} + +#ifndef OPENSSL_NO_FP_API +int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) +{ + if(flags == XN_FLAG_COMPAT) + { + BIO *btmp; + int ret; + btmp = BIO_new_fp(fp, BIO_NOCLOSE); + if(!btmp) return -1; + ret = X509_NAME_print(btmp, nm, indent); + BIO_free(btmp); + return ret; + } + return do_name_ex(send_fp_chars, fp, nm, indent, flags); +} +#endif + +int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) +{ + return do_print_ex(send_bio_chars, out, flags, str); +} + +#ifndef OPENSSL_NO_FP_API +int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) +{ + return do_print_ex(send_fp_chars, fp, flags, str); +} +#endif + +/* Utility function: convert any string type to UTF8, returns number of bytes + * in output string or a negative error code + */ + +int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) +{ + ASN1_STRING stmp, *str = &stmp; + int mbflag, type, ret; + if(!in) return -1; + type = in->type; + if((type < 0) || (type > 30)) return -1; + mbflag = tag2nbyte[type]; + if(mbflag == -1) return -1; + mbflag |= MBSTRING_FLAG; + stmp.data = NULL; + ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); + if(ret < 0) return ret; + *out = stmp.data; + return stmp.length; +} diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c new file mode 100755 index 00000000..b68ae433 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c @@ -0,0 +1,290 @@ +/* a_strnid.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include "cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/objects.h> + + +static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; +static void st_free(ASN1_STRING_TABLE *tbl); +static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, + const ASN1_STRING_TABLE * const *b); +static int table_cmp(const void *a, const void *b); + + +/* This is the global mask for the mbstring functions: this is use to + * mask out certain types (such as BMPString and UTF8String) because + * certain software (e.g. Netscape) has problems with them. + */ + +static unsigned long global_mask = 0xFFFFFFFFL; + +void ASN1_STRING_set_default_mask(unsigned long mask) +{ + global_mask = mask; +} + +unsigned long ASN1_STRING_get_default_mask(void) +{ + return global_mask; +} + +/* This function sets the default to various "flavours" of configuration. + * based on an ASCII string. Currently this is: + * MASK:XXXX : a numerical mask value. + * nobmp : Don't use BMPStrings (just Printable, T61). + * pkix : PKIX recommendation in RFC2459. + * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). + * default: the default value, Printable, T61, BMP. + */ + +int ASN1_STRING_set_default_mask_asc(const char *p) +{ + unsigned long mask; + char *end; + if(!strncmp(p, "MASK:", 5)) { + if(!p[5]) return 0; + mask = strtoul(p + 5, &end, 0); + if(*end) return 0; + } else if(!strcmp(p, "nombstr")) + mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); + else if(!strcmp(p, "pkix")) + mask = ~((unsigned long)B_ASN1_T61STRING); + else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; + else if(!strcmp(p, "default")) + mask = 0xFFFFFFFFL; + else return 0; + ASN1_STRING_set_default_mask(mask); + return 1; +} + +/* The following function generates an ASN1_STRING based on limits in a table. + * Frequently the types and length of an ASN1_STRING are restricted by a + * corresponding OID. For example certificates and certificate requests. + */ + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, + int inlen, int inform, int nid) +{ + ASN1_STRING_TABLE *tbl; + ASN1_STRING *str = NULL; + unsigned long mask; + int ret; + if(!out) out = &str; + tbl = ASN1_STRING_TABLE_get(nid); + if(tbl) { + mask = tbl->mask; + if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; + ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, + tbl->minsize, tbl->maxsize); + } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); + if(ret <= 0) return NULL; + return *out; +} + +/* Now the tables and helper functions for the string table: + */ + +/* size limits: this stuff is taken straight from RFC3280 */ + +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 +#define ub_serial_number 64 + + +/* This table must be kept in NID order */ + +static ASN1_STRING_TABLE tbl_standard[] = { +{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, +{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, +{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, +{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, +{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, +{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, +{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, +{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, +{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, +{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, +{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, +{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} +}; + +static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, + const ASN1_STRING_TABLE * const *b) +{ + return (*a)->nid - (*b)->nid; +} + +static int table_cmp(const void *a, const void *b) +{ + const ASN1_STRING_TABLE *sa = a, *sb = b; + return sa->nid - sb->nid; +} + +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) +{ + int idx; + ASN1_STRING_TABLE *ttmp; + ASN1_STRING_TABLE fnd; + fnd.nid = nid; + ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, + (char *)tbl_standard, + sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), + sizeof(ASN1_STRING_TABLE), table_cmp); + if(ttmp) return ttmp; + if(!stable) return NULL; + idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); + if(idx < 0) return NULL; + return sk_ASN1_STRING_TABLE_value(stable, idx); +} + +int ASN1_STRING_TABLE_add(int nid, + long minsize, long maxsize, unsigned long mask, + unsigned long flags) +{ + ASN1_STRING_TABLE *tmp; + char new_nid = 0; + flags &= ~STABLE_FLAGS_MALLOC; + if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); + if(!stable) { + ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } + if(!(tmp = ASN1_STRING_TABLE_get(nid))) { + tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); + if(!tmp) { + ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, + ERR_R_MALLOC_FAILURE); + return 0; + } + tmp->flags = flags | STABLE_FLAGS_MALLOC; + tmp->nid = nid; + new_nid = 1; + } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; + if(minsize != -1) tmp->minsize = minsize; + if(maxsize != -1) tmp->maxsize = maxsize; + tmp->mask = mask; + if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); + return 1; +} + +void ASN1_STRING_TABLE_cleanup(void) +{ + STACK_OF(ASN1_STRING_TABLE) *tmp; + tmp = stable; + if(!tmp) return; + stable = NULL; + sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); +} + +static void st_free(ASN1_STRING_TABLE *tbl) +{ + if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); +} + + +IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) + +#ifdef STRING_TABLE_TEST + +main() +{ + ASN1_STRING_TABLE *tmp; + int i, last_nid = -1; + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) + { + if (tmp->nid < last_nid) + { + last_nid = 0; + break; + } + last_nid = tmp->nid; + } + + if (last_nid != 0) + { + printf("Table order OK\n"); + exit(0); + } + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) + printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, + OBJ_nid2ln(tmp->nid)); + +} + +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_verify.c new file mode 100755 index 00000000..da3efaaf --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/a_verify.c @@ -0,0 +1,186 @@ +/* crypto/asn1/a_verify.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <time.h> + +#include "cryptlib.h" + +#ifndef NO_SYS_TYPES_H +# include <sys/types.h> +#endif + +#include <openssl/bn.h> +#include <openssl/x509.h> +#include <openssl/objects.h> +#include <openssl/buffer.h> +#include <openssl/evp.h> + +#ifndef NO_ASN1_OLD + +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey) + { + EVP_MD_CTX ctx; + const EVP_MD *type; + unsigned char *p,*buf_in=NULL; + int ret= -1,i,inl; + + EVP_MD_CTX_init(&ctx); + i=OBJ_obj2nid(a->algorithm); + type=EVP_get_digestbyname(OBJ_nid2sn(i)); + if (type == NULL) + { + ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + goto err; + } + + inl=i2d(data,NULL); + buf_in=OPENSSL_malloc((unsigned int)inl); + if (buf_in == NULL) + { + ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); + goto err; + } + p=buf_in; + + i2d(data,&p); + if (!EVP_VerifyInit_ex(&ctx,type, NULL)) + { + ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); + ret=0; + goto err; + } + EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); + + OPENSSL_cleanse(buf_in,(unsigned int)inl); + OPENSSL_free(buf_in); + + if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, + (unsigned int)signature->length,pkey) <= 0) + { + ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); + ret=0; + goto err; + } + /* we don't need to zero the 'ctx' because we just checked + * public information */ + /* memset(&ctx,0,sizeof(ctx)); */ + ret=1; +err: + EVP_MD_CTX_cleanup(&ctx); + return(ret); + } + +#endif + + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, + void *asn, EVP_PKEY *pkey) + { + EVP_MD_CTX ctx; + const EVP_MD *type; + unsigned char *buf_in=NULL; + int ret= -1,i,inl; + + EVP_MD_CTX_init(&ctx); + i=OBJ_obj2nid(a->algorithm); + type=EVP_get_digestbyname(OBJ_nid2sn(i)); + if (type == NULL) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + goto err; + } + + if (!EVP_VerifyInit_ex(&ctx,type, NULL)) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); + ret=0; + goto err; + } + + inl = ASN1_item_i2d(asn, &buf_in, it); + + if (buf_in == NULL) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); + goto err; + } + + EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); + + OPENSSL_cleanse(buf_in,(unsigned int)inl); + OPENSSL_free(buf_in); + + if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, + (unsigned int)signature->length,pkey) <= 0) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); + ret=0; + goto err; + } + /* we don't need to zero the 'ctx' because we just checked + * public information */ + /* memset(&ctx,0,sizeof(ctx)); */ + ret=1; +err: + EVP_MD_CTX_cleanup(&ctx); + return(ret); + } + + diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c new file mode 100755 index 00000000..afb95d67 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c @@ -0,0 +1,839 @@ +/* crypto/asn1/t_pkey.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Binary polynomial ECC support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/buffer.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_EC +#include <openssl/ec.h> +#endif + +static int print(BIO *fp,const char *str, const BIGNUM *num, + unsigned char *buf,int off); +#ifndef OPENSSL_NO_EC +static int print_bin(BIO *fp, const char *str, const unsigned char *num, + size_t len, int off); +#endif +#ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_FP_API +int RSA_print_fp(FILE *fp, const RSA *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=RSA_print(b,x,off); + BIO_free(b); + return(ret); + } +#endif + +int RSA_print(BIO *bp, const RSA *x, int off) + { + char str[128]; + const char *s; + unsigned char *m=NULL; + int ret=0, mod_len = 0; + size_t buf_len=0, i; + + if (x->n) + buf_len = (size_t)BN_num_bytes(x->n); + if (x->e) + if (buf_len < (i = (size_t)BN_num_bytes(x->e))) + buf_len = i; + if (x->d) + if (buf_len < (i = (size_t)BN_num_bytes(x->d))) + buf_len = i; + if (x->p) + if (buf_len < (i = (size_t)BN_num_bytes(x->p))) + buf_len = i; + if (x->q) + if (buf_len < (i = (size_t)BN_num_bytes(x->q))) + buf_len = i; + if (x->dmp1) + if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1))) + buf_len = i; + if (x->dmq1) + if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1))) + buf_len = i; + if (x->iqmp) + if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp))) + buf_len = i; + + m=(unsigned char *)OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (x->n != NULL) + mod_len = BN_num_bits(x->n); + + if (x->d != NULL) + { + if(!BIO_indent(bp,off,128)) + goto err; + if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) + <= 0) goto err; + } + + if (x->d == NULL) + BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len); + else + BUF_strlcpy(str,"modulus:",sizeof str); + if (!print(bp,str,x->n,m,off)) goto err; + s=(x->d == NULL)?"Exponent:":"publicExponent:"; + if ((x->e != NULL) && !print(bp,s,x->e,m,off)) + goto err; + if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off)) + goto err; + if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off)) + goto err; + if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off)) + goto err; + if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off)) + goto err; + if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off)) + goto err; + if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off)) + goto err; + ret=1; +err: + if (m != NULL) OPENSSL_free(m); + return(ret); + } +#endif /* OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_FP_API +int DSA_print_fp(FILE *fp, const DSA *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DSA_print(b,x,off); + BIO_free(b); + return(ret); + } +#endif + +int DSA_print(BIO *bp, const DSA *x, int off) + { + unsigned char *m=NULL; + int ret=0; + size_t buf_len=0,i; + + if (x->p) + buf_len = (size_t)BN_num_bytes(x->p); + else + { + DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); + goto err; + } + if (x->q) + if (buf_len < (i = (size_t)BN_num_bytes(x->q))) + buf_len = i; + if (x->g) + if (buf_len < (i = (size_t)BN_num_bytes(x->g))) + buf_len = i; + if (x->priv_key) + if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key))) + buf_len = i; + if (x->pub_key) + if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key))) + buf_len = i; + + m=(unsigned char *)OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (x->priv_key != NULL) + { + if(!BIO_indent(bp,off,128)) + goto err; + if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) + <= 0) goto err; + } + + if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off)) + goto err; + if ((x->pub_key != NULL) && !print(bp,"pub: ",x->pub_key,m,off)) + goto err; + if ((x->p != NULL) && !print(bp,"P: ",x->p,m,off)) goto err; + if ((x->q != NULL) && !print(bp,"Q: ",x->q,m,off)) goto err; + if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err; + ret=1; +err: + if (m != NULL) OPENSSL_free(m); + return(ret); + } +#endif /* !OPENSSL_NO_DSA */ + +#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_FP_API +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECPKParameters_print(b, x, off); + BIO_free(b); + return(ret); + } + +int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = EC_KEY_print(b, x, off); + BIO_free(b); + return(ret); + } +#endif + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) + { + unsigned char *buffer=NULL; + size_t buf_len=0, i; + int ret=0, reason=ERR_R_BIO_LIB; + BN_CTX *ctx=NULL; + const EC_POINT *point=NULL; + BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, + *order=NULL, *cofactor=NULL; + const unsigned char *seed; + size_t seed_len=0; + + static const char *gen_compressed = "Generator (compressed):"; + static const char *gen_uncompressed = "Generator (uncompressed):"; + static const char *gen_hybrid = "Generator (hybrid):"; + + if (!x) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + if (EC_GROUP_get_asn1_flag(x)) + { + /* the curve parameter are given by an asn1 OID */ + int nid; + + if (!BIO_indent(bp, off, 128)) + goto err; + + nid = EC_GROUP_get_curve_name(x); + if (nid == 0) + goto err; + + if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) + goto err; + if (BIO_printf(bp, "\n") <= 0) + goto err; + } + else + { + /* explicit parameters */ + int is_char_two = 0; + point_conversion_form_t form; + int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); + + if (tmp_nid == NID_X9_62_characteristic_two_field) + is_char_two = 1; + + if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || + (b = BN_new()) == NULL || (order = BN_new()) == NULL || + (cofactor = BN_new()) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (is_char_two) + { + if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } + } + else /* prime field */ + { + if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } + } + + if ((point = EC_GROUP_get0_generator(x)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + if (!EC_GROUP_get_order(x, order, NULL) || + !EC_GROUP_get_cofactor(x, cofactor, NULL)) + { + reason = ERR_R_EC_LIB; + goto err; + } + + form = EC_GROUP_get_point_conversion_form(x); + + if ((gen = EC_POINT_point2bn(x, point, + form, NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + + buf_len = (size_t)BN_num_bytes(p); + if (buf_len < (i = (size_t)BN_num_bytes(a))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(b))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(gen))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(order))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) + buf_len = i; + + if ((seed = EC_GROUP_get0_seed(x)) != NULL) + seed_len = EC_GROUP_get_seed_len(x); + + buf_len += 10; + if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (!BIO_indent(bp, off, 128)) + goto err; + + /* print the 'short name' of the field type */ + if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) + <= 0) + goto err; + + if (is_char_two) + { + /* print the 'short name' of the base type OID */ + int basis_type = EC_GROUP_get_basis_type(x); + if (basis_type == 0) + goto err; + + if (!BIO_indent(bp, off, 128)) + goto err; + + if (BIO_printf(bp, "Basis Type: %s\n", + OBJ_nid2sn(basis_type)) <= 0) + goto err; + + /* print the polynomial */ + if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, + off)) + goto err; + } + else + { + if ((p != NULL) && !print(bp, "Prime:", p, buffer,off)) + goto err; + } + if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) + goto err; + if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) + goto err; + if (form == POINT_CONVERSION_COMPRESSED) + { + if ((gen != NULL) && !print(bp, gen_compressed, gen, + buffer, off)) + goto err; + } + else if (form == POINT_CONVERSION_UNCOMPRESSED) + { + if ((gen != NULL) && !print(bp, gen_uncompressed, gen, + buffer, off)) + goto err; + } + else /* form == POINT_CONVERSION_HYBRID */ + { + if ((gen != NULL) && !print(bp, gen_hybrid, gen, + buffer, off)) + goto err; + } + if ((order != NULL) && !print(bp, "Order: ", order, + buffer, off)) goto err; + if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, + buffer, off)) goto err; + if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) + goto err; + } + ret=1; +err: + if (!ret) + ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); + if (p) + BN_free(p); + if (a) + BN_free(a); + if (b) + BN_free(b); + if (gen) + BN_free(gen); + if (order) + BN_free(order); + if (cofactor) + BN_free(cofactor); + if (ctx) + BN_CTX_free(ctx); + if (buffer != NULL) + OPENSSL_free(buffer); + return(ret); + } + +int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) + { + unsigned char *buffer=NULL; + size_t buf_len=0, i; + int ret=0, reason=ERR_R_BIO_LIB; + BIGNUM *pub_key=NULL, *order=NULL; + BN_CTX *ctx=NULL; + const EC_GROUP *group; + const EC_POINT *public_key; + const BIGNUM *priv_key; + + if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + public_key = EC_KEY_get0_public_key(x); + if ((pub_key = EC_POINT_point2bn(group, public_key, + EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + + buf_len = (size_t)BN_num_bytes(pub_key); + priv_key = EC_KEY_get0_private_key(x); + if (priv_key != NULL) + { + if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len) + buf_len = i; + } + + buf_len += 10; + if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (priv_key != NULL) + { + if (!BIO_indent(bp, off, 128)) + goto err; + if ((order = BN_new()) == NULL) + goto err; + if (!EC_GROUP_get_order(group, order, NULL)) + goto err; + if (BIO_printf(bp, "Private-Key: (%d bit)\n", + BN_num_bits(order)) <= 0) goto err; + } + + if ((priv_key != NULL) && !print(bp, "priv:", priv_key, + buffer, off)) + goto err; + if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, + buffer, off)) + goto err; + if (!ECPKParameters_print(bp, group, off)) + goto err; + ret=1; +err: + if (!ret) + ECerr(EC_F_EC_KEY_PRINT, reason); + if (pub_key) + BN_free(pub_key); + if (order) + BN_free(order); + if (ctx) + BN_CTX_free(ctx); + if (buffer != NULL) + OPENSSL_free(buffer); + return(ret); + } +#endif /* OPENSSL_NO_EC */ + +static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, + int off) + { + int n,i; + const char *neg; + + if (num == NULL) return(1); + neg = (BN_is_negative(num))?"-":""; + if(!BIO_indent(bp,off,128)) + return 0; + if (BN_is_zero(num)) + { + if (BIO_printf(bp, "%s 0\n", number) <= 0) + return 0; + return 1; + } + + if (BN_num_bytes(num) <= BN_BYTES) + { + if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg, + (unsigned long)num->d[0],neg,(unsigned long)num->d[0]) + <= 0) return(0); + } + else + { + buf[0]=0; + if (BIO_printf(bp,"%s%s",number, + (neg[0] == '-')?" (Negative)":"") <= 0) + return(0); + n=BN_bn2bin(num,&buf[1]); + + if (buf[1] & 0x80) + n++; + else buf++; + + for (i=0; i<n; i++) + { + if ((i%15) == 0) + { + if(BIO_puts(bp,"\n") <= 0 + || !BIO_indent(bp,off+4,128)) + return 0; + } + if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":") + <= 0) return(0); + } + if (BIO_write(bp,"\n",1) <= 0) return(0); + } + return(1); + } + +#ifndef OPENSSL_NO_EC +static int print_bin(BIO *fp, const char *name, const unsigned char *buf, + size_t len, int off) + { + size_t i; + char str[128]; + + if (buf == NULL) + return 1; + if (off) + { + if (off > 128) + off=128; + memset(str,' ',off); + if (BIO_write(fp, str, off) <= 0) + return 0; + } + + if (BIO_printf(fp,"%s", name) <= 0) + return 0; + + for (i=0; i<len; i++) + { + if ((i%15) == 0) + { + str[0]='\n'; + memset(&(str[1]),' ',off+4); + if (BIO_write(fp, str, off+1+4) <= 0) + return 0; + } + if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0) + return 0; + } + if (BIO_write(fp,"\n",1) <= 0) + return 0; + + return 1; + } +#endif + +#ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_FP_API +int DHparams_print_fp(FILE *fp, const DH *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DHparams_print(b, x); + BIO_free(b); + return(ret); + } +#endif + +int DHparams_print(BIO *bp, const DH *x) + { + unsigned char *m=NULL; + int reason=ERR_R_BUF_LIB,ret=0; + size_t buf_len=0, i; + + if (x->p) + buf_len = (size_t)BN_num_bytes(x->p); + else + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + if (x->g) + if (buf_len < (i = (size_t)BN_num_bytes(x->g))) + buf_len = i; + m=(unsigned char *)OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + reason=ERR_R_MALLOC_FAILURE; + goto err; + } + + if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n", + BN_num_bits(x->p)) <= 0) + goto err; + if (!print(bp,"prime:",x->p,m,4)) goto err; + if (!print(bp,"generator:",x->g,m,4)) goto err; + if (x->length != 0) + { + if (BIO_printf(bp," recommended-private-length: %d bits\n", + (int)x->length) <= 0) goto err; + } + ret=1; + if (0) + { +err: + DHerr(DH_F_DHPARAMS_PRINT,reason); + } + if (m != NULL) OPENSSL_free(m); + return(ret); + } +#endif + +#ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_FP_API +int DSAparams_print_fp(FILE *fp, const DSA *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DSAparams_print(b, x); + BIO_free(b); + return(ret); + } +#endif + +int DSAparams_print(BIO *bp, const DSA *x) + { + unsigned char *m=NULL; + int ret=0; + size_t buf_len=0,i; + + if (x->p) + buf_len = (size_t)BN_num_bytes(x->p); + else + { + DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS); + goto err; + } + if (x->q) + if (buf_len < (i = (size_t)BN_num_bytes(x->q))) + buf_len = i; + if (x->g) + if (buf_len < (i = (size_t)BN_num_bytes(x->g))) + buf_len = i; + m=(unsigned char *)OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n", + BN_num_bits(x->p)) <= 0) + goto err; + if (!print(bp,"p:",x->p,m,4)) goto err; + if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err; + if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err; + ret=1; +err: + if (m != NULL) OPENSSL_free(m); + return(ret); + } + +#endif /* !OPENSSL_NO_DSA */ + +#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_FP_API +int ECParameters_print_fp(FILE *fp, const EC_KEY *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECParameters_print(b, x); + BIO_free(b); + return(ret); + } +#endif + +int ECParameters_print(BIO *bp, const EC_KEY *x) + { + int reason=ERR_R_EC_LIB, ret=0; + BIGNUM *order=NULL; + const EC_GROUP *group; + + if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) + { + reason = ERR_R_PASSED_NULL_PARAMETER;; + goto err; + } + + if ((order = BN_new()) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (!EC_GROUP_get_order(group, order, NULL)) + { + reason = ERR_R_EC_LIB; + goto err; + } + + if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", + BN_num_bits(order)) <= 0) + goto err; + if (!ECPKParameters_print(bp, group, 4)) + goto err; + ret=1; +err: + if (order) + BN_free(order); + ECerr(EC_F_ECPARAMETERS_PRINT, reason); + return(ret); + } + +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c new file mode 100755 index 00000000..94d9f7eb --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c @@ -0,0 +1,540 @@ +/* crypto/asn1/x_pubkey.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif + +/* Minor tweak to operation: free up EVP_PKEY */ +static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { + if (operation == ASN1_OP_FREE_POST) + { + X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; + EVP_PKEY_free(pubkey->pkey); + } + return 1; + } + +ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { + ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), + ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) + +IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) + { + X509_PUBKEY *pk=NULL; + X509_ALGOR *a; + ASN1_OBJECT *o; + unsigned char *s,*p = NULL; + int i; + + if (x == NULL) return(0); + + if ((pk=X509_PUBKEY_new()) == NULL) goto err; + a=pk->algor; + + /* set the algorithm id */ + if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; + ASN1_OBJECT_free(a->algorithm); + a->algorithm=o; + + /* Set the parameter list */ + if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) + { + if ((a->parameter == NULL) || + (a->parameter->type != V_ASN1_NULL)) + { + ASN1_TYPE_free(a->parameter); + if (!(a->parameter=ASN1_TYPE_new())) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + a->parameter->type=V_ASN1_NULL; + } + } +#ifndef OPENSSL_NO_DSA + else if (pkey->type == EVP_PKEY_DSA) + { + unsigned char *pp; + DSA *dsa; + + dsa=pkey->pkey.dsa; + dsa->write_params=0; + ASN1_TYPE_free(a->parameter); + if ((i=i2d_DSAparams(dsa,NULL)) <= 0) + goto err; + if (!(p=(unsigned char *)OPENSSL_malloc(i))) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + pp=p; + i2d_DSAparams(dsa,&pp); + if (!(a->parameter=ASN1_TYPE_new())) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + a->parameter->type=V_ASN1_SEQUENCE; + if (!(a->parameter->value.sequence=ASN1_STRING_new())) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + OPENSSL_free(p); + } +#endif +#ifndef OPENSSL_NO_EC + else if (pkey->type == EVP_PKEY_EC) + { + int nid=0; + unsigned char *pp; + EC_KEY *ec_key; + const EC_GROUP *group; + + ec_key = pkey->pkey.ec; + ASN1_TYPE_free(a->parameter); + + if ((a->parameter = ASN1_TYPE_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); + goto err; + } + + group = EC_KEY_get0_group(ec_key); + if (EC_GROUP_get_asn1_flag(group) + && (nid = EC_GROUP_get_curve_name(group))) + { + /* just set the OID */ + a->parameter->type = V_ASN1_OBJECT; + a->parameter->value.object = OBJ_nid2obj(nid); + } + else /* explicit parameters */ + { + if ((i = i2d_ECParameters(ec_key, NULL)) == 0) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); + goto err; + } + if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); + goto err; + } + pp = p; + if (!i2d_ECParameters(ec_key, &pp)) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); + OPENSSL_free(p); + goto err; + } + a->parameter->type = V_ASN1_SEQUENCE; + if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); + OPENSSL_free(p); + goto err; + } + ASN1_STRING_set(a->parameter->value.sequence, p, i); + OPENSSL_free(p); + } + } +#endif + else if (1) + { + X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); + goto err; + } + + if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; + if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + p=s; + i2d_PublicKey(pkey,&p); + if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + /* Set number of unused bits to zero */ + pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; + + OPENSSL_free(s); + +#if 0 + CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); + pk->pkey=pkey; +#endif + + if (*x != NULL) + X509_PUBKEY_free(*x); + + *x=pk; + + return 1; +err: + if (pk != NULL) X509_PUBKEY_free(pk); + return 0; + } + +EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) + { + EVP_PKEY *ret=NULL; + long j; + int type; + const unsigned char *p; +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) + const unsigned char *cp; + X509_ALGOR *a; +#endif + + if (key == NULL) goto err; + + if (key->pkey != NULL) + { + CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + return(key->pkey); + } + + if (key->public_key == NULL) goto err; + + type=OBJ_obj2nid(key->algor->algorithm); + if ((ret = EVP_PKEY_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); + goto err; + } + ret->type = EVP_PKEY_type(type); + + /* the parameters must be extracted before the public key (ECDSA!) */ + +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) + a=key->algor; +#endif + + if (0) + ; +#ifndef OPENSSL_NO_DSA + else if (ret->type == EVP_PKEY_DSA) + { + if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) + { + if ((ret->pkey.dsa = DSA_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); + goto err; + } + ret->pkey.dsa->write_params=0; + cp=p=a->parameter->value.sequence->data; + j=a->parameter->value.sequence->length; + if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) + goto err; + } + ret->save_parameters=1; + } +#endif +#ifndef OPENSSL_NO_EC + else if (ret->type == EVP_PKEY_EC) + { + if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) + { + /* type == V_ASN1_SEQUENCE => we have explicit parameters + * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) + */ + if ((ret->pkey.ec= EC_KEY_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_GET, + ERR_R_MALLOC_FAILURE); + goto err; + } + cp = p = a->parameter->value.sequence->data; + j = a->parameter->value.sequence->length; + if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) + { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); + goto err; + } + } + else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) + { + /* type == V_ASN1_OBJECT => the parameters are given + * by an asn1 OID + */ + EC_KEY *ec_key; + EC_GROUP *group; + + if (ret->pkey.ec == NULL) + ret->pkey.ec = EC_KEY_new(); + ec_key = ret->pkey.ec; + if (ec_key == NULL) + goto err; + group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); + if (group == NULL) + goto err; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(ec_key, group) == 0) + goto err; + EC_GROUP_free(group); + } + /* the case implicitlyCA is currently not implemented */ + ret->save_parameters = 1; + } +#endif + + p=key->public_key->data; + j=key->public_key->length; + if (!d2i_PublicKey(type, &ret, &p, (long)j)) + { + X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); + goto err; + } + + /* Check to see if another thread set key->pkey first */ + CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); + if (key->pkey) + { + EVP_PKEY_free(ret); + ret = key->pkey; + } + else + key->pkey = ret; + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); + return(ret); +err: + if (ret != NULL) + EVP_PKEY_free(ret); + return(NULL); + } + +/* Now two pseudo ASN1 routines that take an EVP_PKEY structure + * and encode or decode as X509_PUBKEY + */ + +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, + long length) + { + X509_PUBKEY *xpk; + EVP_PKEY *pktmp; + xpk = d2i_X509_PUBKEY(NULL, pp, length); + if(!xpk) return NULL; + pktmp = X509_PUBKEY_get(xpk); + X509_PUBKEY_free(xpk); + if(!pktmp) return NULL; + if(a) + { + EVP_PKEY_free(*a); + *a = pktmp; + } + return pktmp; + } + +int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) + { + X509_PUBKEY *xpk=NULL; + int ret; + if(!a) return 0; + if(!X509_PUBKEY_set(&xpk, a)) return 0; + ret = i2d_X509_PUBKEY(xpk, pp); + X509_PUBKEY_free(xpk); + return ret; + } + +/* The following are equivalents but which return RSA and DSA + * keys + */ +#ifndef OPENSSL_NO_RSA +RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, + long length) + { + EVP_PKEY *pkey; + RSA *key; + const unsigned char *q; + q = *pp; + pkey = d2i_PUBKEY(NULL, &q, length); + if (!pkey) return NULL; + key = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_free(pkey); + if (!key) return NULL; + *pp = q; + if (a) + { + RSA_free(*a); + *a = key; + } + return key; + } + +int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) + { + EVP_PKEY *pktmp; + int ret; + if (!a) return 0; + pktmp = EVP_PKEY_new(); + if (!pktmp) + { + ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); + return 0; + } + EVP_PKEY_set1_RSA(pktmp, a); + ret = i2d_PUBKEY(pktmp, pp); + EVP_PKEY_free(pktmp); + return ret; + } +#endif + +#ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, + long length) + { + EVP_PKEY *pkey; + DSA *key; + const unsigned char *q; + q = *pp; + pkey = d2i_PUBKEY(NULL, &q, length); + if (!pkey) return NULL; + key = EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_free(pkey); + if (!key) return NULL; + *pp = q; + if (a) + { + DSA_free(*a); + *a = key; + } + return key; + } + +int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) + { + EVP_PKEY *pktmp; + int ret; + if(!a) return 0; + pktmp = EVP_PKEY_new(); + if(!pktmp) + { + ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); + return 0; + } + EVP_PKEY_set1_DSA(pktmp, a); + ret = i2d_PUBKEY(pktmp, pp); + EVP_PKEY_free(pktmp); + return ret; + } +#endif + +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) + { + EVP_PKEY *pkey; + EC_KEY *key; + const unsigned char *q; + q = *pp; + pkey = d2i_PUBKEY(NULL, &q, length); + if (!pkey) return(NULL); + key = EVP_PKEY_get1_EC_KEY(pkey); + EVP_PKEY_free(pkey); + if (!key) return(NULL); + *pp = q; + if (a) + { + EC_KEY_free(*a); + *a = key; + } + return(key); + } + +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) + { + EVP_PKEY *pktmp; + int ret; + if (!a) return(0); + if ((pktmp = EVP_PKEY_new()) == NULL) + { + ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); + return(0); + } + EVP_PKEY_set1_EC_KEY(pktmp, a); + ret = i2d_PUBKEY(pktmp, pp); + EVP_PKEY_free(pktmp); + return(ret); + } +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_lib.c new file mode 100755 index 00000000..32a8fbaf --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_lib.c @@ -0,0 +1,826 @@ +/* crypto/bn/bn_lib.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef BN_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + +#include <assert.h> +#include <limits.h> +#include <stdio.h> +#include "cryptlib.h" +#include "bn_lcl.h" + +const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; + +/* This stuff appears to be completely unused, so is deprecated */ +#ifndef OPENSSL_NO_DEPRECATED +/* For a 32 bit machine + * 2 - 4 == 128 + * 3 - 8 == 256 + * 4 - 16 == 512 + * 5 - 32 == 1024 + * 6 - 64 == 2048 + * 7 - 128 == 4096 + * 8 - 256 == 8192 + */ +static int bn_limit_bits=0; +static int bn_limit_num=8; /* (1<<bn_limit_bits) */ +static int bn_limit_bits_low=0; +static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */ +static int bn_limit_bits_high=0; +static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */ +static int bn_limit_bits_mont=0; +static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */ + +void BN_set_params(int mult, int high, int low, int mont) + { + if (mult >= 0) + { + if (mult > (int)(sizeof(int)*8)-1) + mult=sizeof(int)*8-1; + bn_limit_bits=mult; + bn_limit_num=1<<mult; + } + if (high >= 0) + { + if (high > (int)(sizeof(int)*8)-1) + high=sizeof(int)*8-1; + bn_limit_bits_high=high; + bn_limit_num_high=1<<high; + } + if (low >= 0) + { + if (low > (int)(sizeof(int)*8)-1) + low=sizeof(int)*8-1; + bn_limit_bits_low=low; + bn_limit_num_low=1<<low; + } + if (mont >= 0) + { + if (mont > (int)(sizeof(int)*8)-1) + mont=sizeof(int)*8-1; + bn_limit_bits_mont=mont; + bn_limit_num_mont=1<<mont; + } + } + +int BN_get_params(int which) + { + if (which == 0) return(bn_limit_bits); + else if (which == 1) return(bn_limit_bits_high); + else if (which == 2) return(bn_limit_bits_low); + else if (which == 3) return(bn_limit_bits_mont); + else return(0); + } +#endif + +const BIGNUM *BN_value_one(void) + { + static BN_ULONG data_one=1L; + static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA}; + + return(&const_one); + } + +int BN_num_bits_word(BN_ULONG l) + { + static const char bits[256]={ + 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, + 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, + 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, + 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + }; + +#if defined(SIXTY_FOUR_BIT_LONG) + if (l & 0xffffffff00000000L) + { + if (l & 0xffff000000000000L) + { + if (l & 0xff00000000000000L) + { + return(bits[(int)(l>>56)]+56); + } + else return(bits[(int)(l>>48)]+48); + } + else + { + if (l & 0x0000ff0000000000L) + { + return(bits[(int)(l>>40)]+40); + } + else return(bits[(int)(l>>32)]+32); + } + } + else +#else +#ifdef SIXTY_FOUR_BIT + if (l & 0xffffffff00000000LL) + { + if (l & 0xffff000000000000LL) + { + if (l & 0xff00000000000000LL) + { + return(bits[(int)(l>>56)]+56); + } + else return(bits[(int)(l>>48)]+48); + } + else + { + if (l & 0x0000ff0000000000LL) + { + return(bits[(int)(l>>40)]+40); + } + else return(bits[(int)(l>>32)]+32); + } + } + else +#endif +#endif + { +#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) + if (l & 0xffff0000L) + { + if (l & 0xff000000L) + return(bits[(int)(l>>24L)]+24); + else return(bits[(int)(l>>16L)]+16); + } + else +#endif + { +#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) + if (l & 0xff00L) + return(bits[(int)(l>>8)]+8); + else +#endif + return(bits[(int)(l )] ); + } + } + } + +int BN_num_bits(const BIGNUM *a) + { + int i = a->top - 1; + bn_check_top(a); + + if (BN_is_zero(a)) return 0; + return ((i*BN_BITS2) + BN_num_bits_word(a->d[i])); + } + +void BN_clear_free(BIGNUM *a) + { + int i; + + if (a == NULL) return; + bn_check_top(a); + if (a->d != NULL) + { + OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); + if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) + OPENSSL_free(a->d); + } + i=BN_get_flags(a,BN_FLG_MALLOCED); + OPENSSL_cleanse(a,sizeof(BIGNUM)); + if (i) + OPENSSL_free(a); + } + +void BN_free(BIGNUM *a) + { + if (a == NULL) return; + bn_check_top(a); + if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) + OPENSSL_free(a->d); + if (a->flags & BN_FLG_MALLOCED) + OPENSSL_free(a); + else + { +#ifndef OPENSSL_NO_DEPRECATED + a->flags|=BN_FLG_FREE; +#endif + a->d = NULL; + } + } + +void BN_init(BIGNUM *a) + { + memset(a,0,sizeof(BIGNUM)); + bn_check_top(a); + } + +BIGNUM *BN_new(void) + { + BIGNUM *ret; + + if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) + { + BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE); + return(NULL); + } + ret->flags=BN_FLG_MALLOCED; + ret->top=0; + ret->neg=0; + ret->dmax=0; + ret->d=NULL; + bn_check_top(ret); + return(ret); + } + +/* This is used both by bn_expand2() and bn_dup_expand() */ +/* The caller MUST check that words > b->dmax before calling this */ +static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) + { + BN_ULONG *A,*a = NULL; + const BN_ULONG *B; + int i; + + bn_check_top(b); + + if (words > (INT_MAX/(4*BN_BITS2))) + { + BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); + return NULL; + } + if (BN_get_flags(b,BN_FLG_STATIC_DATA)) + { + BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); + return(NULL); + } + a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words); + if (A == NULL) + { + BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); + return(NULL); + } +#if 1 + B=b->d; + /* Check if the previous number needs to be copied */ + if (B != NULL) + { + for (i=b->top>>2; i>0; i--,A+=4,B+=4) + { + /* + * The fact that the loop is unrolled + * 4-wise is a tribute to Intel. It's + * the one that doesn't have enough + * registers to accomodate more data. + * I'd unroll it 8-wise otherwise:-) + * + * <appro@fy.chalmers.se> + */ + BN_ULONG a0,a1,a2,a3; + a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; + A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; + } + switch (b->top&3) + { + case 3: A[2]=B[2]; + case 2: A[1]=B[1]; + case 1: A[0]=B[0]; + case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 */ + ; + } + } + +#else + memset(A,0,sizeof(BN_ULONG)*words); + memcpy(A,b->d,sizeof(b->d[0])*b->top); +#endif + + return(a); + } + +/* This is an internal function that can be used instead of bn_expand2() + * when there is a need to copy BIGNUMs instead of only expanding the + * data part, while still expanding them. + * Especially useful when needing to expand BIGNUMs that are declared + * 'const' and should therefore not be changed. + * The reason to use this instead of a BN_dup() followed by a bn_expand2() + * is memory allocation overhead. A BN_dup() followed by a bn_expand2() + * will allocate new memory for the BIGNUM data twice, and free it once, + * while bn_dup_expand() makes sure allocation is made only once. + */ + +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM *bn_dup_expand(const BIGNUM *b, int words) + { + BIGNUM *r = NULL; + + bn_check_top(b); + + /* This function does not work if + * words <= b->dmax && top < words + * because BN_dup() does not preserve 'dmax'! + * (But bn_dup_expand() is not used anywhere yet.) + */ + + if (words > b->dmax) + { + BN_ULONG *a = bn_expand_internal(b, words); + + if (a) + { + r = BN_new(); + if (r) + { + r->top = b->top; + r->dmax = words; + r->neg = b->neg; + r->d = a; + } + else + { + /* r == NULL, BN_new failure */ + OPENSSL_free(a); + } + } + /* If a == NULL, there was an error in allocation in + bn_expand_internal(), and NULL should be returned */ + } + else + { + r = BN_dup(b); + } + + bn_check_top(r); + return r; + } +#endif + +/* This is an internal function that should not be used in applications. + * It ensures that 'b' has enough room for a 'words' word number + * and initialises any unused part of b->d with leading zeros. + * It is mostly used by the various BIGNUM routines. If there is an error, + * NULL is returned. If not, 'b' is returned. */ + +BIGNUM *bn_expand2(BIGNUM *b, int words) + { + bn_check_top(b); + + if (words > b->dmax) + { + BN_ULONG *a = bn_expand_internal(b, words); + if(!a) return NULL; + if(b->d) OPENSSL_free(b->d); + b->d=a; + b->dmax=words; + } + +/* None of this should be necessary because of what b->top means! */ +#if 0 + /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ + if (b->top < b->dmax) + { + int i; + BN_ULONG *A = &(b->d[b->top]); + for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) + { + A[0]=0; A[1]=0; A[2]=0; A[3]=0; + A[4]=0; A[5]=0; A[6]=0; A[7]=0; + } + for (i=(b->dmax - b->top)&7; i>0; i--,A++) + A[0]=0; + assert(A == &(b->d[b->dmax])); + } +#endif + bn_check_top(b); + return b; + } + +BIGNUM *BN_dup(const BIGNUM *a) + { + BIGNUM *t; + + if (a == NULL) return NULL; + bn_check_top(a); + + t = BN_new(); + if (t == NULL) return NULL; + if(!BN_copy(t, a)) + { + BN_free(t); + return NULL; + } + bn_check_top(t); + return t; + } + +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) + { + int i; + BN_ULONG *A; + const BN_ULONG *B; + + bn_check_top(b); + + if (a == b) return(a); + if (bn_wexpand(a,b->top) == NULL) return(NULL); + +#if 1 + A=a->d; + B=b->d; + for (i=b->top>>2; i>0; i--,A+=4,B+=4) + { + BN_ULONG a0,a1,a2,a3; + a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; + A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; + } + switch (b->top&3) + { + case 3: A[2]=B[2]; + case 2: A[1]=B[1]; + case 1: A[0]=B[0]; + case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ + } +#else + memcpy(a->d,b->d,sizeof(b->d[0])*b->top); +#endif + + a->top=b->top; + a->neg=b->neg; + bn_check_top(a); + return(a); + } + +void BN_swap(BIGNUM *a, BIGNUM *b) + { + int flags_old_a, flags_old_b; + BN_ULONG *tmp_d; + int tmp_top, tmp_dmax, tmp_neg; + + bn_check_top(a); + bn_check_top(b); + + flags_old_a = a->flags; + flags_old_b = b->flags; + + tmp_d = a->d; + tmp_top = a->top; + tmp_dmax = a->dmax; + tmp_neg = a->neg; + + a->d = b->d; + a->top = b->top; + a->dmax = b->dmax; + a->neg = b->neg; + + b->d = tmp_d; + b->top = tmp_top; + b->dmax = tmp_dmax; + b->neg = tmp_neg; + + a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); + b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); + bn_check_top(a); + bn_check_top(b); + } + +void BN_clear(BIGNUM *a) + { + bn_check_top(a); + if (a->d != NULL) + memset(a->d,0,a->dmax*sizeof(a->d[0])); + a->top=0; + a->neg=0; + } + +BN_ULONG BN_get_word(const BIGNUM *a) + { + if (a->top > 1) + return BN_MASK2; + else if (a->top == 1) + return a->d[0]; + /* a->top == 0 */ + return 0; + } + +int BN_set_word(BIGNUM *a, BN_ULONG w) + { + bn_check_top(a); + if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); + a->neg = 0; + a->d[0] = w; + a->top = (w ? 1 : 0); + bn_check_top(a); + return(1); + } + +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) + { + unsigned int i,m; + unsigned int n; + BN_ULONG l; + BIGNUM *bn = NULL; + + if (ret == NULL) + ret = bn = BN_new(); + if (ret == NULL) return(NULL); + bn_check_top(ret); + l=0; + n=len; + if (n == 0) + { + ret->top=0; + return(ret); + } + i=((n-1)/BN_BYTES)+1; + m=((n-1)%(BN_BYTES)); + if (bn_wexpand(ret, (int)i) == NULL) + { + if (bn) BN_free(bn); + return NULL; + } + ret->top=i; + ret->neg=0; + while (n--) + { + l=(l<<8L)| *(s++); + if (m-- == 0) + { + ret->d[--i]=l; + l=0; + m=BN_BYTES-1; + } + } + /* need to call this due to clear byte at top if avoiding + * having the top bit set (-ve number) */ + bn_correct_top(ret); + return(ret); + } + +/* ignore negative */ +int BN_bn2bin(const BIGNUM *a, unsigned char *to) + { + int n,i; + BN_ULONG l; + + bn_check_top(a); + n=i=BN_num_bytes(a); + while (i--) + { + l=a->d[i/BN_BYTES]; + *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; + } + return(n); + } + +int BN_ucmp(const BIGNUM *a, const BIGNUM *b) + { + int i; + BN_ULONG t1,t2,*ap,*bp; + + bn_check_top(a); + bn_check_top(b); + + i=a->top-b->top; + if (i != 0) return(i); + ap=a->d; + bp=b->d; + for (i=a->top-1; i>=0; i--) + { + t1= ap[i]; + t2= bp[i]; + if (t1 != t2) + return((t1 > t2) ? 1 : -1); + } + return(0); + } + +int BN_cmp(const BIGNUM *a, const BIGNUM *b) + { + int i; + int gt,lt; + BN_ULONG t1,t2; + + if ((a == NULL) || (b == NULL)) + { + if (a != NULL) + return(-1); + else if (b != NULL) + return(1); + else + return(0); + } + + bn_check_top(a); + bn_check_top(b); + + if (a->neg != b->neg) + { + if (a->neg) + return(-1); + else return(1); + } + if (a->neg == 0) + { gt=1; lt= -1; } + else { gt= -1; lt=1; } + + if (a->top > b->top) return(gt); + if (a->top < b->top) return(lt); + for (i=a->top-1; i>=0; i--) + { + t1=a->d[i]; + t2=b->d[i]; + if (t1 > t2) return(gt); + if (t1 < t2) return(lt); + } + return(0); + } + +int BN_set_bit(BIGNUM *a, int n) + { + int i,j,k; + + if (n < 0) + return 0; + + i=n/BN_BITS2; + j=n%BN_BITS2; + if (a->top <= i) + { + if (bn_wexpand(a,i+1) == NULL) return(0); + for(k=a->top; k<i+1; k++) + a->d[k]=0; + a->top=i+1; + } + + a->d[i]|=(((BN_ULONG)1)<<j); + bn_check_top(a); + return(1); + } + +int BN_clear_bit(BIGNUM *a, int n) + { + int i,j; + + bn_check_top(a); + if (n < 0) return 0; + + i=n/BN_BITS2; + j=n%BN_BITS2; + if (a->top <= i) return(0); + + a->d[i]&=(~(((BN_ULONG)1)<<j)); + bn_correct_top(a); + return(1); + } + +int BN_is_bit_set(const BIGNUM *a, int n) + { + int i,j; + + bn_check_top(a); + if (n < 0) return 0; + i=n/BN_BITS2; + j=n%BN_BITS2; + if (a->top <= i) return 0; + return(((a->d[i])>>j)&((BN_ULONG)1)); + } + +int BN_mask_bits(BIGNUM *a, int n) + { + int b,w; + + bn_check_top(a); + if (n < 0) return 0; + + w=n/BN_BITS2; + b=n%BN_BITS2; + if (w >= a->top) return 0; + if (b == 0) + a->top=w; + else + { + a->top=w+1; + a->d[w]&= ~(BN_MASK2<<b); + } + bn_correct_top(a); + return(1); + } + +void BN_set_negative(BIGNUM *a, int b) + { + if (b && !BN_is_zero(a)) + a->neg = 1; + else + a->neg = 0; + } + +int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) + { + int i; + BN_ULONG aa,bb; + + aa=a[n-1]; + bb=b[n-1]; + if (aa != bb) return((aa > bb)?1:-1); + for (i=n-2; i>=0; i--) + { + aa=a[i]; + bb=b[i]; + if (aa != bb) return((aa > bb)?1:-1); + } + return(0); + } + +/* Here follows a specialised variants of bn_cmp_words(). It has the + property of performing the operation on arrays of different sizes. + The sizes of those arrays is expressed through cl, which is the + common length ( basicall, min(len(a),len(b)) ), and dl, which is the + delta between the two lengths, calculated as len(a)-len(b). + All lengths are the number of BN_ULONGs... */ + +int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl) + { + int n,i; + n = cl-1; + + if (dl < 0) + { + for (i=dl; i<0; i++) + { + if (b[n-i] != 0) + return -1; /* a < b */ + } + } + if (dl > 0) + { + for (i=dl; i>0; i--) + { + if (a[n+i] != 0) + return 1; /* a > b */ + } + } + return bn_cmp_words(a,b,cl); + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_mont.c new file mode 100755 index 00000000..4799b152 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_mont.c @@ -0,0 +1,732 @@ +/* crypto/bn/bn_mont.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + * Details about Montgomery multiplication algorithms can be found at + * http://security.ece.orst.edu/publications.html, e.g. + * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and + * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn_lcl.h" + +#define MONT_WORD /* use the faster word-based algorithm */ + +#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) +/* This condition means we have a specific non-default build: + * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any + * BN_BITS2<=32 platform; an explicit "enable-montasm" is required. + * I.e., if we are here, the user intentionally deviates from the + * normal stable build to get better Montgomery performance from + * the 0.9.9-dev backport. + * + * In this case only, we also enable BN_from_montgomery_word() + * (another non-stable feature from 0.9.9-dev). + */ +#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +#endif + +#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); +#endif + + + +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx) + { + BIGNUM *tmp; + int ret=0; +#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) + int num = mont->N.top; + + if (num>1 && a->top==num && b->top==num) + { + if (bn_wexpand(r,num) == NULL) return(0); +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num)) +#else + if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num)) +#endif + { + r->neg = a->neg^b->neg; + r->top = num; + bn_correct_top(r); + return(1); + } + } +#endif + + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) goto err; + + bn_check_top(tmp); + if (a == b) + { + if (!BN_sqr(tmp,a,ctx)) goto err; + } + else + { + if (!BN_mul(tmp,a,b,ctx)) goto err; + } + /* reduce from aRR to aR */ +#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD + if (!BN_from_montgomery_word(r,tmp,mont)) goto err; +#else + if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; +#endif + bn_check_top(r); + ret=1; +err: + BN_CTX_end(ctx); + return(ret); + } + +#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) + { + BIGNUM *n; + BN_ULONG *ap,*np,*rp,n0,v,*nrp; + int al,nl,max,i,x,ri; + + n= &(mont->N); + /* mont->ri is the size of mont->N in bits (rounded up + to the word size) */ + al=ri=mont->ri/BN_BITS2; + + nl=n->top; + if ((al == 0) || (nl == 0)) { ret->top=0; return(1); } + + max=(nl+al+1); /* allow for overflow (no?) XXX */ + if (bn_wexpand(r,max) == NULL) return(0); + + r->neg^=n->neg; + np=n->d; + rp=r->d; + nrp= &(r->d[nl]); + + /* clear the top words of T */ + for (i=r->top; i<max; i++) /* memset? XXX */ + r->d[i]=0; + + r->top=max; +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + n0=mont->n0[0]; +#else + n0=mont->n0; +#endif + +#ifdef BN_COUNT + fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl); +#endif + for (i=0; i<nl; i++) + { +#ifdef __TANDEM + { + long long t1; + long long t2; + long long t3; + t1 = rp[0] * (n0 & 0177777); + t2 = 037777600000l; + t2 = n0 & t2; + t3 = rp[0] & 0177777; + t2 = (t3 * t2) & BN_MASK2; + t1 = t1 + t2; + v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1); + } +#else + v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); +#endif + nrp++; + rp++; + if (((nrp[-1]+=v)&BN_MASK2) >= v) + continue; + else + { + if (((++nrp[0])&BN_MASK2) != 0) continue; + if (((++nrp[1])&BN_MASK2) != 0) continue; + for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; + } + } + bn_correct_top(r); + + /* mont->ri will be a multiple of the word size and below code + * is kind of BN_rshift(ret,r,mont->ri) equivalent */ + if (r->top <= ri) + { + ret->top=0; + return(1); + } + al=r->top-ri; + + if (bn_wexpand(ret,ri) == NULL) return(0); + x=0-(((al-ri)>>(sizeof(al)*8-1))&1); + ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ + ret->neg=r->neg; + + rp=ret->d; + ap=&(r->d[ri]); + + { + size_t m1,m2; + + v=bn_sub_words(rp,ap,np,ri); + /* this ----------------^^ works even in al<ri case + * thanks to zealous zeroing of top of the vector in the + * beginning. */ + + /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */ + /* in other words if subtraction result is real, then + * trick unconditional memcpy below to perform in-place + * "refresh" instead of actual copy. */ + m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */ + m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */ + m1|=m2; /* (al!=ri) */ + m1|=(0-(size_t)v); /* (al!=ri || v) */ + m1&=~m2; /* (al!=ri || v) && !al>ri */ + nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); + } + + /* 'i<ri' is chosen to eliminate dependency on input data, even + * though it results in redundant copy in al<ri case. */ + for (i=0,ri-=4; i<ri; i+=4) + { + BN_ULONG t1,t2,t3,t4; + + t1=nrp[i+0]; + t2=nrp[i+1]; + t3=nrp[i+2]; ap[i+0]=0; + t4=nrp[i+3]; ap[i+1]=0; + rp[i+0]=t1; ap[i+2]=0; + rp[i+1]=t2; ap[i+3]=0; + rp[i+2]=t3; + rp[i+3]=t4; + } + for (ri+=4; i<ri; i++) + rp[i]=nrp[i], ap[i]=0; + bn_correct_top(r); + bn_correct_top(ret); + bn_check_top(ret); + + return(1); + } + +int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) + { + int retn=0; + BIGNUM *t; + + BN_CTX_start(ctx); + if ((t = BN_CTX_get(ctx)) && BN_copy(t,a)) + retn = BN_from_montgomery_word(ret,t,mont); + BN_CTX_end(ctx); + return retn; + } + +#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ + +int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) + { + int retn=0; + +#ifdef MONT_WORD + BIGNUM *n,*r; + BN_ULONG *ap,*np,*rp,n0,v,*nrp; + int al,nl,max,i,x,ri; + + BN_CTX_start(ctx); + if ((r = BN_CTX_get(ctx)) == NULL) goto err; + + if (!BN_copy(r,a)) goto err; + n= &(mont->N); + + ap=a->d; + /* mont->ri is the size of mont->N in bits (rounded up + to the word size) */ + al=ri=mont->ri/BN_BITS2; + + nl=n->top; + if ((al == 0) || (nl == 0)) { r->top=0; return(1); } + + max=(nl+al+1); /* allow for overflow (no?) XXX */ + if (bn_wexpand(r,max) == NULL) goto err; + + r->neg=a->neg^n->neg; + np=n->d; + rp=r->d; + nrp= &(r->d[nl]); + + /* clear the top words of T */ +#if 1 + for (i=r->top; i<max; i++) /* memset? XXX */ + r->d[i]=0; +#else + memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); +#endif + + r->top=max; + n0=mont->n0; + +#ifdef BN_COUNT + fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl); +#endif + for (i=0; i<nl; i++) + { +#ifdef __TANDEM + { + long long t1; + long long t2; + long long t3; + t1 = rp[0] * (n0 & 0177777); + t2 = 037777600000l; + t2 = n0 & t2; + t3 = rp[0] & 0177777; + t2 = (t3 * t2) & BN_MASK2; + t1 = t1 + t2; + v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1); + } +#else + v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); +#endif + nrp++; + rp++; + if (((nrp[-1]+=v)&BN_MASK2) >= v) + continue; + else + { + if (((++nrp[0])&BN_MASK2) != 0) continue; + if (((++nrp[1])&BN_MASK2) != 0) continue; + for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; + } + } + bn_correct_top(r); + + /* mont->ri will be a multiple of the word size and below code + * is kind of BN_rshift(ret,r,mont->ri) equivalent */ + if (r->top <= ri) + { + ret->top=0; + retn=1; + goto err; + } + al=r->top-ri; + +# define BRANCH_FREE 1 +# if BRANCH_FREE + if (bn_wexpand(ret,ri) == NULL) goto err; + x=0-(((al-ri)>>(sizeof(al)*8-1))&1); + ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ + ret->neg=r->neg; + + rp=ret->d; + ap=&(r->d[ri]); + + { + size_t m1,m2; + + v=bn_sub_words(rp,ap,np,ri); + /* this ----------------^^ works even in al<ri case + * thanks to zealous zeroing of top of the vector in the + * beginning. */ + + /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */ + /* in other words if subtraction result is real, then + * trick unconditional memcpy below to perform in-place + * "refresh" instead of actual copy. */ + m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */ + m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */ + m1|=m2; /* (al!=ri) */ + m1|=(0-(size_t)v); /* (al!=ri || v) */ + m1&=~m2; /* (al!=ri || v) && !al>ri */ + nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); + } + + /* 'i<ri' is chosen to eliminate dependency on input data, even + * though it results in redundant copy in al<ri case. */ + for (i=0,ri-=4; i<ri; i+=4) + { + BN_ULONG t1,t2,t3,t4; + + t1=nrp[i+0]; + t2=nrp[i+1]; + t3=nrp[i+2]; ap[i+0]=0; + t4=nrp[i+3]; ap[i+1]=0; + rp[i+0]=t1; ap[i+2]=0; + rp[i+1]=t2; ap[i+3]=0; + rp[i+2]=t3; + rp[i+3]=t4; + } + for (ri+=4; i<ri; i++) + rp[i]=nrp[i], ap[i]=0; + bn_correct_top(r); + bn_correct_top(ret); +# else + if (bn_wexpand(ret,al) == NULL) goto err; + ret->top=al; + ret->neg=r->neg; + + rp=ret->d; + ap=&(r->d[ri]); + al-=4; + for (i=0; i<al; i+=4) + { + BN_ULONG t1,t2,t3,t4; + + t1=ap[i+0]; + t2=ap[i+1]; + t3=ap[i+2]; + t4=ap[i+3]; + rp[i+0]=t1; + rp[i+1]=t2; + rp[i+2]=t3; + rp[i+3]=t4; + } + al+=4; + for (; i<al; i++) + rp[i]=ap[i]; +# endif +#else /* !MONT_WORD */ + BIGNUM *t1,*t2; + + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t1 == NULL || t2 == NULL) goto err; + + if (!BN_copy(t1,a)) goto err; + BN_mask_bits(t1,mont->ri); + + if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; + BN_mask_bits(t2,mont->ri); + + if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; + if (!BN_add(t2,a,t1)) goto err; + if (!BN_rshift(ret,t2,mont->ri)) goto err; +#endif /* MONT_WORD */ + +#if !defined(BRANCH_FREE) || BRANCH_FREE==0 + if (BN_ucmp(ret, &(mont->N)) >= 0) + { + if (!BN_usub(ret,ret,&(mont->N))) goto err; + } +#endif + retn=1; + bn_check_top(ret); + err: + BN_CTX_end(ctx); + return(retn); + } +#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ + +BN_MONT_CTX *BN_MONT_CTX_new(void) + { + BN_MONT_CTX *ret; + + if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) + return(NULL); + + BN_MONT_CTX_init(ret); + ret->flags=BN_FLG_MALLOCED; + return(ret); + } + +void BN_MONT_CTX_init(BN_MONT_CTX *ctx) + { + ctx->ri=0; + BN_init(&(ctx->RR)); + BN_init(&(ctx->N)); + BN_init(&(ctx->Ni)); +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + ctx->n0[0] = ctx->n0[1] = 0; +#else + ctx->n0 = 0; +#endif + ctx->flags=0; + } + +void BN_MONT_CTX_free(BN_MONT_CTX *mont) + { + if(mont == NULL) + return; + + BN_free(&(mont->RR)); + BN_free(&(mont->N)); + BN_free(&(mont->Ni)); + if (mont->flags & BN_FLG_MALLOCED) + OPENSSL_free(mont); + } + +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) + { + int ret = 0; + BIGNUM *Ri,*R; + + BN_CTX_start(ctx); + if((Ri = BN_CTX_get(ctx)) == NULL) goto err; + R= &(mont->RR); /* grab RR as a temp */ + if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ + mont->N.neg = 0; + +#ifdef MONT_WORD + { + BIGNUM tmod; + BN_ULONG buf[2]; + + mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; + BN_zero(R); +#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)", + only certain BN_BITS2<=32 platforms actually need this */ + if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */ +#else + if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ +#endif + + buf[0]=mod->d[0]; /* tmod = N mod word size */ + buf[1]=0; + + BN_init(&tmod); + tmod.d=buf; + tmod.top = buf[0] != 0 ? 1 : 0; + tmod.dmax=2; + tmod.neg=0; + +#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)"; + only certain BN_BITS2<=32 platforms actually need this */ + tmod.top=0; + if ((buf[0] = mod->d[0])) tmod.top=1; + if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2; + + if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) + goto err; + if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */ + if (!BN_is_zero(Ri)) + { + if (!BN_sub_word(Ri,1)) goto err; + } + else /* if N mod word size == 1 */ + { + if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL) + goto err; + /* Ri-- (mod double word size) */ + Ri->neg=0; + Ri->d[0]=BN_MASK2; + Ri->d[1]=BN_MASK2; + Ri->top=2; + } + if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; + /* Ni = (R*Ri-1)/N, + * keep only couple of least significant words: */ + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; +#else + /* Ri = R^-1 mod N*/ + if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) + goto err; + if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */ + if (!BN_is_zero(Ri)) + { + if (!BN_sub_word(Ri,1)) goto err; + } + else /* if N mod word size == 1 */ + { + if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ + } + if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; + /* Ni = (R*Ri-1)/N, + * keep only least significant word: */ +# if 0 /* for OpenSSL 0.9.9 mont->n0 */ + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = 0; +# else + mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; +# endif +#endif + } +#else /* !MONT_WORD */ + { /* bignum version */ + mont->ri=BN_num_bits(&mont->N); + BN_zero(R); + if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ + /* Ri = R^-1 mod N*/ + if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL) + goto err; + if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */ + if (!BN_sub_word(Ri,1)) goto err; + /* Ni = (R*Ri-1) / N */ + if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err; + } +#endif + + /* setup RR for conversions */ + BN_zero(&(mont->RR)); + if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; + if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; + + ret = 1; +err: + BN_CTX_end(ctx); + return ret; + } + +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) + { + if (to == from) return(to); + + if (!BN_copy(&(to->RR),&(from->RR))) return NULL; + if (!BN_copy(&(to->N),&(from->N))) return NULL; + if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; + to->ri=from->ri; +#if 0 /* for OpenSSL 0.9.9 mont->n0 */ + to->n0[0]=from->n0[0]; + to->n0[1]=from->n0[1]; +#else + to->n0=from->n0; +#endif + return(to); + } + +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx) + { + int got_write_lock = 0; + BN_MONT_CTX *ret; + + CRYPTO_r_lock(lock); + if (!*pmont) + { + CRYPTO_r_unlock(lock); + CRYPTO_w_lock(lock); + got_write_lock = 1; + + if (!*pmont) + { + ret = BN_MONT_CTX_new(); + if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) + BN_MONT_CTX_free(ret); + else + *pmont = ret; + } + } + + ret = *pmont; + + if (got_write_lock) + CRYPTO_w_unlock(lock); + else + CRYPTO_r_unlock(lock); + + return ret; + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_word.c new file mode 100755 index 00000000..ee7b87c4 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/bn/bn_word.c @@ -0,0 +1,247 @@ +/* crypto/bn/bn_word.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn_lcl.h" + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) + { +#ifndef BN_LLONG + BN_ULONG ret=0; +#else + BN_ULLONG ret=0; +#endif + int i; + + if (w == 0) + return (BN_ULONG)-1; + + bn_check_top(a); + w&=BN_MASK2; + for (i=a->top-1; i>=0; i--) + { +#ifndef BN_LLONG + ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w; + ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w; +#else + ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% + (BN_ULLONG)w); +#endif + } + return((BN_ULONG)ret); + } + +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) + { + BN_ULONG ret = 0; + int i, j; + + bn_check_top(a); + w &= BN_MASK2; + + if (!w) + /* actually this an error (division by zero) */ + return (BN_ULONG)-1; + if (a->top == 0) + return 0; + + /* normalize input (so bn_div_words doesn't complain) */ + j = BN_BITS2 - BN_num_bits_word(w); + w <<= j; + if (!BN_lshift(a, a, j)) + return (BN_ULONG)-1; + + for (i=a->top-1; i>=0; i--) + { + BN_ULONG l,d; + + l=a->d[i]; + d=bn_div_words(ret,l,w); + ret=(l-((d*w)&BN_MASK2))&BN_MASK2; + a->d[i]=d; + } + if ((a->top > 0) && (a->d[a->top-1] == 0)) + a->top--; + ret >>= j; + bn_check_top(a); + return(ret); + } + +int BN_add_word(BIGNUM *a, BN_ULONG w) + { + BN_ULONG l; + int i; + + bn_check_top(a); + w &= BN_MASK2; + + /* degenerate case: w is zero */ + if (!w) return 1; + /* degenerate case: a is zero */ + if(BN_is_zero(a)) return BN_set_word(a, w); + /* handle 'a' when negative */ + if (a->neg) + { + a->neg=0; + i=BN_sub_word(a,w); + if (!BN_is_zero(a)) + a->neg=!(a->neg); + return(i); + } + /* Only expand (and risk failing) if it's possibly necessary */ + if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && + (bn_wexpand(a,a->top+1) == NULL)) + return(0); + i=0; + for (;;) + { + if (i >= a->top) + l=w; + else + l=(a->d[i]+w)&BN_MASK2; + a->d[i]=l; + if (w > l) + w=1; + else + break; + i++; + } + if (i >= a->top) + a->top++; + bn_check_top(a); + return(1); + } + +int BN_sub_word(BIGNUM *a, BN_ULONG w) + { + int i; + + bn_check_top(a); + w &= BN_MASK2; + + /* degenerate case: w is zero */ + if (!w) return 1; + /* degenerate case: a is zero */ + if(BN_is_zero(a)) + { + i = BN_set_word(a,w); + if (i != 0) + BN_set_negative(a, 1); + return i; + } + /* handle 'a' when negative */ + if (a->neg) + { + a->neg=0; + i=BN_add_word(a,w); + a->neg=1; + return(i); + } + + if ((a->top == 1) && (a->d[0] < w)) + { + a->d[0]=w-a->d[0]; + a->neg=1; + return(1); + } + i=0; + for (;;) + { + if (a->d[i] >= w) + { + a->d[i]-=w; + break; + } + else + { + a->d[i]=(a->d[i]-w)&BN_MASK2; + i++; + w=1; + } + } + if ((a->d[i] == 0) && (i == (a->top-1))) + a->top--; + bn_check_top(a); + return(1); + } + +int BN_mul_word(BIGNUM *a, BN_ULONG w) + { + BN_ULONG ll; + + bn_check_top(a); + w&=BN_MASK2; + if (a->top) + { + if (w == 0) + BN_zero(a); + else + { + ll=bn_mul_words(a->d,a->d,a->top,w); + if (ll) + { + if (bn_wexpand(a,a->top+1) == NULL) return(0); + a->d[a->top++]=ll; + } + } + } + bn_check_top(a); + return(1); + } + diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/cryptlib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/cryptlib.c new file mode 100755 index 00000000..dd74ea88 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/cryptlib.c @@ -0,0 +1,544 @@ +/* crypto/cryptlib.c */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#include "cryptlib.h" +#include <openssl/safestack.h> + +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ +#endif + +static void (MS_FAR *locking_callback)(int mode,int type, + const char *file,int line)=NULL; +static int (MS_FAR *add_lock_callback)(int *pointer,int amount, + int type,const char *file,int line)=NULL; +static unsigned long (MS_FAR *id_callback)(void)=NULL; + +int CRYPTO_num_locks(void) + { + return CRYPTO_NUM_LOCKS; + } + +void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, + int line) + { + return(locking_callback); + } + +int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, + const char *file,int line) + { + return(add_lock_callback); + } + +void CRYPTO_set_locking_callback(void (*func)(int mode,int type, + const char *file,int line)) + { + locking_callback=func; + } + +void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, + const char *file,int line)) + { + add_lock_callback=func; + } + +unsigned long (*CRYPTO_get_id_callback(void))(void) + { + return(id_callback); + } + +void CRYPTO_set_id_callback(unsigned long (*func)(void)) + { + id_callback=func; + } + +unsigned long CRYPTO_thread_id(void) + { + unsigned long ret=0; + + if (id_callback == NULL) + { +#ifdef OPENSSL_SYS_WIN16 + ret=(unsigned long)GetCurrentTask(); +#elif defined(OPENSSL_SYS_WIN32) + ret=(unsigned long)GetCurrentThreadId(); +#elif defined(GETPID_IS_MEANINGLESS) + ret=1L; +#else + ret=(unsigned long)getpid(); +#endif + } + else + ret=id_callback(); + return(ret); + } + +static void (*do_dynlock_cb)(int mode, int type, const char *file, int line); + +void int_CRYPTO_set_do_dynlock_callback( + void (*dyn_cb)(int mode, int type, const char *file, int line)) + { + do_dynlock_cb = dyn_cb; + } + +void CRYPTO_lock(int mode, int type, const char *file, int line) + { +#ifdef LOCK_DEBUG + { + char *rw_text,*operation_text; + + if (mode & CRYPTO_LOCK) + operation_text="lock "; + else if (mode & CRYPTO_UNLOCK) + operation_text="unlock"; + else + operation_text="ERROR "; + + if (mode & CRYPTO_READ) + rw_text="r"; + else if (mode & CRYPTO_WRITE) + rw_text="w"; + else + rw_text="ERROR"; + + fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n", + CRYPTO_thread_id(), rw_text, operation_text, + CRYPTO_get_lock_name(type), file, line); + } +#endif + if (type < 0) + { + if (do_dynlock_cb) + do_dynlock_cb(mode, type, file, line); + } + else + if (locking_callback != NULL) + locking_callback(mode,type,file,line); + } + +int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, + int line) + { + int ret = 0; + + if (add_lock_callback != NULL) + { +#ifdef LOCK_DEBUG + int before= *pointer; +#endif + + ret=add_lock_callback(pointer,amount,type,file,line); +#ifdef LOCK_DEBUG + fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", + CRYPTO_thread_id(), + before,amount,ret, + CRYPTO_get_lock_name(type), + file,line); +#endif + } + else + { + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line); + + ret= *pointer+amount; +#ifdef LOCK_DEBUG + fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", + CRYPTO_thread_id(), + *pointer,amount,ret, + CRYPTO_get_lock_name(type), + file,line); +#endif + *pointer=ret; + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line); + } + return(ret); + } + +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) + +unsigned long OPENSSL_ia32cap_P=0; +unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; } + +#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) +#define OPENSSL_CPUID_SETUP +void OPENSSL_cpuid_setup(void) +{ static int trigger=0; + unsigned long OPENSSL_ia32_cpuid(void); + char *env; + + if (trigger) return; + + trigger=1; + if ((env=getenv("OPENSSL_ia32cap"))) + OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10); + else + OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10); + /* + * |(1<<10) sets a reserved bit to signal that variable + * was initialized already... This is to avoid interference + * with cpuid snippets in ELF .init segment. + */ +} +#endif + +#else +unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } +#endif +int OPENSSL_NONPIC_relocated = 0; +#if !defined(OPENSSL_CPUID_SETUP) +void OPENSSL_cpuid_setup(void) {} +#endif + +#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) + +#ifdef OPENSSL_FIPS + +#include <tlhelp32.h> +#if defined(__GNUC__) && __GNUC__>=2 +static int DllInit(void) __attribute__((constructor)); +#elif defined(_MSC_VER) +static int DllInit(void); +# ifdef _WIN64 +# pragma section(".CRT$XCU",read) + __declspec(allocate(".CRT$XCU")) +# else +# pragma data_seg(".CRT$XCU") +# endif + static int (*p)(void) = DllInit; +# pragma data_seg() +#endif + +static int DllInit(void) +{ +#if defined(_WIN32_WINNT) + union { int(*f)(void); BYTE *p; } t = { DllInit }; + HANDLE hModuleSnap = INVALID_HANDLE_VALUE; + IMAGE_DOS_HEADER *dos_header; + IMAGE_NT_HEADERS *nt_headers; + MODULEENTRY32 me32 = {sizeof(me32)}; + + hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0); + if (hModuleSnap != INVALID_HANDLE_VALUE && + Module32First(hModuleSnap,&me32)) do + { + if (t.p >= me32.modBaseAddr && + t.p < me32.modBaseAddr+me32.modBaseSize) + { + dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr; + if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) + { + nt_headers=(IMAGE_NT_HEADERS *) + ((BYTE *)dos_header+dos_header->e_lfanew); + if (nt_headers->Signature==IMAGE_NT_SIGNATURE && + me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase) + OPENSSL_NONPIC_relocated=1; + } + break; + } + } while (Module32Next(hModuleSnap,&me32)); + + if (hModuleSnap != INVALID_HANDLE_VALUE) + CloseHandle(hModuleSnap); +#endif + OPENSSL_cpuid_setup(); + return 0; +} + +#else + +#ifdef __CYGWIN__ +/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ +#include <windows.h> +#endif + +/* All we really need to do is remove the 'error' state when a thread + * detaches */ + +BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, + LPVOID lpvReserved) + { + switch(fdwReason) + { + case DLL_PROCESS_ATTACH: + OPENSSL_cpuid_setup(); +#if defined(_WIN32_WINNT) + { + IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL; + IMAGE_NT_HEADERS *nt_headers; + + if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) + { + nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header + + dos_header->e_lfanew); + if (nt_headers->Signature==IMAGE_NT_SIGNATURE && + hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase)) + OPENSSL_NONPIC_relocated=1; + } + } +#endif + break; + case DLL_THREAD_ATTACH: + break; + case DLL_THREAD_DETACH: + break; + case DLL_PROCESS_DETACH: + break; + } + return(TRUE); + } +#endif + +#endif + +#if defined(_WIN32) && !defined(__CYGWIN__) +#include <tchar.h> + +#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 +int OPENSSL_isservice(void) +{ HWINSTA h; + DWORD len; + WCHAR *name; + + (void)GetDesktopWindow(); /* return value is ignored */ + + h = GetProcessWindowStation(); + if (h==NULL) return -1; + + if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) || + GetLastError() != ERROR_INSUFFICIENT_BUFFER) + return -1; + + if (len>512) return -1; /* paranoia */ + len++,len&=~1; /* paranoia */ +#ifdef _MSC_VER + name=(WCHAR *)_alloca(len+sizeof(WCHAR)); +#else + name=(WCHAR *)alloca(len+sizeof(WCHAR)); +#endif + if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len)) + return -1; + + len++,len&=~1; /* paranoia */ + name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */ +#if 1 + /* This doesn't cover "interactive" services [working with real + * WinSta0's] nor programs started non-interactively by Task + * Scheduler [those are working with SAWinSta]. */ + if (wcsstr(name,L"Service-0x")) return 1; +#else + /* This covers all non-interactive programs such as services. */ + if (!wcsstr(name,L"WinSta0")) return 1; +#endif + else return 0; +} +#else +int OPENSSL_isservice(void) { return 0; } +#endif + +void OPENSSL_showfatal (const char *fmta,...) +{ va_list ap; + TCHAR buf[256]; + const TCHAR *fmt; +#ifdef STD_ERROR_HANDLE /* what a dirty trick! */ + HANDLE h; + + if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL && + GetFileType(h)!=FILE_TYPE_UNKNOWN) + { /* must be console application */ + va_start (ap,fmta); + vfprintf (stderr,fmta,ap); + va_end (ap); + return; + } +#endif + + if (sizeof(TCHAR)==sizeof(char)) + fmt=(const TCHAR *)fmta; + else do + { int keepgoing; + size_t len_0=strlen(fmta)+1,i; + WCHAR *fmtw; + +#ifdef _MSC_VER + fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); +#else + fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); +#endif + if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } + +#ifndef OPENSSL_NO_MULTIBYTE + if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0)) +#endif + for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i]; + + for (i=0;i<len_0;i++) + { if (fmtw[i]==L'%') do + { keepgoing=0; + switch (fmtw[i+1]) + { case L'0': case L'1': case L'2': case L'3': case L'4': + case L'5': case L'6': case L'7': case L'8': case L'9': + case L'.': case L'*': + case L'-': i++; keepgoing=1; break; + case L's': fmtw[i+1]=L'S'; break; + case L'S': fmtw[i+1]=L's'; break; + case L'c': fmtw[i+1]=L'C'; break; + case L'C': fmtw[i+1]=L'c'; break; + } + } while (keepgoing); + } + fmt = (const TCHAR *)fmtw; + } while (0); + + va_start (ap,fmta); + _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap); + buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0'); + va_end (ap); + +#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 + /* this -------------v--- guards NT-specific calls */ + if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) + { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); + const TCHAR *pmsg=buf; + ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); + DeregisterEventSource(h); + } + else +#endif + MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); +} +#else +void OPENSSL_showfatal (const char *fmta,...) +{ va_list ap; + + va_start (ap,fmta); + vfprintf (stderr,fmta,ap); + va_end (ap); +} +int OPENSSL_isservice (void) { return 0; } +#endif + +void OpenSSLDie(const char *file,int line,const char *assertion) + { + OPENSSL_showfatal( + "%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); + abort(); + } + +void *OPENSSL_stderr(void) { return stderr; } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c new file mode 100755 index 00000000..7dca5e4b --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c @@ -0,0 +1,385 @@ +/* crypto/ec/ec2_mult.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The software is originally written by Sheueling Chang Shantz and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/err.h> + +#include "ec_lcl.h" + + +/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective + * coordinates. + * Uses algorithm Mdouble in appendix of + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + * modified to not require precomputation of c=b^{2^{m-1}}. + */ +static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx) + { + BIGNUM *t1; + int ret = 0; + + /* Since Mdouble is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + if (t1 == NULL) goto err; + + if (!group->meth->field_sqr(group, x, x, ctx)) goto err; + if (!group->meth->field_sqr(group, t1, z, ctx)) goto err; + if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err; + if (!group->meth->field_sqr(group, x, x, ctx)) goto err; + if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err; + if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err; + if (!BN_GF2m_add(x, x, t1)) goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; + } + +/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery + * projective coordinates. + * Uses algorithm Madd in appendix of + * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + */ +static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, + const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx) + { + BIGNUM *t1, *t2; + int ret = 0; + + /* Since Madd is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t2 == NULL) goto err; + + if (!BN_copy(t1, x)) goto err; + if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err; + if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err; + if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err; + if (!BN_GF2m_add(z1, z1, x1)) goto err; + if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err; + if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err; + if (!BN_GF2m_add(x1, x1, t2)) goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; + } + +/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) + * using Montgomery point multiplication algorithm Mxy() in appendix of + * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + * Returns: + * 0 on error + * 1 if return value should be the point at infinity + * 2 otherwise + */ +static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, + BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx) + { + BIGNUM *t3, *t4, *t5; + int ret = 0; + + if (BN_is_zero(z1)) + { + BN_zero(x2); + BN_zero(z2); + return 1; + } + + if (BN_is_zero(z2)) + { + if (!BN_copy(x2, x)) return 0; + if (!BN_GF2m_add(z2, x, y)) return 0; + return 2; + } + + /* Since Mxy is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + t3 = BN_CTX_get(ctx); + t4 = BN_CTX_get(ctx); + t5 = BN_CTX_get(ctx); + if (t5 == NULL) goto err; + + if (!BN_one(t5)) goto err; + + if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err; + + if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err; + if (!BN_GF2m_add(z1, z1, x1)) goto err; + if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err; + if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err; + if (!BN_GF2m_add(z2, z2, x2)) goto err; + + if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err; + if (!group->meth->field_sqr(group, t4, x, ctx)) goto err; + if (!BN_GF2m_add(t4, t4, y)) goto err; + if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err; + if (!BN_GF2m_add(t4, t4, z2)) goto err; + + if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err; + if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err; + if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err; + if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err; + if (!BN_GF2m_add(z2, x2, x)) goto err; + + if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err; + if (!BN_GF2m_add(z2, z2, y)) goto err; + + ret = 2; + + err: + BN_CTX_end(ctx); + return ret; + } + +/* Computes scalar*point and stores the result in r. + * point can not equal r. + * Uses algorithm 2P of + * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + */ +static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + const EC_POINT *point, BN_CTX *ctx) + { + BIGNUM *x1, *x2, *z1, *z2; + int ret = 0, i, j; + BN_ULONG mask; + + if (r == point) + { + ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); + return 0; + } + + /* if result should be point at infinity */ + if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || + EC_POINT_is_at_infinity(group, point)) + { + return EC_POINT_set_to_infinity(group, r); + } + + /* only support affine coordinates */ + if (!point->Z_is_one) return 0; + + /* Since point_multiply is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + x1 = BN_CTX_get(ctx); + z1 = BN_CTX_get(ctx); + if (z1 == NULL) goto err; + + x2 = &r->X; + z2 = &r->Y; + + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ + if (!BN_one(z1)) goto err; /* z1 = 1 */ + if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ + if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err; + if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */ + + /* find top most bit and go one past it */ + i = scalar->top - 1; j = BN_BITS2 - 1; + mask = BN_TBIT; + while (!(scalar->d[i] & mask)) { mask >>= 1; j--; } + mask >>= 1; j--; + /* if top most bit was at word break, go to next word */ + if (!mask) + { + i--; j = BN_BITS2 - 1; + mask = BN_TBIT; + } + + for (; i >= 0; i--) + { + for (; j >= 0; j--) + { + if (scalar->d[i] & mask) + { + if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; + if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; + } + else + { + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + } + mask >>= 1; + } + j = BN_BITS2 - 1; + mask = BN_TBIT; + } + + /* convert out of "projective" coordinates */ + i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx); + if (i == 0) goto err; + else if (i == 1) + { + if (!EC_POINT_set_to_infinity(group, r)) goto err; + } + else + { + if (!BN_one(&r->Z)) goto err; + r->Z_is_one = 1; + } + + /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ + BN_set_negative(&r->X, 0); + BN_set_negative(&r->Y, 0); + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; + } + + +/* Computes the sum + * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] + * gracefully ignoring NULL scalar values. + */ +int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) + { + BN_CTX *new_ctx = NULL; + int ret = 0; + size_t i; + EC_POINT *p=NULL; + EC_POINT *acc = NULL; + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + + /* This implementation is more efficient than the wNAF implementation for 2 + * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points, + * or if we can perform a fast multiplication based on precomputation. + */ + if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group))) + { + ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + goto err; + } + + if ((p = EC_POINT_new(group)) == NULL) goto err; + if ((acc = EC_POINT_new(group)) == NULL) goto err; + + if (!EC_POINT_set_to_infinity(group, acc)) goto err; + + if (scalar) + { + if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err; + if (BN_is_negative(scalar)) + if (!group->meth->invert(group, p, ctx)) goto err; + if (!group->meth->add(group, acc, acc, p, ctx)) goto err; + } + + for (i = 0; i < num; i++) + { + if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err; + if (BN_is_negative(scalars[i])) + if (!group->meth->invert(group, p, ctx)) goto err; + if (!group->meth->add(group, acc, acc, p, ctx)) goto err; + } + + if (!EC_POINT_copy(r, acc)) goto err; + + ret = 1; + + err: + if (p) EC_POINT_free(p); + if (acc) EC_POINT_free(acc); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; + } + + +/* Precomputation for point multiplication: fall back to wNAF methods + * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */ + +int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) + { + return ec_wNAF_precompute_mult(group, ctx); + } + +int ec_GF2m_have_precompute_mult(const EC_GROUP *group) + { + return ec_wNAF_have_precompute_mult(group); + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_key.c new file mode 100755 index 00000000..522802c0 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_key.c @@ -0,0 +1,463 @@ +/* crypto/ec/ec_key.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions originally developed by SUN MICROSYSTEMS, INC., and + * contributed to the OpenSSL project. + */ + +#include <string.h> +#include "ec_lcl.h" +#include <openssl/err.h> +#include <string.h> + +EC_KEY *EC_KEY_new(void) + { + EC_KEY *ret; + + ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY)); + if (ret == NULL) + { + ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); + return(NULL); + } + + ret->version = 1; + ret->group = NULL; + ret->pub_key = NULL; + ret->priv_key= NULL; + ret->enc_flag= 0; + ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; + ret->references= 1; + ret->method_data = NULL; + return(ret); + } + +EC_KEY *EC_KEY_new_by_curve_name(int nid) + { + EC_KEY *ret = EC_KEY_new(); + if (ret == NULL) + return NULL; + ret->group = EC_GROUP_new_by_curve_name(nid); + if (ret->group == NULL) + { + EC_KEY_free(ret); + return NULL; + } + return ret; + } + +void EC_KEY_free(EC_KEY *r) + { + int i; + + if (r == NULL) return; + + i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC); +#ifdef REF_PRINT + REF_PRINT("EC_KEY",r); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"EC_KEY_free, bad reference count\n"); + abort(); + } +#endif + + if (r->group != NULL) + EC_GROUP_free(r->group); + if (r->pub_key != NULL) + EC_POINT_free(r->pub_key); + if (r->priv_key != NULL) + BN_clear_free(r->priv_key); + + EC_EX_DATA_free_all_data(&r->method_data); + + OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); + + OPENSSL_free(r); + } + +EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) + { + EC_EXTRA_DATA *d; + + if (dest == NULL || src == NULL) + { + ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + /* copy the parameters */ + if (src->group) + { + const EC_METHOD *meth = EC_GROUP_method_of(src->group); + /* clear the old group */ + if (dest->group) + EC_GROUP_free(dest->group); + dest->group = EC_GROUP_new(meth); + if (dest->group == NULL) + return NULL; + if (!EC_GROUP_copy(dest->group, src->group)) + return NULL; + } + /* copy the public key */ + if (src->pub_key && src->group) + { + if (dest->pub_key) + EC_POINT_free(dest->pub_key); + dest->pub_key = EC_POINT_new(src->group); + if (dest->pub_key == NULL) + return NULL; + if (!EC_POINT_copy(dest->pub_key, src->pub_key)) + return NULL; + } + /* copy the private key */ + if (src->priv_key) + { + if (dest->priv_key == NULL) + { + dest->priv_key = BN_new(); + if (dest->priv_key == NULL) + return NULL; + } + if (!BN_copy(dest->priv_key, src->priv_key)) + return NULL; + } + /* copy method/extra data */ + EC_EX_DATA_free_all_data(&dest->method_data); + + for (d = src->method_data; d != NULL; d = d->next) + { + void *t = d->dup_func(d->data); + + if (t == NULL) + return 0; + if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func)) + return 0; + } + + /* copy the rest */ + dest->enc_flag = src->enc_flag; + dest->conv_form = src->conv_form; + dest->version = src->version; + + return dest; + } + +EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) + { + EC_KEY *ret = EC_KEY_new(); + if (ret == NULL) + return NULL; + if (EC_KEY_copy(ret, ec_key) == NULL) + { + EC_KEY_free(ret); + return NULL; + } + return ret; + } + +int EC_KEY_up_ref(EC_KEY *r) + { + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); +#ifdef REF_PRINT + REF_PRINT("EC_KEY",r); +#endif +#ifdef REF_CHECK + if (i < 2) + { + fprintf(stderr, "EC_KEY_up, bad reference count\n"); + abort(); + } +#endif + return ((i > 1) ? 1 : 0); + } + +int EC_KEY_generate_key(EC_KEY *eckey) + { + int ok = 0; + BN_CTX *ctx = NULL; + BIGNUM *priv_key = NULL, *order = NULL; + EC_POINT *pub_key = NULL; + + if (!eckey || !eckey->group) + { + ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((order = BN_new()) == NULL) goto err; + if ((ctx = BN_CTX_new()) == NULL) goto err; + + if (eckey->priv_key == NULL) + { + priv_key = BN_new(); + if (priv_key == NULL) + goto err; + } + else + priv_key = eckey->priv_key; + + if (!EC_GROUP_get_order(eckey->group, order, ctx)) + goto err; + + do + if (!BN_rand_range(priv_key, order)) + goto err; + while (BN_is_zero(priv_key)); + + if (eckey->pub_key == NULL) + { + pub_key = EC_POINT_new(eckey->group); + if (pub_key == NULL) + goto err; + } + else + pub_key = eckey->pub_key; + + if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) + goto err; + + eckey->priv_key = priv_key; + eckey->pub_key = pub_key; + + ok=1; + +err: + if (order) + BN_free(order); + if (pub_key != NULL && eckey->pub_key == NULL) + EC_POINT_free(pub_key); + if (priv_key != NULL && eckey->priv_key == NULL) + BN_free(priv_key); + if (ctx != NULL) + BN_CTX_free(ctx); + return(ok); + } + +int EC_KEY_check_key(const EC_KEY *eckey) + { + int ok = 0; + BN_CTX *ctx = NULL; + const BIGNUM *order = NULL; + EC_POINT *point = NULL; + + if (!eckey || !eckey->group || !eckey->pub_key) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); + goto err; + } + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + if ((point = EC_POINT_new(eckey->group)) == NULL) + goto err; + + /* testing whether the pub_key is on the elliptic curve */ + if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + /* testing whether pub_key * order is the point at infinity */ + order = &eckey->group->order; + if (BN_is_zero(order)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); + goto err; + } + if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); + goto err; + } + if (!EC_POINT_is_at_infinity(eckey->group, point)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); + goto err; + } + /* in case the priv_key is present : + * check if generator * priv_key == pub_key + */ + if (eckey->priv_key) + { + if (BN_cmp(eckey->priv_key, order) >= 0) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); + goto err; + } + if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, + NULL, NULL, ctx)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); + goto err; + } + if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, + ctx) != 0) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); + goto err; + } + } + ok = 1; +err: + if (ctx != NULL) + BN_CTX_free(ctx); + if (point != NULL) + EC_POINT_free(point); + return(ok); + } + +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) + { + return key->group; + } + +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) + { + if (key->group != NULL) + EC_GROUP_free(key->group); + key->group = EC_GROUP_dup(group); + return (key->group == NULL) ? 0 : 1; + } + +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) + { + return key->priv_key; + } + +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) + { + if (key->priv_key) + BN_clear_free(key->priv_key); + key->priv_key = BN_dup(priv_key); + return (key->priv_key == NULL) ? 0 : 1; + } + +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) + { + return key->pub_key; + } + +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) + { + if (key->pub_key != NULL) + EC_POINT_free(key->pub_key); + key->pub_key = EC_POINT_dup(pub_key, key->group); + return (key->pub_key == NULL) ? 0 : 1; + } + +unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) + { + return key->enc_flag; + } + +void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) + { + key->enc_flag = flags; + } + +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) + { + return key->conv_form; + } + +void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) + { + key->conv_form = cform; + if (key->group != NULL) + EC_GROUP_set_point_conversion_form(key->group, cform); + } + +void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + } + +void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA *ex_data; + CRYPTO_w_lock(CRYPTO_LOCK_EC); + ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + if (ex_data == NULL) + EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); + CRYPTO_w_unlock(CRYPTO_LOCK_EC); + } + +void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) + { + if (key->group != NULL) + EC_GROUP_set_asn1_flag(key->group, flag); + } + +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) + { + if (key->group == NULL) + return 0; + return EC_GROUP_precompute_mult(key->group, ctx); + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_lib.c new file mode 100755 index 00000000..5af84376 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ec/ec_lib.c @@ -0,0 +1,1164 @@ +/* crypto/ec/ec_lib.c */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Binary polynomial ECC support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#include <string.h> + +#include <openssl/err.h> +#include <openssl/opensslv.h> + +#include "ec_lcl.h" + +static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; + + +/* functions for EC_GROUP objects */ + +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) + { + EC_GROUP *ret; + + if (meth == NULL) + { + ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (meth->group_init == 0) + { + ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return NULL; + } + + ret = OPENSSL_malloc(sizeof *ret); + if (ret == NULL) + { + ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + + ret->meth = meth; + + ret->extra_data = NULL; + + ret->generator = NULL; + BN_init(&ret->order); + BN_init(&ret->cofactor); + + ret->curve_name = 0; + ret->asn1_flag = 0; + ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; + + ret->seed = NULL; + ret->seed_len = 0; + + if (!meth->group_init(ret)) + { + OPENSSL_free(ret); + return NULL; + } + + return ret; + } + + +void EC_GROUP_free(EC_GROUP *group) + { + if (!group) return; + + if (group->meth->group_finish != 0) + group->meth->group_finish(group); + + EC_EX_DATA_free_all_data(&group->extra_data); + + if (group->generator != NULL) + EC_POINT_free(group->generator); + BN_free(&group->order); + BN_free(&group->cofactor); + + if (group->seed) + OPENSSL_free(group->seed); + + OPENSSL_free(group); + } + + +void EC_GROUP_clear_free(EC_GROUP *group) + { + if (!group) return; + + if (group->meth->group_clear_finish != 0) + group->meth->group_clear_finish(group); + else if (group->meth->group_finish != 0) + group->meth->group_finish(group); + + EC_EX_DATA_clear_free_all_data(&group->extra_data); + + if (group->generator != NULL) + EC_POINT_clear_free(group->generator); + BN_clear_free(&group->order); + BN_clear_free(&group->cofactor); + + if (group->seed) + { + OPENSSL_cleanse(group->seed, group->seed_len); + OPENSSL_free(group->seed); + } + + OPENSSL_cleanse(group, sizeof *group); + OPENSSL_free(group); + } + + +int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) + { + EC_EXTRA_DATA *d; + + if (dest->meth->group_copy == 0) + { + ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (dest->meth != src->meth) + { + ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + if (dest == src) + return 1; + + EC_EX_DATA_free_all_data(&dest->extra_data); + + for (d = src->extra_data; d != NULL; d = d->next) + { + void *t = d->dup_func(d->data); + + if (t == NULL) + return 0; + if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func)) + return 0; + } + + if (src->generator != NULL) + { + if (dest->generator == NULL) + { + dest->generator = EC_POINT_new(dest); + if (dest->generator == NULL) return 0; + } + if (!EC_POINT_copy(dest->generator, src->generator)) return 0; + } + else + { + /* src->generator == NULL */ + if (dest->generator != NULL) + { + EC_POINT_clear_free(dest->generator); + dest->generator = NULL; + } + } + + if (!BN_copy(&dest->order, &src->order)) return 0; + if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0; + + dest->curve_name = src->curve_name; + dest->asn1_flag = src->asn1_flag; + dest->asn1_form = src->asn1_form; + + if (src->seed) + { + if (dest->seed) + OPENSSL_free(dest->seed); + dest->seed = OPENSSL_malloc(src->seed_len); + if (dest->seed == NULL) + return 0; + if (!memcpy(dest->seed, src->seed, src->seed_len)) + return 0; + dest->seed_len = src->seed_len; + } + else + { + if (dest->seed) + OPENSSL_free(dest->seed); + dest->seed = NULL; + dest->seed_len = 0; + } + + + return dest->meth->group_copy(dest, src); + } + + +EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) + { + EC_GROUP *t = NULL; + int ok = 0; + + if (a == NULL) return NULL; + + if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL); + if (!EC_GROUP_copy(t, a)) goto err; + + ok = 1; + + err: + if (!ok) + { + if (t) EC_GROUP_free(t); + return NULL; + } + else return t; + } + + +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) + { + return group->meth; + } + + +int EC_METHOD_get_field_type(const EC_METHOD *meth) + { + return meth->field_type; + } + + +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) + { + if (generator == NULL) + { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); + return 0 ; + } + + if (group->generator == NULL) + { + group->generator = EC_POINT_new(group); + if (group->generator == NULL) return 0; + } + if (!EC_POINT_copy(group->generator, generator)) return 0; + + if (order != NULL) + { if (!BN_copy(&group->order, order)) return 0; } + else + BN_zero(&group->order); + + if (cofactor != NULL) + { if (!BN_copy(&group->cofactor, cofactor)) return 0; } + else + BN_zero(&group->cofactor); + + return 1; + } + + +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) + { + return group->generator; + } + + +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) + { + if (!BN_copy(order, &group->order)) + return 0; + + return !BN_is_zero(order); + } + + +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) + { + if (!BN_copy(cofactor, &group->cofactor)) + return 0; + + return !BN_is_zero(&group->cofactor); + } + + +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) + { + group->curve_name = nid; + } + + +int EC_GROUP_get_curve_name(const EC_GROUP *group) + { + return group->curve_name; + } + + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) + { + group->asn1_flag = flag; + } + + +int EC_GROUP_get_asn1_flag(const EC_GROUP *group) + { + return group->asn1_flag; + } + + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form) + { + group->asn1_form = form; + } + + +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group) + { + return group->asn1_form; + } + + +size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) + { + if (group->seed) + { + OPENSSL_free(group->seed); + group->seed = NULL; + group->seed_len = 0; + } + + if (!len || !p) + return 1; + + if ((group->seed = OPENSSL_malloc(len)) == NULL) + return 0; + memcpy(group->seed, p, len); + group->seed_len = len; + + return len; + } + + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group) + { + return group->seed; + } + + +size_t EC_GROUP_get_seed_len(const EC_GROUP *group) + { + return group->seed_len; + } + + +int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + if (group->meth->group_set_curve == 0) + { + ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + return group->meth->group_set_curve(group, p, a, b, ctx); + } + + +int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) + { + if (group->meth->group_get_curve == 0) + { + ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + return group->meth->group_get_curve(group, p, a, b, ctx); + } + + +int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + if (group->meth->group_set_curve == 0) + { + ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + return group->meth->group_set_curve(group, p, a, b, ctx); + } + + +int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) + { + if (group->meth->group_get_curve == 0) + { + ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + return group->meth->group_get_curve(group, p, a, b, ctx); + } + + +int EC_GROUP_get_degree(const EC_GROUP *group) + { + if (group->meth->group_get_degree == 0) + { + ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + return group->meth->group_get_degree(group); + } + + +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) + { + if (group->meth->group_check_discriminant == 0) + { + ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + return group->meth->group_check_discriminant(group, ctx); + } + + +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) + { + int r = 0; + BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; + BN_CTX *ctx_new = NULL; + + /* compare the field types*/ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != + EC_METHOD_get_field_type(EC_GROUP_method_of(b))) + return 1; + /* compare the curve name (if present) */ + if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && + EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) + return 0; + + if (!ctx) + ctx_new = ctx = BN_CTX_new(); + if (!ctx) + return -1; + + BN_CTX_start(ctx); + a1 = BN_CTX_get(ctx); + a2 = BN_CTX_get(ctx); + a3 = BN_CTX_get(ctx); + b1 = BN_CTX_get(ctx); + b2 = BN_CTX_get(ctx); + b3 = BN_CTX_get(ctx); + if (!b3) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; + } + + /* XXX This approach assumes that the external representation + * of curves over the same field type is the same. + */ + if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || + !b->meth->group_get_curve(b, b1, b2, b3, ctx)) + r = 1; + + if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) + r = 1; + + /* XXX EC_POINT_cmp() assumes that the methods are equal */ + if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), + EC_GROUP_get0_generator(b), ctx)) + r = 1; + + if (!r) + { + /* compare the order and cofactor */ + if (!EC_GROUP_get_order(a, a1, ctx) || + !EC_GROUP_get_order(b, b1, ctx) || + !EC_GROUP_get_cofactor(a, a2, ctx) || + !EC_GROUP_get_cofactor(b, b2, ctx)) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; + } + if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) + r = 1; + } + + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + + return r; + } + + +/* this has 'package' visibility */ +int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA *d; + + if (ex_data == NULL) + return 0; + + for (d = *ex_data; d != NULL; d = d->next) + { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + { + ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); + return 0; + } + } + + if (data == NULL) + /* no explicit entry needed */ + return 1; + + d = OPENSSL_malloc(sizeof *d); + if (d == NULL) + return 0; + + d->data = data; + d->dup_func = dup_func; + d->free_func = free_func; + d->clear_free_func = clear_free_func; + + d->next = *ex_data; + *ex_data = d; + + return 1; + } + +/* this has 'package' visibility */ +void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + const EC_EXTRA_DATA *d; + + for (d = ex_data; d != NULL; d = d->next) + { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + return d->data; + } + + return NULL; + } + +/* this has 'package' visibility */ +void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA **p; + + if (ex_data == NULL) + return; + + for (p = ex_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } + } + +/* this has 'package' visibility */ +void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA **p; + + if (ex_data == NULL) + return; + + for (p = ex_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->clear_free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } + } + +/* this has 'package' visibility */ +void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data) + { + EC_EXTRA_DATA *d; + + if (ex_data == NULL) + return; + + d = *ex_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->free_func(d->data); + OPENSSL_free(d); + + d = next; + } + *ex_data = NULL; + } + +/* this has 'package' visibility */ +void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data) + { + EC_EXTRA_DATA *d; + + if (ex_data == NULL) + return; + + d = *ex_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->clear_free_func(d->data); + OPENSSL_free(d); + + d = next; + } + *ex_data = NULL; + } + + +/* functions for EC_POINT objects */ + +EC_POINT *EC_POINT_new(const EC_GROUP *group) + { + EC_POINT *ret; + + if (group == NULL) + { + ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (group->meth->point_init == 0) + { + ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return NULL; + } + + ret = OPENSSL_malloc(sizeof *ret); + if (ret == NULL) + { + ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + + ret->meth = group->meth; + + if (!ret->meth->point_init(ret)) + { + OPENSSL_free(ret); + return NULL; + } + + return ret; + } + + +void EC_POINT_free(EC_POINT *point) + { + if (!point) return; + + if (point->meth->point_finish != 0) + point->meth->point_finish(point); + OPENSSL_free(point); + } + + +void EC_POINT_clear_free(EC_POINT *point) + { + if (!point) return; + + if (point->meth->point_clear_finish != 0) + point->meth->point_clear_finish(point); + else if (point->meth != NULL && point->meth->point_finish != 0) + point->meth->point_finish(point); + OPENSSL_cleanse(point, sizeof *point); + OPENSSL_free(point); + } + + +int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) + { + if (dest->meth->point_copy == 0) + { + ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (dest->meth != src->meth) + { + ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + if (dest == src) + return 1; + return dest->meth->point_copy(dest, src); + } + + +EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) + { + EC_POINT *t; + int r; + + if (a == NULL) return NULL; + + t = EC_POINT_new(group); + if (t == NULL) return(NULL); + r = EC_POINT_copy(t, a); + if (!r) + { + EC_POINT_free(t); + return NULL; + } + else return t; + } + + +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) + { + return point->meth; + } + + +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) + { + if (group->meth->point_set_to_infinity == 0) + { + ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_set_to_infinity(group, point); + } + + +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) + { + if (group->meth->point_set_Jprojective_coordinates_GFp == 0) + { + ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); + } + + +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) + { + if (group->meth->point_get_Jprojective_coordinates_GFp == 0) + { + ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); + } + + +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) + { + if (group->meth->point_set_affine_coordinates == 0) + { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); + } + + +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) + { + if (group->meth->point_set_affine_coordinates == 0) + { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); + } + + +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx) + { + if (group->meth->point_get_affine_coordinates == 0) + { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); + } + + +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx) + { + if (group->meth->point_get_affine_coordinates == 0) + { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); + } + + +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, int y_bit, BN_CTX *ctx) + { + if (group->meth->point_set_compressed_coordinates == 0) + { + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); + } + + +int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, int y_bit, BN_CTX *ctx) + { + if (group->meth->point_set_compressed_coordinates == 0) + { + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); + } + + +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx) + { + if (group->meth->point2oct == 0) + { + ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point2oct(group, point, form, buf, len, ctx); + } + + +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, + const unsigned char *buf, size_t len, BN_CTX *ctx) + { + if (group->meth->oct2point == 0) + { + ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->oct2point(group, point, buf, len, ctx); + } + + +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) + { + if (group->meth->add == 0) + { + ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) + { + ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->add(group, r, a, b, ctx); + } + + +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) + { + if (group->meth->dbl == 0) + { + ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if ((group->meth != r->meth) || (r->meth != a->meth)) + { + ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->dbl(group, r, a, ctx); + } + + +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) + { + if (group->meth->dbl == 0) + { + ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != a->meth) + { + ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->invert(group, a, ctx); + } + + +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) + { + if (group->meth->is_at_infinity == 0) + { + ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->is_at_infinity(group, point); + } + + +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) + { + if (group->meth->is_on_curve == 0) + { + ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->is_on_curve(group, point, ctx); + } + + +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) + { + if (group->meth->point_cmp == 0) + { + ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if ((group->meth != a->meth) || (a->meth != b->meth)) + { + ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_cmp(group, a, b, ctx); + } + + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) + { + if (group->meth->make_affine == 0) + { + ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->make_affine(group, point, ctx); + } + + +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) + { + size_t i; + + if (group->meth->points_make_affine == 0) + { + ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + for (i = 0; i < num; i++) + { + if (group->meth != points[i]->meth) + { + ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + } + return group->meth->points_make_affine(group, num, points, ctx); + } + + +/* Functions for point multiplication. + * + * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; + * otherwise we dispatch through methods. + */ + +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + + return group->meth->mul(group, r, scalar, num, points, scalars, ctx); + } + +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, + const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) + { + /* just a convenient interface to EC_POINTs_mul() */ + + const EC_POINT *points[1]; + const BIGNUM *scalars[1]; + + points[0] = point; + scalars[0] = p_scalar; + + return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); + } + +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_precompute_mult(group, ctx); + + if (group->meth->precompute_mult != 0) + return group->meth->precompute_mult(group, ctx); + else + return 1; /* nothing to do, so report success */ + } + +int EC_GROUP_have_precompute_mult(const EC_GROUP *group) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_have_precompute_mult(group); + + if (group->meth->have_precompute_mult != 0) + return group->meth->have_precompute_mult(group); + else + return 0; /* cannot tell whether precomputation has been performed */ + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c new file mode 100755 index 00000000..bf222347 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c @@ -0,0 +1,241 @@ +/* crypto/ecdh/ech_lib.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ech_locl.h" +#include <string.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif +#include <openssl/err.h> + +const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT; + +static const ECDH_METHOD *default_ECDH_method = NULL; + +static void *ecdh_data_new(void); +static void *ecdh_data_dup(void *); +static void ecdh_data_free(void *); + +void ECDH_set_default_method(const ECDH_METHOD *meth) + { + default_ECDH_method = meth; + } + +const ECDH_METHOD *ECDH_get_default_method(void) + { + if(!default_ECDH_method) + default_ECDH_method = ECDH_OpenSSL(); + return default_ECDH_method; + } + +int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) + { + ECDH_DATA *ecdh; + + ecdh = ecdh_check(eckey); + + if (ecdh == NULL) + return 0; + +#ifndef OPENSSL_NO_ENGINE + if (ecdh->engine) + { + ENGINE_finish(ecdh->engine); + ecdh->engine = NULL; + } +#endif + ecdh->meth = meth; +#if 0 + if (meth->init) + meth->init(eckey); +#endif + return 1; + } + +static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) + { + ECDH_DATA *ret; + + ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); + if (ret == NULL) + { + ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return(NULL); + } + + ret->init = NULL; + + ret->meth = ECDH_get_default_method(); + ret->engine = engine; +#ifndef OPENSSL_NO_ENGINE + if (!ret->engine) + ret->engine = ENGINE_get_default_ECDH(); + if (ret->engine) + { + ret->meth = ENGINE_get_ECDH(ret->engine); + if (!ret->meth) + { + ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } +#endif + + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); +#if 0 + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); + OPENSSL_free(ret); + ret=NULL; + } +#endif + return(ret); + } + +static void *ecdh_data_new(void) + { + return (void *)ECDH_DATA_new_method(NULL); + } + +static void *ecdh_data_dup(void *data) +{ + ECDH_DATA *r = (ECDH_DATA *)data; + + /* XXX: dummy operation */ + if (r == NULL) + return NULL; + + return (void *)ecdh_data_new(); +} + +void ecdh_data_free(void *data) + { + ECDH_DATA *r = (ECDH_DATA *)data; + +#ifndef OPENSSL_NO_ENGINE + if (r->engine) + ENGINE_finish(r->engine); +#endif + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); + + OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); + + OPENSSL_free(r); + } + +ECDH_DATA *ecdh_check(EC_KEY *key) + { + ECDH_DATA *ecdh_data; + + void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, + ecdh_data_free, ecdh_data_free); + if (data == NULL) + { + ecdh_data = (ECDH_DATA *)ecdh_data_new(); + if (ecdh_data == NULL) + return NULL; + EC_KEY_insert_key_method_data(key, (void *)ecdh_data, + ecdh_data_dup, ecdh_data_free, ecdh_data_free); + } + else + ecdh_data = (ECDH_DATA *)data; + + + return ecdh_data; + } + +int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, + new_func, dup_func, free_func); + } + +int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) + { + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return 0; + return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg)); + } + +void *ECDH_get_ex_data(EC_KEY *d, int idx) + { + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return NULL; + return(CRYPTO_get_ex_data(&ecdh->ex_data,idx)); + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c new file mode 100755 index 00000000..2ebae3aa --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c @@ -0,0 +1,259 @@ +/* crypto/ecdsa/ecs_lib.c */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <string.h> +#include "ecs_locl.h" +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif +#include <openssl/err.h> +#include <openssl/bn.h> + +const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT; + +static const ECDSA_METHOD *default_ECDSA_method = NULL; + +static void *ecdsa_data_new(void); +static void *ecdsa_data_dup(void *); +static void ecdsa_data_free(void *); + +void ECDSA_set_default_method(const ECDSA_METHOD *meth) +{ + default_ECDSA_method = meth; +} + +const ECDSA_METHOD *ECDSA_get_default_method(void) +{ + if(!default_ECDSA_method) + default_ECDSA_method = ECDSA_OpenSSL(); + return default_ECDSA_method; +} + +int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) +{ + ECDSA_DATA *ecdsa; + + ecdsa = ecdsa_check(eckey); + + if (ecdsa == NULL) + return 0; + +#ifndef OPENSSL_NO_ENGINE + if (ecdsa->engine) + { + ENGINE_finish(ecdsa->engine); + ecdsa->engine = NULL; + } +#endif + ecdsa->meth = meth; + + return 1; +} + +static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) +{ + ECDSA_DATA *ret; + + ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); + if (ret == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return(NULL); + } + + ret->init = NULL; + + ret->meth = ECDSA_get_default_method(); + ret->engine = engine; +#ifndef OPENSSL_NO_ENGINE + if (!ret->engine) + ret->engine = ENGINE_get_default_ECDSA(); + if (ret->engine) + { + ret->meth = ENGINE_get_ECDSA(ret->engine); + if (!ret->meth) + { + ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } +#endif + + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); +#if 0 + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); + OPENSSL_free(ret); + ret=NULL; + } +#endif + return(ret); +} + +static void *ecdsa_data_new(void) +{ + return (void *)ECDSA_DATA_new_method(NULL); +} + +static void *ecdsa_data_dup(void *data) +{ + ECDSA_DATA *r = (ECDSA_DATA *)data; + + /* XXX: dummy operation */ + if (r == NULL) + return NULL; + + return ecdsa_data_new(); +} + +static void ecdsa_data_free(void *data) +{ + ECDSA_DATA *r = (ECDSA_DATA *)data; + +#ifndef OPENSSL_NO_ENGINE + if (r->engine) + ENGINE_finish(r->engine); +#endif + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); + + OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); + + OPENSSL_free(r); +} + +ECDSA_DATA *ecdsa_check(EC_KEY *key) +{ + ECDSA_DATA *ecdsa_data; + + void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, + ecdsa_data_free, ecdsa_data_free); + if (data == NULL) + { + ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); + if (ecdsa_data == NULL) + return NULL; + EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, + ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); + } + else + ecdsa_data = (ECDSA_DATA *)data; + + + return ecdsa_data; +} + +int ECDSA_size(const EC_KEY *r) +{ + int ret,i; + ASN1_INTEGER bs; + BIGNUM *order=NULL; + unsigned char buf[4]; + const EC_GROUP *group; + + if (r == NULL) + return 0; + group = EC_KEY_get0_group(r); + if (group == NULL) + return 0; + + if ((order = BN_new()) == NULL) return 0; + if (!EC_GROUP_get_order(group,order,NULL)) + { + BN_clear_free(order); + return 0; + } + i=BN_num_bits(order); + bs.length=(i+7)/8; + bs.data=buf; + bs.type=V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0]=0xff; + + i=i2d_ASN1_INTEGER(&bs,NULL); + i+=i; /* r and s */ + ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); + BN_clear_free(order); + return(ret); +} + + +int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, + new_func, dup_func, free_func); +} + +int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) +{ + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return 0; + return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg)); +} + +void *ECDSA_get_ex_data(EC_KEY *d, int idx) +{ + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return NULL; + return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); +} diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/engine/eng_all.c new file mode 100755 index 00000000..f29c167c --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/engine/eng_all.c @@ -0,0 +1,125 @@ +/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include "eng_int.h" + +void ENGINE_load_builtin_engines(void) + { + /* There's no longer any need for an "openssl" ENGINE unless, one day, + * it is the *only* way for standard builtin implementations to be be + * accessed (ie. it would be possible to statically link binaries with + * *no* builtin implementations). */ +#if 0 + ENGINE_load_openssl(); +#endif +#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) + ENGINE_load_padlock(); +#endif + ENGINE_load_dynamic(); +#ifndef OPENSSL_NO_STATIC_ENGINE +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_4758_CCA + ENGINE_load_4758cca(); +#endif +#ifndef OPENSSL_NO_HW_AEP + ENGINE_load_aep(); +#endif +#ifndef OPENSSL_NO_HW_ATALLA + ENGINE_load_atalla(); +#endif +#ifndef OPENSSL_NO_HW_CSWIFT + ENGINE_load_cswift(); +#endif +#ifndef OPENSSL_NO_HW_NCIPHER + ENGINE_load_chil(); +#endif +#ifndef OPENSSL_NO_HW_NURON + ENGINE_load_nuron(); +#endif +#ifndef OPENSSL_NO_HW_SUREWARE + ENGINE_load_sureware(); +#endif +#ifndef OPENSSL_NO_HW_UBSEC + ENGINE_load_ubsec(); +#endif +#endif +#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) + ENGINE_load_gmp(); +#endif +#endif +#ifndef OPENSSL_NO_HW +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) + ENGINE_load_cryptodev(); +#endif +#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) + ENGINE_load_capi(); +#endif +#endif + } + +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void) { + static int bsd_cryptodev_default_loaded = 0; + if (!bsd_cryptodev_default_loaded) { + ENGINE_load_cryptodev(); + ENGINE_register_all_complete(); + } + bsd_cryptodev_default_loaded=1; +} +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/err/err_all.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/err/err_all.c new file mode 100755 index 00000000..39796f7c --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/err/err_all.c @@ -0,0 +1,163 @@ +/* crypto/err/err_all.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <openssl/asn1.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_EC +#include <openssl/ec.h> +#endif +#include <openssl/buffer.h> +#include <openssl/bio.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_ECDSA +#include <openssl/ecdsa.h> +#endif +#ifndef OPENSSL_NO_ECDH +#include <openssl/ecdh.h> +#endif +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/pem2.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/conf.h> +#include <openssl/pkcs12.h> +#include <openssl/rand.h> +#include <openssl/dso.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif +#include <openssl/ui.h> +#include <openssl/ocsp.h> +#include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + +#ifndef OPENSSL_NO_CMS +#include <openssl/cms.h> +#endif +#ifndef OPENSSL_NO_JPAKE +#include <openssl/jpake.h> +#endif +#include <openssl/comp.h> + +void ERR_load_crypto_strings(void) + { +#ifndef OPENSSL_NO_ERR + ERR_load_ERR_strings(); /* include error strings for SYSerr */ + ERR_load_BN_strings(); +#ifndef OPENSSL_NO_RSA + ERR_load_RSA_strings(); +#endif +#ifndef OPENSSL_NO_DH + ERR_load_DH_strings(); +#endif + ERR_load_EVP_strings(); + ERR_load_BUF_strings(); + ERR_load_OBJ_strings(); + ERR_load_PEM_strings(); +#ifndef OPENSSL_NO_DSA + ERR_load_DSA_strings(); +#endif + ERR_load_X509_strings(); + ERR_load_ASN1_strings(); + ERR_load_CONF_strings(); + ERR_load_CRYPTO_strings(); +#ifndef OPENSSL_NO_EC + ERR_load_EC_strings(); +#endif +#ifndef OPENSSL_NO_ECDSA + ERR_load_ECDSA_strings(); +#endif +#ifndef OPENSSL_NO_ECDH + ERR_load_ECDH_strings(); +#endif + /* skip ERR_load_SSL_strings() because it is not in this library */ + ERR_load_BIO_strings(); + ERR_load_PKCS7_strings(); + ERR_load_X509V3_strings(); + ERR_load_PKCS12_strings(); + ERR_load_RAND_strings(); + ERR_load_DSO_strings(); +#ifndef OPENSSL_NO_ENGINE + ERR_load_ENGINE_strings(); +#endif + ERR_load_OCSP_strings(); + ERR_load_UI_strings(); +#ifdef OPENSSL_FIPS + ERR_load_FIPS_strings(); +#endif +#ifndef OPENSSL_NO_CMS + ERR_load_CMS_strings(); +#endif +#ifndef OPENSSL_NO_JPAKE + ERR_load_JPAKE_strings(); +#endif + ERR_load_COMP_strings(); +#endif + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/bio_b64.c new file mode 100755 index 00000000..72a2a672 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/bio_b64.c @@ -0,0 +1,598 @@ +/* crypto/evp/bio_b64.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <errno.h> +#include "cryptlib.h" +#include <openssl/buffer.h> +#include <openssl/evp.h> + +static int b64_write(BIO *h, const char *buf, int num); +static int b64_read(BIO *h, char *buf, int size); +static int b64_puts(BIO *h, const char *str); +/*static int b64_gets(BIO *h, char *str, int size); */ +static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int b64_new(BIO *h); +static int b64_free(BIO *data); +static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); +#define B64_BLOCK_SIZE 1024 +#define B64_BLOCK_SIZE2 768 +#define B64_NONE 0 +#define B64_ENCODE 1 +#define B64_DECODE 2 + +typedef struct b64_struct + { + /*BIO *bio; moved to the BIO structure */ + int buf_len; + int buf_off; + int tmp_len; /* used to find the start when decoding */ + int tmp_nl; /* If true, scan until '\n' */ + int encode; + int start; /* have we started decoding yet? */ + int cont; /* <= 0 when finished */ + EVP_ENCODE_CTX base64; + char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10]; + char tmp[B64_BLOCK_SIZE]; + } BIO_B64_CTX; + +static BIO_METHOD methods_b64= + { + BIO_TYPE_BASE64,"base64 encoding", + b64_write, + b64_read, + b64_puts, + NULL, /* b64_gets, */ + b64_ctrl, + b64_new, + b64_free, + b64_callback_ctrl, + }; + +BIO_METHOD *BIO_f_base64(void) + { + return(&methods_b64); + } + +static int b64_new(BIO *bi) + { + BIO_B64_CTX *ctx; + + ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); + if (ctx == NULL) return(0); + + ctx->buf_len=0; + ctx->tmp_len=0; + ctx->tmp_nl=0; + ctx->buf_off=0; + ctx->cont=1; + ctx->start=1; + ctx->encode=0; + + bi->init=1; + bi->ptr=(char *)ctx; + bi->flags=0; + bi->num = 0; + return(1); + } + +static int b64_free(BIO *a) + { + if (a == NULL) return(0); + OPENSSL_free(a->ptr); + a->ptr=NULL; + a->init=0; + a->flags=0; + return(1); + } + +static int b64_read(BIO *b, char *out, int outl) + { + int ret=0,i,ii,j,k,x,n,num,ret_code=0; + BIO_B64_CTX *ctx; + unsigned char *p,*q; + + if (out == NULL) return(0); + ctx=(BIO_B64_CTX *)b->ptr; + + if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + + BIO_clear_retry_flags(b); + + if (ctx->encode != B64_DECODE) + { + ctx->encode=B64_DECODE; + ctx->buf_len=0; + ctx->buf_off=0; + ctx->tmp_len=0; + EVP_DecodeInit(&(ctx->base64)); + } + + /* First check if there are bytes decoded/encoded */ + if (ctx->buf_len > 0) + { + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + i=ctx->buf_len-ctx->buf_off; + if (i > outl) i=outl; + OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); + memcpy(out,&(ctx->buf[ctx->buf_off]),i); + ret=i; + out+=i; + outl-=i; + ctx->buf_off+=i; + if (ctx->buf_len == ctx->buf_off) + { + ctx->buf_len=0; + ctx->buf_off=0; + } + } + + /* At this point, we have room of outl bytes and an empty + * buffer, so we should read in some more. */ + + ret_code=0; + while (outl > 0) + { + if (ctx->cont <= 0) + break; + + i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), + B64_BLOCK_SIZE-ctx->tmp_len); + + if (i <= 0) + { + ret_code=i; + + /* Should we continue next time we are called? */ + if (!BIO_should_retry(b->next_bio)) + { + ctx->cont=i; + /* If buffer empty break */ + if(ctx->tmp_len == 0) + break; + /* Fall through and process what we have */ + else + i = 0; + } + /* else we retry and add more data to buffer */ + else + break; + } + i+=ctx->tmp_len; + ctx->tmp_len = i; + + /* We need to scan, a line at a time until we + * have a valid line if we are starting. */ + if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) + { + /* ctx->start=1; */ + ctx->tmp_len=0; + } + else if (ctx->start) + { + q=p=(unsigned char *)ctx->tmp; + for (j=0; j<i; j++) + { + if (*(q++) != '\n') continue; + + /* due to a previous very long line, + * we need to keep on scanning for a '\n' + * before we even start looking for + * base64 encoded stuff. */ + if (ctx->tmp_nl) + { + p=q; + ctx->tmp_nl=0; + continue; + } + + k=EVP_DecodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf, + &num,p,q-p); + if ((k <= 0) && (num == 0) && (ctx->start)) + EVP_DecodeInit(&ctx->base64); + else + { + if (p != (unsigned char *) + &(ctx->tmp[0])) + { + i-=(p- (unsigned char *) + &(ctx->tmp[0])); + for (x=0; x < i; x++) + ctx->tmp[x]=p[x]; + } + EVP_DecodeInit(&ctx->base64); + ctx->start=0; + break; + } + p=q; + } + + /* we fell off the end without starting */ + if (j == i) + { + /* Is this is one long chunk?, if so, keep on + * reading until a new line. */ + if (p == (unsigned char *)&(ctx->tmp[0])) + { + /* Check buffer full */ + if (i == B64_BLOCK_SIZE) + { + ctx->tmp_nl=1; + ctx->tmp_len=0; + } + } + else if (p != q) /* finished on a '\n' */ + { + n=q-p; + for (ii=0; ii<n; ii++) + ctx->tmp[ii]=p[ii]; + ctx->tmp_len=n; + } + /* else finished on a '\n' */ + continue; + } + else + { + ctx->tmp_len=0; + } + } + else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) + { + /* If buffer isn't full and we can retry then + * restart to read in more data. + */ + continue; + } + + if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) + { + int z,jj; + +#if 0 + jj=(i>>2)<<2; +#else + jj = i & ~3; /* process per 4 */ +#endif + z=EVP_DecodeBlock((unsigned char *)ctx->buf, + (unsigned char *)ctx->tmp,jj); + if (jj > 2) + { + if (ctx->tmp[jj-1] == '=') + { + z--; + if (ctx->tmp[jj-2] == '=') + z--; + } + } + /* z is now number of output bytes and jj is the + * number consumed */ + if (jj != i) + { + memmove(ctx->tmp, &ctx->tmp[jj], i-jj); + ctx->tmp_len=i-jj; + } + ctx->buf_len=0; + if (z > 0) + { + ctx->buf_len=z; + } + i=z; + } + else + { + i=EVP_DecodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf,&ctx->buf_len, + (unsigned char *)ctx->tmp,i); + ctx->tmp_len = 0; + } + ctx->buf_off=0; + if (i < 0) + { + ret_code=0; + ctx->buf_len=0; + break; + } + + if (ctx->buf_len <= outl) + i=ctx->buf_len; + else + i=outl; + + memcpy(out,ctx->buf,i); + ret+=i; + ctx->buf_off=i; + if (ctx->buf_off == ctx->buf_len) + { + ctx->buf_len=0; + ctx->buf_off=0; + } + outl-=i; + out+=i; + } + /* BIO_clear_retry_flags(b); */ + BIO_copy_next_retry(b); + return((ret == 0)?ret_code:ret); + } + +static int b64_write(BIO *b, const char *in, int inl) + { + int ret=0; + int n; + int i; + BIO_B64_CTX *ctx; + + ctx=(BIO_B64_CTX *)b->ptr; + BIO_clear_retry_flags(b); + + if (ctx->encode != B64_ENCODE) + { + ctx->encode=B64_ENCODE; + ctx->buf_len=0; + ctx->buf_off=0; + ctx->tmp_len=0; + EVP_EncodeInit(&(ctx->base64)); + } + + OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + n=ctx->buf_len-ctx->buf_off; + while (n > 0) + { + i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); + if (i <= 0) + { + BIO_copy_next_retry(b); + return(i); + } + OPENSSL_assert(i <= n); + ctx->buf_off+=i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + n-=i; + } + /* at this point all pending data has been written */ + ctx->buf_off=0; + ctx->buf_len=0; + + if ((in == NULL) || (inl <= 0)) return(0); + + while (inl > 0) + { + n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl; + + if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) + { + if (ctx->tmp_len > 0) + { + OPENSSL_assert(ctx->tmp_len <= 3); + n=3-ctx->tmp_len; + /* There's a theoretical possibility for this */ + if (n > inl) + n=inl; + memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); + ctx->tmp_len+=n; + ret += n; + if (ctx->tmp_len < 3) + break; + ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + /* Since we're now done using the temporary + buffer, the length should be 0'd */ + ctx->tmp_len=0; + } + else + { + if (n < 3) + { + memcpy(ctx->tmp,in,n); + ctx->tmp_len=n; + ret += n; + break; + } + n-=n%3; + ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; + } + } + else + { + EVP_EncodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf,&ctx->buf_len, + (unsigned char *)in,n); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; + } + inl-=n; + in+=n; + + ctx->buf_off=0; + n=ctx->buf_len; + while (n > 0) + { + i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); + if (i <= 0) + { + BIO_copy_next_retry(b); + return((ret == 0)?i:ret); + } + OPENSSL_assert(i <= n); + n-=i; + ctx->buf_off+=i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + } + ctx->buf_len=0; + ctx->buf_off=0; + } + return(ret); + } + +static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) + { + BIO_B64_CTX *ctx; + long ret=1; + int i; + + ctx=(BIO_B64_CTX *)b->ptr; + + switch (cmd) + { + case BIO_CTRL_RESET: + ctx->cont=1; + ctx->start=1; + ctx->encode=B64_NONE; + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_EOF: /* More to read */ + if (ctx->cont <= 0) + ret=1; + else + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_WPENDING: /* More to write in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret=ctx->buf_len-ctx->buf_off; + if ((ret == 0) && (ctx->encode != B64_NONE) + && (ctx->base64.num != 0)) + ret=1; + else if (ret <= 0) + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_PENDING: /* More to read in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret=ctx->buf_len-ctx->buf_off; + if (ret <= 0) + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_FLUSH: + /* do a final write */ +again: + while (ctx->buf_len != ctx->buf_off) + { + i=b64_write(b,NULL,0); + if (i < 0) + return i; + } + if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) + { + if (ctx->tmp_len != 0) + { + ctx->buf_len=EVP_EncodeBlock( + (unsigned char *)ctx->buf, + (unsigned char *)ctx->tmp, + ctx->tmp_len); + ctx->buf_off=0; + ctx->tmp_len=0; + goto again; + } + } + else if (ctx->encode != B64_NONE && ctx->base64.num != 0) + { + ctx->buf_off=0; + EVP_EncodeFinal(&(ctx->base64), + (unsigned char *)ctx->buf, + &(ctx->buf_len)); + /* push out the bytes */ + goto again; + } + /* Finally flush the underlying BIO */ + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + BIO_copy_next_retry(b); + break; + + case BIO_CTRL_DUP: + break; + case BIO_CTRL_INFO: + case BIO_CTRL_GET: + case BIO_CTRL_SET: + default: + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + } + return(ret); + } + +static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + long ret=1; + + if (b->next_bio == NULL) return(0); + switch (cmd) + { + default: + ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + break; + } + return(ret); + } + +static int b64_puts(BIO *b, const char *str) + { + return b64_write(b,str,strlen(str)); + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/encode.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/encode.c new file mode 100755 index 00000000..e8a52181 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/evp/encode.c @@ -0,0 +1,445 @@ +/* crypto/evp/encode.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> + +#ifndef CHARSET_EBCDIC +#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) +#define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) +#else +/* We assume that PEM encoded files are EBCDIC files + * (i.e., printable text files). Convert them here while decoding. + * When encoding, output is EBCDIC (text) format again. + * (No need for conversion in the conv_bin2ascii macro, as the + * underlying textstring data_bin2ascii[] is already EBCDIC) + */ +#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) +#define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) +#endif + +/* 64 char lines + * pad input with 0 + * left over chars are set to = + * 1 byte => xx== + * 2 bytes => xxx= + * 3 bytes => xxxx + */ +#define BIN_PER_LINE (64/4*3) +#define CHUNKS_PER_LINE (64/4) +#define CHAR_PER_LINE (64+1) + +static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ +abcdefghijklmnopqrstuvwxyz0123456789+/"; + +/* 0xF0 is a EOLN + * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing). + * 0xF2 is EOF + * 0xE0 is ignore at start of line. + * 0xFF is error + */ + +#define B64_EOLN 0xF0 +#define B64_CR 0xF1 +#define B64_EOF 0xF2 +#define B64_WS 0xE0 +#define B64_ERROR 0xFF +#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) + +static unsigned char data_ascii2bin[128]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F, + 0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B, + 0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF, + 0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06, + 0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E, + 0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16, + 0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20, + 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28, + 0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30, + 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF, + }; + +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) + { + ctx->length=48; + ctx->num=0; + ctx->line_num=0; + } + +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) + { + int i,j; + unsigned int total=0; + + *outl=0; + if (inl == 0) return; + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); + if ((ctx->num+inl) < ctx->length) + { + memcpy(&(ctx->enc_data[ctx->num]),in,inl); + ctx->num+=inl; + return; + } + if (ctx->num != 0) + { + i=ctx->length-ctx->num; + memcpy(&(ctx->enc_data[ctx->num]),in,i); + in+=i; + inl-=i; + j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length); + ctx->num=0; + out+=j; + *(out++)='\n'; + *out='\0'; + total=j+1; + } + while (inl >= ctx->length) + { + j=EVP_EncodeBlock(out,in,ctx->length); + in+=ctx->length; + inl-=ctx->length; + out+=j; + *(out++)='\n'; + *out='\0'; + total+=j+1; + } + if (inl != 0) + memcpy(&(ctx->enc_data[0]),in,inl); + ctx->num=inl; + *outl=total; + } + +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) + { + unsigned int ret=0; + + if (ctx->num != 0) + { + ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num); + out[ret++]='\n'; + out[ret]='\0'; + ctx->num=0; + } + *outl=ret; + } + +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) + { + int i,ret=0; + unsigned long l; + + for (i=dlen; i > 0; i-=3) + { + if (i >= 3) + { + l= (((unsigned long)f[0])<<16L)| + (((unsigned long)f[1])<< 8L)|f[2]; + *(t++)=conv_bin2ascii(l>>18L); + *(t++)=conv_bin2ascii(l>>12L); + *(t++)=conv_bin2ascii(l>> 6L); + *(t++)=conv_bin2ascii(l ); + } + else + { + l=((unsigned long)f[0])<<16L; + if (i == 2) l|=((unsigned long)f[1]<<8L); + + *(t++)=conv_bin2ascii(l>>18L); + *(t++)=conv_bin2ascii(l>>12L); + *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L); + *(t++)='='; + } + ret+=4; + f+=3; + } + + *t='\0'; + return(ret); + } + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) + { + ctx->length=30; + ctx->num=0; + ctx->line_num=0; + ctx->expect_nl=0; + } + +/* -1 for error + * 0 for last line + * 1 for full line + */ +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) + { + int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; + unsigned char *d; + + n=ctx->num; + d=ctx->enc_data; + ln=ctx->line_num; + exp_nl=ctx->expect_nl; + + /* last line of input. */ + if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) + { rv=0; goto end; } + + /* We parse the input data */ + for (i=0; i<inl; i++) + { + /* If the current line is > 80 characters, scream alot */ + if (ln >= 80) { rv= -1; goto end; } + + /* Get char and put it into the buffer */ + tmp= *(in++); + v=conv_ascii2bin(tmp); + /* only save the good data :-) */ + if (!B64_NOT_BASE64(v)) + { + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); + d[n++]=tmp; + ln++; + } + else if (v == B64_ERROR) + { + rv= -1; + goto end; + } + + /* have we seen a '=' which is 'definitly' the last + * input line. seof will point to the character that + * holds it. and eof will hold how many characters to + * chop off. */ + if (tmp == '=') + { + if (seof == -1) seof=n; + eof++; + } + + if (v == B64_CR) + { + ln = 0; + if (exp_nl) + continue; + } + + /* eoln */ + if (v == B64_EOLN) + { + ln=0; + if (exp_nl) + { + exp_nl=0; + continue; + } + } + exp_nl=0; + + /* If we are at the end of input and it looks like a + * line, process it. */ + if (((i+1) == inl) && (((n&3) == 0) || eof)) + { + v=B64_EOF; + /* In case things were given us in really small + records (so two '=' were given in separate + updates), eof may contain the incorrect number + of ending bytes to skip, so let's redo the count */ + eof = 0; + if (d[n-1] == '=') eof++; + if (d[n-2] == '=') eof++; + /* There will never be more than two '=' */ + } + + if ((v == B64_EOF && (n&3) == 0) || (n >= 64)) + { + /* This is needed to work correctly on 64 byte input + * lines. We process the line and then need to + * accept the '\n' */ + if ((v != B64_EOF) && (n >= 64)) exp_nl=1; + if (n > 0) + { + v=EVP_DecodeBlock(out,d,n); + n=0; + if (v < 0) { rv=0; goto end; } + ret+=(v-eof); + } + else + { + eof=1; + v=0; + } + + /* This is the case where we have had a short + * but valid input line */ + if ((v < ctx->length) && eof) + { + rv=0; + goto end; + } + else + ctx->length=v; + + if (seof >= 0) { rv=0; goto end; } + out+=v; + } + } + rv=1; +end: + *outl=ret; + ctx->num=n; + ctx->line_num=ln; + ctx->expect_nl=exp_nl; + return(rv); + } + +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) + { + int i,ret=0,a,b,c,d; + unsigned long l; + + /* trim white space from the start of the line. */ + while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) + { + f++; + n--; + } + + /* strip off stuff at the end of the line + * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */ + while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1])))) + n--; + + if (n%4 != 0) return(-1); + + for (i=0; i<n; i+=4) + { + a=conv_ascii2bin(*(f++)); + b=conv_ascii2bin(*(f++)); + c=conv_ascii2bin(*(f++)); + d=conv_ascii2bin(*(f++)); + if ( (a & 0x80) || (b & 0x80) || + (c & 0x80) || (d & 0x80)) + return(-1); + l=( (((unsigned long)a)<<18L)| + (((unsigned long)b)<<12L)| + (((unsigned long)c)<< 6L)| + (((unsigned long)d) )); + *(t++)=(unsigned char)(l>>16L)&0xff; + *(t++)=(unsigned char)(l>> 8L)&0xff; + *(t++)=(unsigned char)(l )&0xff; + ret+=3; + } + return(ret); + } + +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) + { + int i; + + *outl=0; + if (ctx->num != 0) + { + i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num); + if (i < 0) return(-1); + ctx->num=0; + *outl=i; + return(1); + } + else + return(1); + } + +#ifdef undef +int EVP_DecodeValid(unsigned char *buf, int len) + { + int i,num=0,bad=0; + + if (len == 0) return(-1); + while (conv_ascii2bin(*buf) == B64_WS) + { + buf++; + len--; + if (len == 0) return(-1); + } + + for (i=len; i >= 4; i-=4) + { + if ( (conv_ascii2bin(buf[0]) >= 0x40) || + (conv_ascii2bin(buf[1]) >= 0x40) || + (conv_ascii2bin(buf[2]) >= 0x40) || + (conv_ascii2bin(buf[3]) >= 0x40)) + return(-1); + buf+=4; + num+=1+(buf[2] != '=')+(buf[3] != '='); + } + if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) + return(num); + if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && + (conv_ascii2bin(buf[0]) == B64_EOLN)) + return(num); + return(1); + } +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/o_init.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/o_init.c new file mode 100755 index 00000000..d767a90a --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/o_init.c @@ -0,0 +1,96 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <e_os.h> +#include <openssl/err.h> + +/* Internal only functions: only ever used here */ +#ifdef OPENSSL_FIPS +extern void int_ERR_lib_init(void); +# ifndef OPENSSL_NO_ENGINE +extern void int_EVP_MD_init_engine_callbacks(void ); +extern void int_EVP_CIPHER_init_engine_callbacks(void ); +extern void int_RAND_init_engine_callbacks(void ); +# endif +#endif + +/* Perform any essential OpenSSL initialization operations. + * Currently only sets FIPS callbacks + */ + +void OPENSSL_init(void) + { +#ifdef OPENSSL_FIPS + static int done = 0; + if (!done) + { + int_ERR_lib_init(); +#ifdef CRYPTO_MDEBUG + CRYPTO_malloc_debug_init(); +#endif +#ifndef OPENSSL_NO_ENGINE + int_EVP_MD_init_engine_callbacks(); + int_EVP_CIPHER_init_engine_callbacks(); + int_RAND_init_engine_callbacks(); +#endif + done = 1; + } +#endif + } + + diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c new file mode 100755 index 00000000..4a0c3870 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c @@ -0,0 +1,444 @@ +/* ocsp_vfy.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/ocsp.h> +#include <openssl/err.h> +#include <string.h> + +static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); +static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); +static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags); +static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); +static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp); +static int ocsp_check_delegated(X509 *x, int flags); +static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + +/* Verify a basic response message */ + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags) + { + X509 *signer, *x; + STACK_OF(X509) *chain = NULL; + X509_STORE_CTX ctx; + int i, ret = 0; + ret = ocsp_find_signer(&signer, bs, certs, st, flags); + if (!ret) + { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); + goto end; + } + if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) + flags |= OCSP_NOVERIFY; + if (!(flags & OCSP_NOSIGS)) + { + EVP_PKEY *skey; + skey = X509_get_pubkey(signer); + ret = OCSP_BASICRESP_verify(bs, skey, 0); + EVP_PKEY_free(skey); + if(ret <= 0) + { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); + goto end; + } + } + if (!(flags & OCSP_NOVERIFY)) + { + int init_res; + if(flags & OCSP_NOCHAIN) + init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); + else + init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if(!init_res) + { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); + goto end; + } + + X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); + ret = X509_verify_cert(&ctx); + chain = X509_STORE_CTX_get1_chain(&ctx); + X509_STORE_CTX_cleanup(&ctx); + if (ret <= 0) + { + i = X509_STORE_CTX_get_error(&ctx); + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(i)); + goto end; + } + if(flags & OCSP_NOCHECKS) + { + ret = 1; + goto end; + } + /* At this point we have a valid certificate chain + * need to verify it against the OCSP issuer criteria. + */ + ret = ocsp_check_issuer(bs, chain, flags); + + /* If fatal error or valid match then finish */ + if (ret != 0) goto end; + + /* Easy case: explicitly trusted. Get root CA and + * check for explicit trust + */ + if(flags & OCSP_NOEXPLICIT) goto end; + + x = sk_X509_value(chain, sk_X509_num(chain) - 1); + if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) + { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED); + goto end; + } + ret = 1; + } + + + + end: + if(chain) sk_X509_pop_free(chain, X509_free); + return ret; + } + + +static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags) + { + X509 *signer; + OCSP_RESPID *rid = bs->tbsResponseData->responderId; + if ((signer = ocsp_find_signer_sk(certs, rid))) + { + *psigner = signer; + return 2; + } + if(!(flags & OCSP_NOINTERN) && + (signer = ocsp_find_signer_sk(bs->certs, rid))) + { + *psigner = signer; + return 1; + } + /* Maybe lookup from store if by subject name */ + + *psigner = NULL; + return 0; + } + + +static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) + { + int i; + unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; + X509 *x; + + /* Easy if lookup by name */ + if (id->type == V_OCSP_RESPID_NAME) + return X509_find_by_subject(certs, id->value.byName); + + /* Lookup by key hash */ + + /* If key hash isn't SHA1 length then forget it */ + if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL; + keyhash = id->value.byKey->data; + /* Calculate hash of each key and compare */ + for (i = 0; i < sk_X509_num(certs); i++) + { + x = sk_X509_value(certs, i); + X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); + if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) + return x; + } + return NULL; + } + + +static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags) + { + STACK_OF(OCSP_SINGLERESP) *sresp; + X509 *signer, *sca; + OCSP_CERTID *caid = NULL; + int i; + sresp = bs->tbsResponseData->responses; + + if (sk_X509_num(chain) <= 0) + { + OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); + return -1; + } + + /* See if the issuer IDs match. */ + i = ocsp_check_ids(sresp, &caid); + + /* If ID mismatch or other error then return */ + if (i <= 0) return i; + + signer = sk_X509_value(chain, 0); + /* Check to see if OCSP responder CA matches request CA */ + if (sk_X509_num(chain) > 1) + { + sca = sk_X509_value(chain, 1); + i = ocsp_match_issuerid(sca, caid, sresp); + if (i < 0) return i; + if (i) + { + /* We have a match, if extensions OK then success */ + if (ocsp_check_delegated(signer, flags)) return 1; + return 0; + } + } + + /* Otherwise check if OCSP request signed directly by request CA */ + return ocsp_match_issuerid(signer, caid, sresp); + } + + +/* Check the issuer certificate IDs for equality. If there is a mismatch with the same + * algorithm then there's no point trying to match any certificates against the issuer. + * If the issuer IDs all match then we just need to check equality against one of them. + */ + +static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) + { + OCSP_CERTID *tmpid, *cid; + int i, idcount; + + idcount = sk_OCSP_SINGLERESP_num(sresp); + if (idcount <= 0) + { + OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); + return -1; + } + + cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; + + *ret = NULL; + + for (i = 1; i < idcount; i++) + { + tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; + /* Check to see if IDs match */ + if (OCSP_id_issuer_cmp(cid, tmpid)) + { + /* If algoritm mismatch let caller deal with it */ + if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, + cid->hashAlgorithm->algorithm)) + return 2; + /* Else mismatch */ + return 0; + } + } + + /* All IDs match: only need to check one ID */ + *ret = cid; + return 1; + } + + +static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, + STACK_OF(OCSP_SINGLERESP) *sresp) + { + /* If only one ID to match then do it */ + if(cid) + { + const EVP_MD *dgst; + X509_NAME *iname; + int mdlen; + unsigned char md[EVP_MAX_MD_SIZE]; + if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) + { + OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST); + return -1; + } + + mdlen = EVP_MD_size(dgst); + if ((cid->issuerNameHash->length != mdlen) || + (cid->issuerKeyHash->length != mdlen)) + return 0; + iname = X509_get_subject_name(cert); + if (!X509_NAME_digest(iname, dgst, md, NULL)) + return -1; + if (memcmp(md, cid->issuerNameHash->data, mdlen)) + return 0; + X509_pubkey_digest(cert, EVP_sha1(), md, NULL); + if (memcmp(md, cid->issuerKeyHash->data, mdlen)) + return 0; + + return 1; + + } + else + { + /* We have to match the whole lot */ + int i, ret; + OCSP_CERTID *tmpid; + for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) + { + tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; + ret = ocsp_match_issuerid(cert, tmpid, NULL); + if (ret <= 0) return ret; + } + return 1; + } + + } + +static int ocsp_check_delegated(X509 *x, int flags) + { + X509_check_purpose(x, -1, 0); + if ((x->ex_flags & EXFLAG_XKUSAGE) && + (x->ex_xkusage & XKU_OCSP_SIGN)) + return 1; + OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); + return 0; + } + +/* Verify an OCSP request. This is fortunately much easier than OCSP + * response verify. Just find the signers certificate and verify it + * against a given trust value. + */ + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags) + { + X509 *signer; + X509_NAME *nm; + GENERAL_NAME *gen; + int ret; + X509_STORE_CTX ctx; + if (!req->optionalSignature) + { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); + return 0; + } + gen = req->tbsRequest->requestorName; + if (!gen || gen->type != GEN_DIRNAME) + { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); + return 0; + } + nm = gen->d.directoryName; + ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); + if (ret <= 0) + { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); + return 0; + } + if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) + flags |= OCSP_NOVERIFY; + if (!(flags & OCSP_NOSIGS)) + { + EVP_PKEY *skey; + skey = X509_get_pubkey(signer); + ret = OCSP_REQUEST_verify(req, skey); + EVP_PKEY_free(skey); + if(ret <= 0) + { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); + return 0; + } + } + if (!(flags & OCSP_NOVERIFY)) + { + int init_res; + if(flags & OCSP_NOCHAIN) + init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); + else + init_res = X509_STORE_CTX_init(&ctx, store, signer, + req->optionalSignature->certs); + if(!init_res) + { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); + return 0; + } + + X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); + X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); + ret = X509_verify_cert(&ctx); + X509_STORE_CTX_cleanup(&ctx); + if (ret <= 0) + { + ret = X509_STORE_CTX_get_error(&ctx); + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(ret)); + return 0; + } + } + return 1; + } + +static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags) + { + X509 *signer; + if(!(flags & OCSP_NOINTERN)) + { + signer = X509_find_by_subject(req->optionalSignature->certs, nm); + *psigner = signer; + return 1; + } + + signer = X509_find_by_subject(certs, nm); + if (signer) + { + *psigner = signer; + return 2; + } + return 0; + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c new file mode 100755 index 00000000..9522342f --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c @@ -0,0 +1,370 @@ +/* p12_crt.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/pkcs12.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + + + +static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); + +static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) + { + int idx; + X509_ATTRIBUTE *attr; + idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); + if (idx < 0) + return 1; + attr = EVP_PKEY_get_attr(pkey, idx); + if (!X509at_add1_attr(&bag->attrib, attr)) + return 0; + return 1; + } + +PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, + STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, + int keytype) +{ + PKCS12 *p12 = NULL; + STACK_OF(PKCS7) *safes = NULL; + STACK_OF(PKCS12_SAFEBAG) *bags = NULL; + PKCS12_SAFEBAG *bag = NULL; + int i; + unsigned char keyid[EVP_MAX_MD_SIZE]; + unsigned int keyidlen = 0; + + /* Set defaults */ + if (!nid_cert) + { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +#endif + nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + } + if (!nid_key) + nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + if (!iter) + iter = PKCS12_DEFAULT_ITER; + if (!mac_iter) + mac_iter = 1; + + if(!pkey && !cert && !ca) + { + PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); + return NULL; + } + + if (pkey && cert) + { + if(!X509_check_private_key(cert, pkey)) + return NULL; + X509_digest(cert, EVP_sha1(), keyid, &keyidlen); + } + + if (cert) + { + bag = PKCS12_add_cert(&bags, cert); + if(name && !PKCS12_add_friendlyname(bag, name, -1)) + goto err; + if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + goto err; + } + + /* Add all other certificates */ + for(i = 0; i < sk_X509_num(ca); i++) + { + if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) + goto err; + } + + if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) + goto err; + + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + bags = NULL; + + if (pkey) + { + bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); + + if (!bag) + goto err; + + if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) + goto err; + if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) + goto err; + + if(name && !PKCS12_add_friendlyname(bag, name, -1)) + goto err; + if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + goto err; + } + + if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) + goto err; + + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + bags = NULL; + + p12 = PKCS12_add_safes(safes, 0); + + if (!p12) + goto err; + + sk_PKCS7_pop_free(safes, PKCS7_free); + + safes = NULL; + + if ((mac_iter != -1) && + !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) + goto err; + + return p12; + + err: + + if (p12) + PKCS12_free(p12); + if (safes) + sk_PKCS7_pop_free(safes, PKCS7_free); + if (bags) + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + return NULL; + +} + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) + { + PKCS12_SAFEBAG *bag = NULL; + char *name; + int namelen = -1; + unsigned char *keyid; + int keyidlen = -1; + + /* Add user certificate */ + if(!(bag = PKCS12_x5092certbag(cert))) + goto err; + + /* Use friendlyName and localKeyID in certificate. + * (if present) + */ + + name = (char *)X509_alias_get0(cert, &namelen); + + if(name && !PKCS12_add_friendlyname(bag, name, namelen)) + goto err; + + keyid = X509_keyid_get0(cert, &keyidlen); + + if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + goto err; + + if (!pkcs12_add_bag(pbags, bag)) + goto err; + + return bag; + + err: + + if (bag) + PKCS12_SAFEBAG_free(bag); + + return NULL; + + } + +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, + int key_usage, int iter, + int nid_key, char *pass) + { + + PKCS12_SAFEBAG *bag = NULL; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + + /* Make a PKCS#8 structure */ + if(!(p8 = EVP_PKEY2PKCS8(key))) + goto err; + if(key_usage && !PKCS8_add_keyusage(p8, key_usage)) + goto err; + if (nid_key != -1) + { + bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); + PKCS8_PRIV_KEY_INFO_free(p8); + } + else + bag = PKCS12_MAKE_KEYBAG(p8); + + if(!bag) + goto err; + + if (!pkcs12_add_bag(pbags, bag)) + goto err; + + return bag; + + err: + + if (bag) + PKCS12_SAFEBAG_free(bag); + + return NULL; + + } + +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int nid_safe, int iter, char *pass) + { + PKCS7 *p7 = NULL; + int free_safes = 0; + + if (!*psafes) + { + *psafes = sk_PKCS7_new_null(); + if (!*psafes) + return 0; + free_safes = 1; + } + else + free_safes = 0; + + if (nid_safe == 0) + nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; + + if (nid_safe == -1) + p7 = PKCS12_pack_p7data(bags); + else + p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, + iter, bags); + if (!p7) + goto err; + + if (!sk_PKCS7_push(*psafes, p7)) + goto err; + + return 1; + + err: + if (free_safes) + { + sk_PKCS7_free(*psafes); + *psafes = NULL; + } + + if (p7) + PKCS7_free(p7); + + return 0; + + } + +static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag) + { + int free_bags; + if (!pbags) + return 1; + if (!*pbags) + { + *pbags = sk_PKCS12_SAFEBAG_new_null(); + if (!*pbags) + return 0; + free_bags = 1; + } + else + free_bags = 0; + + if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) + { + if (free_bags) + { + sk_PKCS12_SAFEBAG_free(*pbags); + *pbags = NULL; + } + return 0; + } + + return 1; + + } + + +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) + { + PKCS12 *p12; + if (nid_p7 <= 0) + nid_p7 = NID_pkcs7_data; + p12 = PKCS12_init(nid_p7); + + if (!p12) + return NULL; + + if(!PKCS12_pack_authsafes(p12, safes)) + { + PKCS12_free(p12); + return NULL; + } + + return p12; + + } diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c new file mode 100755 index 00000000..5c4c6ec9 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c @@ -0,0 +1,297 @@ +/* p12_kiss.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/pkcs12.h> + +/* Simplified PKCS#12 routines */ + +static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, + EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + +static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, + char *keymatch); + +static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, + EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, + ASN1_OCTET_STRING **keyid, char *keymatch); + +/* Parse and decrypt a PKCS#12 structure returning user key, user cert + * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, + * or it should point to a valid STACK structure. pkey and cert can be + * passed unitialised. + */ + +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca) +{ + + /* Check for NULL PKCS12 structure */ + + if(!p12) { + PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); + return 0; + } + + /* Allocate stack for ca certificates if needed */ + if ((ca != NULL) && (*ca == NULL)) { + if (!(*ca = sk_X509_new_null())) { + PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); + return 0; + } + } + + if(pkey) *pkey = NULL; + if(cert) *cert = NULL; + + /* Check the mac */ + + /* If password is zero length or NULL then try verifying both cases + * to determine which password is correct. The reason for this is that + * under PKCS#12 password based encryption no password and a zero length + * password are two different things... + */ + + if(!pass || !*pass) { + if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL; + else if(PKCS12_verify_mac(p12, "", 0)) pass = ""; + else { + PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); + goto err; + } + } else if (!PKCS12_verify_mac(p12, pass, -1)) { + PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); + goto err; + } + + if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) + { + PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); + goto err; + } + + return 1; + + err: + + if (pkey && *pkey) EVP_PKEY_free(*pkey); + if (cert && *cert) X509_free(*cert); + if (ca) sk_X509_pop_free(*ca, X509_free); + return 0; + +} + +/* Parse the outer PKCS#12 structure */ + +static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, + EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) +{ + STACK_OF(PKCS7) *asafes; + STACK_OF(PKCS12_SAFEBAG) *bags; + int i, bagnid; + PKCS7 *p7; + ASN1_OCTET_STRING *keyid = NULL; + + char keymatch = 0; + if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; + for (i = 0; i < sk_PKCS7_num (asafes); i++) { + p7 = sk_PKCS7_value (asafes, i); + bagnid = OBJ_obj2nid (p7->type); + if (bagnid == NID_pkcs7_data) { + bags = PKCS12_unpack_p7data(p7); + } else if (bagnid == NID_pkcs7_encrypted) { + bags = PKCS12_unpack_p7encdata(p7, pass, passlen); + } else continue; + if (!bags) { + sk_PKCS7_pop_free(asafes, PKCS7_free); + return 0; + } + if (!parse_bags(bags, pass, passlen, pkey, cert, ca, + &keyid, &keymatch)) { + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + sk_PKCS7_pop_free(asafes, PKCS7_free); + return 0; + } + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + } + sk_PKCS7_pop_free(asafes, PKCS7_free); + if (keyid) M_ASN1_OCTET_STRING_free(keyid); + return 1; +} + + +static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, + char *keymatch) +{ + int i; + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { + if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), + pass, passlen, pkey, cert, ca, keyid, + keymatch)) return 0; + } + return 1; +} + +#define MATCH_KEY 0x1 +#define MATCH_CERT 0x2 +#define MATCH_ALL 0x3 + +static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, + ASN1_OCTET_STRING **keyid, + char *keymatch) +{ + PKCS8_PRIV_KEY_INFO *p8; + X509 *x509; + ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; + ASN1_TYPE *attrib; + ASN1_BMPSTRING *fname = NULL; + + if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) + fname = attrib->value.bmpstring; + + if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { + lkey = attrib->value.octet_string; + ckid = lkey; + } + + /* Check for any local key id matching (if needed) */ + if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { + if (*keyid) { + if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; + } else { + if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { + PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); + return 0; + } + } + } + + switch (M_PKCS12_bag_type(bag)) + { + case NID_keyBag: + if (!lkey || !pkey) return 1; + if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0; + *keymatch |= MATCH_KEY; + break; + + case NID_pkcs8ShroudedKeyBag: + if (!lkey || !pkey) return 1; + if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) + return 0; + *pkey = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (!(*pkey)) return 0; + *keymatch |= MATCH_KEY; + break; + + case NID_certBag: + if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) + return 1; + if (!(x509 = PKCS12_certbag2x509(bag))) return 0; + if(ckid) + { + if (!X509_keyid_set1(x509, ckid->data, ckid->length)) + { + X509_free(x509); + return 0; + } + } + if(fname) { + int len, r; + unsigned char *data; + len = ASN1_STRING_to_UTF8(&data, fname); + if(len > 0) { + r = X509_alias_set1(x509, data, len); + OPENSSL_free(data); + if (!r) + { + X509_free(x509); + return 0; + } + } + } + + + if (lkey) { + *keymatch |= MATCH_CERT; + if (cert) *cert = x509; + else X509_free(x509); + } else { + if(ca) sk_X509_push (*ca, x509); + else X509_free(x509); + } + break; + + case NID_safeContentsBag: + return parse_bags(bag->value.safes, pass, passlen, + pkey, cert, ca, keyid, keymatch); + break; + + default: + return 1; + break; + } + return 1; +} + diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c new file mode 100755 index 00000000..b0ff89aa --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c @@ -0,0 +1,533 @@ +/* pk7_smime.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Simple PKCS#7 processing functions */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/x509v3.h> + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags) +{ + PKCS7 *p7 = NULL; + PKCS7_SIGNER_INFO *si; + BIO *p7bio = NULL; + STACK_OF(X509_ALGOR) *smcap = NULL; + int i; + + if(!X509_check_private_key(signcert, pkey)) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } + + if(!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (!PKCS7_set_type(p7, NID_pkcs7_signed)) + goto err; + + if (!PKCS7_content_new(p7, NID_pkcs7_data)) + goto err; + + /* + NOTE: Update to SHA-256 digest algorithm for UEFI version. + */ + if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + goto err; + } + + if(!(flags & PKCS7_NOCERTS)) { + if (!PKCS7_add_certificate(p7, signcert)) + goto err; + if(certs) for(i = 0; i < sk_X509_num(certs); i++) + if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) + goto err; + } + + if(!(flags & PKCS7_NOATTR)) { + if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data))) + goto err; + /* Add SMIMECapabilities */ + if(!(flags & PKCS7_NOSMIMECAP)) + { + if(!(smcap = sk_X509_ALGOR_new_null())) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + goto err; + } +#ifndef OPENSSL_NO_DES + if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1)) + goto err; +#endif +#ifndef OPENSSL_NO_RC2 + if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128)) + goto err; + if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64)) + goto err; +#endif +#ifndef OPENSSL_NO_DES + if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1)) + goto err; +#endif +#ifndef OPENSSL_NO_RC2 + if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40)) + goto err; +#endif + if (!PKCS7_add_attrib_smimecap (si, smcap)) + goto err; + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + smcap = NULL; + } + } + + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); + + if (flags & PKCS7_STREAM) + return p7; + + + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + goto err; + } + + SMIME_crlf_copy(data, p7bio, flags); + + + if (!PKCS7_dataFinal(p7,p7bio)) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); + goto err; + } + + BIO_free_all(p7bio); + return p7; +err: + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + BIO_free_all(p7bio); + PKCS7_free(p7); + return NULL; +} + +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags) +{ + STACK_OF(X509) *signers; + X509 *signer; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; + X509_STORE_CTX cert_ctx; + char *buf = NULL; + int bufsiz; + int i, j=0, k, ret = 0; + BIO *p7bio; + BIO *tmpin, *tmpout; + + if(!p7) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if(!PKCS7_type_is_signed(p7)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); + return 0; + } + + /* Check for no data and no content: no data to verify signature */ + if(PKCS7_get_detached(p7) && !indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); + return 0; + } +#if 0 + /* NB: this test commented out because some versions of Netscape + * illegally include zero length content when signing data. + */ + + /* Check for data and content: two sets of data */ + if(!PKCS7_get_detached(p7) && indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); + return 0; + } +#endif + + sinfos = PKCS7_get_signer_info(p7); + + if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); + return 0; + } + + + signers = PKCS7_get0_signers(p7, certs, flags); + + if(!signers) return 0; + + /* Now verify the certificates */ + + if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { + signer = sk_X509_value (signers, k); + if (!(flags & PKCS7_NOCHAIN)) { + if(!X509_STORE_CTX_init(&cert_ctx, store, signer, + p7->d.sign->cert)) + { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } + X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); + } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } + if (!(flags & PKCS7_NOCRL)) + X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); + i = X509_verify_cert(&cert_ctx); + if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); + X509_STORE_CTX_cleanup(&cert_ctx); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(j)); + sk_X509_free(signers); + return 0; + } + /* Check for revocation status here */ + } + + /* Performance optimization: if the content is a memory BIO then + * store its contents in a temporary read only memory BIO. This + * avoids potentially large numbers of slow copies of data which will + * occur when reading from a read write memory BIO when signatures + * are calculated. + */ + + if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) + { + char *ptr; + long len; + len = BIO_get_mem_data(indata, &ptr); + tmpin = BIO_new_mem_buf(ptr, len); + if (tmpin == NULL) + { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + tmpin = indata; + + + if (!(p7bio=PKCS7_dataInit(p7,tmpin))) + goto err; + + if(flags & PKCS7_TEXT) { + if(!(tmpout = BIO_new(BIO_s_mem()))) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + goto err; + } + BIO_set_mem_eof_return(tmpout, 0); + } else tmpout = out; + + bufsiz = 4096; + buf = OPENSSL_malloc (bufsiz); + if (buf == NULL) { + goto err; + } + + /* We now have to 'read' from p7bio to calculate digests etc. */ + for (;;) + { + i=BIO_read(p7bio,buf,bufsiz); + if (i <= 0) break; + if (tmpout) BIO_write(tmpout, buf, i); + } + + if(flags & PKCS7_TEXT) { + if(!SMIME_text(tmpout, out)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); + BIO_free(tmpout); + goto err; + } + BIO_free(tmpout); + } + + /* Now Verify All Signatures */ + if (!(flags & PKCS7_NOSIGS)) + for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++) + { + si=sk_PKCS7_SIGNER_INFO_value(sinfos,i); + signer = sk_X509_value (signers, i); + j=PKCS7_signatureVerify(p7bio,p7,si, signer); + if (j <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE); + goto err; + } + } + + ret = 1; + + err: + + if (tmpin == indata) + { + if (indata) BIO_pop(p7bio); + } + BIO_free_all(p7bio); + + sk_X509_free(signers); + + if (buf != NULL) { + OPENSSL_free (buf); + } + + return ret; +} + +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) +{ + STACK_OF(X509) *signers; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; + PKCS7_ISSUER_AND_SERIAL *ias; + X509 *signer; + int i; + + if(!p7) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if(!PKCS7_type_is_signed(p7)) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); + return NULL; + } + + /* Collect all the signers together */ + + sinfos = PKCS7_get_signer_info(p7); + + if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); + return NULL; + } + + if(!(signers = sk_X509_new_null())) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); + return NULL; + } + + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) + { + si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + ias = si->issuer_and_serial; + signer = NULL; + /* If any certificates passed they take priority */ + if (certs) signer = X509_find_by_issuer_and_serial (certs, + ias->issuer, ias->serial); + if (!signer && !(flags & PKCS7_NOINTERN) + && p7->d.sign->cert) signer = + X509_find_by_issuer_and_serial (p7->d.sign->cert, + ias->issuer, ias->serial); + if (!signer) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); + sk_X509_free(signers); + return NULL; + } + + if (!sk_X509_push(signers, signer)) { + sk_X509_free(signers); + return NULL; + } + } + return signers; +} + + +/* Build a complete PKCS#7 enveloped data */ + +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags) +{ + PKCS7 *p7; + BIO *p7bio = NULL; + int i; + X509 *x509; + if(!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) + goto err; + if(!PKCS7_set_cipher(p7, cipher)) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); + goto err; + } + + for(i = 0; i < sk_X509_num(certs); i++) { + x509 = sk_X509_value(certs, i); + if(!PKCS7_add_recipient(p7, x509)) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT, + PKCS7_R_ERROR_ADDING_RECIPIENT); + goto err; + } + } + + if(!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + SMIME_crlf_copy(in, p7bio, flags); + + (void)BIO_flush(p7bio); + + if (!PKCS7_dataFinal(p7,p7bio)) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); + goto err; + } + BIO_free_all(p7bio); + + return p7; + + err: + + BIO_free_all(p7bio); + PKCS7_free(p7); + return NULL; + +} + +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) +{ + BIO *tmpmem; + int ret, i; + char buf[4096]; + + if(!p7) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if(!PKCS7_type_is_enveloped(p7)) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); + return 0; + } + + if(cert && !X509_check_private_key(cert, pkey)) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, + PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return 0; + } + + if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); + return 0; + } + + if (flags & PKCS7_TEXT) { + BIO *tmpbuf, *bread; + /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ + if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + BIO_free_all(tmpmem); + return 0; + } + if(!(bread = BIO_push(tmpbuf, tmpmem))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + BIO_free_all(tmpbuf); + BIO_free_all(tmpmem); + return 0; + } + ret = SMIME_text(bread, data); + if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) + { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; + } + BIO_free_all(bread); + return ret; + } else { + for(;;) { + i = BIO_read(tmpmem, buf, sizeof(buf)); + if(i <= 0) + { + ret = 1; + if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) + { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; + } + + break; + } + if (BIO_write(data, buf, i) != i) + { + ret = 0; + break; + } + } + BIO_free_all(tmpmem); + return ret; + } +} diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c new file mode 100755 index 00000000..546ae5fc --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c @@ -0,0 +1,220 @@ +/* crypto/rsa/rsa_oaep.c */ +/* Written by Ulf Moeller. This software is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ + +/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ + +/* See Victor Shoup, "OAEP reconsidered," Nov. 2000, + * <URL: http://www.shoup.net/papers/oaep.ps.Z> + * for problems with the security proof for the + * original OAEP scheme, which EME-OAEP is based on. + * + * A new proof can be found in E. Fujisaki, T. Okamoto, + * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!", + * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>. + * The new proof has stronger requirements for the + * underlying permutation: "partial-one-wayness" instead + * of one-wayness. For the RSA function, this is + * an equivalent notion. + */ + + +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/rsa.h> +#include <openssl/evp.h> +#include <openssl/rand.h> +#include <openssl/sha.h> + +int MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen); + +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen) + { + int i, emlen = tlen - 1; + unsigned char *db, *seed; + unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; + + if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return 0; + } + + if (emlen < 2 * SHA_DIGEST_LENGTH + 1) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); + return 0; + } + + to[0] = 0; + seed = to + 1; + db = to + SHA_DIGEST_LENGTH + 1; + + EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); + memset(db + SHA_DIGEST_LENGTH, 0, + emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); + db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; + memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); + if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) + return 0; +#ifdef PKCS_TESTVECT + memcpy(seed, + "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", + 20); +#endif + + dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); + if (dbmask == NULL) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return 0; + } + + MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); + for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) + db[i] ^= dbmask[i]; + + MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= seedmask[i]; + + OPENSSL_free(dbmask); + return 1; + } + +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *from, int flen, int num, + const unsigned char *param, int plen) + { + int i, dblen, mlen = -1; + const unsigned char *maskeddb; + int lzero; + unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + unsigned char *padded_from; + int bad = 0; + + if (--num < 2 * SHA_DIGEST_LENGTH + 1) + /* 'num' is the length of the modulus, i.e. does not depend on the + * particular ciphertext. */ + goto decoding_err; + + lzero = num - flen; + if (lzero < 0) + { + /* signalling this error immediately after detection might allow + * for side-channel attacks (e.g. timing if 'plen' is huge + * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal + * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), + * so we use a 'bad' flag */ + bad = 1; + lzero = 0; + flen = num; /* don't overflow the memcpy to padded_from */ + } + + dblen = num - SHA_DIGEST_LENGTH; + db = OPENSSL_malloc(dblen + num); + if (db == NULL) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return -1; + } + + /* Always do this zero-padding copy (even when lzero == 0) + * to avoid leaking timing info about the value of lzero. */ + padded_from = db + dblen; + memset(padded_from, 0, lzero); + memcpy(padded_from + lzero, from, flen); + + maskeddb = padded_from + SHA_DIGEST_LENGTH; + + MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= padded_from[i]; + + MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); + for (i = 0; i < dblen; i++) + db[i] ^= maskeddb[i]; + + EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); + + if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + goto decoding_err; + else + { + for (i = SHA_DIGEST_LENGTH; i < dblen; i++) + if (db[i] != 0x00) + break; + if (i == dblen || db[i] != 0x01) + goto decoding_err; + else + { + /* everything looks OK */ + + mlen = dblen - ++i; + if (tlen < mlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + mlen = -1; + } + else + memcpy(to, db + i, mlen); + } + } + OPENSSL_free(db); + return mlen; + +decoding_err: + /* to avoid chosen ciphertext attacks, the error message should not reveal + * which kind of decoding error happened */ + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + if (db != NULL) OPENSSL_free(db); + return -1; + } + +int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, const EVP_MD *dgst) + { + long i, outlen = 0; + unsigned char cnt[4]; + EVP_MD_CTX c; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdlen; + + EVP_MD_CTX_init(&c); + mdlen = M_EVP_MD_size(dgst); + for (i = 0; outlen < len; i++) + { + cnt[0] = (unsigned char)((i >> 24) & 255); + cnt[1] = (unsigned char)((i >> 16) & 255); + cnt[2] = (unsigned char)((i >> 8)) & 255; + cnt[3] = (unsigned char)(i & 255); + EVP_DigestInit_ex(&c,dgst, NULL); + EVP_DigestUpdate(&c, seed, seedlen); + EVP_DigestUpdate(&c, cnt, 4); + if (outlen + mdlen <= len) + { + EVP_DigestFinal_ex(&c, mask + outlen, NULL); + outlen += mdlen; + } + else + { + EVP_DigestFinal_ex(&c, md, NULL); + memcpy(mask + outlen, md, len - outlen); + outlen = len; + } + } + EVP_MD_CTX_cleanup(&c); + return 0; + } + +int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) + { + return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); + } +#endif diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c new file mode 100755 index 00000000..af12520f --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c @@ -0,0 +1,1554 @@ +/* crypto/x509/x509_vfy.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <time.h> +#include <errno.h> + +#include "cryptlib.h" +#include <openssl/crypto.h> +#include <openssl/lhash.h> +#include <openssl/buffer.h> +#include <openssl/evp.h> +#include <openssl/asn1.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/objects.h> + +static int null_callback(int ok,X509_STORE_CTX *e); +static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); +static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); +static int check_chain_extensions(X509_STORE_CTX *ctx); +static int check_trust(X509_STORE_CTX *ctx); +static int check_revocation(X509_STORE_CTX *ctx); +static int check_cert(X509_STORE_CTX *ctx); +static int check_policy(X509_STORE_CTX *ctx); +static int internal_verify(X509_STORE_CTX *ctx); +const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT; + + +static int null_callback(int ok, X509_STORE_CTX *e) + { + return ok; + } + +#if 0 +static int x509_subject_cmp(X509 **a, X509 **b) + { + return X509_subject_name_cmp(*a,*b); + } +#endif + +int X509_verify_cert(X509_STORE_CTX *ctx) + { + X509 *x,*xtmp,*chain_ss=NULL; + int bad_chain = 0; + X509_VERIFY_PARAM *param = ctx->param; + int depth,i,ok=0; + int num; + int (*cb)(int xok,X509_STORE_CTX *xctx); + STACK_OF(X509) *sktmp=NULL; + if (ctx->cert == NULL) + { + X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); + return -1; + } + + cb=ctx->verify_cb; + + /* first we make sure the chain we are going to build is + * present and that the first entry is in place */ + if (ctx->chain == NULL) + { + if ( ((ctx->chain=sk_X509_new_null()) == NULL) || + (!sk_X509_push(ctx->chain,ctx->cert))) + { + X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + goto end; + } + CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509); + ctx->last_untrusted=1; + } + + /* We use a temporary STACK so we can chop and hack at it */ + if (ctx->untrusted != NULL + && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) + { + X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + goto end; + } + + num=sk_X509_num(ctx->chain); + x=sk_X509_value(ctx->chain,num-1); + depth=param->depth; + + + for (;;) + { + /* If we have enough, we break */ + if (depth < num) break; /* FIXME: If this happens, we should take + * note of it and, if appropriate, use the + * X509_V_ERR_CERT_CHAIN_TOO_LONG error + * code later. + */ + + /* If we are self signed, we break */ + if (ctx->check_issued(ctx, x,x)) break; + + /* If we were passed a cert chain, use it first */ + if (ctx->untrusted != NULL) + { + xtmp=find_issuer(ctx, sktmp,x); + if (xtmp != NULL) + { + if (!sk_X509_push(ctx->chain,xtmp)) + { + X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + goto end; + } + CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); + (void)sk_X509_delete_ptr(sktmp,xtmp); + ctx->last_untrusted++; + x=xtmp; + num++; + /* reparse the full chain for + * the next one */ + continue; + } + } + break; + } + + /* at this point, chain should contain a list of untrusted + * certificates. We now need to add at least one trusted one, + * if possible, otherwise we complain. */ + + /* Examine last certificate in chain and see if it + * is self signed. + */ + + i=sk_X509_num(ctx->chain); + x=sk_X509_value(ctx->chain,i-1); + if (ctx->check_issued(ctx, x, x)) + { + /* we have a self signed certificate */ + if (sk_X509_num(ctx->chain) == 1) + { + /* We have a single self signed certificate: see if + * we can find it in the store. We must have an exact + * match to avoid possible impersonation. + */ + ok = ctx->get_issuer(&xtmp, ctx, x); + if ((ok <= 0) || X509_cmp(x, xtmp)) + { + ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert=x; + ctx->error_depth=i-1; + if (ok == 1) X509_free(xtmp); + bad_chain = 1; + ok=cb(0,ctx); + if (!ok) goto end; + } + else + { + /* We have a match: replace certificate with store version + * so we get any trust settings. + */ + X509_free(x); + x = xtmp; + (void)sk_X509_set(ctx->chain, i - 1, x); + ctx->last_untrusted=0; + } + } + else + { + /* extract and save self signed certificate for later use */ + chain_ss=sk_X509_pop(ctx->chain); + ctx->last_untrusted--; + num--; + x=sk_X509_value(ctx->chain,num-1); + } + } + + /* We now lookup certs from the certificate store */ + for (;;) + { + /* If we have enough, we break */ + if (depth < num) break; + + /* If we are self signed, we break */ + if (ctx->check_issued(ctx,x,x)) break; + + ok = ctx->get_issuer(&xtmp, ctx, x); + + if (ok < 0) return ok; + if (ok == 0) break; + + x = xtmp; + if (!sk_X509_push(ctx->chain,x)) + { + X509_free(xtmp); + X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + return 0; + } + num++; + } + + /* we now have our chain, lets check it... */ + + /* Is last certificate looked up self signed? */ + if (!ctx->check_issued(ctx,x,x)) + { + if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) + { + if (ctx->last_untrusted >= num) + ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; + else + ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; + ctx->current_cert=x; + } + else + { + + sk_X509_push(ctx->chain,chain_ss); + num++; + ctx->last_untrusted=num; + ctx->current_cert=chain_ss; + ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; + chain_ss=NULL; + } + + ctx->error_depth=num-1; + bad_chain = 1; + ok=cb(0,ctx); + if (!ok) goto end; + } + + /* We have the chain complete: now we need to check its purpose */ + ok = check_chain_extensions(ctx); + + if (!ok) goto end; + + /* The chain extensions are OK: check trust */ + + if (param->trust > 0) ok = check_trust(ctx); + + if (!ok) goto end; + + /* We may as well copy down any DSA parameters that are required */ + X509_get_pubkey_parameters(NULL,ctx->chain); + + /* Check revocation status: we do this after copying parameters + * because they may be needed for CRL signature verification. + */ + + ok = ctx->check_revocation(ctx); + if(!ok) goto end; + + /* At this point, we have a chain and need to verify it */ + if (ctx->verify != NULL) + ok=ctx->verify(ctx); + else + ok=internal_verify(ctx); + if(!ok) goto end; + +#ifndef OPENSSL_NO_RFC3779 + /* RFC 3779 path validation, now that CRL check has been done */ + ok = v3_asid_validate_path(ctx); + if (!ok) goto end; + ok = v3_addr_validate_path(ctx); + if (!ok) goto end; +#endif + + /* If we get this far evaluate policies */ + if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) + ok = ctx->check_policy(ctx); + if(!ok) goto end; + if (0) + { +end: + X509_get_pubkey_parameters(NULL,ctx->chain); + } + if (sktmp != NULL) sk_X509_free(sktmp); + if (chain_ss != NULL) X509_free(chain_ss); + return ok; + } + + +/* Given a STACK_OF(X509) find the issuer of cert (if any) + */ + +static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) +{ + int i; + X509 *issuer; + for (i = 0; i < sk_X509_num(sk); i++) + { + issuer = sk_X509_value(sk, i); + if (ctx->check_issued(ctx, x, issuer)) + return issuer; + } + return NULL; +} + +/* Given a possible certificate and issuer check them */ + +static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) +{ + int ret; + ret = X509_check_issued(issuer, x); + if (ret == X509_V_OK) + return 1; + /* If we haven't asked for issuer errors don't set ctx */ + if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) + return 0; + + ctx->error = ret; + ctx->current_cert = x; + ctx->current_issuer = issuer; + return ctx->verify_cb(0, ctx); + return 0; +} + +/* Alternative lookup method: look from a STACK stored in other_ctx */ + +static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +{ + *issuer = find_issuer(ctx, ctx->other_ctx, x); + if (*issuer) + { + CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509); + return 1; + } + else + return 0; +} + + +/* Check a certificate chains extensions for consistency + * with the supplied purpose + */ + +static int check_chain_extensions(X509_STORE_CTX *ctx) +{ +#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) + /* + NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting + in Authenticode Signing Certificates. + */ + return 1; +#else + int i, ok=0, must_be_ca, plen = 0; + X509 *x; + int (*cb)(int xok,X509_STORE_CTX *xctx); + int proxy_path_length = 0; + int allow_proxy_certs = + !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); + cb=ctx->verify_cb; + + /* must_be_ca can have 1 of 3 values: + -1: we accept both CA and non-CA certificates, to allow direct + use of self-signed certificates (which are marked as CA). + 0: we only accept non-CA certificates. This is currently not + used, but the possibility is present for future extensions. + 1: we only accept CA certificates. This is currently used for + all certificates in the chain except the leaf certificate. + */ + must_be_ca = -1; + + /* A hack to keep people who don't want to modify their software + happy */ + if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) + allow_proxy_certs = 1; + + /* Check all untrusted certificates */ + for (i = 0; i < ctx->last_untrusted; i++) + { + int ret; + x = sk_X509_value(ctx->chain, i); + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) + && (x->ex_flags & EXFLAG_CRITICAL)) + { + ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) + { + ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + ret = X509_check_ca(x); + switch(must_be_ca) + { + case -1: + if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) + && (ret != 1) && (ret != 0)) + { + ret = 0; + ctx->error = X509_V_ERR_INVALID_CA; + } + else + ret = 1; + break; + case 0: + if (ret != 0) + { + ret = 0; + ctx->error = X509_V_ERR_INVALID_NON_CA; + } + else + ret = 1; + break; + default: + if ((ret == 0) + || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) + && (ret != 1))) + { + ret = 0; + ctx->error = X509_V_ERR_INVALID_CA; + } + else + ret = 1; + break; + } + if (ret == 0) + { + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + if (ctx->param->purpose > 0) + { + ret = X509_check_purpose(x, ctx->param->purpose, + must_be_ca > 0); + if ((ret == 0) + || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) + && (ret != 1))) + { + ctx->error = X509_V_ERR_INVALID_PURPOSE; + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + } + /* Check pathlen if not self issued */ + if ((i > 1) && !(x->ex_flags & EXFLAG_SI) + && (x->ex_pathlen != -1) + && (plen > (x->ex_pathlen + proxy_path_length + 1))) + { + ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + /* Increment path length if not self issued */ + if (!(x->ex_flags & EXFLAG_SI)) + plen++; + /* If this certificate is a proxy certificate, the next + certificate must be another proxy certificate or a EE + certificate. If not, the next certificate must be a + CA certificate. */ + if (x->ex_flags & EXFLAG_PROXY) + { + if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) + { + ctx->error = + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + proxy_path_length++; + must_be_ca = 0; + } + else + must_be_ca = 1; + } + ok = 1; + end: + return ok; +#endif +} + +static int check_trust(X509_STORE_CTX *ctx) +{ +#ifdef OPENSSL_NO_CHAIN_VERIFY + return 1; +#else + int i, ok; + X509 *x; + int (*cb)(int xok,X509_STORE_CTX *xctx); + cb=ctx->verify_cb; +/* For now just check the last certificate in the chain */ + i = sk_X509_num(ctx->chain) - 1; + x = sk_X509_value(ctx->chain, i); + ok = X509_check_trust(x, ctx->param->trust, 0); + if (ok == X509_TRUST_TRUSTED) + return 1; + ctx->error_depth = i; + ctx->current_cert = x; + if (ok == X509_TRUST_REJECTED) + ctx->error = X509_V_ERR_CERT_REJECTED; + else + ctx->error = X509_V_ERR_CERT_UNTRUSTED; + ok = cb(0, ctx); + return ok; +#endif +} + +static int check_revocation(X509_STORE_CTX *ctx) + { + int i, last, ok; + if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) + return 1; + if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) + last = sk_X509_num(ctx->chain) - 1; + else + last = 0; + for(i = 0; i <= last; i++) + { + ctx->error_depth = i; + ok = check_cert(ctx); + if (!ok) return ok; + } + return 1; + } + +static int check_cert(X509_STORE_CTX *ctx) + { + X509_CRL *crl = NULL; + X509 *x; + int ok, cnum; + cnum = ctx->error_depth; + x = sk_X509_value(ctx->chain, cnum); + ctx->current_cert = x; + /* Try to retrieve relevant CRL */ + ok = ctx->get_crl(ctx, &crl, x); + /* If error looking up CRL, nothing we can do except + * notify callback + */ + if(!ok) + { + ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; + ok = ctx->verify_cb(0, ctx); + goto err; + } + ctx->current_crl = crl; + ok = ctx->check_crl(ctx, crl); + if (!ok) goto err; + ok = ctx->cert_crl(ctx, crl, x); + err: + ctx->current_crl = NULL; + X509_CRL_free(crl); + return ok; + + } + +/* Check CRL times against values in X509_STORE_CTX */ + +static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) + { + time_t *ptime; + int i; + ctx->current_crl = crl; + if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) + ptime = &ctx->param->check_time; + else + ptime = NULL; + + i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; + if (!notify || !ctx->verify_cb(0, ctx)) + return 0; + } + + if (i > 0) + { + ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; + if (!notify || !ctx->verify_cb(0, ctx)) + return 0; + } + + if(X509_CRL_get_nextUpdate(crl)) + { + i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); + + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; + if (!notify || !ctx->verify_cb(0, ctx)) + return 0; + } + + if (i < 0) + { + ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; + if (!notify || !ctx->verify_cb(0, ctx)) + return 0; + } + } + + ctx->current_crl = NULL; + + return 1; + } + +/* Lookup CRLs from the supplied list. Look for matching isser name + * and validity. If we can't find a valid CRL return the last one + * with matching name. This gives more meaningful error codes. Otherwise + * we'd get a CRL not found error if a CRL existed with matching name but + * was invalid. + */ + +static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, + X509_NAME *nm, STACK_OF(X509_CRL) *crls) + { + int i; + X509_CRL *crl, *best_crl = NULL; + for (i = 0; i < sk_X509_CRL_num(crls); i++) + { + crl = sk_X509_CRL_value(crls, i); + if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) + continue; + if (check_crl_time(ctx, crl, 0)) + { + *pcrl = crl; + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); + return 1; + } + best_crl = crl; + } + if (best_crl) + { + *pcrl = best_crl; + CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); + } + + return 0; + } + +/* Retrieve CRL corresponding to certificate: currently just a + * subject lookup: maybe use AKID later... + */ +static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) + { + int ok; + X509_CRL *crl = NULL; + X509_OBJECT xobj; + X509_NAME *nm; + nm = X509_get_issuer_name(x); + ok = get_crl_sk(ctx, &crl, nm, ctx->crls); + if (ok) + { + *pcrl = crl; + return 1; + } + + ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); + + if (!ok) + { + /* If we got a near match from get_crl_sk use that */ + if (crl) + { + *pcrl = crl; + return 1; + } + return 0; + } + + *pcrl = xobj.data.crl; + if (crl) + X509_CRL_free(crl); + return 1; + } + +/* Check CRL validity */ +static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) + { + X509 *issuer = NULL; + EVP_PKEY *ikey = NULL; + int ok = 0, chnum, cnum; + cnum = ctx->error_depth; + chnum = sk_X509_num(ctx->chain) - 1; + /* Find CRL issuer: if not last certificate then issuer + * is next certificate in chain. + */ + if(cnum < chnum) + issuer = sk_X509_value(ctx->chain, cnum + 1); + else + { + issuer = sk_X509_value(ctx->chain, chnum); + /* If not self signed, can't check signature */ + if(!ctx->check_issued(ctx, issuer, issuer)) + { + ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; + ok = ctx->verify_cb(0, ctx); + if(!ok) goto err; + } + } + + if(issuer) + { + /* Check for cRLSign bit if keyUsage present */ + if ((issuer->ex_flags & EXFLAG_KUSAGE) && + !(issuer->ex_kusage & KU_CRL_SIGN)) + { + ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; + ok = ctx->verify_cb(0, ctx); + if(!ok) goto err; + } + + /* Attempt to get issuer certificate public key */ + ikey = X509_get_pubkey(issuer); + + if(!ikey) + { + ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; + ok = ctx->verify_cb(0, ctx); + if (!ok) goto err; + } + else + { + /* Verify CRL signature */ + if(X509_CRL_verify(crl, ikey) <= 0) + { + ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE; + ok = ctx->verify_cb(0, ctx); + if (!ok) goto err; + } + } + } + + ok = check_crl_time(ctx, crl, 1); + if (!ok) + goto err; + + ok = 1; + + err: + EVP_PKEY_free(ikey); + return ok; + } + +/* Check certificate against CRL */ +static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) + { + int idx, ok; + X509_REVOKED rtmp; + STACK_OF(X509_EXTENSION) *exts; + X509_EXTENSION *ext; + /* Look for serial number of certificate in CRL */ + rtmp.serialNumber = X509_get_serialNumber(x); + /* Sort revoked into serial number order if not already sorted. + * Do this under a lock to avoid race condition. + */ + if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) + { + CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); + sk_X509_REVOKED_sort(crl->crl->revoked); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); + } + idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); + /* If found assume revoked: want something cleverer than + * this to handle entry extensions in V2 CRLs. + */ + if(idx >= 0) + { + ctx->error = X509_V_ERR_CERT_REVOKED; + ok = ctx->verify_cb(0, ctx); + if (!ok) return 0; + } + + if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) + return 1; + + /* See if we have any critical CRL extensions: since we + * currently don't handle any CRL extensions the CRL must be + * rejected. + * This code accesses the X509_CRL structure directly: applications + * shouldn't do this. + */ + + exts = crl->crl->extensions; + + for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) + { + ext = sk_X509_EXTENSION_value(exts, idx); + if (ext->critical > 0) + { + ctx->error = + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; + ok = ctx->verify_cb(0, ctx); + if(!ok) return 0; + break; + } + } + return 1; + } + +static int check_policy(X509_STORE_CTX *ctx) + { + int ret; + ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, + ctx->param->policies, ctx->param->flags); + if (ret == 0) + { + X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE); + return 0; + } + /* Invalid or inconsistent extensions */ + if (ret == -1) + { + /* Locate certificates with bad extensions and notify + * callback. + */ + X509 *x; + int i; + for (i = 1; i < sk_X509_num(ctx->chain); i++) + { + x = sk_X509_value(ctx->chain, i); + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; + ctx->current_cert = x; + ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; + ret = ctx->verify_cb(0, ctx); + } + return 1; + } + if (ret == -2) + { + ctx->current_cert = NULL; + ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; + return ctx->verify_cb(0, ctx); + } + + if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) + { + ctx->current_cert = NULL; + ctx->error = X509_V_OK; + if (!ctx->verify_cb(2, ctx)) + return 0; + } + + return 1; + } + +static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) + { +#if defined(OPENSSL_SYS_UEFI) + /* Bypass Certificate Time Checking for UEFI version. */ + return 1; +#else + time_t *ptime; + int i; + + if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) + ptime = &ctx->param->check_time; + else + ptime = NULL; + + i=X509_cmp_time(X509_get_notBefore(x), ptime); + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; + ctx->current_cert=x; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + if (i > 0) + { + ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; + ctx->current_cert=x; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + i=X509_cmp_time(X509_get_notAfter(x), ptime); + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; + ctx->current_cert=x; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + if (i < 0) + { + ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; + ctx->current_cert=x; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + return 1; +#endif + } + +static int internal_verify(X509_STORE_CTX *ctx) + { + int ok=0,n; + X509 *xs,*xi; + EVP_PKEY *pkey=NULL; + int (*cb)(int xok,X509_STORE_CTX *xctx); + + cb=ctx->verify_cb; + + n=sk_X509_num(ctx->chain); + ctx->error_depth=n-1; + n--; + xi=sk_X509_value(ctx->chain,n); + + if (ctx->check_issued(ctx, xi, xi)) + xs=xi; + else + { + if (n <= 0) + { + ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; + ctx->current_cert=xi; + ok=cb(0,ctx); + goto end; + } + else + { + n--; + ctx->error_depth=n; + xs=sk_X509_value(ctx->chain,n); + } + } + +/* ctx->error=0; not needed */ + while (n >= 0) + { + ctx->error_depth=n; + + /* Skip signature check for self signed certificates unless + * explicitly asked for. It doesn't add any security and + * just wastes time. + */ + if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) + { + if ((pkey=X509_get_pubkey(xi)) == NULL) + { + ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; + ctx->current_cert=xi; + ok=(*cb)(0,ctx); + if (!ok) goto end; + } + else if (X509_verify(xs,pkey) <= 0) + { + ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; + ctx->current_cert=xs; + ok=(*cb)(0,ctx); + if (!ok) + { + EVP_PKEY_free(pkey); + goto end; + } + } + EVP_PKEY_free(pkey); + pkey=NULL; + } + + xs->valid = 1; + + ok = check_cert_time(ctx, xs); + if (!ok) + goto end; + + /* The last error (if any) is still in the error value */ + ctx->current_issuer=xi; + ctx->current_cert=xs; + ok=(*cb)(1,ctx); + if (!ok) goto end; + + n--; + if (n >= 0) + { + xi=xs; + xs=sk_X509_value(ctx->chain,n); + } + } + ok=1; +end: + return ok; + } + +int X509_cmp_current_time(ASN1_TIME *ctm) +{ + return X509_cmp_time(ctm, NULL); +} + +int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) + { + char *str; + ASN1_TIME atm; + long offset; + char buff1[24],buff2[24],*p; + int i,j; + + p=buff1; + i=ctm->length; + str=(char *)ctm->data; + if (ctm->type == V_ASN1_UTCTIME) + { + if ((i < 11) || (i > 17)) return 0; + memcpy(p,str,10); + p+=10; + str+=10; + } + else + { + if (i < 13) return 0; + memcpy(p,str,12); + p+=12; + str+=12; + } + + if ((*str == 'Z') || (*str == '-') || (*str == '+')) + { *(p++)='0'; *(p++)='0'; } + else + { + *(p++)= *(str++); + *(p++)= *(str++); + /* Skip any fractional seconds... */ + if (*str == '.') + { + str++; + while ((*str >= '0') && (*str <= '9')) str++; + } + + } + *(p++)='Z'; + *(p++)='\0'; + + if (*str == 'Z') + offset=0; + else + { + if ((*str != '+') && (*str != '-')) + return 0; + offset=((str[1]-'0')*10+(str[2]-'0'))*60; + offset+=(str[3]-'0')*10+(str[4]-'0'); + if (*str == '-') + offset= -offset; + } + atm.type=ctm->type; + atm.length=sizeof(buff2); + atm.data=(unsigned char *)buff2; + + if (X509_time_adj(&atm, offset*60, cmp_time) == NULL) + return 0; + + if (ctm->type == V_ASN1_UTCTIME) + { + i=(buff1[0]-'0')*10+(buff1[1]-'0'); + if (i < 50) i+=100; /* cf. RFC 2459 */ + j=(buff2[0]-'0')*10+(buff2[1]-'0'); + if (j < 50) j+=100; + + if (i < j) return -1; + if (i > j) return 1; + } + i=strcmp(buff1,buff2); + if (i == 0) /* wait a second then return younger :-) */ + return -1; + else + return i; + } + +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) +{ + return X509_time_adj(s, adj, NULL); +} + +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) + { + time_t t; + int type = -1; + + if (in_tm) t = *in_tm; + else time(&t); + + t+=adj; + if (s) type = s->type; + if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); + if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); + return ASN1_TIME_set(s, t); + } + +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) + { + EVP_PKEY *ktmp=NULL,*ktmp2; + int i,j; + + if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1; + + for (i=0; i<sk_X509_num(chain); i++) + { + ktmp=X509_get_pubkey(sk_X509_value(chain,i)); + if (ktmp == NULL) + { + X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); + return 0; + } + if (!EVP_PKEY_missing_parameters(ktmp)) + break; + else + { + EVP_PKEY_free(ktmp); + ktmp=NULL; + } + } + if (ktmp == NULL) + { + X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); + return 0; + } + + /* first, populate the other certs */ + for (j=i-1; j >= 0; j--) + { + ktmp2=X509_get_pubkey(sk_X509_value(chain,j)); + EVP_PKEY_copy_parameters(ktmp2,ktmp); + EVP_PKEY_free(ktmp2); + } + + if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); + EVP_PKEY_free(ktmp); + return 1; + } + +int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + /* This function is (usually) called only once, by + * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, + new_func, dup_func, free_func); + } + +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) + { + return CRYPTO_set_ex_data(&ctx->ex_data,idx,data); + } + +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) + { + return CRYPTO_get_ex_data(&ctx->ex_data,idx); + } + +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) + { + return ctx->error; + } + +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) + { + ctx->error=err; + } + +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) + { + return ctx->error_depth; + } + +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) + { + return ctx->current_cert; + } + +STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) + { + return ctx->chain; + } + +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) + { + int i; + X509 *x; + STACK_OF(X509) *chain; + if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; + for (i = 0; i < sk_X509_num(chain); i++) + { + x = sk_X509_value(chain, i); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + } + return chain; + } + +void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) + { + ctx->cert=x; + } + +void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) + { + ctx->untrusted=sk; + } + +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) + { + ctx->crls=sk; + } + +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) + { + return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); + } + +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) + { + return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); + } + +/* This function is used to set the X509_STORE_CTX purpose and trust + * values. This is intended to be used when another structure has its + * own trust and purpose values which (if set) will be inherited by + * the ctx. If they aren't set then we will usually have a default + * purpose in mind which should then be used to set the trust value. + * An example of this is SSL use: an SSL structure will have its own + * purpose and trust settings which the application can set: if they + * aren't set then we use the default of SSL client/server. + */ + +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust) +{ + int idx; + /* If purpose not set use default */ + if (!purpose) purpose = def_purpose; + /* If we have a purpose then check it is valid */ + if (purpose) + { + X509_PURPOSE *ptmp; + idx = X509_PURPOSE_get_by_id(purpose); + if (idx == -1) + { + X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, + X509_R_UNKNOWN_PURPOSE_ID); + return 0; + } + ptmp = X509_PURPOSE_get0(idx); + if (ptmp->trust == X509_TRUST_DEFAULT) + { + idx = X509_PURPOSE_get_by_id(def_purpose); + if (idx == -1) + { + X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, + X509_R_UNKNOWN_PURPOSE_ID); + return 0; + } + ptmp = X509_PURPOSE_get0(idx); + } + /* If trust not set then get from purpose default */ + if (!trust) trust = ptmp->trust; + } + if (trust) + { + idx = X509_TRUST_get_by_id(trust); + if (idx == -1) + { + X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, + X509_R_UNKNOWN_TRUST_ID); + return 0; + } + } + + if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose; + if (trust && !ctx->param->trust) ctx->param->trust = trust; + return 1; +} + +X509_STORE_CTX *X509_STORE_CTX_new(void) +{ + X509_STORE_CTX *ctx; + ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); + if (!ctx) + { + X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE); + return NULL; + } + memset(ctx, 0, sizeof(X509_STORE_CTX)); + return ctx; +} + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx) +{ + X509_STORE_CTX_cleanup(ctx); + OPENSSL_free(ctx); +} + +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, + STACK_OF(X509) *chain) + { + int ret = 1; + ctx->ctx=store; + ctx->current_method=0; + ctx->cert=x509; + ctx->untrusted=chain; + ctx->crls = NULL; + ctx->last_untrusted=0; + ctx->other_ctx=NULL; + ctx->valid=0; + ctx->chain=NULL; + ctx->error=0; + ctx->explicit_policy=0; + ctx->error_depth=0; + ctx->current_cert=NULL; + ctx->current_issuer=NULL; + ctx->tree = NULL; + + ctx->param = X509_VERIFY_PARAM_new(); + + if (!ctx->param) + { + X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); + return 0; + } + + /* Inherit callbacks and flags from X509_STORE if not set + * use defaults. + */ + + + if (store) + ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); + else + ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; + + if (store) + { + ctx->verify_cb = store->verify_cb; + ctx->cleanup = store->cleanup; + } + else + ctx->cleanup = 0; + + if (ret) + ret = X509_VERIFY_PARAM_inherit(ctx->param, + X509_VERIFY_PARAM_lookup("default")); + + if (ret == 0) + { + X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); + return 0; + } + + if (store && store->check_issued) + ctx->check_issued = store->check_issued; + else + ctx->check_issued = check_issued; + + if (store && store->get_issuer) + ctx->get_issuer = store->get_issuer; + else + ctx->get_issuer = X509_STORE_CTX_get1_issuer; + + if (store && store->verify_cb) + ctx->verify_cb = store->verify_cb; + else + ctx->verify_cb = null_callback; + + if (store && store->verify) + ctx->verify = store->verify; + else + ctx->verify = internal_verify; + + if (store && store->check_revocation) + ctx->check_revocation = store->check_revocation; + else + ctx->check_revocation = check_revocation; + + if (store && store->get_crl) + ctx->get_crl = store->get_crl; + else + ctx->get_crl = get_crl; + + if (store && store->check_crl) + ctx->check_crl = store->check_crl; + else + ctx->check_crl = check_crl; + + if (store && store->cert_crl) + ctx->cert_crl = store->cert_crl; + else + ctx->cert_crl = cert_crl; + + ctx->check_policy = check_policy; + + + /* This memset() can't make any sense anyway, so it's removed. As + * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a + * corresponding "new" here and remove this bogus initialisation. */ + /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ + if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, + &(ctx->ex_data))) + { + OPENSSL_free(ctx); + X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; + } + +/* Set alternative lookup method: just a STACK of trusted certificates. + * This avoids X509_STORE nastiness where it isn't needed. + */ + +void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +{ + ctx->other_ctx = sk; + ctx->get_issuer = get_issuer_sk; +} + +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) + { + if (ctx->cleanup) ctx->cleanup(ctx); + if (ctx->param != NULL) + { + X509_VERIFY_PARAM_free(ctx->param); + ctx->param=NULL; + } + if (ctx->tree != NULL) + { + X509_policy_tree_free(ctx->tree); + ctx->tree=NULL; + } + if (ctx->chain != NULL) + { + sk_X509_pop_free(ctx->chain,X509_free); + ctx->chain=NULL; + } + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); + memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); + } + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) + { + X509_VERIFY_PARAM_set_depth(ctx->param, depth); + } + +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) + { + X509_VERIFY_PARAM_set_flags(ctx->param, flags); + } + +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) + { + X509_VERIFY_PARAM_set_time(ctx->param, t); + } + +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)) + { + ctx->verify_cb=verify_cb; + } + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) + { + return ctx->tree; + } + +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) + { + return ctx->explicit_policy; + } + +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) + { + const X509_VERIFY_PARAM *param; + param = X509_VERIFY_PARAM_lookup(name); + if (!param) + return 0; + return X509_VERIFY_PARAM_inherit(ctx->param, param); + } + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) + { + return ctx->param; + } + +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) + { + if (ctx->param) + X509_VERIFY_PARAM_free(ctx->param); + ctx->param = param; + } + +IMPLEMENT_STACK_OF(X509) +IMPLEMENT_ASN1_SET_OF(X509) + +IMPLEMENT_STACK_OF(X509_NAME) + +IMPLEMENT_STACK_OF(X509_ATTRIBUTE) +IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/update.sh b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/update.sh new file mode 100755 index 00000000..cb25ccd2 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/OpenSSL/update.sh @@ -0,0 +1,499 @@ +#/bin/sh +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/e_os.h e_os.h +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cryptlib.c crypto/cryptlib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dyn_lck.c crypto/dyn_lck.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem.c crypto/mem.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_clr.c crypto/mem_clr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_dbg.c crypto/mem_dbg.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cversion.c crypto/cversion.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ex_data.c crypto/ex_data.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cpt_err.c crypto/cpt_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ebcdic.c crypto/ebcdic.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/uid.c crypto/uid.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_time.c crypto/o_time.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_str.c crypto/o_str.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_dir.c crypto/o_dir.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_init.c crypto/o_init.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/fips_err.c crypto/fips_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_one.c crypto/md2/md2_one.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_one.c crypto/md4/md4_one.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_one.c crypto/md5/md5_one.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_one.c crypto/sha/sha_one.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1_one.c crypto/sha/sha1_one.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha256.c crypto/sha/sha256.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha512.c crypto/sha/sha512.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/hmac/hmac.c crypto/hmac/hmac.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_lib.c crypto/des/des_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/set_key.c crypto/des/set_key.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb_enc.c crypto/des/ecb_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_enc.c crypto/des/cbc_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64enc.c crypto/des/cfb64enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64ede.c crypto/des/cfb64ede.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb_enc.c crypto/des/cfb_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64ede.c crypto/des/ofb64ede.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_read.c crypto/des/enc_read.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_writ.c crypto/des/enc_writ.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64enc.c crypto/des/ofb64enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb_enc.c crypto/des/ofb_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/str2key.c crypto/des/str2key.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/qud_cksm.c crypto/des/qud_cksm.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rand_key.c crypto/des/rand_key.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_enc.c crypto/des/des_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt.c crypto/des/fcrypt.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rpc_enc.c crypto/des/rpc_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old.c crypto/des/des_old.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old2.c crypto/des/des_old2.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/read2pwd.c crypto/des/read2pwd.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cbc.c crypto/idea/i_cbc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ecb.c crypto/idea/i_ecb.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_skey.c crypto/idea/i_skey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_skey.c crypto/bf/bf_skey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_enc.c crypto/bf/bf_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_skey.c crypto/cast/c_skey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ecb.c crypto/cast/c_ecb.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_enc.c crypto/cast/c_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_misc.c crypto/aes/aes_misc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ige.c crypto/aes/aes_ige.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_core.c crypto/aes/aes_core.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_add.c crypto/bn/bn_add.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_div.c crypto/bn/bn_div.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp.c crypto/bn/bn_exp.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_lib.c crypto/bn/bn_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mul.c crypto/bn/bn_mul.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mod.c crypto/bn/bn_mod.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_print.c crypto/bn/bn_print.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_rand.c crypto/bn/bn_rand.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_shift.c crypto/bn/bn_shift.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_word.c crypto/bn/bn_word.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_blind.c crypto/bn/bn_blind.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_kron.c crypto/bn/bn_kron.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_prime.c crypto/bn/bn_prime.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_err.c crypto/bn/bn_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_asm.c crypto/bn/bn_asm.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_recp.c crypto/bn/bn_recp.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mont.c crypto/bn/bn_mont.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_nist.c crypto/bn/bn_nist.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_depr.c crypto/bn/bn_depr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_const.c crypto/bn/bn_const.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_opt.c crypto/bn/bn_opt.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dl.c crypto/dso/dso_dl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_err.c crypto/dso/dso_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_lib.c crypto/dso/dso_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_null.c crypto/dso/dso_null.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_win32.c crypto/dso/dso_win32.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_vms.c crypto/dso/dso_vms.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_gen.c crypto/dh/dh_gen.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_key.c crypto/dh/dh_key.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_lib.c crypto/dh/dh_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_check.c crypto/dh/dh_check.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_err.c crypto/dh/dh_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_depr.c crypto/dh/dh_depr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_lib.c crypto/ec/ec_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_mult.c crypto/ec/ec_mult.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_err.c crypto/ec/ec_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_curve.c crypto/ec/ec_curve.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_check.c crypto/ec/ec_check.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_print.c crypto/ec/ec_print.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_key.c crypto/ec/ec_key.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buffer.c crypto/buffer/buffer.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_str.c crypto/buffer/buf_str.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_err.c crypto/buffer/buf_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_lib.c crypto/bio/bio_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_cb.c crypto/bio/bio_cb.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_err.c crypto/bio/bio_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_mem.c crypto/bio/bss_mem.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_null.c crypto/bio/bss_null.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_fd.c crypto/bio/bss_fd.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_file.c crypto/bio/bss_file.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_null.c crypto/bio/bf_null.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_buff.c crypto/bio/bf_buff.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/b_dump.c crypto/bio/b_dump.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_log.c crypto/bio/bss_log.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_bio.c crypto/bio/bss_bio.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/stack/stack.c crypto/stack/stack.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lhash.c crypto/lhash/lhash.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/md_rand.c crypto/rand/md_rand.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/randfile.c crypto/rand/randfile.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_lib.c crypto/rand/rand_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_eng.c crypto/rand/rand_eng.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_err.c crypto/rand/rand_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_egd.c crypto/rand/rand_egd.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_win.c crypto/rand/rand_win.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_unix.c crypto/rand/rand_unix.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_os2.c crypto/rand/rand_os2.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_nw.c crypto/rand/rand_nw.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err.c crypto/err/err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_def.c crypto/err/err_def.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_all.c crypto/err/err_all.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_prn.c crypto/err/err_prn.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_str.c crypto/err/err_str.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_bio.c crypto/err/err_bio.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/o_names.c crypto/objects/o_names.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_dat.c crypto/objects/obj_dat.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_lib.c crypto/objects/obj_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_err.c crypto/objects/obj_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/encode.c crypto/evp/encode.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/digest.c crypto/evp/digest.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/dig_eng.c crypto/evp/dig_eng.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_enc.c crypto/evp/evp_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_key.c crypto/evp/evp_key.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des.c crypto/evp/e_des.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_bf.c crypto/evp/e_bf.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_idea.c crypto/evp/e_idea.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des3.c crypto/evp/e_des3.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc4.c crypto/evp/e_rc4.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_aes.c crypto/evp/e_aes.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/names.c crypto/evp/names.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc2.c crypto/evp/e_rc2.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_cast.c crypto/evp/e_cast.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc5.c crypto/evp/e_rc5.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/enc_min.c crypto/evp/enc_min.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_null.c crypto/evp/m_null.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md2.c crypto/evp/m_md2.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md4.c crypto/evp/m_md4.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md5.c crypto/evp/m_md5.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha.c crypto/evp/m_sha.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha1.c crypto/evp/m_sha1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss.c crypto/evp/m_dss.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss1.c crypto/evp/m_dss1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_open.c crypto/evp/p_open.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_seal.c crypto/evp/p_seal.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_sign.c crypto/evp/p_sign.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_verify.c crypto/evp/p_verify.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_lib.c crypto/evp/p_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_enc.c crypto/evp/p_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_dec.c crypto/evp/p_dec.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_md.c crypto/evp/bio_md.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_b64.c crypto/evp/bio_b64.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_enc.c crypto/evp/bio_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_err.c crypto/evp/evp_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_null.c crypto/evp/e_null.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_all.c crypto/evp/c_all.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_allc.c crypto/evp/c_allc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_alld.c crypto/evp/c_alld.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_lib.c crypto/evp/evp_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_ok.c crypto/evp/bio_ok.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_old.c crypto/evp/e_old.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_object.c crypto/asn1/a_object.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_time.c crypto/asn1/a_time.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_int.c crypto/asn1/a_int.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_octet.c crypto/asn1/a_octet.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_print.c crypto/asn1/a_print.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_type.c crypto/asn1/a_type.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_set.c crypto/asn1/a_set.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_dup.c crypto/asn1/a_dup.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_enum.c crypto/asn1/a_enum.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_sign.c crypto/asn1/a_sign.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_digest.c crypto/asn1/a_digest.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_verify.c crypto/asn1/a_verify.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strex.c crypto/asn1/a_strex.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_algor.c crypto/asn1/x_algor.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_val.c crypto/asn1/x_val.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_sig.c crypto/asn1/x_sig.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_req.c crypto/asn1/x_req.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_long.c crypto/asn1/x_long.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_name.c crypto/asn1/x_name.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509.c crypto/asn1/x_x509.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_crl.c crypto/asn1/x_crl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_info.c crypto/asn1/x_info.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_spki.c crypto/asn1/x_spki.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/nsseq.c crypto/asn1/nsseq.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_req.c crypto/asn1/t_req.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509.c crypto/asn1/t_x509.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_crl.c crypto/asn1/t_crl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_spki.c crypto/asn1/t_spki.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_int.c crypto/asn1/f_int.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_string.c crypto/asn1/f_string.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_enum.c crypto/asn1/f_enum.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bool.c crypto/asn1/a_bool.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_exten.c crypto/asn1/x_exten.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_meth.c crypto/asn1/a_meth.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_sign.c crypto/pem/pem_sign.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_seal.c crypto/pem/pem_seal.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_info.c crypto/pem/pem_info.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_lib.c crypto/pem/pem_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_all.c crypto/pem/pem_all.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_err.c crypto/pem/pem_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_x509.c crypto/pem/pem_x509.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_oth.c crypto/pem/pem_oth.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_def.c crypto/x509/x509_def.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_d2.c crypto/x509/x509_d2.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_obj.c crypto/x509/x509_obj.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_req.c crypto/x509/x509_req.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509spki.c crypto/x509/x509spki.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_set.c crypto/x509/x509_set.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509cset.c crypto/x509/x509cset.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509rset.c crypto/x509/x509rset.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_err.c crypto/x509/x509_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509name.c crypto/x509/x509name.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_v3.c crypto/x509/x509_v3.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_ext.c crypto/x509/x509_ext.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_att.c crypto/x509/x509_att.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509type.c crypto/x509/x509type.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_lu.c crypto/x509/x509_lu.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x_all.c crypto/x509/x_all.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_txt.c crypto/x509/x509_txt.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_trs.c crypto/x509/x509_trs.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_file.c crypto/x509/by_file.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_dir.c crypto/x509/by_dir.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3err.c crypto/x509v3/v3err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_err.c crypto/conf/conf_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_lib.c crypto/conf/conf_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_api.c crypto/conf/conf_api.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_def.c crypto/conf/conf_def.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mod.c crypto/conf/conf_mod.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mall.c crypto/conf/conf_mall.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_sap.c crypto/conf/conf_sap.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_lib.c crypto/comp/comp_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_err.c crypto/comp/comp_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_rle.c crypto/comp/c_rle.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_zlib.c crypto/comp/c_zlib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_err.c crypto/engine/eng_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_lib.c crypto/engine/eng_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_list.c crypto/engine/eng_list.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_init.c crypto/engine/eng_init.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_table.c crypto/engine/eng_table.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_fat.c crypto/engine/eng_fat.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_all.c crypto/engine/eng_all.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dh.c crypto/engine/tb_dh.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rand.c crypto/engine/tb_rand.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_store.c crypto/engine/tb_store.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_digest.c crypto/engine/tb_digest.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_err.c crypto/ui/ui_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_lib.c crypto/ui/ui_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_util.c crypto/ui/ui_util.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_compat.c crypto/ui/ui_compat.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_err.c crypto/store/str_err.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_lib.c crypto/store/str_lib.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_meth.c crypto/store/str_meth.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_mem.c crypto/store/str_mem.c +install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7.c new file mode 100644 index 00000000..218e7ac2 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7.c @@ -0,0 +1,753 @@ +/** @file
+ PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL.
+
+ Caution: This module requires additional review when modified.
+ This library will have external input - signature (e.g. UEFI Authenticated
+ Variable). It may by input in SMM mode.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
+ Variable and will do basic check for data structure.
+
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+
+UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
+
+/**
+ Verification callback function to override any existing callbacks in OpenSSL
+ for intermediate certificate supports.
+
+ @param[in] Status Original status before calling this callback.
+ @param[in] Context X509 store context.
+
+ @retval 1 Current X509 certificate is verified successfully.
+ @retval 0 Verification failed.
+
+**/
+int
+X509VerifyCb (
+ IN int Status,
+ IN X509_STORE_CTX *Context
+ )
+{
+ X509_OBJECT *Obj;
+ INTN Error;
+ INTN Index;
+ INTN Count;
+
+ Obj = NULL;
+ Error = (INTN) X509_STORE_CTX_get_error (Context);
+
+ //
+ // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_
+ // CERT_LOCALLY mean a X509 certificate is not self signed and its issuer
+ // can not be found in X509_verify_cert of X509_vfy.c.
+ // In order to support intermediate certificate node, we override the
+ // errors if the certification is obtained from X509 store, i.e. it is
+ // a trusted ceritifcate node that is enrolled by user.
+ // Besides,X509_V_ERR_CERT_UNTRUSTED and X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
+ // are also ignored to enable such feature.
+ //
+ if ((Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
+ (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)) {
+ Obj = (X509_OBJECT *) malloc (sizeof (X509_OBJECT));
+ if (Obj == NULL) {
+ return 0;
+ }
+
+ Obj->type = X509_LU_X509;
+ Obj->data.x509 = Context->current_cert;
+
+ CRYPTO_w_lock (CRYPTO_LOCK_X509_STORE);
+
+ if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
+ Status = 1;
+ } else {
+ //
+ // If any certificate in the chain is enrolled as trusted certificate,
+ // pass the certificate verification.
+ //
+ if (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
+ Count = (INTN) sk_X509_num (Context->chain);
+ for (Index = 0; Index < Count; Index++) {
+ Obj->data.x509 = sk_X509_value (Context->chain, (int) Index);
+ if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
+ Status = 1;
+ break;
+ }
+ }
+ }
+ }
+
+ CRYPTO_w_unlock (CRYPTO_LOCK_X509_STORE);
+ }
+
+ if ((Error == X509_V_ERR_CERT_UNTRUSTED) ||
+ (Error == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) {
+ Status = 1;
+ }
+
+ if (Obj != NULL) {
+ OPENSSL_free (Obj);
+ }
+
+ return Status;
+}
+
+/**
+ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
+ Syntax Standard, version 1.5". This interface is only intended to be used for
+ application to perform PKCS#7 functionality validation.
+
+ @param[in] PrivateKey Pointer to the PEM-formatted private key data for
+ data signing.
+ @param[in] PrivateKeySize Size of the PEM private key data in bytes.
+ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
+ key data.
+ @param[in] InData Pointer to the content to be signed.
+ @param[in] InDataSize Size of InData in bytes.
+ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
+ @param[in] OtherCerts Pointer to an optional additional set of certificates to
+ include in the PKCS#7 signedData (e.g. any intermediate
+ CAs in the chain).
+ @param[out] SignedData Pointer to output PKCS#7 signedData.
+ @param[out] SignedDataSize Size of SignedData in bytes.
+
+ @retval TRUE PKCS#7 data signing succeeded.
+ @retval FALSE PKCS#7 data signing failed.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Sign (
+ IN CONST UINT8 *PrivateKey,
+ IN UINTN PrivateKeySize,
+ IN CONST UINT8 *KeyPassword,
+ IN UINT8 *InData,
+ IN UINTN InDataSize,
+ IN UINT8 *SignCert,
+ IN UINT8 *OtherCerts OPTIONAL,
+ OUT UINT8 **SignedData,
+ OUT UINTN *SignedDataSize
+ )
+{
+ BOOLEAN Status;
+ EVP_PKEY *Key;
+ BIO *DataBio;
+ PKCS7 *Pkcs7;
+ UINT8 *RsaContext;
+ UINT8 *P7Data;
+ UINTN P7DataSize;
+ UINT8 *Tmp;
+
+ //
+ // Check input parameters.
+ //
+ if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
+ SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
+ return FALSE;
+ }
+
+ RsaContext = NULL;
+ Key = NULL;
+ Pkcs7 = NULL;
+ DataBio = NULL;
+ Status = FALSE;
+
+ //
+ // Retrieve RSA private key from PEM data.
+ //
+ Status = RsaGetPrivateKeyFromPem (
+ PrivateKey,
+ PrivateKeySize,
+ (CONST CHAR8 *) KeyPassword,
+ (VOID **) &RsaContext
+ );
+ if (!Status) {
+ return Status;
+ }
+
+ //
+ // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
+ //
+ EVP_add_digest (EVP_md5());
+ EVP_add_digest (EVP_sha1());
+ EVP_add_digest (EVP_sha256());
+ RandomSeed (NULL, 0);
+
+ //
+ // Construct OpenSSL EVP_PKEY for private key.
+ //
+ Key = EVP_PKEY_new ();
+ if (Key == NULL) {
+ Status = FALSE;
+ goto _Exit;
+ }
+ Key->save_type = EVP_PKEY_RSA;
+ Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
+ Key->pkey.rsa = (RSA *) RsaContext;
+
+ //
+ // Convert the data to be signed to BIO format.
+ //
+ DataBio = BIO_new (BIO_s_mem ());
+ BIO_write (DataBio, InData, (int) InDataSize);
+
+ //
+ // Create the PKCS#7 signedData structure.
+ //
+ Pkcs7 = PKCS7_sign (
+ (X509 *) SignCert,
+ Key,
+ (STACK_OF(X509) *) OtherCerts,
+ DataBio,
+ PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
+ );
+ if (Pkcs7 == NULL) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ //
+ // Convert PKCS#7 signedData structure into DER-encoded buffer.
+ //
+ P7DataSize = i2d_PKCS7 (Pkcs7, NULL);
+ if (P7DataSize <= 19) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ P7Data = malloc (P7DataSize);
+ if (P7Data == NULL) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ Tmp = P7Data;
+ P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
+
+ //
+ // Strip ContentInfo to content only for signeddata. The data be trimmed off
+ // is totally 19 bytes.
+ //
+ *SignedDataSize = P7DataSize - 19;
+ *SignedData = malloc (*SignedDataSize);
+ if (*SignedData == NULL) {
+ Status = FALSE;
+ OPENSSL_free (P7Data);
+ goto _Exit;
+ }
+
+ CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
+
+ OPENSSL_free (P7Data);
+
+ Status = TRUE;
+
+_Exit:
+ //
+ // Release Resources
+ //
+ if (RsaContext != NULL) {
+ RsaFree (RsaContext);
+ if (Key != NULL) {
+ Key->pkey.rsa = NULL;
+ }
+ }
+
+ if (Key != NULL) {
+ EVP_PKEY_free (Key);
+ }
+
+ if (DataBio != NULL) {
+ BIO_free (DataBio);
+ }
+
+ if (Pkcs7 != NULL) {
+ PKCS7_free (Pkcs7);
+ }
+
+ return Status;
+}
+
+/**
+ Check input P7Data is a wrapped ContentInfo structure or not. If not construct
+ a new structure to wrap P7Data.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise
+ return FALSE.
+ @param[out] WrapData If return status of this function is TRUE:
+ 1) when WrapFlag is TRUE, pointer to P7Data.
+ 2) when WrapFlag is FALSE, pointer to a new ContentInfo
+ structure. It's caller's responsibility to free this
+ buffer.
+ @param[out] WrapDataSize Length of ContentInfo structure in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE The operation is failed due to lack of resources.
+
+**/
+BOOLEAN
+WrapPkcs7Data (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT BOOLEAN *WrapFlag,
+ OUT UINT8 **WrapData,
+ OUT UINTN *WrapDataSize
+ )
+{
+ BOOLEAN Wrapped;
+ UINT8 *SignedData;
+
+ //
+ // Check whether input P7Data is a wrapped ContentInfo structure or not.
+ //
+ Wrapped = FALSE;
+ if ((P7Data[4] == 0x06) && (P7Data[5] == 0x09)) {
+ if (CompareMem (P7Data + 6, mOidValue, sizeof (mOidValue)) == 0) {
+ if ((P7Data[15] == 0xA0) && (P7Data[16] == 0x82)) {
+ Wrapped = TRUE;
+ }
+ }
+ }
+
+ if (Wrapped) {
+ *WrapData = (UINT8 *) P7Data;
+ *WrapDataSize = P7Length;
+ } else {
+ //
+ // Wrap PKCS#7 signeddata to a ContentInfo structure - add a header in 19 bytes.
+ //
+ *WrapDataSize = P7Length + 19;
+ *WrapData = malloc (*WrapDataSize);
+ if (*WrapData == NULL) {
+ *WrapFlag = Wrapped;
+ return FALSE;
+ }
+
+ SignedData = *WrapData;
+
+ //
+ // Part1: 0x30, 0x82.
+ //
+ SignedData[0] = 0x30;
+ SignedData[1] = 0x82;
+
+ //
+ // Part2: Length1 = P7Length + 19 - 4, in big endian.
+ //
+ SignedData[2] = (UINT8) (((UINT16) (*WrapDataSize - 4)) >> 8);
+ SignedData[3] = (UINT8) (((UINT16) (*WrapDataSize - 4)) & 0xff);
+
+ //
+ // Part3: 0x06, 0x09.
+ //
+ SignedData[4] = 0x06;
+ SignedData[5] = 0x09;
+
+ //
+ // Part4: OID value -- 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x07 0x02.
+ //
+ CopyMem (SignedData + 6, mOidValue, sizeof (mOidValue));
+
+ //
+ // Part5: 0xA0, 0x82.
+ //
+ SignedData[15] = 0xA0;
+ SignedData[16] = 0x82;
+
+ //
+ // Part6: Length2 = P7Length, in big endian.
+ //
+ SignedData[17] = (UINT8) (((UINT16) P7Length) >> 8);
+ SignedData[18] = (UINT8) (((UINT16) P7Length) & 0xff);
+
+ //
+ // Part7: P7Data.
+ //
+ CopyMem (SignedData + 19, P7Data, P7Length);
+ }
+
+ *WrapFlag = Wrapped;
+ return TRUE;
+}
+
+/**
+ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
+ return FALSE. If P7Length overflow, then return FAlSE.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
+ It's caller's responsiblity to free the buffer.
+ @param[out] StackLength Length of signer's certificates in bytes.
+ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
+ It's caller's responsiblity to free the buffer.
+ @param[out] CertLength Length of the trusted certificate in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE Error occurs during the operation.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7GetSigners (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT UINT8 **CertStack,
+ OUT UINTN *StackLength,
+ OUT UINT8 **TrustedCert,
+ OUT UINTN *CertLength
+ )
+{
+ PKCS7 *Pkcs7;
+ BOOLEAN Status;
+ UINT8 *SignedData;
+ UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN Wrapped;
+ STACK_OF(X509) *Stack;
+ UINT8 Index;
+ UINT8 *CertBuf;
+ UINT8 *OldBuf;
+ UINTN BufferSize;
+ UINTN OldSize;
+ UINT8 *SingleCert;
+ UINTN SingleCertSize;
+
+ if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) ||
+ (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {
+ return FALSE;
+ }
+
+ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
+ if (!Status) {
+ return Status;
+ }
+
+ Status = FALSE;
+ Pkcs7 = NULL;
+ Stack = NULL;
+ CertBuf = NULL;
+ OldBuf = NULL;
+ SingleCert = NULL;
+
+ //
+ // Retrieve PKCS#7 Data (DER encoding)
+ //
+ if (SignedDataSize > INT_MAX) {
+ goto _Exit;
+ }
+
+ Temp = SignedData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
+ //
+ if (!PKCS7_type_is_signed (Pkcs7)) {
+ goto _Exit;
+ }
+
+ Stack = PKCS7_get0_signers(Pkcs7, NULL, PKCS7_BINARY);
+ if (Stack == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Convert CertStack to buffer in following format:
+ // UINT8 CertNumber;
+ // UINT32 Cert1Length;
+ // UINT8 Cert1[];
+ // UINT32 Cert2Length;
+ // UINT8 Cert2[];
+ // ...
+ // UINT32 CertnLength;
+ // UINT8 Certn[];
+ //
+ BufferSize = sizeof (UINT8);
+ OldSize = BufferSize;
+
+ for (Index = 0; ; Index++) {
+ Status = X509PopCertificate (Stack, &SingleCert, &SingleCertSize);
+ if (!Status) {
+ break;
+ }
+
+ OldSize = BufferSize;
+ OldBuf = CertBuf;
+ BufferSize = OldSize + SingleCertSize + sizeof (UINT32);
+ CertBuf = malloc (BufferSize);
+
+ if (CertBuf == NULL) {
+ goto _Exit;
+ }
+
+ if (OldBuf != NULL) {
+ CopyMem (CertBuf, OldBuf, OldSize);
+ free (OldBuf);
+ OldBuf = NULL;
+ }
+
+ WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) SingleCertSize);
+ CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, SingleCertSize);
+
+ free (SingleCert);
+ SingleCert = NULL;
+ }
+
+ if (CertBuf != NULL) {
+ //
+ // Update CertNumber.
+ //
+ CertBuf[0] = Index;
+
+ *CertLength = BufferSize - OldSize - sizeof (UINT32);
+ *TrustedCert = malloc (*CertLength);
+ if (*TrustedCert == NULL) {
+ goto _Exit;
+ }
+
+ CopyMem (*TrustedCert, CertBuf + OldSize + sizeof (UINT32), *CertLength);
+ *CertStack = CertBuf;
+ *StackLength = BufferSize;
+ Status = TRUE;
+ }
+
+_Exit:
+ //
+ // Release Resources
+ //
+ if (!Wrapped) {
+ free (SignedData);
+ }
+
+ if (Pkcs7 != NULL) {
+ PKCS7_free (Pkcs7);
+ }
+
+ if (Stack != NULL) {
+ sk_X509_pop_free(Stack, X509_free);
+ }
+
+ if (SingleCert != NULL) {
+ free (SingleCert);
+ }
+
+ if (!Status && (CertBuf != NULL)) {
+ free (CertBuf);
+ *CertStack = NULL;
+ }
+
+ if (OldBuf != NULL) {
+ free (OldBuf);
+ }
+
+ return Status;
+}
+
+/**
+ Wrap function to use free() to free allocated memory for certificates.
+
+ @param[in] Certs Pointer to the certificates to be freed.
+
+**/
+VOID
+EFIAPI
+Pkcs7FreeSigners (
+ IN UINT8 *Certs
+ )
+{
+ if (Certs == NULL) {
+ return;
+ }
+
+ free (Certs);
+}
+
+/**
+ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ If P7Data, TrustedCert or InData is NULL, then return FALSE.
+ If P7Length, CertLength or DataLength overflow, then return FAlSE.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
+ is used for certificate chain verification.
+ @param[in] CertLength Length of the trusted certificate in bytes.
+ @param[in] InData Pointer to the content to be verified.
+ @param[in] DataLength Length of InData in bytes.
+
+ @retval TRUE The specified PKCS#7 signed data is valid.
+ @retval FALSE Invalid PKCS#7 signed data.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Verify (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ IN CONST UINT8 *TrustedCert,
+ IN UINTN CertLength,
+ IN CONST UINT8 *InData,
+ IN UINTN DataLength
+ )
+{
+ PKCS7 *Pkcs7;
+ BIO *CertBio;
+ BIO *DataBio;
+ BOOLEAN Status;
+ X509 *Cert;
+ X509_STORE *CertStore;
+ UINT8 *SignedData;
+ UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN Wrapped;
+
+ //
+ // Check input parameters.
+ //
+ if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
+ P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
+ return FALSE;
+ }
+
+ Pkcs7 = NULL;
+ CertBio = NULL;
+ DataBio = NULL;
+ Cert = NULL;
+ CertStore = NULL;
+
+ //
+ // Register & Initialize necessary digest algorithms for PKCS#7 Handling
+ //
+ EVP_add_digest (EVP_md5());
+ EVP_add_digest (EVP_sha1());
+ EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+ EVP_add_digest (EVP_sha256());
+
+ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
+ if (!Status) {
+ return Status;
+ }
+
+ Status = FALSE;
+
+ //
+ // Retrieve PKCS#7 Data (DER encoding)
+ //
+ if (SignedDataSize > INT_MAX) {
+ goto _Exit;
+ }
+
+ Temp = SignedData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
+ //
+ if (!PKCS7_type_is_signed (Pkcs7)) {
+ goto _Exit;
+ }
+
+ //
+ // Read DER-encoded root certificate and Construct X509 Certificate
+ //
+ CertBio = BIO_new (BIO_s_mem ());
+ BIO_write (CertBio, TrustedCert, (int)CertLength);
+ if (CertBio == NULL) {
+ goto _Exit;
+ }
+ Cert = d2i_X509_bio (CertBio, NULL);
+ if (Cert == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Setup X509 Store for trusted certificate
+ //
+ CertStore = X509_STORE_new ();
+ if (CertStore == NULL) {
+ goto _Exit;
+ }
+ if (!(X509_STORE_add_cert (CertStore, Cert))) {
+ goto _Exit;
+ }
+
+ //
+ // Register customized X509 verification callback function to support
+ // trusted intermediate certificate anchor.
+ //
+ CertStore->verify_cb = X509VerifyCb;
+
+ //
+ // For generic PKCS#7 handling, InData may be NULL if the content is present
+ // in PKCS#7 structure. So ignore NULL checking here.
+ //
+ DataBio = BIO_new (BIO_s_mem ());
+ BIO_write (DataBio, InData, (int)DataLength);
+
+ //
+ // Verifies the PKCS#7 signedData structure
+ //
+ Status = (BOOLEAN) PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);
+
+_Exit:
+ //
+ // Release Resources
+ //
+ BIO_free (DataBio);
+ BIO_free (CertBio);
+ X509_free (Cert);
+ X509_STORE_free (CertStore);
+ PKCS7_free (Pkcs7);
+
+ if (!Wrapped) {
+ OPENSSL_free (SignedData);
+ }
+
+ return Status;
+}
diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7Sign.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7Sign.c new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7Sign.c diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7SignNull.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7SignNull.c new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7SignNull.c diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7Verify.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7Verify.c new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7Verify.c diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7VerifyNull.c new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptPkcs7VerifyNull.c diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptRsaExtNull.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptRsaExtNull.c new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Pk/CryptRsaExtNull.c diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Rand/CryptRand.c b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Rand/CryptRand.c new file mode 100644 index 00000000..dc3ab992 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/Rand/CryptRand.c @@ -0,0 +1,101 @@ +/** @file
+ Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/rand.h>
+
+//
+// Default seed for UEFI Crypto Library
+//
+CONST UINT8 DefaultSeed[] = "UEFI Crypto Library default seed";
+
+/**
+ Sets up the seed value for the pseudorandom number generator.
+
+ This function sets up the seed value for the pseudorandom number generator.
+ If Seed is not NULL, then the seed passed in is used.
+ If Seed is NULL, then default seed is used.
+
+ @param[in] Seed Pointer to seed value.
+ If NULL, default seed is used.
+ @param[in] SeedSize Size of seed value.
+ If Seed is NULL, this parameter is ignored.
+
+ @retval TRUE Pseudorandom number generator has enough entropy for random generation.
+ @retval FALSE Pseudorandom number generator does not have enough entropy for random generation.
+
+**/
+BOOLEAN
+EFIAPI
+RandomSeed (
+ IN CONST UINT8 *Seed OPTIONAL,
+ IN UINTN SeedSize
+ )
+{
+ if (SeedSize > INT_MAX) {
+ return FALSE;
+ }
+
+ //
+ // Seed the pseudorandom number generator with user-supplied value.
+ // NOTE: A cryptographic PRNG must be seeded with unpredictable data.
+ //
+ if (Seed != NULL) {
+ RAND_seed (Seed, (UINT32) SeedSize);
+ } else {
+ RAND_seed (DefaultSeed, sizeof (DefaultSeed));
+ }
+
+ if (RAND_status () == 1) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Generates a pseudorandom byte stream of the specified size.
+
+ If Output is NULL, then return FALSE.
+
+ @param[out] Output Pointer to buffer to receive random value.
+ @param[in] Size Size of randome bytes to generate.
+
+ @retval TRUE Pseudorandom byte stream generated successfully.
+ @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.
+
+**/
+BOOLEAN
+EFIAPI
+RandomBytes (
+ OUT UINT8 *Output,
+ IN UINTN Size
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (Output == NULL || Size > INT_MAX) {
+ return FALSE;
+ }
+
+ //
+ // Generate random data.
+ //
+ if (RAND_bytes (Output, (UINT32) Size) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
diff --git a/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/update.sh b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/update.sh new file mode 100755 index 00000000..96bbece3 --- /dev/null +++ b/.pc/0001-Update-openssl-to-0.9.8za.patch/Cryptlib/update.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +DIR=$1 + +cp $DIR/InternalCryptLib.h InternalCryptLib.h +cp $DIR/Hash/CryptMd4.c Hash/CryptMd4.c +cp $DIR/Hash/CryptMd5.c Hash/CryptMd5.c +cp $DIR/Hash/CryptSha1.c Hash/CryptSha1.c +cp $DIR/Hash/CryptSha256.c Hash/CryptSha256.c +cp $DIR/Hmac/CryptHmacMd5.c Hmac/CryptHmacMd5.c +cp $DIR/Hmac/CryptHmacSha1.c Hmac/CryptHmacSha1.c +cp $DIR/Cipher/CryptAes.c Cipher/CryptAes.c +cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c +cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c +cp $DIR/Rand/CryptRand.c Rand/CryptRand.c +cp $DIR/Pk/CryptRsa.c Pk/CryptRsa.c +cp $DIR/Pk/CryptPkcs7.c Pk/CryptPkcs7.c +cp $DIR/Pk/CryptDh.c Pk/CryptDh.c +cp $DIR/Pk/CryptX509.c Pk/CryptX509.c +cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c +cp $DIR/Pem/CryptPem.c Pem/CryptPem.c +cp $DIR/SysCall/CrtWrapper.c SysCall/CrtWrapper.c +cp $DIR/SysCall/TimerWrapper.c SysCall/TimerWrapper.c +cp $DIR/SysCall/BaseMemAllocation.c SysCall/BaseMemAllocation.c + +patch -p2 <Cryptlib.diff |