diff options
163 files changed, 1348 insertions, 2439 deletions
@@ -315,6 +315,91 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.6h and 0.9.7 [XX xxx 2002] + *) Introduce safe string copy and catenation functions + (BUF_strlcpy() and BUF_strlcat()). + [Ben Laurie (CHATS) and Richard Levitte] + + *) Avoid using fixed-size buffers for one-line DNs. + [Ben Laurie (CHATS)] + + *) Add BUF_MEM_grow_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Avoid using fixed size buffers for configuration file location. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation for various CA files. + [Ben Laurie (CHATS)] + + *) Use sizeof in preference to magic numbers. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation in cert requests. + [Ben Laurie (CHATS)] + + *) Add assertions to check for (supposedly impossible) buffer + overflows. + [Ben Laurie (CHATS)] + + *) Don't cache truncated DNS entries in the local cache (this could + potentially lead to a spoofing attack). + [Ben Laurie (CHATS)] + + *) Fix various buffers to be large enough for hex/decimal + representations in a platform independent manner. + [Ben Laurie (CHATS)] + + *) Add CRYPTO_realloc_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Add BIO_indent() to avoid much slightly worrying code to do + indents. + [Ben Laurie (CHATS)] + + *) Convert sprintf()/BIO_puts() to BIO_printf(). + [Ben Laurie (CHATS)] + + *) buffer_gets() could terminate with the buffer only half + full. Fixed. + [Ben Laurie (CHATS)] + + *) Add assertions to prevent user-supplied crypto functions from + overflowing internal buffers by having large block sizes, etc. + [Ben Laurie (CHATS)] + + *) New OPENSSL_assert() macro (similar to assert(), but enabled + unconditionally). + [Ben Laurie (CHATS)] + + *) Eliminate unused copy of key in RC4. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized buffers for IV in pem.h. + [Ben Laurie (CHATS)] + + *) Fix off-by-one error in EGD path. + [Ben Laurie (CHATS)] + + *) If RANDFILE path is too long, ignore instead of truncating. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized X.509 structure + CBCParameter. + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous function knumber(). + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous structure, KSSL_ERR. + [Ben Laurie (CHATS)] + + *) Protect against overlong session ID context length in an encoded + session object. Since these are local, this does not appear to be + exploitable. + [Ben Laurie (CHATS)] + *) Change from security patch (see 0.9.6e below) that did not affect the 0.9.6 release series: @@ -1997,6 +2082,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] + *) Change the default configuration reader to deal with last line not + being properly terminated. + [Richard Levitte] + *) Change X509_NAME_cmp() so it applies the special rules on handling DN values that are of type PrintableString, as well as RDNs of type emailAddress where the value has the type ia5String. @@ -206,8 +206,8 @@ my %table=( #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:", # Sunos configs, assuming sparc for the gcc one. -##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):::DES_UNROLL:::", -"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", +##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::", +"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. @@ -437,7 +437,7 @@ my %table=( "aix-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", "aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::", "aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", -"aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", +"aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", "aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64", # @@ -518,10 +518,10 @@ my %table=( # Cygwin "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", # DJGPP -"DJGPP", "gcc:-I/dev/env/DJDIR/watt32/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/DJDIR/watt32/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at> "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown):::::::", @@ -564,6 +564,9 @@ my %table=( "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +##### Compaq Non-Stop Kernel (Tandem) +"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", + ); my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32 @@ -740,6 +743,7 @@ PROCESS_ARGS: $openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n"; if ($algo eq "RIJNDAEL") { + push @skip, "aes"; $flags .= "-DOPENSSL_NO_AES "; $depflags .= "-DOPENSSL_NO_AES "; $openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n"; @@ -9,6 +9,7 @@ OpenSSL - Frequently Asked Questions * Where can I get a compiled version of OpenSSL? * Why aren't tools like 'autoconf' and 'libtool' used? * What is an 'engine' version? +* How do I check the authenticity of the OpenSSL distribution? [LEGAL] Legal questions @@ -136,6 +137,19 @@ hardware. This was realized in a special release '0.9.6-engine'. With version 0.9.7 (not yet released) the changes were merged into the main development line, so that the special release is no longer necessary. +* How do I check the authenticity of the OpenSSL distribution? + +We provide MD5 digests and ASC signatures of each tarball. +Use MD5 to check that a tarball from a mirror site is identical: + + md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 + +You can check authenticity using pgp or gpg. You need the OpenSSL team +member public key used to sign it (download it from a key server). Then +just do: + + pgp TARBALL.asc + [LEGAL] ======================================================================= * Do I need patent licenses to use OpenSSL? diff --git a/MacOS/GetHTTPS.src/MacSocket.cpp b/MacOS/GetHTTPS.src/MacSocket.cpp index 2726136347..c95d804d5d 100644 --- a/MacOS/GetHTTPS.src/MacSocket.cpp +++ b/MacOS/GetHTTPS.src/MacSocket.cpp @@ -1287,7 +1287,7 @@ EXITPOINT: // Send some bytes -int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength) +int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength) { OSErr errCode = noErr; int bytesSent = 0; @@ -1604,4 +1604,4 @@ EPInfo* epi = (EPInfo*) context; } } } -*/
\ No newline at end of file +*/ diff --git a/MacOS/GetHTTPS.src/MacSocket.h b/MacOS/GetHTTPS.src/MacSocket.h index 6e90a5bb44..ad59dc9e4f 100644 --- a/MacOS/GetHTTPS.src/MacSocket.h +++ b/MacOS/GetHTTPS.src/MacSocket.h @@ -62,7 +62,7 @@ int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const B // Call this to send data on a socket -int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength); +int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength); // If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close @@ -77,7 +77,7 @@ $arflags = *** Cygwin $cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall +$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=486 -Wall $unistd = $thread_cflag = $sys_id = CYGWIN32 @@ -127,11 +127,11 @@ $arflags = *** DJGPP $cc = gcc -$cflags = -I/dev/env/DJDIR/watt32/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall +$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall $unistd = $thread_cflag = $sys_id = MSDOS -$lflags = -L/dev/env/DJDIR/watt32/lib -lwatt +$lflags = -L/dev/env/WATT_ROOT/lib -lwatt $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $bn_obj = $des_obj = @@ -1102,7 +1102,7 @@ $arflags = *** aix43-gcc $cc = gcc -$cflags = -O3 -DAIX -DB_ENDIAN +$cflags = -O1 -DAIX -DB_ENDIAN $unistd = $thread_cflag = (unknown) $sys_id = @@ -3930,7 +3930,7 @@ $cc = gcc $cflags = -O3 -mv8 -Dssize_t=int $unistd = $thread_cflag = (unknown) -$sys_id = +$sys_id = SUNOS $lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1 $bn_obj = @@ -3950,6 +3950,31 @@ $shared_extension = $ranlib = $arflags = +*** tandem-c89 +$cc = c89 +$cflags = -Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = THIRTY_TWO_BIT +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = + *** ultrix-cc $cc = cc $cflags = -std1 -O -Olimit 1000 -DL_ENDIAN diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 01346531e3..f1a4ad0fde 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -852,31 +852,32 @@ rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h rand.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h rand.o: ../include/openssl/x509_vfy.h apps.h rand.c -req.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -req.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -req.o: ../include/openssl/bn.h ../include/openssl/buffer.h -req.o: ../include/openssl/cast.h ../include/openssl/conf.h -req.o: ../include/openssl/crypto.h ../include/openssl/des.h -req.o: ../include/openssl/des_old.h ../include/openssl/dh.h -req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -req.o: ../include/openssl/err.h ../include/openssl/evp.h -req.o: ../include/openssl/idea.h ../include/openssl/lhash.h -req.o: ../include/openssl/md2.h ../include/openssl/md4.h -req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -req.o: ../include/openssl/rand.h ../include/openssl/rc2.h -req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -req.o: ../include/openssl/safestack.h ../include/openssl/sha.h -req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c +req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +req.o: ../include/openssl/asn1.h ../include/openssl/bio.h +req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +req.o: ../include/openssl/buffer.h ../include/openssl/cast.h +req.o: ../include/openssl/conf.h ../include/openssl/crypto.h +req.o: ../include/openssl/des.h ../include/openssl/des_old.h +req.o: ../include/openssl/dh.h ../include/openssl/dsa.h +req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +req.o: ../include/openssl/engine.h ../include/openssl/err.h +req.o: ../include/openssl/evp.h ../include/openssl/idea.h +req.o: ../include/openssl/lhash.h ../include/openssl/md2.h +req.o: ../include/openssl/md4.h ../include/openssl/md5.h +req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +req.o: ../include/openssl/pem.h ../include/openssl/pem2.h +req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +req.o: ../include/openssl/sha.h ../include/openssl/stack.h +req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +req.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +req.o: ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h diff --git a/apps/apps.c b/apps/apps.c index be7a80acb8..305227d7ab 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -337,8 +337,7 @@ void program_name(char *in, char *out, int size) p++; else p=in; - strncpy(out,p,size-1); - out[size-1]='\0'; + BUF_strlcpy(out,p,size); } #endif #endif @@ -447,16 +446,20 @@ int app_init(long mesgwin) int dump_cert_text (BIO *out, X509 *x) { - char buf[256]; - X509_NAME_oneline(X509_get_subject_name(x),buf,256); + char *p; + + p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0); BIO_puts(out,"subject="); - BIO_puts(out,buf); + BIO_puts(out,p); + OPENSSL_free(p); - X509_NAME_oneline(X509_get_issuer_name(x),buf,256); - BIO_puts(out,"\nissuer= "); - BIO_puts(out,buf); + p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0); + BIO_puts(out,"\nissuer="); + BIO_puts(out,p); BIO_puts(out,"\n"); - return 0; + OPENSSL_free(p); + + return 0; } static int ui_open(UI *ui) @@ -978,7 +981,7 @@ load_netscape_key(BIO *err, BIO *key, const char *file, goto error; for (;;) { - if (!BUF_MEM_grow(buf,size+1024*10)) + if (!BUF_MEM_grow_clean(buf,size+1024*10)) goto error; i = BIO_read(key, &(buf->data[size]), 1024*10); size += i; @@ -1253,6 +1256,7 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) char *buf; char mline = 0; int indent = 0; + if(title) BIO_puts(out, title); if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mline = 1; @@ -1374,3 +1378,18 @@ int load_config(BIO *err, CONF *cnf) } return 1; } + +char *make_config_name() + { + const char *t=X509_get_default_cert_area(); + char *p; + + p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2); + strcpy(p,t); +#ifndef OPENSSL_SYS_VMS + strcat(p,"/"); +#endif + strcat(p,OPENSSL_CONF); + + return p; + } diff --git a/apps/apps.h b/apps/apps.h index 31dd0dc9e1..7b1f8ded78 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -251,6 +251,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); ENGINE *setup_engine(BIO *err, const char *engine, int debug); int load_config(BIO *err, CONF *cnf); +char *make_config_name(void); /* Functions defined in ca.c and also used in ocsp.c */ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, @@ -334,6 +334,7 @@ int MAIN(int argc, char **argv) MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; char *engine = NULL; + char *tofree=NULL; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -561,25 +562,26 @@ bad: ERR_load_crypto_strings(); - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); /*****************************************************************/ + tofree=NULL; if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); if (configfile == NULL) { - /* We will just use 'buf[0]' as a temporary buffer. */ + const char *s=X509_get_default_cert_area(); + #ifdef OPENSSL_SYS_VMS - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-1-sizeof(CONFIG_FILE)); + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)); + strcpy(tofree,s); #else - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-2-sizeof(CONFIG_FILE)); - buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0'; - strcat(buf[0],"/"); + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1); + strcpy(tofree,s); + strcat(tofree,"/"); #endif - strcat(buf[0],CONFIG_FILE); - configfile=buf[0]; + strcat(tofree,CONFIG_FILE); + configfile=tofree; } BIO_printf(bio_err,"Using configuration from %s\n",configfile); @@ -594,6 +596,8 @@ bad: ,errorline,configfile); goto err; } + if(tofree) + OPENSSL_free(tofree); if (!load_config(bio_err, conf)) goto err; @@ -1286,8 +1290,13 @@ bad: BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); - strncpy(buf[0],serialfile,BSIZE-4); - buf[0][BSIZE-4]='\0'; + if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + + strcpy(buf[0],serialfile); #ifdef OPENSSL_SYS_VMS strcat(buf[0],"-new"); @@ -1297,8 +1306,7 @@ bad: if (!save_serial(buf[0],serial)) goto err; - strncpy(buf[1],dbfile,BSIZE-4); - buf[1][BSIZE-4]='\0'; + strcpy(buf[1],dbfile); #ifdef OPENSSL_SYS_VMS strcat(buf[1],"-new"); @@ -1328,8 +1336,13 @@ bad: j=x->cert_info->serialNumber->length; p=(char *)x->cert_info->serialNumber->data; - strncpy(buf[2],outdir,BSIZE-(j*2)-6); - buf[2][BSIZE-(j*2)-6]='\0'; + if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8)) + { + BIO_printf(bio_err,"certificate file name too long\n"); + goto err; + } + + strcpy(buf[2],outdir); #ifndef OPENSSL_SYS_VMS strcat(buf[2],"/"); @@ -1568,8 +1581,13 @@ bad: if (j <= 0) goto err; X509_free(revcert); - strncpy(buf[0],dbfile,BSIZE-4); - buf[0][BSIZE-4]='\0'; + if(strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"filename too long\n"); + goto err; + } + + strcpy(buf[0],dbfile); #ifndef OPENSSL_SYS_VMS strcat(buf[0],".new"); #else @@ -1613,6 +1631,8 @@ bad: /*****************************************************************/ ret=0; err: + if(tofree) + OPENSSL_free(tofree); BIO_free_all(Cout); BIO_free_all(Sout); BIO_free_all(out); diff --git a/apps/ciphers.c b/apps/ciphers.c index 2d6e104790..fe26ae8cd6 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -187,7 +187,7 @@ int MAIN(int argc, char **argv) { BIO_puts(STDout,SSL_CIPHER_description( sk_SSL_CIPHER_value(sk,i), - buf,512)); + buf,sizeof buf)); } } diff --git a/apps/dgst.c b/apps/dgst.c index 32e40c1f53..dd65a591f5 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -117,7 +117,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); md=EVP_get_digestbyname(pname); diff --git a/apps/enc.c b/apps/enc.c index 153b8668e5..39c785809e 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -102,7 +102,7 @@ int MAIN(int argc, char **argv) { ENGINE *e = NULL; static const char magic[]="Salted__"; - char mbuf[8]; /* should be 1 smaller than magic */ + char mbuf[sizeof magic-1]; char *strbuf=NULL; unsigned char *buff=NULL,*bufsize=NULL; int bsize=BSIZE,verbose=0; @@ -131,7 +131,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); if (strcmp(pname,"base64") == 0) base64=1; @@ -216,7 +216,7 @@ int MAIN(int argc, char **argv) goto bad; } buf[0]='\0'; - fgets(buf,128,infile); + fgets(buf,sizeof buf,infile); fclose(infile); i=strlen(buf); if ((i > 0) && @@ -442,12 +442,12 @@ bad: else { if(enc) { if(hsalt) { - if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) { + if(!set_hex(hsalt,salt,sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0) + } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) goto end; /* If -P option then don't bother writing */ if((printkey != 2) @@ -455,14 +455,14 @@ bad: sizeof magic-1) != sizeof magic-1 || BIO_write(wbio, (char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) { + sizeof salt) != sizeof salt)) { BIO_printf(bio_err,"error writing output file\n"); goto end; } } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf || BIO_read(rbio, (unsigned char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN) { + sizeof salt) != sizeof salt) { BIO_printf(bio_err,"error reading input file\n"); goto end; } else if(memcmp(mbuf,magic,sizeof magic-1)) { @@ -524,7 +524,7 @@ bad: if (!nosalt) { printf("salt="); - for (i=0; i<PKCS5_SALT_LEN; i++) + for (i=0; i<sizeof salt; i++) printf("%02X",salt[i]); printf("\n"); } diff --git a/apps/ocsp.c b/apps/ocsp.c index 17b2a659c3..d759b2709c 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1179,7 +1179,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port for(;;) { - len = BIO_gets(cbio, inbuf, 1024); + len = BIO_gets(cbio, inbuf, sizeof inbuf); if (len <= 0) return 1; /* Look for "POST" signalling start of query */ diff --git a/apps/openssl.c b/apps/openssl.c index c26c79abcc..70cf54f2e1 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -230,7 +230,8 @@ int main(int Argc, Argv_t Argv) #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; FUNCTION f,*fp; - MS_STATIC char *prompt,buf[1024],config_name[256]; + MS_STATIC char *prompt,buf[1024]; + char *to_free=NULL; int n,i,ret=0; int argc; char **argv,*p; @@ -273,14 +274,7 @@ int main(int Argc, Argv_t Argv) if (p == NULL) p=getenv("SSLEAY_CONF"); if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(config_name,"/"); -#endif - strcat(config_name,OPENSSL_CONF); - p=config_name; - } + p=to_free=make_config_name(); default_config_file=p; @@ -296,7 +290,7 @@ int main(int Argc, Argv_t Argv) prog=prog_init(); /* first check the program name */ - program_name(Argv[0],pname,PROG_NAME_SIZE); + program_name(Argv[0],pname,sizeof pname); f.name=pname; fp=(FUNCTION *)lh_retrieve(prog,&f); @@ -338,7 +332,7 @@ int main(int Argc, Argv_t Argv) { ret=0; p=buf; - n=1024; + n=sizeof buf; i=0; for (;;) { @@ -372,6 +366,8 @@ int main(int Argc, Argv_t Argv) BIO_printf(bio_err,"bad exit\n"); ret=1; end: + if (to_free) + OPENSSL_free(to_free); if (config != NULL) { NCONF_free(config); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 0d7bf3e6a8..536cf57c15 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -388,7 +388,7 @@ int MAIN(int argc, char **argv) #ifdef CRYPTO_MDEBUG CRYPTO_push_info("read MAC password"); #endif - if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) + if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { BIO_printf (bio_err, "Can't read Password\n"); goto end; @@ -538,7 +538,7 @@ int MAIN(int argc, char **argv) #endif if(!noprompt && - EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) + EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { BIO_printf (bio_err, "Can't read Password\n"); goto export_end; @@ -597,7 +597,7 @@ int MAIN(int argc, char **argv) #ifdef CRYPTO_MDEBUG CRYPTO_push_info("read import password"); #endif - if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) { + if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { BIO_printf (bio_err, "Can't read Password\n"); goto end; } diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 8464c43996..1debccb17e 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -244,7 +244,7 @@ int MAIN(int argc, char **argv) if(passout) p8pass = passout; else { p8pass = pass; - if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1)) + if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) return (1); } app_RAND_load_file(NULL, bio_err, 0); @@ -302,7 +302,7 @@ int MAIN(int argc, char **argv) if(passin) p8pass = passin; else { p8pass = pass; - EVP_read_pw_string(pass, 50, "Enter Password:", 0); + EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); } p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); X509_SIG_free(p8); diff --git a/apps/req.c b/apps/req.c index 6beeef07a3..980138f041 100644 --- a/apps/req.c +++ b/apps/req.c @@ -73,6 +73,7 @@ #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> +#include "../crypto/cryptlib.h" #define SECTION "req" @@ -180,7 +181,7 @@ int MAIN(int argc, char **argv) const EVP_MD *md_alg=NULL,*digest=EVP_md5(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH - MS_STATIC char config_name[256]; + char *to_free; long errline; #endif @@ -527,14 +528,7 @@ bad: if (p == NULL) p=getenv("SSLEAY_CONF"); if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(config_name,"/"); -#endif - strcat(config_name,OPENSSL_CONF); - p=config_name; - } + p=to_free=make_config_name(); default_config_file=p; config=NCONF_new(NULL); i=NCONF_load(config, p, &errline); @@ -1131,6 +1125,10 @@ loop: } ex=0; end: +#ifndef MONOLITH + if(to_free) + OPENSSL_free(to_free); +#endif if (ex) { ERR_print_errors(bio_err); @@ -1293,13 +1291,19 @@ start: for (;;) } /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; + + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",v->name); if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); def=""; } - sprintf(buf,"%s_value",v->name); if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { @@ -1346,6 +1350,12 @@ start2: for (;;) if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start2; + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",type); if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) @@ -1449,6 +1459,7 @@ start: (void)BIO_flush(bio_err); if(value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1458,7 +1469,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else { @@ -1507,6 +1518,7 @@ start: (void)BIO_flush(bio_err); if (value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1516,7 +1528,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else { diff --git a/apps/s_cb.c b/apps/s_cb.c index ca5b24548c..675527df1f 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -134,7 +134,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); - X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); BIO_printf(bio_err,"depth=%d %s\n",depth,buf); if (!ok) { @@ -154,7 +154,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) switch (ctx->error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf); BIO_printf(bio_err,"issuer= %s\n",buf); break; case X509_V_ERR_CERT_NOT_YET_VALID: diff --git a/apps/s_client.c b/apps/s_client.c index 768392e42b..22eecde1ef 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -763,8 +763,8 @@ re_start: goto shut; } } -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS) - /* Assume Windows can always write */ +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VMS) + /* Assume Windows/DOS and VMS can always write */ else if (!ssl_pending && write_tty) #else else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) @@ -962,10 +962,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) for (i=0; i<sk_X509_num(sk); i++) { X509_NAME_oneline(X509_get_subject_name( - sk_X509_value(sk,i)),buf,BUFSIZ); + sk_X509_value(sk,i)),buf,sizeof buf); BIO_printf(bio,"%2d s:%s\n",i,buf); X509_NAME_oneline(X509_get_issuer_name( - sk_X509_value(sk,i)),buf,BUFSIZ); + sk_X509_value(sk,i)),buf,sizeof buf); BIO_printf(bio," i:%s\n",buf); if (c_showcerts) PEM_write_bio_X509(bio,sk_X509_value(sk,i)); @@ -980,10 +980,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */ PEM_write_bio_X509(bio,peer); X509_NAME_oneline(X509_get_subject_name(peer), - buf,BUFSIZ); + buf,sizeof buf); BIO_printf(bio,"subject=%s\n",buf); X509_NAME_oneline(X509_get_issuer_name(peer), - buf,BUFSIZ); + buf,sizeof buf); BIO_printf(bio,"issuer=%s\n",buf); } else @@ -1005,7 +1005,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) { BIO_printf(bio,"---\nNo client certificate CA names sent\n"); } - p=SSL_get_shared_ciphers(s,buf,BUFSIZ); + p=SSL_get_shared_ciphers(s,buf,sizeof buf); if (p != NULL) { /* This works only for SSL 2. In later protocol diff --git a/apps/s_server.c b/apps/s_server.c index 785ee786bb..070d1f6d3e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1339,14 +1339,14 @@ static int init_ssl_connection(SSL *con) { BIO_printf(bio_s_out,"Client certificate\n"); PEM_write_bio_X509(bio_s_out,peer); - X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ); + X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); BIO_printf(bio_s_out,"subject=%s\n",buf); - X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ); + X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); BIO_printf(bio_s_out,"issuer=%s\n",buf); X509_free(peer); } - if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL) + if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); @@ -1506,7 +1506,7 @@ static int www_body(char *hostname, int s, unsigned char *context) else { BIO_printf(bio_s_out,"read R BLOCK\n"); -#ifndef OPENSSL_SYS_MSDOS +#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) sleep(1); #endif continue; diff --git a/apps/s_socket.c b/apps/s_socket.c index bd499d020c..ed15ce0c1d 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -83,9 +83,9 @@ typedef unsigned int u_int; static struct hostent *GetHostByName(char *name); #ifdef OPENSSL_SYS_WINDOWS -static void sock_cleanup(void); +static void ssl_sock_cleanup(void); #endif -static int sock_init(void); +static int ssl_sock_init(void); static int init_client_ip(int *sock,unsigned char ip[4], int port); static int init_server(int *sock, int port); static int init_server_long(int *sock, int port,char *ip); @@ -118,7 +118,7 @@ static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam, case WM_DESTROY: case WM_CLOSE: SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc); - sock_cleanup(); + ssl_sock_cleanup(); break; } } @@ -135,7 +135,7 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam) #endif /* OPENSSL_SYS_WINDOWS */ #ifdef OPENSSL_SYS_WINDOWS -static void sock_cleanup(void) +static void ssl_sock_cleanup(void) { if (wsa_init_done) { @@ -146,15 +146,21 @@ static void sock_cleanup(void) } #endif -static int sock_init(void) +static int ssl_sock_init(void) { -#ifdef OPENSSL_SYS_WINDOWS +#ifdef WATT32 + extern int _watt_do_exit; + _watt_do_exit = 0; + dbug_init(); + if (sock_init()) + return (0); +#elif defined(OPENSSL_SYS_WINDOWS) if (!wsa_init_done) { int err; #ifdef SIGINT - signal(SIGINT,(void (*)(int))sock_cleanup); + signal(SIGINT,(void (*)(int))ssl_sock_cleanup); #endif wsa_init_done=1; memset(&wsa_state,0,sizeof(wsa_state)); @@ -196,7 +202,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port) struct sockaddr_in them; int s,i; - if (!sock_init()) return(0); + if (!ssl_sock_init()) return(0); memset((char *)&them,0,sizeof(them)); them.sin_family=AF_INET; @@ -261,7 +267,7 @@ static int init_server_long(int *sock, int port, char *ip) struct sockaddr_in server; int s= -1,i; - if (!sock_init()) return(0); + if (!ssl_sock_init()) return(0); memset((char *)&server,0,sizeof(server)); server.sin_family=AF_INET; @@ -318,7 +324,7 @@ static int do_accept(int acc_sock, int *sock, char **host) int len; /* struct linger ling; */ - if (!sock_init()) return(0); + if (!ssl_sock_init()) return(0); #ifndef OPENSSL_SYS_WINDOWS redoit: @@ -448,7 +454,7 @@ static int host_ip(char *str, unsigned char ip[4]) { /* do a gethostbyname */ struct hostent *he; - if (!sock_init()) return(0); + if (!ssl_sock_init()) return(0); he=GetHostByName(str); if (he == NULL) @@ -529,9 +535,12 @@ static struct hostent *GetHostByName(char *name) ret=gethostbyname(name); if (ret == NULL) return(NULL); /* else add to cache */ - strncpy(ghbn_cache[lowi].name,name,128); - memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent)); - ghbn_cache[lowi].order=ghbn_miss+ghbn_hits; + if(strlen(name) < sizeof ghbn_cache[0].name) + { + strcpy(ghbn_cache[lowi].name,name); + memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent)); + ghbn_cache[lowi].order=ghbn_miss+ghbn_hits; + } return(ret); } else diff --git a/apps/s_time.c b/apps/s_time.c index 752158460a..da7383ca21 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -146,6 +146,8 @@ #undef BUFSIZZ #define BUFSIZZ 1024*10 +#define MYBUFSIZ 1024*8 + #undef min #undef max #define min(a,b) (((a) < (b)) ? (a) : (b)) @@ -320,6 +322,11 @@ static int parseArgs(int argc, char **argv) { if (--argc < 1) goto bad; s_www_path= *(++argv); + if(strlen(s_www_path) > MYBUFSIZ-100) + { + BIO_printf(bio_err,"-www option too long\n"); + badop=1; + } } else if(strcmp(*argv,"-bugs") == 0) st_bugs=1; diff --git a/apps/speed.c b/apps/speed.c index 0ad86f42bc..1d83adccfa 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2368,7 +2368,7 @@ static char *sstrsep(char **string, const char *delim) if (**string == 0) return NULL; - memset(isdelim, 0, 256); + memset(isdelim, 0, sizeof isdelim); isdelim[0] = 1; while (*delim) diff --git a/apps/verify.c b/apps/verify.c index 215ef84fc7..e4cbceaf8e 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -330,7 +330,8 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (!ok) { X509_NAME_oneline( - X509_get_subject_name(ctx->current_cert),buf,256); + X509_get_subject_name(ctx->current_cert),buf, + sizeof buf); printf("%s\n",buf); printf("error %d at %d depth lookup:%s\n",ctx->error, ctx->error_depth, diff --git a/apps/winrand.c b/apps/winrand.c index d042258b50..59bede3d70 100644 --- a/apps/winrand.c +++ b/apps/winrand.c @@ -118,7 +118,6 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam) HDC hdc; PAINTSTRUCT ps; RECT rect; - char buffer[200]; static int seeded = 0; switch (iMsg) diff --git a/apps/x509.c b/apps/x509.c index 8e4462dae7..0f6e9ad907 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -770,10 +770,11 @@ bad: int y,z; X509_NAME_oneline(X509_get_subject_name(x), - buf,256); + buf,sizeof buf); BIO_printf(STDout,"/* subject:%s */\n",buf); m=X509_NAME_oneline( - X509_get_issuer_name(x),buf,256); + X509_get_issuer_name(x),buf, + sizeof buf); BIO_printf(STDout,"/* issuer :%s */\n",buf); z=i2d_X509(x,NULL); @@ -1086,7 +1087,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) } else { - if (!a2i_ASN1_INTEGER(io,bs,buf2,1024)) + if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2)) { BIO_printf(bio_err,"unable to load serial number from %s\n",buf); ERR_print_errors(bio_err); @@ -351,6 +351,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in *CRAY*) echo "j90-cray-unicos"; exit 0; ;; + + NONSTOP_KERNEL*) + echo "nsr-tandem-nsk"; exit 0; + ;; esac # @@ -725,6 +729,7 @@ EOF *-*-cygwin) OUT="Cygwin" ;; t3e-cray-unicosmk) OUT="cray-t3e" ;; j90-cray-unicos) OUT="cray-j90" ;; + nsr-tandem-nsk) OUT="tandem-c89" ;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac @@ -759,7 +764,7 @@ case "$GUESSOS" in i386-*) options="$options 386" ;; esac -for i in bf cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 rijndael ripemd rsa sha +for i in bf cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 aes ripemd rsa sha do if [ ! -d crypto/$i ] then diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index bf1a808cf0..01e965a532 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -49,7 +49,13 @@ * */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" @@ -57,22 +63,22 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, unsigned char *ivec, const int enc) { - int n; + unsigned long n; unsigned long len = length; - unsigned char tmp[16]; + unsigned char tmp[AES_BLOCK_SIZE]; assert(in && out && key && ivec); assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); if (AES_ENCRYPT == enc) { while (len >= AES_BLOCK_SIZE) { - for(n=0; n < 16; ++n) + for(n=0; n < AES_BLOCK_SIZE; ++n) tmp[n] = in[n] ^ ivec[n]; AES_encrypt(tmp, out, key); - memcpy(ivec, out, 16); - len -= 16; - in += 16; - out += 16; + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; } if (len) { for(n=0; n < len; ++n) @@ -81,25 +87,25 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, tmp[n] = ivec[n]; AES_encrypt(tmp, tmp, key); memcpy(out, tmp, len); - memcpy(ivec, tmp, 16); + memcpy(ivec, tmp, AES_BLOCK_SIZE); } } else { while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, in, 16); + memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(in, out, key); - for(n=0; n < 16; ++n) + for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; - memcpy(ivec, tmp, 16); - len -= 16; - in += 16; - out += 16; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; } if (len) { - memcpy(tmp, in, 16); + memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(tmp, tmp, key); for(n=0; n < len; ++n) out[n] ^= ivec[n]; - memcpy(ivec, tmp, 16); + memcpy(ivec, tmp, AES_BLOCK_SIZE); } } } diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c index 41c2a5ec3d..9b569dda90 100644 --- a/crypto/aes/aes_cfb.c +++ b/crypto/aes/aes_cfb.c @@ -105,7 +105,13 @@ * [including the GNU Public Licence.] */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 937988dd8c..ea884f6f9e 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -28,7 +28,13 @@ /* Note: rewritten a little bit to provide error control and an OpenSSL- compatible API */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <stdlib.h> #include <openssl/aes.h> #include "aes_locl.h" diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 142ca4a142..59088499a0 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -49,7 +49,13 @@ * */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c index 1cb2e07d3d..28aa561c2d 100644 --- a/crypto/aes/aes_ecb.c +++ b/crypto/aes/aes_ecb.c @@ -49,7 +49,13 @@ * */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" diff --git a/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c index e33bdaea28..f358bb39e2 100644 --- a/crypto/aes/aes_ofb.c +++ b/crypto/aes/aes_ofb.c @@ -105,7 +105,13 @@ * [including the GNU Public Licence.] */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index 2f1e64dfe8..5edfa17a04 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -288,14 +288,15 @@ a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h a_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c -a_strex.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -a_strex.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -a_strex.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_strex.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -a_strex.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -a_strex.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +a_strex.o: ../../e_os.h ../../include/openssl/aes.h +a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h a_strex.o: ../../include/openssl/evp.h ../../include/openssl/idea.h a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h a_strex.o: ../../include/openssl/md4.h ../../include/openssl/md5.h @@ -309,7 +310,7 @@ a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_strex.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -a_strex.o: a_strex.c charmap.h +a_strex.o: ../cryptlib.h a_strex.c charmap.h a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -383,6 +384,30 @@ asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c +asn1_gen.o: ../../e_os.h ../../include/openssl/aes.h +asn1_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +asn1_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +asn1_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +asn1_gen.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +asn1_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h +asn1_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +asn1_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +asn1_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +asn1_gen.o: ../../include/openssl/opensslconf.h +asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +asn1_gen.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +asn1_gen.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +asn1_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +asn1_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +asn1_gen.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +asn1_gen.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +asn1_gen.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_gen.c asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index e0265f69d2..f4ea96cd54 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -191,7 +191,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) if (a->data == NULL) c=(unsigned char *)OPENSSL_malloc(w+1); else - c=(unsigned char *)OPENSSL_realloc(a->data,w+1); + c=(unsigned char *)OPENSSL_realloc_clean(a->data, + a->length, + w+1); if (c == NULL) return(0); if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); a->data=c; diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c index bb88660f58..afd27b80e1 100644 --- a/crypto/asn1/a_bytes.c +++ b/crypto/asn1/a_bytes.c @@ -285,7 +285,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) goto err; } - if (!BUF_MEM_grow(&b,num+os->length)) + if (!BUF_MEM_grow_clean(&b,num+os->length)) { c->error=ERR_R_BUF_LIB; goto err; diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index a80fbe9ff7..71b4a28611 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -166,7 +166,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { want-=(len-off); - if (!BUF_MEM_grow(b,len+want)) + if (!BUF_MEM_grow_clean(b,len+want)) { ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); goto err; @@ -221,7 +221,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (want > (len-off)) { want-=(len-off); - if (!BUF_MEM_grow(b,len+want)) + if (!BUF_MEM_grow_clean(b,len+want)) { ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 71ce7c3896..0a8e6c287c 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -183,8 +183,8 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return(BIO_write(bp,"NULL",4)); - i=i2t_ASN1_OBJECT(buf,80,a); - if (i > 80) i=80; + i=i2t_ASN1_OBJECT(buf,sizeof buf,a); + if (i > sizeof buf) i=sizeof buf; BIO_write(bp,buf,i); return(i); } diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 7ddb7662f1..1def6c6549 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -63,6 +63,7 @@ #include <openssl/asn1.h> #include "charmap.h" +#include "cryptlib.h" /* ASN1_STRING_print_ex() and X509_NAME_print_ex(). * Enhanced string and name printing routines handling @@ -114,14 +115,17 @@ typedef int char_io(void *arg, const void *buf, int len); static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) { unsigned char chflgs, chtmp; - char tmphex[11]; + char tmphex[HEX_SIZE(long)+3]; + + if(c > 0xffffffffL) + return -1; if(c > 0xffff) { - BIO_snprintf(tmphex, 11, "\\W%08lX", c); + BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); if(!io_ch(arg, tmphex, 10)) return -1; return 10; } if(c > 0xff) { - BIO_snprintf(tmphex, 11, "\\U%04lX", c); + BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); if(!io_ch(arg, tmphex, 6)) return -1; return 6; } @@ -195,7 +199,7 @@ static int do_buf(unsigned char *buf, int buflen, if(type & BUF_TYPE_CONVUTF8) { unsigned char utfbuf[6]; int utflen; - utflen = UTF8_putc(utfbuf, 6, c); + utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); for(i = 0; i < utflen; i++) { /* We don't need to worry about setting orflags correctly * because if utflen==1 its value will be correct anyway @@ -461,7 +465,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, if(fn_opt != XN_FLAG_FN_NONE) { int objlen, fld_len; if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { - OBJ_obj2txt(objtmp, 80, fn, 1); + OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 27ddd30899..6e5e9d845d 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -152,7 +152,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE if (t->data[0] >= '5') strcpy(str, "19"); else strcpy(str, "20"); - strcat(str, (char *)t->data); + BUF_strlcat(str, (char *)t->data, t->length+2); return ret; } diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 0c5dd9b52b..097b4b8ecf 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -67,7 +67,8 @@ #define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) #define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) #define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) -#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|7) +#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) +#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} @@ -335,6 +336,11 @@ static int asn1_cb(const char *elem, int len, void *bitstr) return -1; break; + case ASN1_GEN_FLAG_SETWRAP: + if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) + return -1; + break; + case ASN1_GEN_FLAG_BITWRAP: if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) return -1; @@ -588,6 +594,8 @@ static int asn1_str2tag(const char *tagstr, int len) ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), /* SEQUENCE wrapper */ ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), + /* SET wrapper */ + ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SEQWRAP), /* BIT STRING wrapper */ ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 10c8946769..d64edbd797 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -79,12 +79,7 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, else p="prim: "; if (BIO_write(bp,p,6) < 6) goto err; - if (indent) - { - if (indent > 128) indent=128; - memset(str,' ',indent); - if (BIO_write(bp,str,indent) < indent) goto err; - } + BIO_indent(bp,indent,128); p=str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 48cc3bfb90..9494e597ab 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -169,8 +169,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) sp=(unsigned char *)OPENSSL_malloc( (unsigned int)num+i*2); else - sp=(unsigned char *)OPENSSL_realloc(s, - (unsigned int)num+i*2); + sp=OPENSSL_realloc_clean(s,slen,num+i*2); if (sp == NULL) { ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index 60db305756..757c148df8 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -84,11 +84,11 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) int X509_CRL_print(BIO *out, X509_CRL *x) { - char buf[256]; STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; int i, n; + char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); l = X509_CRL_get_version(x); @@ -96,8 +96,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x) i = OBJ_obj2nid(x->sig_alg->algorithm); BIO_printf(out, "%8sSignature Algorithm: %s\n", "", (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); - X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256); - BIO_printf(out,"%8sIssuer: %s\n","",buf); + p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0); + BIO_printf(out,"%8sIssuer: %s\n","",p); + OPENSSL_free(p); BIO_printf(out,"%8sLast Update: ",""); ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x)); BIO_printf(out,"\n%8sNext Update: ",""); diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index e3e0739bbd..b418bf035a 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -141,14 +141,10 @@ int RSA_print(BIO *bp, const RSA *x, int off) goto err; } - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - } if (x->d != NULL) { - if (off && (BIO_write(bp,str,off) <= 0)) goto err; + if(!BIO_indent(bp,off,128)) + goto err; if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n)) <= 0) goto err; } @@ -194,7 +190,6 @@ int DSA_print_fp(FILE *fp, const DSA *x, int off) int DSA_print(BIO *bp, const DSA *x, int off) { - char str[128]; unsigned char *m=NULL; int ret=0; size_t buf_len=0,i; @@ -221,14 +216,10 @@ int DSA_print(BIO *bp, const DSA *x, int off) goto err; } - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - } if (x->priv_key != NULL) { - if (off && (BIO_write(bp,str,off) <= 0)) goto err; + if(!BIO_indent(bp,off,128)) + goto err; if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) <= 0) goto err; } @@ -284,7 +275,6 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) { - char str[128]; unsigned char *buffer=NULL; size_t buf_len=0, i; int ret=0, reason=ERR_R_BIO_LIB; @@ -310,14 +300,8 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) /* the curve parameter are given by an asn1 OID */ int nid; - if (off) - { - if (off > 128) - off=128; - memset(str, ' ', off); - if (BIO_write(bp, str, off) <= 0) - goto err; - } + if (!BIO_indent(bp, off, 128)) + goto err; nid = EC_GROUP_get_nid(x); if (nid == 0) @@ -405,13 +389,10 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) reason = ERR_R_MALLOC_FAILURE; goto err; } - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - if (BIO_write(bp, str, off) <= 0) - goto err; - } + + if (!BIO_indent(bp, off, 128)) + goto err; + /* print the 'short name' of the field type */ if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) <= 0) @@ -424,13 +405,8 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) if (basis_type == 0) goto err; - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - if (BIO_write(bp, str, off) <= 0) - goto err; - } + if (!BIO_indent(bp, off, 128)) + goto err; if (BIO_printf(bp, "Basis Type: %s\n", OBJ_nid2sn(basis_type)) <= 0) @@ -500,7 +476,6 @@ err: int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) { - char str[128]; unsigned char *buffer=NULL; size_t buf_len=0, i; int ret=0, reason=ERR_R_BIO_LIB; @@ -533,14 +508,11 @@ int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) reason = ERR_R_MALLOC_FAILURE; goto err; } - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - } + if (x->priv_key != NULL) { - if (off && (BIO_write(bp, str, off) <= 0)) goto err; + if (!BIO_indent(bp, off, 128)) + goto err; if (BIO_printf(bp, "Private-Key: (%d bit)\n", BN_num_bits(x->priv_key)) <= 0) goto err; } @@ -571,18 +543,12 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, int off) { int n,i; - char str[128]; const char *neg; if (num == NULL) return(1); neg = (BN_get_sign(num))?"-":""; - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - if (BIO_write(bp,str,off) <= 0) return(0); - } - + if(!BIO_indent(bp,off,128)) + return 0; if (BN_is_zero(num)) { if (BIO_printf(bp, "%s 0\n", number) <= 0) @@ -612,9 +578,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, { if ((i%15) == 0) { - str[0]='\n'; - memset(&(str[1]),' ',off+4); - if (BIO_write(bp,str,off+1+4) <= 0) return(0); + if(BIO_puts(bp,"\n") <= 0 + || !BIO_indent(bp,off+4,128)) + return 0; } if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":") <= 0) return(0); diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 7ebb39b216..b70bda71db 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -91,7 +91,6 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long EVP_PKEY *pkey; STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(X509_EXTENSION) *exts; - char str[128]; char mlch = ' '; int nmindent = 0; @@ -116,8 +115,9 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long l=0; for (i=0; i<ri->version->length; i++) { l<<=8; l+=ri->version->data[i]; } - sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg, + l) <= 0) + goto err; } if(!(cflag & X509_FLAG_NO_SUBJECT)) { @@ -176,14 +176,14 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) { /* may not be */ - sprintf(str,"%8sAttributes:\n",""); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%8sAttributes:\n","") <= 0) + goto err; sk=x->req_info->attributes; if (sk_X509_ATTRIBUTE_num(sk) == 0) { - sprintf(str,"%12sa0:00\n",""); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%12sa0:00\n","") <= 0) + goto err; } else { @@ -198,8 +198,8 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long a=sk_X509_ATTRIBUTE_value(sk,i); if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) continue; - sprintf(str,"%12s",""); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%12s","") <= 0) + goto err; if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) { if (a->single) diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 5074a74928..36cef4605d 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -444,15 +444,17 @@ err: int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) { - char *s,*c; + char *s,*c,*b; int ret=0,l,ll,i,first=1; - char buf[256]; ll=80-2-obase; - s=X509_NAME_oneline(name,buf,256); + b=s=X509_NAME_oneline(name,NULL,0); if (!*s) + { + OPENSSL_free(b); return 1; + } s++; /* skip the first slash */ l=ll; @@ -508,6 +510,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) err: X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB); } + OPENSSL_free(b); return(ret); } diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c index 7d4a6e6084..ffbbfb51f4 100644 --- a/crypto/asn1/t_x509a.c +++ b/crypto/asn1/t_x509a.c @@ -77,7 +77,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { if(!first) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, 80, + OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->trust, i), 0); BIO_puts(out, oidstr); } @@ -90,7 +90,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { if(!first) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, 80, + OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->reject, i), 0); BIO_puts(out, oidstr); } diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index a9b1d9ef81..75bbafacd7 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -665,7 +665,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err; len = buf.length; /* Append a final null to string */ - if(!BUF_MEM_grow(&buf, len + 1)) { + if(!BUF_MEM_grow_clean(&buf, len + 1)) { ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); return 0; } @@ -858,7 +858,7 @@ static int collect_data(BUF_MEM *buf, unsigned char **p, long plen) int len; if(buf) { len = buf->length; - if(!BUF_MEM_grow(buf, len + plen)) { + if(!BUF_MEM_grow_clean(buf, len + plen)) { ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index fab67ae5ac..719639b511 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -186,7 +186,7 @@ if(*bool == -1) printf("BOOL MISSING\n"); char objbuf[80], *ln; ln = OBJ_nid2ln(OBJ_obj2nid(fld)); if(!ln) ln = ""; - OBJ_obj2txt(objbuf, 80, fld, 1); + OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1); BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf); } else { BIO_printf(out, "%*s%s:", indent, "", name); diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index 09895f2542..c85bc32533 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -454,9 +454,9 @@ static int test(void) len=strlen(cbc_data)+1; BF_set_key(&key,16,cbc_key); - memset(cbc_in,0,40); - memset(cbc_out,0,40); - memcpy(iv,cbc_iv,8); + memset(cbc_in,0,sizeof cbc_in); + memset(cbc_out,0,sizeof cbc_out); + memcpy(iv,cbc_iv,sizeof iv); BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len, &key,iv,BF_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 80c9cb69db..3f5d6a74bf 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -483,7 +483,7 @@ fmtint( { int signvalue = 0; unsigned LLONG uvalue; - char convert[20]; + char convert[DECIMAL_SIZE(value)+1]; int place = 0; int spadlen = 0; int zpadlen = 0; @@ -508,8 +508,8 @@ fmtint( (caps ? "0123456789ABCDEF" : "0123456789abcdef") [uvalue % (unsigned) base]; uvalue = (uvalue / (unsigned) base); - } while (uvalue && (place < 20)); - if (place == 20) + } while (uvalue && (place < sizeof convert)); + if (place == sizeof convert) place--; convert[place] = 0; @@ -641,8 +641,8 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; intpart = (intpart / 10); - } while (intpart && (iplace < 20)); - if (iplace == 20) + } while (intpart && (iplace < sizeof iplace)); + if (iplace == sizeof iplace) iplace--; iconvert[iplace] = 0; @@ -653,7 +653,7 @@ fmtfp( : "0123456789abcdef")[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); - if (fplace == 20) + if (fplace == sizeof fplace) fplace--; fconvert[fplace] = 0; diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 8097d1aee2..65bfc0d43f 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -83,6 +83,7 @@ static int wsa_init_done=0; #endif +#if 0 static unsigned long BIO_ghbn_hits=0L; static unsigned long BIO_ghbn_miss=0L; @@ -121,6 +122,7 @@ static struct ghbn_cache_st struct hostent *ent; unsigned long order; } ghbn_cache[GHBN_NUM]; +#endif static int get_ip(const char *str,unsigned char *ip); #if 0 @@ -258,6 +260,7 @@ int BIO_sock_error(int sock) return(j); } +#if 0 long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) { int i; @@ -295,6 +298,7 @@ long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) } return(1); } +#endif #if 0 static struct hostent *ghbn_dup(struct hostent *a) @@ -491,6 +495,12 @@ int BIO_sock_init(void) } } #endif /* OPENSSL_SYS_WINDOWS */ +#ifdef WATT32 + extern int _watt_do_exit; + _watt_do_exit = 0; /* don't make sock_init() call exit() */ + if (sock_init()) + return (-1); +#endif return(1); } diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 6ccda06596..1cecd70579 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -482,7 +482,7 @@ static int buffer_gets(BIO *b, char *buf, int size) size-=i; ctx->ibuf_len-=i; ctx->ibuf_off+=i; - if ((flag) || (i == size)) + if (flag || size == 0) { *buf='\0'; return(num); diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 9403b2fa7c..c6d4e1c790 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -522,6 +522,7 @@ int BIO_read(BIO *b, void *data, int len); int BIO_gets(BIO *bp,char *buf, int size); int BIO_write(BIO *b, const void *data, int len); int BIO_puts(BIO *bp,const char *buf); +int BIO_indent(BIO *b,int indent,int max); long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)); char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); @@ -627,7 +628,7 @@ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, void BIO_copy_next_retry(BIO *b); -long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); +/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ int BIO_printf(BIO *bio, const char *format, ...); int BIO_vprintf(BIO *bio, const char *format, va_list args); diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 50df2238fa..98ce395519 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -272,6 +272,18 @@ int BIO_gets(BIO *b, char *in, int inl) return(i); } +int BIO_indent(BIO *b,int indent,int max) + { + if(indent < 0) + indent=0; + if(indent > max) + indent=max; + while(indent--) + if(BIO_puts(b," ") != 1) + return 0; + return 1; + } + long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) { int i; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 5759b090c7..72a4ea1f8d 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -585,7 +585,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) else if (num == 2) { char buf[16]; - char *p = ptr; + unsigned char *p = ptr; sprintf(buf,"%d.%d.%d.%d", p[0],p[1],p[2],p[3]); @@ -596,7 +596,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) } else if (num == 3) { - char buf[16]; + char buf[DECIMAL_SIZE(int)+1]; sprintf(buf,"%d",*(int *)ptr); if (data->param_port != NULL) diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index f6e11c0108..b39a3c638c 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -78,7 +78,7 @@ # include <starlet.h> #elif defined(__ultrix) # include <sys/syslog.h> -#elif !defined(MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) /* Unix */ +#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) # include <syslog.h> #endif @@ -275,7 +275,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) LPCSTR lpszStrings[2]; WORD evtype= EVENTLOG_ERROR_TYPE; int pid = _getpid(); - char pidbuf[20]; + char pidbuf[DECIMAL_SIZE(pid)+4]; switch (priority) { @@ -393,11 +393,15 @@ static void xcloselog(BIO* bp) { } -#else /* Unix */ +#else /* Unix/Watt32 */ static void xopenlog(BIO* bp, char* name, int level) { +#ifdef WATT32 /* djgpp/DOS */ + openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level); +#else openlog(name, LOG_PID|LOG_CONS, level); +#endif } static void xsyslog(BIO *bp, int priority, const char *string) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 28ff7582bf..a4edb711ae 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -190,7 +190,7 @@ static int mem_write(BIO *b, const char *in, int inl) BIO_clear_retry_flags(b); blen=bm->length; - if (BUF_MEM_grow(bm,blen+inl) != (blen+inl)) + if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl)) goto end; memcpy(&(bm->data[blen]),in,inl); ret=inl; @@ -284,7 +284,11 @@ static int mem_gets(BIO *bp, char *buf, int size) BIO_clear_retry_flags(bp); j=bm->length; - if (j <= 0) return(0); + if (j <= 0) + { + *buf='\0'; + return 0; + } p=bm->data; for (i=0; i<j; i++) { diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 83b850d5ac..d2a8857adc 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -93,6 +93,12 @@ void *_memset32(void *__s, int __c, size_t __n); #endif +#ifdef WATT32 +#define sock_write SockWrite /* Watt-32 uses same names */ +#define sock_read SockRead +#define sock_puts SockPuts +#endif + static int sock_write(BIO *h, const char *buf, int num); static int sock_read(BIO *h, char *buf, int size); static int sock_puts(BIO *h, const char *str); diff --git a/crypto/bn/divtest.c b/crypto/bn/divtest.c index 13ba86e3c4..d3fc688f33 100644 --- a/crypto/bn/divtest.c +++ b/crypto/bn/divtest.c @@ -1,7 +1,7 @@ #include <openssl/bn.h> #include <openssl/rand.h> -static int rand(n) +static int Rand(n) { unsigned char x[2]; RAND_pseudo_bytes(x,2); @@ -26,8 +26,8 @@ main() BN_CTX *ctx=BN_CTX_new(); for(;;) { - BN_pseudo_rand(a,rand(),0,0); - BN_pseudo_rand(b,rand(),0,0); + BN_pseudo_rand(a,Rand(),0,0); + BN_pseudo_rand(b,Rand(),0,0); if (BN_is_zero(b)) continue; BN_RECP_CTX_set(recp,b,ctx); diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index 9299baba9e..d96487e7db 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -125,6 +125,43 @@ int BUF_MEM_grow(BUF_MEM *str, int len) return(len); } +int BUF_MEM_grow_clean(BUF_MEM *str, int len) + { + char *ret; + unsigned int n; + + if (str->length >= len) + { + memset(&str->data[len],0,str->length-len); + str->length=len; + return(len); + } + if (str->max >= len) + { + memset(&str->data[str->length],0,len-str->length); + str->length=len; + return(len); + } + n=(len+3)/3*4; + if (str->data == NULL) + ret=OPENSSL_malloc(n); + else + ret=OPENSSL_realloc_clean(str->data,str->max,n); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); + len=0; + } + else + { + str->data=ret; + str->max=n; + memset(&str->data[str->length],0,len-str->length); + str->length=len; + } + return(len); + } + char *BUF_strdup(const char *str) { char *ret; @@ -143,3 +180,23 @@ char *BUF_strdup(const char *str) return(ret); } +size_t BUF_strlcpy(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 1 && *src; size--) + { + *dst++ = *src++; + l++; + } + if (size) + *dst = '\0'; + return l + strlen(src); + } + +size_t BUF_strlcat(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 0 && *dst; size--, dst++) + l++; + return l + BUF_strlcpy(dst, src, size); + } diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index 11e2d0359a..465dc34f3f 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -63,6 +63,9 @@ extern "C" { #endif +#include <stddef.h> +#include <sys/types.h> + typedef struct buf_mem_st { int length; /* current number of bytes */ @@ -73,8 +76,14 @@ typedef struct buf_mem_st BUF_MEM *BUF_MEM_new(void); void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); +int BUF_MEM_grow_clean(BUF_MEM *str, int len); char * BUF_strdup(const char *str); +/* safe string functions */ +size_t BUF_strlcpy(char *dst,const char *src,size_t siz); +size_t BUF_strlcat(char *dst,const char *src,size_t siz); + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index f1d2dd562f..15b8a15810 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -86,31 +86,32 @@ conf_api.o: ../../e_os.h ../../include/openssl/bio.h conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_api.o: conf_api.c +conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +conf_api.o: ../../include/openssl/symhacks.h conf_api.c conf_def.o: ../../e_os.h ../../include/openssl/bio.h conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_def.o: ../cryptlib.h conf_def.c conf_def.h +conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +conf_def.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_def.c +conf_def.o: conf_def.h conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h conf_err.o: ../../include/openssl/opensslconf.h -conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_err.o: conf_err.c +conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +conf_err.o: ../../include/openssl/symhacks.h conf_err.c conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_lib.o: conf_lib.c +conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +conf_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +conf_lib.o: ../../include/openssl/symhacks.h conf_lib.c conf_mall.o: ../../e_os.h ../../include/openssl/aes.h conf_mall.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h conf_mall.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index a5ec738df3..179f11e65a 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -253,9 +253,9 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) section_sk=(STACK_OF(CONF_VALUE) *)sv->value; bufnum=0; + again=0; for (;;) { - again=0; if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE)) { CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); @@ -266,7 +266,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BIO_gets(in, p, CONFBUFSIZE-1); p[CONFBUFSIZE-1]='\0'; ii=i=strlen(p); - if (i == 0) break; + if (i == 0 && !again) break; + again=0; while (i > 0) { if ((p[i-1] != '\r') && (p[i-1] != '\n')) @@ -276,7 +277,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } /* we removed some trailing stuff so there is a new * line on the end. */ - if (i == ii) + if (ii && i == ii) again=1; /* long line */ else { @@ -636,7 +637,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow(buf,(strlen(p)+len-(e-from))); + BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); while (*p) buf->data[to++]= *(p++); from=e; diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 26c1da7074..38e2a53394 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -555,3 +555,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, #endif #endif + +void OpenSSLDie(const char *file,int line,const char *assertion) + { + fprintf(stderr, + "%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); + abort(); + } diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index 88e4ae509f..0d6b9d59f0 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -89,9 +89,9 @@ extern "C" { #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" -/* size of string represenations */ -#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) -#define HEX_SIZE(type) ((sizeof(type)*2) +/* size of string representations */ +#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +#define HEX_SIZE(type) (sizeof(type)*2) #ifdef __cplusplus } diff --git a/crypto/crypto.h b/crypto/crypto.h index f87262f517..2a4dbd5975 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -343,6 +343,8 @@ int CRYPTO_is_mem_check_on(void); #define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) #define OPENSSL_realloc(addr,num) \ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) +#define OPENSSL_realloc_clean(addr,old_num,num) \ + CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) #define OPENSSL_remalloc(addr,num) \ CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) #define OPENSSL_freeFunc CRYPTO_free @@ -445,6 +447,8 @@ void CRYPTO_free_locked(void *); void *CRYPTO_malloc(int num, const char *file, int line); void CRYPTO_free(void *); void *CRYPTO_realloc(void *addr,int num, const char *file, int line); +void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, + int line); void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); void CRYPTO_set_mem_debug_options(long bits); @@ -487,6 +491,9 @@ void CRYPTO_mem_leaks(struct bio_st *bio); typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); +/* die if we have to */ +void OpenSSLDie(const char *file,int line,const char *assertion); +#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index da2cdfa3d6..9fe002cb0a 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -228,6 +228,7 @@ int DSA_size(const DSA *r) i=BN_num_bits(r->q); bs.length=(i+7)/8; + OPENSSL_assert(bs.length <= sizeof buf); bs.data=buf; bs.type=V_ASN1_INTEGER; /* If the top bit is set the asn1 encoding is 1 larger. */ diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 1b9648f065..32b6a9ab89 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -222,7 +222,7 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out) if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) { #ifndef NOISY - BIO_printf(out, "failed\n\n"); + BIO_printf(out, " failed\n\n"); BIO_printf(out, "key a:\n"); BIO_printf(out, "private key: "); BN_print(out, a->priv_key); @@ -261,7 +261,7 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out) else { #ifndef NOISY - BIO_printf(out, "ok\n"); + BIO_printf(out, " ok\n"); #endif ret=1; } diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index f12eac1b55..6e550f6a43 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -165,6 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) { i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; + OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index a969ac69ed..9d18728d30 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -219,6 +219,8 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; + + OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); if (size != NULL) *size=ctx->digest->md_size; diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 4685198e2e..d42cbfd17e 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -174,6 +174,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(l <= sizeof iv); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); if (i != l) return(-1); diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index 4064cc5fa0..d58f507837 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -69,8 +69,6 @@ typedef struct { - /* FIXME: what is the key for? */ - unsigned char key[EVP_RC4_KEY_SIZE]; RC4_KEY ks; /* working key */ } EVP_RC4_KEY; @@ -121,9 +119,8 @@ const EVP_CIPHER *EVP_rc4_40(void) static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), - data(ctx)->key); + key); return 1; } diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 12c6379df1..08209357ce 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -136,6 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *outl=0; if (inl == 0) return; + OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -258,6 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { + OPENSSL_assert(n < sizeof ctx->enc_data); d[n++]=tmp; ln++; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 32a1c7a2e9..39a66f189f 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -63,8 +63,6 @@ #include <openssl/engine.h> #include "evp_locl.h" -#include <assert.h> - const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) @@ -163,9 +161,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } skip_to_init: /* we assume block size is a power of 2 in *cryptUpdate */ - assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); + OPENSSL_assert(ctx->cipher->block_size == 1 + || ctx->cipher->block_size == 8 + || ctx->cipher->block_size == 16); if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { switch(EVP_CIPHER_CTX_mode(ctx)) { @@ -181,6 +179,7 @@ skip_to_init: case EVP_CIPH_CBC_MODE: + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -251,6 +250,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { int i,j,bl; + OPENSSL_assert(inl > 0); if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { if(ctx->cipher->do_cipher(ctx,out,in,inl)) @@ -266,6 +266,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; + OPENSSL_assert(bl <= sizeof ctx->buf); if (i != 0) { if (i+inl < bl) @@ -314,6 +315,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int i,n,b,bl,ret; b=ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->buf); if (b == 1) { *outl=0; @@ -358,6 +360,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return EVP_EncryptUpdate(ctx, out, outl, in, inl); b=ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->final); if(ctx->final_used) { @@ -420,6 +423,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } + OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; if (n > b) { diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 4271393069..dc103bd1d7 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -118,6 +118,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, nkey=type->key_len; niv=type->iv_len; + OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); + OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); if (data == NULL) return(nkey); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index a431945ef5..52a3b287be 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -90,6 +90,7 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(l <= sizeof c->iv); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); if (i != l) return(-1); @@ -106,6 +107,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(j <= sizeof c->iv); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index bcd4d29f85..0da88fdcff 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -88,7 +88,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) strcpy (obj_tmp, "NULL"); - else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj); + else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; } diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 27a8286489..d15b799281 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -140,7 +140,9 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 7485d6a278..098ce8afa0 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -190,6 +190,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); + OPENSSL_assert(keylen <= sizeof key); /* Now decode key derivation function */ diff --git a/crypto/hmac/Makefile.ssl b/crypto/hmac/Makefile.ssl index b91f204299..d48df0597e 100644 --- a/crypto/hmac/Makefile.ssl +++ b/crypto/hmac/Makefile.ssl @@ -79,21 +79,23 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -hmac.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -hmac.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -hmac.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h -hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hmac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -hmac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -hmac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hmac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -hmac.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hmac.o: ../../include/openssl/ui_compat.h hmac.c +hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h +hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +hmac.o: ../cryptlib.h hmac.c diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index da363b7950..4c91f919d5 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -59,6 +59,7 @@ #include <stdlib.h> #include <string.h> #include <openssl/hmac.h> +#include "cryptlib.h" void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) @@ -78,6 +79,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { reset=1; j=EVP_MD_block_size(md); + OPENSSL_assert(j <= sizeof ctx->key); if (j < len) { EVP_DigestInit_ex(&ctx->md_ctx,md, impl); @@ -87,6 +89,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, } else { + OPENSSL_assert(len <= sizeof ctx->key); memcpy(ctx->key,key,len); ctx->key_length=len; } diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index 39ea2885f4..5aa7766aa6 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -179,49 +179,29 @@ end:; void lh_stats_bio(const LHASH *lh, BIO *out) { - char buf[128]; - - sprintf(buf,"num_items = %lu\n",lh->num_items); - BIO_puts(out,buf); - sprintf(buf,"num_nodes = %u\n",lh->num_nodes); - BIO_puts(out,buf); - sprintf(buf,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); - BIO_puts(out,buf); - sprintf(buf,"num_expands = %lu\n",lh->num_expands); - BIO_puts(out,buf); - sprintf(buf,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs); - BIO_puts(out,buf); - sprintf(buf,"num_contracts = %lu\n",lh->num_contracts); - BIO_puts(out,buf); - sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs); - BIO_puts(out,buf); - sprintf(buf,"num_hash_calls = %lu\n",lh->num_hash_calls); - BIO_puts(out,buf); - sprintf(buf,"num_comp_calls = %lu\n",lh->num_comp_calls); - BIO_puts(out,buf); - sprintf(buf,"num_insert = %lu\n",lh->num_insert); - BIO_puts(out,buf); - sprintf(buf,"num_replace = %lu\n",lh->num_replace); - BIO_puts(out,buf); - sprintf(buf,"num_delete = %lu\n",lh->num_delete); - BIO_puts(out,buf); - sprintf(buf,"num_no_delete = %lu\n",lh->num_no_delete); - BIO_puts(out,buf); - sprintf(buf,"num_retrieve = %lu\n",lh->num_retrieve); - BIO_puts(out,buf); - sprintf(buf,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); - BIO_puts(out,buf); - sprintf(buf,"num_hash_comps = %lu\n",lh->num_hash_comps); - BIO_puts(out,buf); + BIO_printf(out,"num_items = %lu\n",lh->num_items); + BIO_printf(out,"num_nodes = %u\n",lh->num_nodes); + BIO_printf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); + BIO_printf(out,"num_expands = %lu\n",lh->num_expands); + BIO_printf(out,"num_expand_reallocs = %lu\n", + lh->num_expand_reallocs); + BIO_printf(out,"num_contracts = %lu\n",lh->num_contracts); + BIO_printf(out,"num_contract_reallocs = %lu\n", + lh->num_contract_reallocs); + BIO_printf(out,"num_hash_calls = %lu\n",lh->num_hash_calls); + BIO_printf(out,"num_comp_calls = %lu\n",lh->num_comp_calls); + BIO_printf(out,"num_insert = %lu\n",lh->num_insert); + BIO_printf(out,"num_replace = %lu\n",lh->num_replace); + BIO_printf(out,"num_delete = %lu\n",lh->num_delete); + BIO_printf(out,"num_no_delete = %lu\n",lh->num_no_delete); + BIO_printf(out,"num_retrieve = %lu\n",lh->num_retrieve); + BIO_printf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); + BIO_printf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); #if 0 - sprintf(buf,"p = %u\n",lh->p); - BIO_puts(out,buf); - sprintf(buf,"pmax = %u\n",lh->pmax); - BIO_puts(out,buf); - sprintf(buf,"up_load = %lu\n",lh->up_load); - BIO_puts(out,buf); - sprintf(buf,"down_load = %lu\n",lh->down_load); - BIO_puts(out,buf); + BIO_printf(out,"p = %u\n",lh->p); + BIO_printf(out,"pmax = %u\n",lh->pmax); + BIO_printf(out,"up_load = %lu\n",lh->up_load); + BIO_printf(out,"down_load = %lu\n",lh->down_load); #endif } @@ -229,14 +209,12 @@ void lh_node_stats_bio(const LHASH *lh, BIO *out) { LHASH_NODE *n; unsigned int i,num; - char buf[128]; for (i=0; i<lh->num_nodes; i++) { for (n=lh->b[i],num=0; n != NULL; n=n->next) num++; - sprintf(buf,"node %6u -> %3u\n",i,num); - BIO_puts(out,buf); + BIO_printf(out,"node %6u -> %3u\n",i,num); } } @@ -246,7 +224,6 @@ void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) unsigned long num; unsigned int i; unsigned long total=0,n_used=0; - char buf[128]; for (i=0; i<lh->num_nodes; i++) { @@ -258,17 +235,14 @@ void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) total+=num; } } - sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes); - BIO_puts(out,buf); - sprintf(buf,"%lu items\n",total); - BIO_puts(out,buf); + BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes); + BIO_printf(out,"%lu items\n",total); if (n_used == 0) return; - sprintf(buf,"load %d.%02d actual load %d.%02d\n", - (int)(total/lh->num_nodes), - (int)((total%lh->num_nodes)*100/lh->num_nodes), - (int)(total/n_used), - (int)((total%n_used)*100/n_used)); - BIO_puts(out,buf); + BIO_printf(out,"load %d.%02d actual load %d.%02d\n", + (int)(total/lh->num_nodes), + (int)((total%lh->num_nodes)*100/lh->num_nodes), + (int)(total/n_used), + (int)((total%n_used)*100/n_used)); } #endif diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index e25dd00e02..f98009acad 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -118,9 +118,9 @@ const char *MD2_options(void) int MD2_Init(MD2_CTX *c) { c->num=0; - memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->data,0,MD2_BLOCK); + memset(c->state,0,sizeof c->state); + memset(c->cksm,0,sizeof c->cksm); + memset(c->data,0,sizeof c->data); return 1; } diff --git a/crypto/md4/md4.c b/crypto/md4/md4.c index e4b0aac011..2ac2d914ff 100644 --- a/crypto/md4/md4.c +++ b/crypto/md4/md4.c @@ -108,7 +108,7 @@ void do_fp(FILE *f) MD4_Init(&c); for (;;) { - i=read(fd,buf,BUFSIZE); + i=read(fd,buf,sizeof buf); if (i <= 0) break; MD4_Update(&c,buf,(unsigned long)i); } diff --git a/crypto/mem.c b/crypto/mem.c index 3955006fca..4dd829792d 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -318,7 +318,6 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); - if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret = realloc_ex_func(str,num,file,line); @@ -331,6 +330,29 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) return ret; } +void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, + int line) + { + void *ret = NULL; + + if (str == NULL) + return CRYPTO_malloc(num, file, line); + if (realloc_debug_func != NULL) + realloc_debug_func(str, NULL, num, file, line, 0); + ret=malloc_ex_func(num,file,line); + if(ret) + memcpy(ret,str,old_len); + memset(str,'\0',old_len); + free_func(str); +#ifdef LEVITTE_DEBUG_MEM + fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); +#endif + if (realloc_debug_func != NULL) + realloc_debug_func(str, ret, num, file, line, 1); + + return ret; + } + void CRYPTO_free(void *str) { if (free_debug_func != NULL) @@ -350,7 +372,6 @@ void *CRYPTO_remalloc(void *a, int num, const char *file, int line) return(a); } - void CRYPTO_set_mem_debug_options(long bits) { if (set_debug_options_func != NULL) diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 1c4e04f51f..0c1855afb1 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -666,7 +666,6 @@ static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *) void CRYPTO_mem_leaks(BIO *b) { MEM_LEAK ml; - char buf[80]; if (mh == NULL && amih == NULL) return; @@ -681,9 +680,8 @@ void CRYPTO_mem_leaks(BIO *b) (char *)&ml); if (ml.chunks != 0) { - sprintf(buf,"%ld bytes leaked in %d chunks\n", - ml.bytes,ml.chunks); - BIO_puts(b,buf); + BIO_printf(b,"%ld bytes leaked in %d chunks\n", + ml.bytes,ml.chunks); } else { diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index ce779dc1b5..5d983e3ed4 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -464,7 +464,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) sprintf(tbuf,"%d.%lu",i,l); i=strlen(tbuf); - strncpy(buf,tbuf,buf_len); + BUF_strlcpy(buf,tbuf,buf_len); buf_len-=i; buf+=i; n+=i; @@ -476,7 +476,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) sprintf(tbuf,".%lu",l); i=strlen(tbuf); if (buf_len > 0) - strncpy(buf,tbuf,buf_len); + BUF_strlcpy(buf,tbuf,buf_len); buf_len-=i; buf+=i; n+=i; @@ -488,10 +488,9 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) s=OBJ_nid2ln(nid); if (s == NULL) s=OBJ_nid2sn(nid); - strncpy(buf,s,buf_len); + BUF_strlcpy(buf,s,buf_len); n=strlen(s); } - buf[buf_len-1]='\0'; return(n); } diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index b78cd37092..357709a843 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -64,6 +64,9 @@ #include <openssl/ocsp.h> #include <openssl/err.h> #include <openssl/buffer.h> +#ifdef OPENSSL_SYS_SUNOS +#define strtoul (unsigned long)strtol +#endif /* OPENSSL_SYS_SUNOS */ /* Quick and dirty HTTP OCSP request handler. * Could make this a bit cleverer by adding @@ -94,7 +97,7 @@ Content-Length: %d\r\n\r\n"; } if(!(mem = BIO_new(BIO_s_mem()))) goto err; /* Copy response to a memory BIO: socket bios can't do gets! */ - while ((len = BIO_read(b, tmpbuf, 1024))) { + while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) { if(len < 0) { OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR); goto err; diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index fb196562fa..5be8d6a957 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -155,7 +155,7 @@ typedef struct pem_recip_st int cipher; int key_enc; - char iv[8]; + /* char iv[8]; unused and wrong size */ } PEM_USER; typedef struct pem_ctx_st @@ -171,7 +171,8 @@ typedef struct pem_ctx_st struct { int cipher; - unsigned char iv[8]; + /* unused, and wrong size + unsigned char iv[8]; */ } DEK_info; PEM_USER *originator; @@ -193,7 +194,8 @@ typedef struct pem_ctx_st EVP_CIPHER *dec; /* date encryption cipher */ int key_len; /* key length */ unsigned char *key; /* key */ - unsigned char iv[8]; /* the iv */ + /* unused, and wrong size + unsigned char iv[8]; */ int data_enc; /* is the data encrypted */ diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 328afd2e95..5412408584 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -348,6 +348,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, } /* create the right magic header stuff */ + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index bfc43e90af..8e213c11c4 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type) void PEM_dek_info(char *buf, const char *type, int len, char *str) { - static unsigned char map[17]="0123456789ABCDEF"; + static const unsigned char map[17]="0123456789ABCDEF"; long i; int j; @@ -306,6 +306,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, goto err; } /* dzise + 8 bytes are needed */ + /* actually it needs the cipher block size extra... */ data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); if (data == NULL) { @@ -335,6 +336,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ + OPENSSL_assert(enc->iv_len <= sizeof iv); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is @@ -343,6 +345,8 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); + buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); @@ -693,7 +697,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, if (strncmp(buf,"-----END ",9) == 0) break; if (i > 65) break; - if (!BUF_MEM_grow(dataB,i+bl+9)) + if (!BUF_MEM_grow_clean(dataB,i+bl+9)) { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 1c0a9c9edf..d1ab612eaa 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -578,7 +578,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); - if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) + if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) { PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); goto err; diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 53a726e1aa..1f168221e3 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -143,7 +143,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; - if (strlen(path) > sizeof(addr.sun_path)) + if (strlen(path) >= sizeof(addr.sun_path)) return (-1); strcpy(addr.sun_path,path); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index c1b955b06f..242febe270 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -287,9 +287,18 @@ int RAND_poll(void) { /* For entropy count assume only least significant * byte of each DWORD is random. - */ + */ RAND_add(&length, sizeof(length), 0); RAND_add(buf, length, length / 4.0); + + /* Close the Registry Key to allow Windows to cleanup/close + * the open handle + * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened + * when the RegQueryValueEx above is done. However, if + * it is not explicitly closed, it can cause disk + * partition manipulation problems. + */ + RegCloseKey(HKEY_PERFORMANCE_DATA); } if (buf) free(buf); diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 982074c465..7c2673a61f 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -203,8 +203,9 @@ const char *RAND_file_name(char *buf, size_t size) s=getenv("RANDFILE"); if (s != NULL) { - strncpy(buf,s,size-1); - buf[size-1]='\0'; + if(strlen(s) >= size) + return NULL; + strcpy(buf,s); ret=buf; } else diff --git a/crypto/rijndael/.cvsignore b/crypto/rijndael/.cvsignore deleted file mode 100644 index c6d03a9dbc..0000000000 --- a/crypto/rijndael/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -lib -Makefile.save diff --git a/crypto/rijndael/Makefile.ssl b/crypto/rijndael/Makefile.ssl deleted file mode 100644 index 5a5fc37d59..0000000000 --- a/crypto/rijndael/Makefile.ssl +++ /dev/null @@ -1,89 +0,0 @@ -# -# crypto/rijndael/Makefile -# - -DIR= rijndael -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -RD_ENC= rd_enc.o -# or use -#DES_ENC= bx86-elf.o - -# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=rd_fst.c -LIBOBJ=rd_fst.o - -SRC= $(LIBSRC) - -EXHEADER=rd_fst.h rijndael.h - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) - @touch lib - -$(LIBOBJ): $(LIBSRC) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @$(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: installs - -installs: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -rd_fst.o: rd_fst.c rd_fst.h diff --git a/crypto/rijndael/README b/crypto/rijndael/README deleted file mode 100755 index 1118ccbad8..0000000000 --- a/crypto/rijndael/README +++ /dev/null @@ -1,80 +0,0 @@ -Optimised ANSI C code for the Rijndael cipher (now AES) - -Authors: - Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> - Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> - Paulo Barreto <paulo.barreto@terra.com.br> - -All code contained in this distributed is placed in the public domain. - -======================================================================== - -Disclaimer: - -THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS -OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -======================================================================== - -Acknowledgements: - -We are deeply indebted to the following people for their bug reports, -fixes, and improvement suggestions to the API implementation. Though we -tried to list all contributions, we apologise in advance for any -missing reference: - -Andrew Bales <Andrew.Bales@Honeywell.com> -Markus Friedl <markus.friedl@informatik.uni-erlangen.de> -John Skodon <skodonj@webquill.com> - -======================================================================== - -Description: - -This optimised implementation of Rijndael is noticeably faster than the -previous versions on Intel processors under Win32 w/ MSVC 6.0. On the -same processor under Linux w/ gcc-2.95.2, the key setup is also -considerably faster, but normal encryption/decryption is only marginally -faster. - -To enable full loop unrolling for encryption/decryption, define the -conditional compilation directive FULL_UNROLL. This may help increase -performance or not, depending on the platform. - -To compute the intermediate value tests, define the conditional -compilation directive INTERMEDIATE_VALUE_KAT. It may be worthwhile to -define the TRACE_KAT_MCT directive too, which provides useful progress -information during the generation of the KAT and MCT sets. - -======================================================================== - -Contents: - -README This file -rijndael-alg-fst.c The algorithm implementation. -rijndael-alg-fst.h The corresponding header file. -rijndael-api-fst.c NIST's implementation. -rijndael-api-fst.h The corresponding header file. -rijndael-test-fst.c A simple program to generate test vectors. -table.128 Data for the table tests and 128-bit keys. -table.192 Data for the table tests and 192-bit keys. -table.256 Data for the table tests and 256-bit keys. -fips-test-vectors.txt Key schedule and ciphertext intermediate values - (reduced set proposed for FIPS inclusion). -Makefile A sample makefile; may need some changes, - depending on the C compiler used. - -N.B. Both the API implementation and the provisional reduced set of -test vectors are likely to change, according to NIST's final decision -regarding modes of operation and the FIPS contents. They are therefore -marked as "version 2.9" rather than "version 3.0". - diff --git a/crypto/rijndael/rd_fst.c b/crypto/rijndael/rd_fst.c deleted file mode 100755 index f1597288f0..0000000000 --- a/crypto/rijndael/rd_fst.c +++ /dev/null @@ -1,1400 +0,0 @@ -/** - * rijndael-alg-fst.c - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> - * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> - * @author Paulo Barreto <paulo.barreto@terra.com.br> - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include <assert.h> -#include <stdlib.h> - -#include "rd_fst.h" - -/* -Te0[x] = S [x].[02, 01, 01, 03]; -Te1[x] = S [x].[03, 02, 01, 01]; -Te2[x] = S [x].[01, 03, 02, 01]; -Te3[x] = S [x].[01, 01, 03, 02]; -Te4[x] = S [x].[01, 01, 01, 01]; - -Td0[x] = Si[x].[0e, 09, 0d, 0b]; -Td1[x] = Si[x].[0b, 0e, 09, 0d]; -Td2[x] = Si[x].[0d, 0b, 0e, 09]; -Td3[x] = Si[x].[09, 0d, 0b, 0e]; -Td4[x] = Si[x].[01, 01, 01, 01]; -*/ - -static const u32 Te0[256] = { - 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, - 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, - 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, - 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, - 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, - 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, - 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, - 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, - 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, - 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, - 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, - 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, - 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, - 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, - 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, - 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, - 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, - 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, - 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, - 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, - 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, - 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, - 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, - 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, - 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, - 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, - 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, - 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, - 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, - 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, - 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, - 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, - 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, - 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, - 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, - 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, - 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, - 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, - 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, - 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, - 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, - 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, - 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, - 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, - 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, - 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, - 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, - 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, - 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, - 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, - 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, - 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, - 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, - 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, - 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, - 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, - 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, - 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, - 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, - 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, - 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, - 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, - 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, - 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, -}; -static const u32 Te1[256] = { - 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, - 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, - 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, - 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, - 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, - 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, - 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, - 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, - 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, - 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, - 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, - 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, - 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, - 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, - 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, - 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, - 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, - 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, - 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, - 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, - 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, - 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, - 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, - 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, - 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, - 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, - 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, - 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, - 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, - 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, - 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, - 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, - 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, - 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, - 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, - 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, - 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, - 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, - 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, - 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, - 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, - 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, - 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, - 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, - 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, - 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, - 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, - 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, - 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, - 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, - 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, - 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, - 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, - 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, - 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, - 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, - 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, - 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, - 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, - 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, - 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, - 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, - 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, - 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, -}; -static const u32 Te2[256] = { - 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, - 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, - 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, - 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, - 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, - 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, - 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, - 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, - 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, - 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, - 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, - 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, - 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, - 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, - 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, - 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, - 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, - 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, - 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, - 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, - 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, - 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, - 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, - 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, - 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, - 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, - 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, - 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, - 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, - 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, - 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, - 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, - 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, - 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, - 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, - 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, - 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, - 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, - 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, - 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, - 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, - 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, - 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, - 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, - 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, - 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, - 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, - 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, - 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, - 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, - 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, - 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, - 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, - 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, - 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, - 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, - 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, - 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, - 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, - 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, - 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, - 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, - 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, - 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, -}; -static const u32 Te3[256] = { - - 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, - 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, - 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, - 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, - 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, - 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, - 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, - 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, - 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, - 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, - 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, - 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, - 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, - 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, - 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, - 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, - 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, - 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, - 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, - 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, - 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, - 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, - 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, - 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, - 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, - 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, - 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, - 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, - 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, - 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, - 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, - 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, - 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, - 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, - 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, - 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, - 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, - 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, - 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, - 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, - 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, - 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, - 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, - 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, - 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, - 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, - 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, - 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, - 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, - 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, - 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, - 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, - 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, - 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, - 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, - 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, - 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, - 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, - 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, - 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, - 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, - 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, - 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, - 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, -}; -static const u32 Te4[256] = { - 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, - 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, - 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, - 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, - 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, - 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, - 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, - 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, - 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, - 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, - 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, - 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, - 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, - 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, - 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, - 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, - 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, - 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, - 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, - 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, - 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, - 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, - 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, - 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, - 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, - 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, - 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, - 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, - 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, - 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, - 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, - 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, - 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, - 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, - 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, - 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, - 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, - 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, - 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, - 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, - 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, - 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, - 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, - 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, - 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, - 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, - 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, - 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, - 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, - 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, - 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, - 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, - 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, - 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, - 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, - 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, - 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, - 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, - 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, - 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, - 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, - 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, - 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, - 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, -}; -static const u32 Td0[256] = { - 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, - 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, - 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, - 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, - 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, - 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, - 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, - 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, - 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, - 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, - 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, - 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, - 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, - 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, - 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, - 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, - 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, - 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, - 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, - 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, - 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, - 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, - 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, - 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, - 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, - 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, - 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, - 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, - 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, - 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, - 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, - 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, - 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, - 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, - 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, - 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, - 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, - 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, - 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, - 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, - 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, - 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, - 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, - 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, - 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, - 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, - 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, - 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, - 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, - 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, - 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, - 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, - 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, - 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, - 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, - 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, - 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, - 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, - 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, - 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, - 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, - 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, - 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, - 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, -}; -static const u32 Td1[256] = { - 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, - 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, - 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, - 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, - 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, - 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, - 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, - 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, - 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, - 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, - 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, - 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, - 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, - 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, - 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, - 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, - 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, - 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, - 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, - 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, - 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, - 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, - 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, - 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, - 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, - 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, - 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, - 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, - 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, - 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, - 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, - 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, - 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, - 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, - 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, - 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, - 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, - 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, - 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, - 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, - 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, - 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, - 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, - 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, - 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, - 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, - 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, - 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, - 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, - 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, - 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, - 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, - 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, - 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, - 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, - 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, - 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, - 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, - 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, - 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, - 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, - 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, - 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, - 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, -}; -static const u32 Td2[256] = { - 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, - 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, - 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, - 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, - 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, - 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, - 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, - 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, - 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, - 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, - 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, - 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, - 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, - 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, - 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, - 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, - 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, - 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, - 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, - 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, - - 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, - 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, - 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, - 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, - 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, - 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, - 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, - 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, - 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, - 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, - 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, - 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, - 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, - 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, - 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, - 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, - 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, - 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, - 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, - 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, - 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, - 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, - 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, - 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, - 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, - 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, - 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, - 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, - 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, - 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, - 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, - 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, - 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, - 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, - 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, - 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, - 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, - 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, - 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, - 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, - 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, - 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, - 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, - 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, -}; -static const u32 Td3[256] = { - 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, - 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, - 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, - 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, - 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, - 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, - 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, - 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, - 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, - 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, - 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, - 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, - 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, - 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, - 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, - 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, - 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, - 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, - 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, - 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, - 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, - 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, - 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, - 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, - 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, - 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, - 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, - 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, - 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, - 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, - 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, - 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, - 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, - 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, - 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, - 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, - 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, - 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, - 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, - 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, - 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, - 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, - 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, - 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, - 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, - 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, - 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, - 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, - 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, - 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, - 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, - 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, - 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, - 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, - 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, - 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, - 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, - 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, - 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, - 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, - 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, - 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, - 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, - 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, -}; -static const u32 Td4[256] = { - 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, - 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, - 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, - 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, - 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, - 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, - 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, - 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, - 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, - 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, - 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, - 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, - 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, - 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, - 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, - 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, - 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, - 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, - 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, - 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, - 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, - 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, - 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, - 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, - 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, - 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, - 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, - 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, - 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, - 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, - 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, - 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, - 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, - 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, - 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, - 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, - 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, - 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, - 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, - 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, - 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, - 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, - 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, - 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, - 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, - 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, - 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, - 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, - 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, - 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, - 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, - 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, - 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, - 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, - 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, - 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, - 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, - 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, - 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, - 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, - 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, - 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, - 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, - 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, -}; -static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) - -#ifdef _MSC_VER -#define GETU32(p) SWAP(*((u32 *)(p))) -#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -#else -#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } -#endif - -/** - * Expand the cipher key into the encryption key schedule. - * - * @return the number of rounds for the given cipher key size. - */ -int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int i = 0; - u32 temp; - - rk[0] = GETU32(cipherKey ); - rk[1] = GETU32(cipherKey + 4); - rk[2] = GETU32(cipherKey + 8); - rk[3] = GETU32(cipherKey + 12); - if (keyBits == 128) { - for (;;) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 10; - } - rk += 4; - } - } - rk[4] = GETU32(cipherKey + 16); - rk[5] = GETU32(cipherKey + 20); - if (keyBits == 192) { - for (;;) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 12; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(cipherKey + 24); - rk[7] = GETU32(cipherKey + 28); - if (keyBits == 256) { - for (;;) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 14; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] & 0xff000000) ^ - (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - - rk += 8; - } - } - return 0; -} - -/** - * Expand the cipher key into the decryption key schedule. - * - * @return the number of rounds for the given cipher key size. - */ -int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int Nr, i, j; - u32 temp; - - /* expand the cipher key: */ - Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); - /* invert the order of the round keys: */ - for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < Nr; i++) { - rk += 4; - rk[0] = - Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[0] ) & 0xff] & 0xff]; - rk[1] = - Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[1] ) & 0xff] & 0xff]; - rk[2] = - Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[2] ) & 0xff] & 0xff]; - rk[3] = - Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[3] ) & 0xff] & 0xff]; - } - return Nr; -} - -void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) { - u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL - int r; -#endif /* ?FULL_UNROLL */ - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(pt ) ^ rk[0]; - s1 = GETU32(pt + 4) ^ rk[1]; - s2 = GETU32(pt + 8) ^ rk[2]; - s3 = GETU32(pt + 12) ^ rk[3]; -#ifdef FULL_UNROLL - /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; - if (Nr > 10) { - /* round 10: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; - } - } - rk += Nr << 2; -#else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: - */ - r = Nr >> 1; - for (;;) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[4]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[5]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[6]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Te0[(t0 >> 24) ] ^ - Te1[(t1 >> 16) & 0xff] ^ - Te2[(t2 >> 8) & 0xff] ^ - Te3[(t3 ) & 0xff] ^ - rk[0]; - s1 = - Te0[(t1 >> 24) ] ^ - Te1[(t2 >> 16) & 0xff] ^ - Te2[(t3 >> 8) & 0xff] ^ - Te3[(t0 ) & 0xff] ^ - rk[1]; - s2 = - Te0[(t2 >> 24) ] ^ - Te1[(t3 >> 16) & 0xff] ^ - Te2[(t0 >> 8) & 0xff] ^ - Te3[(t1 ) & 0xff] ^ - rk[2]; - s3 = - Te0[(t3 >> 24) ] ^ - Te1[(t0 >> 16) & 0xff] ^ - Te2[(t1 >> 8) & 0xff] ^ - Te3[(t2 ) & 0xff] ^ - rk[3]; - } -#endif /* ?FULL_UNROLL */ - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Te4[(t0 >> 24) ] & 0xff000000) ^ - (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(ct , s0); - s1 = - (Te4[(t1 >> 24) ] & 0xff000000) ^ - (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(ct + 4, s1); - s2 = - (Te4[(t2 >> 24) ] & 0xff000000) ^ - (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(ct + 8, s2); - s3 = - (Te4[(t3 >> 24) ] & 0xff000000) ^ - (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(ct + 12, s3); -} - -void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) { - u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL - int r; -#endif /* ?FULL_UNROLL */ - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(ct ) ^ rk[0]; - s1 = GETU32(ct + 4) ^ rk[1]; - s2 = GETU32(ct + 8) ^ rk[2]; - s3 = GETU32(ct + 12) ^ rk[3]; -#ifdef FULL_UNROLL - /* round 1: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; - if (Nr > 10) { - /* round 10: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; - } - } - rk += Nr << 2; -#else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: - */ - r = Nr >> 1; - for (;;) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[4]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[5]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[6]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Td0[(t0 >> 24) ] ^ - Td1[(t3 >> 16) & 0xff] ^ - Td2[(t2 >> 8) & 0xff] ^ - Td3[(t1 ) & 0xff] ^ - rk[0]; - s1 = - Td0[(t1 >> 24) ] ^ - Td1[(t0 >> 16) & 0xff] ^ - Td2[(t3 >> 8) & 0xff] ^ - Td3[(t2 ) & 0xff] ^ - rk[1]; - s2 = - Td0[(t2 >> 24) ] ^ - Td1[(t1 >> 16) & 0xff] ^ - Td2[(t0 >> 8) & 0xff] ^ - Td3[(t3 ) & 0xff] ^ - rk[2]; - s3 = - Td0[(t3 >> 24) ] ^ - Td1[(t2 >> 16) & 0xff] ^ - Td2[(t1 >> 8) & 0xff] ^ - Td3[(t0 ) & 0xff] ^ - rk[3]; - } -#endif /* ?FULL_UNROLL */ - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(pt , s0); - s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(pt + 4, s1); - s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(pt + 8, s2); - s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(pt + 12, s3); -} - -#ifdef INTERMEDIATE_VALUE_KAT - -void rijndaelEncryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) { - int r; - u32 s0, s1, s2, s3, t0, t1, t2, t3; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(block ) ^ rk[0]; - s1 = GETU32(block + 4) ^ rk[1]; - s2 = GETU32(block + 8) ^ rk[2]; - s3 = GETU32(block + 12) ^ rk[3]; - rk += 4; - - /* - * Nr - 1 full rounds: - */ - for (r = (rounds < Nr ? rounds : Nr - 1); r > 0; r--) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[0]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[1]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[2]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[3]; - - s0 = t0; - s1 = t1; - s2 = t2; - s3 = t3; - rk += 4; - - } - - /* - * apply last round and - * map cipher state to byte array block: - */ - if (rounds == Nr) { - t0 = - (Te4[(s0 >> 24) ] & 0xff000000) ^ - (Te4[(s1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - t1 = - (Te4[(s1 >> 24) ] & 0xff000000) ^ - (Te4[(s2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - t2 = - (Te4[(s2 >> 24) ] & 0xff000000) ^ - (Te4[(s3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - t3 = - (Te4[(s3 >> 24) ] & 0xff000000) ^ - (Te4[(s0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - - s0 = t0; - s1 = t1; - s2 = t2; - s3 = t3; - } - - PUTU32(block , s0); - PUTU32(block + 4, s1); - PUTU32(block + 8, s2); - PUTU32(block + 12, s3); -} - -void rijndaelDecryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) { - int r; - u32 s0, s1, s2, s3, t0, t1, t2, t3; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(block ) ^ rk[0]; - s1 = GETU32(block + 4) ^ rk[1]; - s2 = GETU32(block + 8) ^ rk[2]; - s3 = GETU32(block + 12) ^ rk[3]; - rk += 4; - - /* - * Nr - 1 full rounds: - */ - for (r = (rounds < Nr ? rounds : Nr) - 1; r > 0; r--) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[0]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[1]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[2]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[3]; - - s0 = t0; - s1 = t1; - s2 = t2; - s3 = t3; - rk += 4; - - } - - /* - * complete the last round and - * map cipher state to byte array block: - */ - t0 = - (Td4[(s0 >> 24) ] & 0xff000000) ^ - (Td4[(s3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s1 ) & 0xff] & 0x000000ff); - t1 = - (Td4[(s1 >> 24) ] & 0xff000000) ^ - (Td4[(s0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s2 ) & 0xff] & 0x000000ff); - t2 = - (Td4[(s2 >> 24) ] & 0xff000000) ^ - (Td4[(s1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s3 ) & 0xff] & 0x000000ff); - t3 = - (Td4[(s3 >> 24) ] & 0xff000000) ^ - (Td4[(s2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s0 ) & 0xff] & 0x000000ff); - - if (rounds == Nr) { - t0 ^= rk[0]; - t1 ^= rk[1]; - t2 ^= rk[2]; - t3 ^= rk[3]; - } - - PUTU32(block , t0); - PUTU32(block + 4, t1); - PUTU32(block + 8, t2); - PUTU32(block + 12, t3); -} - -#endif /* INTERMEDIATE_VALUE_KAT */ diff --git a/crypto/rijndael/rd_fst.h b/crypto/rijndael/rd_fst.h deleted file mode 100755 index fcace29478..0000000000 --- a/crypto/rijndael/rd_fst.h +++ /dev/null @@ -1,42 +0,0 @@ -/** - * rijndael-alg-fst.h - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> - * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> - * @author Paulo Barreto <paulo.barreto@terra.com.br> - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef __RIJNDAEL_ALG_FST_H -#define __RIJNDAEL_ALG_FST_H - -#define MAXKC (256/32) -#define MAXKB (256/8) -#define MAXNR 14 - -typedef unsigned char u8; -typedef unsigned short u16; -typedef unsigned int u32; - -int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits); -int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits); -void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]); -void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]); - -#endif /* __RIJNDAEL_ALG_FST_H */ diff --git a/crypto/rijndael/rijndael.h b/crypto/rijndael/rijndael.h deleted file mode 100644 index 72edcc2942..0000000000 --- a/crypto/rijndael/rijndael.h +++ /dev/null @@ -1,7 +0,0 @@ -#include "openssl/rd_fst.h" - -typedef struct - { - u32 rd_key[4 *(MAXNR + 1)]; - int rounds; - } RIJNDAEL_KEY; diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 9b186f2da5..58b300b00b 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -108,7 +108,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) if (offset != 0) { size+=BUFSIZE; - if (!BUF_MEM_grow(buf,size)) goto err; + if (!BUF_MEM_grow_clean(buf,size)) goto err; } buf->data[offset]='\0'; BIO_gets(in,&(buf->data[offset]),size-offset); @@ -268,7 +268,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db) if (pp[j] != NULL) l+=strlen(pp[j]); } - if (!BUF_MEM_grow(buf,(int)(l*2+nn))) goto err; + if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err; p=buf->data; for (j=0; j<nn; j++) diff --git a/crypto/ui/Makefile.ssl b/crypto/ui/Makefile.ssl index ea16ea1cdb..256f536a68 100644 --- a/crypto/ui/Makefile.ssl +++ b/crypto/ui/Makefile.ssl @@ -95,13 +95,13 @@ ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ui_err.o: ../../include/openssl/ui.h ui_err.c -ui_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ui_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ui_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -ui_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_lib.c -ui_lib.o: ui_locl.h +ui_lib.o: ../../e_os.h ../../include/openssl/bio.h +ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 16946cad95..06d1c2ba93 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -62,6 +62,7 @@ #include <openssl/ui.h> #include <openssl/err.h> #include "ui_locl.h" +#include "cryptlib.h" IMPLEMENT_STACK_OF(UI_STRING_ST) @@ -831,8 +832,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) case UIT_PROMPT: case UIT_VERIFY: { - char number1[20]; - char number2[20]; + char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1]; + char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1]; BIO_snprintf(number1, sizeof(number1), "%d", uis->_.string_data.result_minsize); diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 7c1fc74ba0..f92d1b264a 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -221,7 +221,7 @@ # define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) #endif -#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) +#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS) # include <sys/ioctl.h> #endif @@ -241,6 +241,10 @@ struct IOSB { }; #endif +#ifdef OPENSSL_SYS_SUNOS + typedef int sig_atomic_t; +#endif + #if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) /* * This one needs work. As a matter of fact the code is unoperational diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 3ac3c5a4a4..39a9c4c0ab 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -503,10 +503,12 @@ typedef struct Netscape_certificate_sequence STACK_OF(X509) *certs; } NETSCAPE_CERT_SEQUENCE; +/* Unused (and iv length is wrong) typedef struct CBCParameter_st { unsigned char iv[8]; } CBC_PARAM; +*/ /* Password based encryption structure */ diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 2b5aa09ad9..9b28911409 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -82,13 +82,14 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) unsigned long ret=0; EVP_MD_CTX ctx; unsigned char md[16]; - char str[256]; + char *f; EVP_MD_CTX_init(&ctx); - X509_NAME_oneline(a->cert_info->issuer,str,256); - ret=strlen(str); + f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); + ret=strlen(f); EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); - EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); + EVP_DigestUpdate(&ctx,(unsigned char *)f,ret); + OPENSSL_free(f); EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, (unsigned long)a->cert_info->serialNumber->length); EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index e1cf01a9b4..e269df1373 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -113,7 +113,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method ret = i2v_GENERAL_NAME(method, desc->location, ret); if(!ret) break; vtmp = sk_CONF_VALUE_value(ret, i); - i2t_ASN1_OBJECT(objtmp, 80, desc->method); + i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); if(!ntmp) { X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 1f0db94776..a11243db8f 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -492,7 +492,7 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) i = -1; /* First supplied X509_NAME */ while((i = X509_NAME_get_index_by_NID(name, - NID_pkcs9_emailAddress, i)) > 0) { + NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(name, i); email = X509_NAME_ENTRY_get_data(ne); if(!append_ia5(&ret, email)) return NULL; diff --git a/demos/b64.c b/demos/b64.c index 113da89baf..efdd44457d 100644 --- a/demos/b64.c +++ b/demos/b64.c @@ -83,7 +83,6 @@ char **argv; unsigned char *buff=NULL,*bufsize=NULL; int bsize=BSIZE,verbose=0; int ret=1,inl; - unsigned char key[24],iv[MD5_DIGEST_LENGTH]; char *str=NULL; char *hkey=NULL,*hiv=NULL; int enc=1,printkey=0,i,base64=0; @@ -92,7 +91,6 @@ char **argv; char *inf=NULL,*outf=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 - char pname[PROG_NAME_SIZE+1]; apps_startup(); diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c index 933d6699ee..40cd4daad2 100644 --- a/demos/bio/saccept.c +++ b/demos/bio/saccept.c @@ -45,6 +45,11 @@ char *argv[]; SSL_load_error_strings(); +#ifdef WATT32 + dbug_init(); + sock_init(); +#endif + /* Add ciphers and message digests */ OpenSSL_add_ssl_algorithms(); diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c index 87b380b258..880344eb78 100644 --- a/demos/bio/sconnect.c +++ b/demos/bio/sconnect.c @@ -32,6 +32,11 @@ char *argv[]; else host=argv[1]; +#ifdef WATT32 + dbug_init(); + sock_init(); +#endif + /* Lets get nice error messages */ SSL_load_error_strings(); diff --git a/demos/engines/rsaref/Makefile b/demos/engines/rsaref/Makefile index 1364c13288..63b8c79d27 100644 --- a/demos/engines/rsaref/Makefile +++ b/demos/engines/rsaref/Makefile @@ -60,13 +60,13 @@ $(SHLIB).darwin: $(LIB) install/librsaref.a SHAREDFLAGS='-dynamiclib -install_name $(SHLIB)' \ SHAREDCMD='$(CC)'; \ $(LINK_SO) - touch $(SHLIB).gnu + touch $(SHLIB).darwin $(SHLIB).cygwin: $(LIB) install/librsaref.a ALLSYMSFLAGS='--whole-archive' \ SHAREDFLAGS='-shared -Wl,-Bsymbolic -Wl,--out-implib,$(LIBNAME).dll.a' \ SHAREDCMD='$(CC)'; \ $(LINK_SO) - touch $(SHLIB).gnu + touch $(SHLIB).cygwin $(SHLIB).gnu: $(LIB) install/librsaref.a ALLSYMSFLAGS='--whole-archive' \ SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \ diff --git a/demos/engines/rsaref/rsaref.c b/demos/engines/rsaref/rsaref.c index 36edf4d4b1..872811b8f7 100644 --- a/demos/engines/rsaref/rsaref.c +++ b/demos/engines/rsaref/rsaref.c @@ -96,21 +96,21 @@ static int rsaref_digest_nids[] = /***************************************************************************** * DES functions **/ -int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, +static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl); -int cipher_des_cbc_clean(EVP_CIPHER_CTX *); -int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, +static int cipher_des_cbc_clean(EVP_CIPHER_CTX *); +static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl); -int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *); -int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, +static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *); +static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl); -int cipher_desx_cbc_clean(EVP_CIPHER_CTX *); +static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *); /***************************************************************************** * Our DES ciphers @@ -403,7 +403,7 @@ static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned c if (!RSAref_Private_eay2ref(rsa,&RSAkey)) goto err; - if ((i=RSAPrivateDecrypt(to,&(unsigned int)outlen,(unsigned char *)from,len,&RSAkey)) != 0) + if ((i=RSAPrivateDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0) { RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i); outlen= -1; @@ -426,7 +426,7 @@ static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned c } if (!RSAref_Private_eay2ref(rsa,&RSAkey)) goto err; - if ((i=RSAPrivateEncrypt(to,&(unsigned int)outlen,(unsigned char *)from,len,&RSAkey)) != 0) + if ((i=RSAPrivateEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0) { RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i); outlen= -1; @@ -444,7 +444,7 @@ static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned ch if (!RSAref_Public_eay2ref(rsa,&RSAkey)) goto err; - if ((i=RSAPublicDecrypt(to,&(unsigned int)outlen,(unsigned char *)from,len,&RSAkey)) != 0) + if ((i=RSAPublicDecrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0) { RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i); outlen= -1; @@ -481,7 +481,7 @@ static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned ch if (!RSAref_Public_eay2ref(rsa,&RSAkey)) goto err; - if ((i=RSAPublicEncrypt(to,&(unsigned int)outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0) + if ((i=RSAPublicEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0) { RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i); outlen= -1; @@ -553,13 +553,13 @@ static int rsaref_digests(ENGINE *e, const EVP_MD **digest, **/ #undef data #define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data) -int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, +static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc); return 1; } -int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl); @@ -575,7 +575,7 @@ int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, } return !ret; } -int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx) +static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx) { memset(data(ctx), 0, ctx->cipher->ctx_size); return 1; @@ -583,14 +583,14 @@ int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx) #undef data #define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data) -int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, +static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc); return 1; } -int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl); @@ -606,7 +606,7 @@ int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, } return !ret; } -int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx) +static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx) { memset(data(ctx), 0, ctx->cipher->ctx_size); return 1; @@ -614,14 +614,14 @@ int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx) #undef data #define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data) -int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, +static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc); return 1; } -int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl); @@ -637,7 +637,7 @@ int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, } return !ret; } -int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx) +static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx) { memset(data(ctx), 0, ctx->cipher->ctx_size); return 1; diff --git a/demos/spkigen.c b/demos/spkigen.c index d87881197c..2cd5dfea97 100644 --- a/demos/spkigen.c +++ b/demos/spkigen.c @@ -65,7 +65,8 @@ char *argv[]; fprintf(stderr,"please enter challenge string:"); fflush(stderr); - fgets(buf,120,stdin); + buf[0]='\0'; + fgets(buf,sizeof buf,stdin); i=strlen(buf); if (i > 0) buf[--i]='\0'; if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge, diff --git a/doc/apps/asn1parse.pod b/doc/apps/asn1parse.pod index e76e9813ab..e3462aabf1 100644 --- a/doc/apps/asn1parse.pod +++ b/doc/apps/asn1parse.pod @@ -16,6 +16,8 @@ B<openssl> B<asn1parse> [B<-i>] [B<-oid filename>] [B<-strparse offset>] +[B<-genstr string>] +[B<-genconf file>] =head1 DESCRIPTION @@ -67,6 +69,14 @@ file is described in the NOTES section below. parse the contents octets of the ASN.1 object starting at B<offset>. This option can be used multiple times to "drill down" into a nested structure. +=item B<-genstr string>, B<-genconf file> + +generate encoded data based on B<string>, B<file> or both using +ASN1_generate_nconf() format. If B<file> only is present then the string +is obtained from the default section using the name B<asn1>. The encoded +data is passed through the ASN1 parser and printed out as though it came +from a file, the contents can thus be examined and written to a file +using the B<out> option. =back @@ -121,6 +131,38 @@ by white space. The final column is the rest of the line and is the C<1.2.3.4 shortName A long name> +=head1 EXAMPLES + +Parse a file: + + openssl asn1parse -in file.pem + +Parse a DER file: + + openssl asn1parse -inform DER -in file.der + +Generate a simple UTF8String: + + openssl asn1parse -genstr 'UTF8:Hello World' + +Generate and write out a UTF8String, don't print parsed output: + + openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der + +Generate using a config file: + + openssl asn1parse -genconf asn1.cnf -noout -out asn1.der + +Example config file: + + asn1=SEQUENCE:seq_sect + + [seq_sect] + + field1=BOOL:TRUE + field2=EXP:0, UTF8:some random string + + =head1 BUGS There should be options to change the format of input lines. The output of some diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index f50fe9c8ed..183cd475c8 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -517,18 +517,6 @@ A sample configuration file with the relevant sections for B<ca>: commonName = supplied emailAddress = optional -=head1 WARNINGS - -The B<ca> command is quirky and at times downright unfriendly. - -The B<ca> utility was originally meant as an example of how to do things -in a CA. It was not supposed to be used as a full blown CA itself: -nevertheless some people are using it for this purpose. - -The B<ca> command is effectively a single user command: no locking is -done on the various files and attempts to run more than one B<ca> command -on the same database can have unpredictable results. - =head1 FILES Note: the location of all files can change either by compile time options, @@ -593,6 +581,16 @@ create an empty file. =head1 WARNINGS +The B<ca> command is quirky and at times downright unfriendly. + +The B<ca> utility was originally meant as an example of how to do things +in a CA. It was not supposed to be used as a full blown CA itself: +nevertheless some people are using it for this purpose. + +The B<ca> command is effectively a single user command: no locking is +done on the various files and attempts to run more than one B<ca> command +on the same database can have unpredictable results. + The B<copy_extensions> option should be used with caution. If care is not taken then it can be a security risk. For example if a certificate request contains a basicConstraints extension with CA:TRUE and the diff --git a/doc/apps/speed.pod b/doc/apps/speed.pod index 8101851ec6..0dcdba873e 100644 --- a/doc/apps/speed.pod +++ b/doc/apps/speed.pod @@ -54,4 +54,6 @@ for all available algorithms. If any options are given, B<speed> tests those algorithms, otherwise all of the above are tested. +=back + =cut diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 0b53fb1cf8..029777b88a 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -103,7 +103,7 @@ this option has no effect: SHA1 is always used with DSA keys. =head1 DISPLAY OPTIONS Note: the B<-alias> and B<-purpose> options are also display options -but are described in the B<TRUST OPTIONS> section. +but are described in the B<TRUST SETTINGS> section. =over 4 @@ -152,7 +152,7 @@ outputs the issuer name. option which determines how the subject or issuer names are displayed. The B<option> argument can be a single option or multiple options separated by commas. Alternatively the B<-nameopt> switch may be used more than once to -set multiple options. See the B<NAME OPTIONS> section for more information. +set multiple options. See the B<SUBJECT AND ISSUER NAME OPTIONS> section for more information. =item B<-email> @@ -362,7 +362,7 @@ specified then the extensions should either be contained in the unnamed =back -=head1 NAME OPTIONS +=head1 SUBJECT AND ISSUER NAME OPTIONS The B<nameopt> command line switch determines how the subject and issuer names are displayed. If no B<nameopt> switch is present the default "oneline" diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod index c9af7e49b7..b4c89377f6 100644 --- a/doc/crypto/ASN1_generate_nconf.pod +++ b/doc/crypto/ASN1_generate_nconf.pod @@ -32,7 +32,7 @@ is: That is zero or more comma separated modifiers followed by a type followed by an optional colon and a value. The formats of B<type>, -B<value> and B<modifier> is explained below. +B<value> and B<modifier> are explained below. =head2 SUPPORTED TYPES @@ -45,7 +45,7 @@ only the B<ASCII> format is permissible. This encodes a boolean type. The B<value> string is mandatory and should be B<TRUE> or B<FALSE>. Additionally B<TRUE>, B<true>, B<Y>, -B<y>, B<YES>, B<yes>, B<FALSE> B<false>, B<N>, B<n>, B<NO> and B<no> +B<y>, B<YES>, B<yes>, B<FALSE>, B<false>, B<N>, B<n>, B<NO> and B<no> are acceptable. =item B<NULL> @@ -74,9 +74,9 @@ a short name, a long name or numerical format. Encodes an ASN1 B<UTCTime> structure, the value should be in the format B<YYMMDDHHMMSSZ>. -=item B<GENERALIZETIME>, B<GEN> +=item B<GENERALIZEDTIME>, B<GENTIME> -Encodes an ASN1 B<GeneralizeTime> structure, the value should be in +Encodes an ASN1 B<GeneralizedTime> structure, the value should be in the format B<YYYYMMDDHHMMSSZ>. =item B<OCTETSTRING>, B<OCT> @@ -106,10 +106,11 @@ contents of this structure. The format can be B<ASCII> or B<UTF8>. Formats the result as an ASN1 B<SEQUENCE> or B<SET> type. B<value> should be a section name which will contain the contents. The -field names are ignored and the values are in the generated -string format. If B<value> is absent the the content will be empty. +field names in the section are ignored and the values are in the +generated string format. If B<value> is absent then an empty SEQUENCE +will be encoded. -=cut +=back =head2 MODIFIERS @@ -135,10 +136,10 @@ the default is CONTEXT SPECIFIC. This is the same as B<EXPLICIT> except IMPLICIT tagging is used instead. -=item B<OCTWRAP>, B<SEQWRAP>, B<BITWRAP> +=item B<OCTWRAP>, B<SEQWRAP>, B<SETWRAP>, B<BITWRAP> -The following structure is surrounded by an OCTET STRING, a SEQUENCE -or a BIT STRING respectively. For a BIT STRING the number of unused +The following structure is surrounded by an OCTET STRING, a SEQUENCE, +a SET or a BIT STRING respectively. For a BIT STRING the number of unused bits is set to zero. =item B<FORMAT> @@ -151,7 +152,7 @@ then the value string must be a valid B<UTF8> string. For B<HEX> the output must be a set of hex digits. B<BITLIST> (which is only valid for a BIT STRING) is a comma separated list of set bits. -=cut +=back =head1 EXAMPLES diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index fc837f02bf..5e3c3d0985 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -50,10 +50,12 @@ d2i_X509_fp() is similar to d2i_X509() except it attempts to parse data from FILE pointer B<fp>. i2d_X509_bio() is similar to i2d_X509() except it writes -the encoding of the structure B<x> to BIO B<bp>. +the encoding of the structure B<x> to BIO B<bp> and it +returns 1 for success and 0 for failure. i2d_X509_fp() is similar to i2d_X509() except it writes -the encoding of the structure B<x> to BIO B<bp>. +the encoding of the structure B<x> to BIO B<bp> and it +returns 1 for success and 0 for failure. =head1 NOTES @@ -214,6 +216,9 @@ i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error +occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + =head1 SEE ALSO L<ERR_get_error(3)|ERR_get_error(3)> diff --git a/doc/openssl.txt b/doc/openssl.txt index 432a17b66c..37730b2cbd 100644 --- a/doc/openssl.txt +++ b/doc/openssl.txt @@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to use is defined by the extension code itself: check out the certificate policies extension for an example. -In addition it is also possible to use the word DER to include arbitrary -data in any extension. +There are two ways to encode arbitrary extensions. + +The first way is to use the word ASN1 followed by the extension content +using the same syntax as ASN1_generate_nconf(). For example: + +1.2.3.4=critical,ASN1:UTF8String:Some random data + +1.2.3.4=ASN1:SEQUENCE:seq_sect + +[seq_sect] + +field1 = UTF8:field1 +field2 = UTF8:field2 + +It is also possible to use the word DER to include arbitrary data in any +extension. 1.2.3.4=critical,DER:01:02:03:04 1.2.3.4=DER:01020304 @@ -336,16 +350,21 @@ Subject Alternative Name. The subject alternative name extension allows various literal values to be included in the configuration file. These include "email" (an email address) "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a -registered ID: OBJECT IDENTIFIER) and IP (and IP address). +registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName. Also the email option include a special 'copy' value. This will automatically include and email addresses contained in the certificate subject name in the extension. +otherName can include arbitrary data associated with an OID: the value +should be the OID followed by a semicolon and the content in standard +ASN1_generate_nconf() format. + Examples: subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ subjectAltName=email:my@other.address,RID:1.2.3.4 +subjectAltName=otherName:1.2.3.4;UTF8:some other identifier Issuer Alternative Name. diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 1471e0312e..3dc5358ef6 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -351,7 +351,7 @@ appropriate size (using ???) and return it. long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); -The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL +The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL session instead of a context. =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void)) @@ -154,6 +154,13 @@ extern "C" { #define readsocket(s,b,n) recv((s),(b),(n),0) #define writesocket(s,b,n) send((s),(b),(n),0) #define EADDRINUSE WSAEADDRINUSE +#elif defined(__DJGPP__) +#define WATT32 +#define get_last_socket_error() errno +#define clear_socket_error() errno=0 +#define closesocket(s) close_s(s) +#define readsocket(s,b,n) read_s(s,b,n) +#define writesocket(s,b,n) send(s,b,n,0) #elif defined(MAC_OS_pre_X) #define get_last_socket_error() errno #define clear_socket_error() errno=0 @@ -207,7 +214,7 @@ extern "C" { # define S_IFMT _S_IFMT # endif -# if !defined(WINNT) +# if !defined(WINNT) && !defined(__DJGPP__) # define NO_SYSLOG # endif # define NO_DIRENT @@ -344,7 +351,7 @@ extern "C" { /*************/ #ifdef USE_SOCKETS -# if (defined(WINDOWS) || defined(MSDOS)) && !defined(__DJGPP__) +# if defined(WINDOWS) || defined(MSDOS) /* windows world */ # ifdef OPENSSL_NO_SOCK @@ -352,13 +359,18 @@ extern "C" { # define SSLeay_Read(a,b,c) (-1) # define SHUTDOWN(fd) close(fd) # define SHUTDOWN2(fd) close(fd) -# else +# elif !defined(__DJGPP__) # include <winsock.h> extern HINSTANCE _hInstance; # define SSLeay_Write(a,b,c) send((a),(b),(c),0) # define SSLeay_Read(a,b,c) recv((a),(b),(c),0) # define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } # define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } +# else +# define SSLeay_Write(a,b,c) write_s(a,b,c,0) +# define SSLeay_Read(a,b,c) read_s(a,b,c) +# define SHUTDOWN(fd) close_s(fd) +# define SHUTDOWN2(fd) close_s(fd) # endif # elif defined(MAC_OS_pre_X) @@ -174,6 +174,9 @@ extern "C" { # define OPENSSL_SYS_MACOSX_RHAPSODY # define OPENSSL_SYS_MACOSX # endif +# ifdef OPENSSL_SYSNAME_SUNOS +# define OPENSSL_SYS_SUNOS +#endif # if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) # define OPENSSL_SYS_CRAY # endif diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c index 203a8a75e6..84de02df92 100644 --- a/engines/e_4758_cca.c +++ b/engines/e_4758_cca.c @@ -223,6 +223,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_4758_cca(void) { ENGINE *ret = ENGINE_new(); @@ -244,6 +245,7 @@ void ENGINE_load_4758cca(void) ENGINE_free(e_4758); ERR_clear_error(); } +#endif static int ibm_4758_cca_destroy(ENGINE *e) { diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 65339a0d68..9922189420 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -243,6 +243,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_atalla(void) { ENGINE *ret = ENGINE_new(); @@ -265,6 +266,7 @@ void ENGINE_load_atalla(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the Atalla library. NB: This is only set (or unset) during an diff --git a/engines/e_cswift.c b/engines/e_cswift.c index f3d3628366..ac4909857a 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -262,6 +262,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_cswift(void) { ENGINE *ret = ENGINE_new(); @@ -284,6 +285,7 @@ void ENGINE_load_cswift(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the CryptoSwift library. NB: This is only set (or unset) during an diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index f38a6a6b35..6126948ed1 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -372,6 +372,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_ncipher(void) { ENGINE *ret = ENGINE_new(); @@ -394,6 +395,7 @@ void ENGINE_load_chil(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the HWCryptoHook library. NB: This is only set (or unset) during an diff --git a/engines/e_nuron.c b/engines/e_nuron.c index d7960a9d95..88f29640ec 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -375,6 +375,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_nuron(void) { ENGINE *ret = ENGINE_new(); @@ -397,6 +398,7 @@ void ENGINE_load_nuron(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 35af495b71..c5d1f5829a 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -243,6 +243,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_ubsec(void) { ENGINE *ret = ENGINE_new(); @@ -265,6 +266,7 @@ void ENGINE_load_ubsec(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the UBSEC library. NB: This is only set (or unset) during an diff --git a/engines/makeengines.com b/engines/makeengines.com index 96fccbddf9..b2d191653d 100644 --- a/engines/makeengines.com +++ b/engines/makeengines.com @@ -369,7 +369,7 @@ $! $! Else, Check To See If OPT_PHASE Has A Valid Arguement. $! $ IF ("," + ACCEPT_PHASE + ",") - ("," + OPT_PHASE + ",") - - .EQS. ("," + ACCEPT_PHASE + ",") + .NES. ("," + ACCEPT_PHASE + ",") $ THEN $! $! A Valid Arguement. @@ -385,9 +385,11 @@ $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The option ",OPT_PHASE," is invalid. The valid options are:" $ WRITE SYS$OUTPUT "" -$ IF ("," + ACCEPT_PHASE + ",") - ",ALL," THEN - +$ IF ("," + ACCEPT_PHASE + ",") - ",ALL," - + .NES. ("," + ACCEPT_PHASE + ",") THEN - WRITE SYS$OUTPUT " ALL : just build everything." -$ IF ("," + ACCEPT_PHASE + ",") - ",ENGINES," THEN - +$ IF ("," + ACCEPT_PHASE + ",") - ",ENGINES," - + .NES. ("," + ACCEPT_PHASE + ",") THEN - WRITE SYS$OUTPUT " ENGINES : to compile just the [.xxx.EXE.ENGINES]*.EXE hareable images." $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " where 'xxx' stands for:" diff --git a/ms/testenc.bat b/ms/testenc.bat index e8917eeee2..4b99bd5895 100755 --- a/ms/testenc.bat +++ b/ms/testenc.bat @@ -1,6 +1,6 @@ -
+@echo off
echo start testenc
-echo=off
+
path=..\ms;%path%
set ssleay=%1%
set input=..\ms\testenc.bat
diff --git a/ms/testpem.bat b/ms/testpem.bat index 81e566b69b..005f13b67e 100755 --- a/ms/testpem.bat +++ b/ms/testpem.bat @@ -1,4 +1,4 @@ -echo=off
+@echo off
set ssleay=%1%
set tmp1=pem.out
set cmp=fc.exe
diff --git a/ms/testss.bat b/ms/testss.bat index d9ae625439..f7e58e2756 100755 --- a/ms/testss.bat +++ b/ms/testss.bat @@ -1,4 +1,4 @@ -echo on
+@echo off
rem set ssleay=..\out\ssleay
set ssleay=%1
diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index 6d5f9b8f8c..bca85c6abe 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -319,33 +319,33 @@ s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s2_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c s2_clnt.o: ssl_locl.h -s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s2_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h -s2_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h -s2_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h -s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -s2_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h -s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h -s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c -s2_enc.o: ssl_locl.h +s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h +s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s2_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h +s2_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h +s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s2_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s2_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h +s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h @@ -400,33 +400,33 @@ s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s2_meth.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c s2_meth.o: ssl_locl.h -s2_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s2_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s2_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h -s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h -s2_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h -s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -s2_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h -s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h -s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c -s2_pkt.o: ssl_locl.h +s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h +s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s2_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h +s2_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h +s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s2_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s2_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h +s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h @@ -808,34 +808,34 @@ ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssl_err2.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c -ssl_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ssl_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ssl_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h -ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h -ssl_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h -ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ssl_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h -ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h -ssl_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h -ssl_lib.o: ssl_lib.c ssl_locl.h +ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h +ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h +ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h +ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h +ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h +ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ssl_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ssl_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h +ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h diff --git a/ssl/kssl.c b/ssl/kssl.c index d3c7be7581..c294166b9d 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -783,24 +783,6 @@ char return ((string == NULL)? null: string); } -#define MAXKNUM 255 -char -*knumber(int len, krb5_octet *contents) - { - static char buf[MAXKNUM+1]; - int i; - - BIO_snprintf(buf, MAXKNUM, "[%d] ", len); - - for (i=0; i < len && MAXKNUM > strlen(buf)+3; i++) - { - BIO_snprintf(&buf[strlen(buf)], 3, "%02x", contents[i]); - } - - return (buf); - } - - /* Given KRB5 enctype (basically DES or 3DES), ** return closest match openssl EVP_ encryption algorithm. ** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes. @@ -2037,7 +2019,7 @@ krb5_error_code kssl_check_authent( } #endif enc = kssl_map_enc(enctype); - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ + memset(iv, 0, sizeof iv); /* per RFC 1510 */ if (enc == NULL) { diff --git a/ssl/kssl.h b/ssl/kssl.h index cf7ebdd168..0cfd219bf4 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -110,12 +110,13 @@ typedef unsigned char krb5_octet; #define KSSL_CLOCKSKEW 300; #endif +/* Unused #define KSSL_ERR_MAX 255 typedef struct kssl_err_st { int reason; char text[KSSL_ERR_MAX+1]; } KSSL_ERR; - +*/ /* Context for passing ** (1) Kerberos session key to SSL, and diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 99230890a9..ffaf3baff3 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -370,7 +370,7 @@ static int ssl23_get_server_hello(SSL *s) if (s->s3 != NULL) ssl3_free(s); - if (!BUF_MEM_grow(s->init_buf, + if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 442c95aa9b..c5404ca0bc 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -512,7 +512,7 @@ int ssl23_get_client_hello(SSL *s) if (s->s3 != NULL) ssl3_free(s); - if (!BUF_MEM_grow(s->init_buf, + if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { goto err; diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index be03e9c630..681bfad8f7 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -871,7 +871,7 @@ static int client_certificate(SSL *s) EVP_MD_CTX_init(&ctx); EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL); EVP_SignUpdate(&ctx,s->s2->key_material, - (unsigned int)s->s2->key_material_length); + s->s2->key_material_length); EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len); n=i2d_X509(s->session->sess_cert->peer_key->x509,&p); EVP_SignUpdate(&ctx,buf,(unsigned int)n); @@ -945,7 +945,7 @@ static int get_server_verify(SSL *s) s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */ p += 1; - if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0) + if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index 690252e3d3..d3b144f1c5 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -59,6 +59,7 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2 #include <stdio.h> +#include "cryptlib.h" int ssl2_enc_init(SSL *s, int client) { @@ -95,10 +96,12 @@ int ssl2_enc_init(SSL *s, int client) num=c->key_len; s->s2->key_material_length=num*2; + OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); if (ssl2_generate_key_material(s) <= 0) return 0; + OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg); EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 0cbbb066fd..096e38d316 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -454,6 +454,9 @@ int ssl2_generate_key_material(SSL *s) EVP_DigestInit_ex(&ctx, md5, NULL); + OPENSSL_assert(s->session->master_key_length >= 0 + && s->session->master_key_length + < sizeof s->session->master_key); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; @@ -492,9 +495,7 @@ void ssl2_write_error(SSL *s) error=s->error; /* number of bytes left to write */ s->error=0; - if (error < 0 || error > sizeof buf) /* can't happen */ - return; - + OPENSSL_assert(error >= 0 && error <= sizeof buf); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index cf0aee2bd6..d82f137613 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -113,6 +113,7 @@ #ifndef OPENSSL_NO_SSL2 #include <stdio.h> #include <errno.h> +#include "cryptlib.h" #define USE_SOCKETS static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); @@ -247,6 +248,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) else { mac_size=EVP_MD_size(s->read_hash); + OPENSSL_assert(mac_size <= MAX_MAC_SIZE); s->s2->mac_data=p; s->s2->ract_data= &p[mac_size]; if (s->s2->padding + mac_size > s->s2->rlength) diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 2efc14bc1a..62859a2d95 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -876,7 +876,7 @@ static int get_client_finished(SSL *s) if (s->msg_callback) s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */ p += 1; - if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0) + if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT); @@ -1076,7 +1076,7 @@ static int request_certificate(SSL *s) EVP_MD_CTX_init(&ctx); EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL); EVP_VerifyUpdate(&ctx,s->s2->key_material, - (unsigned int)s->s2->key_material_length); + s->s2->key_material_length); EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 805c6eecdd..a17b87273a 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -275,7 +275,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) /* TLSv1 sends a chain with nothing in it, instead of an alert */ buf=s->init_buf; - if (!BUF_MEM_grow(buf,(int)(10))) + if (!BUF_MEM_grow_clean(buf,10)) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); @@ -291,7 +291,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) for (;;) { n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) + if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); @@ -321,7 +321,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) { x=sk_X509_value(s->ctx->extra_certs,i); n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) + if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); @@ -444,7 +444,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } - if (l && !BUF_MEM_grow(s->init_buf,(int)l+4)) + if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) { SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); goto err; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1a2cb7cd10..5e5a409ed2 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -671,6 +671,7 @@ static int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } + if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) { @@ -1619,16 +1620,16 @@ static int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0]=s->client_version>>8; tmp_buf[1]=s->client_version&0xff; - if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) + if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) goto err; - s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; + s->session->master_key_length=sizeof tmp_buf; q=p; /* Fix buf for TLS and beyond */ if (s->version > SSL3_VERSION) p+=2; - n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH, + n=RSA_public_encrypt(sizeof tmp_buf, tmp_buf,p,rsa,RSA_PKCS1_PADDING); #ifdef PKCS1_CHECK if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; @@ -1650,8 +1651,8 @@ static int ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); - memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); + tmp_buf,sizeof tmp_buf); + memset(tmp_buf,0,sizeof tmp_buf); } #endif #ifndef OPENSSL_NO_KRB5 @@ -1747,7 +1748,7 @@ static int ssl3_send_client_key_exchange(SSL *s) n+=2; } - if (RAND_bytes(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH) <= 0) + if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) goto err; /* 20010420 VRS. Tried it this way; failed. @@ -1757,11 +1758,11 @@ static int ssl3_send_client_key_exchange(SSL *s) ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); */ - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ + memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, kssl_ctx->key,iv); EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, - SSL_MAX_MASTER_KEY_LENGTH); + sizeof tmp_buf); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; if (outl > sizeof epms) @@ -1780,9 +1781,9 @@ static int ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - tmp_buf, SSL_MAX_MASTER_KEY_LENGTH); + tmp_buf, sizeof tmp_buf); - memset(tmp_buf, 0, SSL_MAX_MASTER_KEY_LENGTH); + memset(tmp_buf, 0, sizeof tmp_buf); memset(epms, 0, outl); } #endif diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 888a9a2868..cec8fcd376 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -192,7 +192,7 @@ int ssl3_change_cipher_state(SSL *s, int which) { unsigned char *p,*key_block,*mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; - unsigned char exp_iv[EVP_MAX_KEY_LENGTH]; + unsigned char exp_iv[EVP_MAX_IV_LENGTH]; unsigned char *ms,*key,*iv,*er1,*er2; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ac555c1f80..043eb02d55 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1349,7 +1349,7 @@ static int ssl3_send_server_key_exchange(SSL *s) kn=0; } - if (!BUF_MEM_grow(buf,n+4+kn)) + if (!BUF_MEM_grow_clean(buf,n+4+kn)) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF); goto err; @@ -1522,7 +1522,7 @@ static int ssl3_send_certificate_request(SSL *s) { name=sk_X509_NAME_value(sk,i); j=i2d_X509_NAME(name,NULL); - if (!BUF_MEM_grow(buf,4+n+j+2)) + if (!BUF_MEM_grow_clean(buf,4+n+j+2)) { SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB); goto err; @@ -1883,7 +1883,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if (enc == NULL) goto err; - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ + memset(iv, 0, sizeof iv); /* per RFC 1510 */ if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv)) { @@ -1729,6 +1729,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +#define SSL_R_MASTER_KEY_TOO_LONG 1112 #define SSL_R_MESSAGE_TOO_LONG 1111 #define SSL_R_MISSING_DH_DSA_CERT 162 #define SSL_R_MISSING_DH_KEY 163 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 3723fc2e37..16bc11b559 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -299,6 +299,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, os.length = sizeof ret->session_id; ret->session_id_length=os.length; + OPENSSL_assert(os.length <= sizeof ret->session_id); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); @@ -370,9 +371,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, if(os.data != NULL) { if (os.length > SSL_MAX_SID_CTX_LENGTH) + { + ret->sid_ctx_length=os.length; SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); - ret->sid_ctx_length=os.length; - memcpy(ret->sid_ctx,os.data,os.length); + } + else + { + ret->sid_ctx_length=os.length; + memcpy(ret->sid_ctx,os.data,os.length); + } OPENSSL_free(os.data); os.data=NULL; os.length=0; } else diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 18aea72f13..f891e74f88 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -300,6 +300,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, {SSL_R_LIBRARY_BUG ,"library bug"}, {SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, +{SSL_R_MASTER_KEY_TOO_LONG ,"master key too long"}, {SSL_R_MESSAGE_TOO_LONG ,"message too long"}, {SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, {SSL_R_MISSING_DH_KEY ,"missing dh key"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 851155e04e..f4112678f8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -125,6 +125,7 @@ #include <openssl/objects.h> #include <openssl/lhash.h> #include <openssl/x509v3.h> +#include "cryptlib.h" const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -277,6 +278,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_mode=ctx->verify_mode; s->verify_depth=ctx->verify_depth; s->sid_ctx_length=ctx->sid_ctx_length; + OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); s->verify_callback=ctx->default_verify_callback; s->generate_session_id=ctx->generate_session_id; @@ -318,7 +320,7 @@ err: int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) + if(sid_ctx_len > sizeof ctx->sid_ctx) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -368,6 +370,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * any new session built out of this id/id_len and the ssl_version in * use by this SSL. */ SSL_SESSION r, *p; + + if(id_len > sizeof r.session_id) + return 0; + r.ssl_version = ssl->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 2a4a90897e..a969d8fdce 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -528,9 +528,9 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); - memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); - memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); + memset(ss->key_arg,0,sizeof ss->key_arg); + memset(ss->master_key,0,sizeof ss->master_key); + memset(ss->session_id,0,sizeof ss->session_id); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index e36af0eb94..b5ce44b47c 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -258,7 +258,7 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) { int status, length, link_state; struct rpc_msg msg; - static char cbuf[200],sbuf[200]; + SSL *s_ssl=NULL; BIO *c_to_s=NULL; BIO *s_to_c=NULL; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 84b96e49ed..3718c1389d 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -754,10 +754,16 @@ bad: #ifndef OPENSSL_NO_KRB5 if (c_ssl && c_ssl->kssl_ctx) { - char localhost[257]; + char localhost[MAXHOSTNAMELEN+2]; - if (gethostname(localhost, 256) == 0) + if (gethostname(localhost, sizeof localhost-1) == 0) { + localhost[sizeof localhost-1]='\0'; + if(strlen(localhost) == sizeof localhost-1) + { + BIO_printf(bio_err,"localhost name too long\n"); + got end; + } kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost); } @@ -1518,7 +1524,8 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) { char *s,buf[256]; - s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256); + s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf, + sizeof buf); if (s != NULL) { if (ok) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0b512aa70a..872c629989 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -124,7 +124,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; - unsigned char A1[HMAC_MAX_MD_CBLOCK]; + unsigned char A1[EVP_MAX_MD_SIZE]; unsigned int A1_len; chunk=EVP_MD_size(md); @@ -683,10 +683,10 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf), s->session->master_key,s->session->master_key_length, - out,buf2,12); + out,buf2,sizeof buf2); EVP_MD_CTX_cleanup(&ctx); - return((int)12); + return sizeof buf2; } int tls1_mac(SSL *ssl, unsigned char *md, int send) @@ -773,7 +773,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s->s3->server_random,SSL3_RANDOM_SIZE); tls1_PRF(s->ctx->md5,s->ctx->sha1, buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, - s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE); + s->session->master_key,buff,sizeof buff); #ifdef KSSL_DEBUG printf ("tls1_generate_master_secret() complete\n"); #endif /* KSSL_DEBUG */ diff --git a/test/Makefile.ssl b/test/Makefile.ssl index f6fe2bb727..71fa0eb83e 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -598,11 +598,11 @@ ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ectest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ectest.o: ../include/openssl/engine.h ../include/openssl/err.h ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ectest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ectest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h -ectest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ectest.o: ../include/openssl/ui.h ectest.c +ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h diff --git a/util/cygwin.sh b/util/cygwin.sh index b607399b02..930f766b4f 100755 --- a/util/cygwin.sh +++ b/util/cygwin.sh @@ -96,6 +96,8 @@ fi get_openssl_version +make depend || exit 1 + make || exit 1 base_install diff --git a/util/libeay.num b/util/libeay.num index 5edc1bc514..8014a3d79d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -980,7 +980,7 @@ BN_mul_word 999 EXIST::FUNCTION: BN_sub_word 1000 EXIST::FUNCTION: BN_dec2bn 1001 EXIST::FUNCTION: BN_bn2dec 1002 EXIST::FUNCTION: -BIO_ghbn_ctrl 1003 EXIST::FUNCTION: +BIO_ghbn_ctrl 1003 NOEXIST::FUNCTION: CRYPTO_free_ex_data 1004 EXIST::FUNCTION: CRYPTO_get_ex_data 1005 EXIST::FUNCTION: CRYPTO_set_ex_data 1007 EXIST::FUNCTION: @@ -2794,178 +2794,186 @@ d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO ENGINE_up_ref 3238 EXIST::FUNCTION: -BN_get0_nist_prime_384 3239 EXIST::FUNCTION: -ENGINE_register_ECDSA 3240 EXIST::FUNCTION: -BN_nist_mod_192 3241 EXIST::FUNCTION: -EC_GROUP_get_trinomial_basis 3242 EXIST::FUNCTION:EC -ECDH_get_default_method 3243 EXIST::FUNCTION:ECDH -PKCS12_add_safe 3244 EXIST::FUNCTION: -ENGINE_register_ECDH 3245 EXIST::FUNCTION: -i2d_ECPrivateKey 3246 EXIST::FUNCTION:EC -BN_get0_nist_prime_192 3247 EXIST::FUNCTION: -EC_POINT_set_affine_coordinates_GF2m 3248 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_affine_coords_GF2m 3248 EXIST:VMS:FUNCTION:EC -BN_GF2m_mod_exp_arr 3249 EXIST::FUNCTION: -X509_keyid_get0 3250 EXIST::FUNCTION: -EC_GROUP_new_by_nid 3251 EXIST::FUNCTION:EC -BN_GF2m_mod_mul_arr 3252 EXIST::FUNCTION: -EC_KEY_copy 3253 EXIST::FUNCTION:EC -EC_GROUP_check_discriminant 3254 EXIST::FUNCTION:EC -EC_POINT_point2bn 3255 EXIST::FUNCTION:EC -EC_GROUP_new_curve_GF2m 3256 EXIST::FUNCTION:EC -EVP_PKEY_get1_EC_KEY 3257 EXIST::FUNCTION:EC -ENGINE_get_default_ECDH 3258 EXIST::FUNCTION: -ASN1_OCTET_STRING_NDEF_it 3259 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OCTET_STRING_NDEF_it 3259 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_static_state 3260 EXIST::FUNCTION: -ECDSA_SIG_new 3261 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_sqr 3262 EXIST::FUNCTION: -EC_POINT_bn2point 3263 EXIST::FUNCTION:EC -EC_GROUP_get_point_conversion_form 3264 EXIST:!VMS:FUNCTION:EC -EC_GROUP_get_point_conv_form 3264 EXIST:VMS:FUNCTION:EC -PEM_read_bio_ECPKParameters 3265 EXIST::FUNCTION:EC -EC_GROUP_get_pentanomial_basis 3266 EXIST::FUNCTION:EC -EC_GROUP_get_nid 3267 EXIST::FUNCTION:EC -ECDSA_sign_setup 3268 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_solve_quad_arr 3269 EXIST::FUNCTION: -EC_KEY_up_ref 3270 EXIST::FUNCTION:EC -BN_GF2m_mod_div 3271 EXIST::FUNCTION: -EC_KEY_free 3272 EXIST::FUNCTION:EC -PEM_write_bio_ECPrivateKey 3273 EXIST::FUNCTION:EC -d2i_EC_PUBKEY 3274 EXIST::FUNCTION:EC -EC_KEY_print_fp 3275 EXIST::FUNCTION:EC,FP_API -BN_GF2m_mod_arr 3276 EXIST::FUNCTION: -ECDH_get_ex_data 3277 EXIST::FUNCTION:ECDH -ECDSA_do_sign 3278 EXIST::FUNCTION:ECDSA -ENGINE_unregister_ECDH 3279 EXIST::FUNCTION: -ECDH_OpenSSL 3280 EXIST::FUNCTION:ECDH -EC_POINT_dup 3281 EXIST::FUNCTION:EC -EC_get_builtin_curves 3282 EXIST::FUNCTION:EC -EVP_PKEY_set1_EC_KEY 3283 EXIST::FUNCTION:EC -BN_GF2m_mod_sqrt_arr 3284 EXIST::FUNCTION: -i2d_ECPrivateKey_bio 3285 EXIST::FUNCTION:BIO,EC -ECPKParameters_print_fp 3286 EXIST::FUNCTION:EC,FP_API -ECDSA_SIG_free 3287 EXIST::FUNCTION:ECDSA -PEM_write_bio_ECPKParameters 3288 EXIST::FUNCTION:EC -EC_GROUP_set_nid 3289 EXIST::FUNCTION:EC -PKCS12_add_safes 3290 EXIST::FUNCTION: -BN_GF2m_poly2arr 3291 EXIST::FUNCTION: -BN_get0_nist_prime_224 3292 EXIST::FUNCTION: -i2d_ECParameters 3293 EXIST::FUNCTION:EC -i2d_ECPKParameters 3294 EXIST::FUNCTION:EC -BN_ncopy 3295 EXIST::FUNCTION: -d2i_ECPKParameters 3296 EXIST::FUNCTION:EC -ENGINE_set_ECDH 3297 EXIST::FUNCTION: -PEM_write_bio_EC_PUBKEY 3298 EXIST::FUNCTION:EC -ECParameters_print 3299 EXIST::FUNCTION:BIO,EC -BN_GF2m_mod_mul 3300 EXIST::FUNCTION: -EC_GROUP_set_seed 3301 EXIST::FUNCTION:EC -EC_GROUP_get_curve_GF2m 3302 EXIST::FUNCTION:EC -ECPublicKey_set_octet_string 3303 EXIST::FUNCTION:EC -ECDSA_get_ex_data 3304 EXIST::FUNCTION:ECDSA -BN_GF2m_mod 3305 EXIST::FUNCTION: -EC_GROUP_get_seed_len 3306 EXIST::FUNCTION:EC -PEM_read_bio_EC_PUBKEY 3307 EXIST::FUNCTION:EC -i2d_EC_PUBKEY 3308 EXIST::FUNCTION:EC -ECDSA_get_default_method 3309 EXIST::FUNCTION:ECDSA -ASN1_put_eoc 3310 EXIST::FUNCTION: -ECDSA_DATA_free 3311 EXIST::FUNCTION:ECDSA -EC_METHOD_get_field_type 3312 EXIST::FUNCTION:EC -EC_GFp_nist_method 3313 EXIST::FUNCTION:EC -BN_GF2m_mod_sqr_arr 3314 EXIST::FUNCTION: -EC_GROUP_set_curve_GF2m 3315 EXIST::FUNCTION:EC -ENGINE_set_default_ECDSA 3316 EXIST::FUNCTION: -BN_GF2m_mod_sqrt 3317 EXIST::FUNCTION: -ECDH_set_default_method 3318 EXIST::FUNCTION:ECDH -EC_KEY_generate_key 3319 EXIST::FUNCTION:EC -BN_GF2m_arr2poly 3320 EXIST::FUNCTION: -ECPublicKey_get_octet_string 3321 EXIST::FUNCTION:EC -EC_GROUP_check 3322 EXIST::FUNCTION:EC -d2i_ECPrivateKey_bio 3323 EXIST::FUNCTION:BIO,EC -d2i_ECPrivateKey 3324 EXIST::FUNCTION:EC -ASN1_item_ndef_i2d 3325 EXIST::FUNCTION: -i2d_PKCS7_NDEF 3326 EXIST::FUNCTION: -EC_GROUP_get_degree 3327 EXIST::FUNCTION:EC -BN_GF2m_add 3328 EXIST::FUNCTION: -BN_nist_mod_224 3329 EXIST::FUNCTION: -i2d_EC_PUBKEY_bio 3330 EXIST::FUNCTION:BIO,EC -EC_GROUP_get_asn1_flag 3331 EXIST::FUNCTION:EC -ECDH_get_ex_new_index 3332 EXIST::FUNCTION:ECDH -ECDH_size 3333 EXIST::FUNCTION:ECDH -BN_GF2m_mod_inv 3334 EXIST::FUNCTION: -BN_GF2m_mod_exp 3335 EXIST::FUNCTION: -EC_GROUP_get0_seed 3336 EXIST::FUNCTION:EC -ecdsa_check 3337 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_div_arr 3338 EXIST::FUNCTION: -ENGINE_set_ECDSA 3339 EXIST::FUNCTION: -ECPKParameters_print 3340 EXIST::FUNCTION:BIO,EC -PEM_write_EC_PUBKEY 3341 EXIST:!WIN16:FUNCTION:EC -ECDH_set_method 3342 EXIST::FUNCTION:ECDH -ECDH_set_ex_data 3343 EXIST::FUNCTION:ECDH -BN_nist_mod_521 3344 EXIST::FUNCTION: -EC_GROUP_set_point_conversion_form 3345 EXIST:!VMS:FUNCTION:EC -EC_GROUP_set_point_conv_form 3345 EXIST:VMS:FUNCTION:EC -PEM_read_EC_PUBKEY 3346 EXIST:!WIN16:FUNCTION:EC -i2d_ECDSA_SIG 3347 EXIST::FUNCTION:ECDSA -ECDSA_OpenSSL 3348 EXIST::FUNCTION:ECDSA -ECDSA_set_default_method 3349 EXIST::FUNCTION:ECDSA -EC_POINT_set_compressed_coordinates_GF2m 3350 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_compr_coords_GF2m 3350 EXIST:VMS:FUNCTION:EC -ECDH_DATA_new_method 3351 EXIST::FUNCTION:ECDH -BN_get0_nist_prime_256 3352 EXIST::FUNCTION: -PEM_read_ECPrivateKey 3353 EXIST:!WIN16:FUNCTION:EC -ERR_load_ECDSA_strings 3354 EXIST::FUNCTION:ECDSA -EC_GROUP_get_basis_type 3355 EXIST::FUNCTION:EC -ECDH_DATA_new 3356 EXIST::FUNCTION:ECDH -BN_nist_mod_384 3357 EXIST::FUNCTION: -PEM_write_ECPKParameters 3358 EXIST:!WIN16:FUNCTION:EC -ECDH_compute_key 3359 EXIST::FUNCTION:ECDH -ENGINE_register_all_ECDH 3360 EXIST::FUNCTION: -BN_GF2m_mod_solve_quad 3361 EXIST::FUNCTION: -i2d_ECPrivateKey_fp 3362 EXIST::FUNCTION:EC,FP_API -ENGINE_register_all_ECDSA 3363 EXIST::FUNCTION: -EC_POINT_get_affine_coordinates_GF2m 3364 EXIST:!VMS:FUNCTION:EC -EC_POINT_get_affine_coords_GF2m 3364 EXIST:VMS:FUNCTION:EC -EC_GROUP_dup 3365 EXIST::FUNCTION:EC -ENGINE_get_default_ECDSA 3366 EXIST::FUNCTION: -EC_KEY_new 3367 EXIST::FUNCTION:EC -ECDSA_verify 3368 EXIST::FUNCTION:ECDSA -EC_POINT_point2hex 3369 EXIST::FUNCTION:EC -ECDSA_do_verify 3370 EXIST::FUNCTION:ECDSA -d2i_ECPrivateKey_fp 3371 EXIST::FUNCTION:EC,FP_API -PEM_write_ECPrivateKey 3372 EXIST:!WIN16:FUNCTION:EC -PEM_read_ECPKParameters 3373 EXIST:!WIN16:FUNCTION:EC -ECParameters_print_fp 3374 EXIST::FUNCTION:EC,FP_API -ECDH_DATA_free 3375 EXIST::FUNCTION:ECDH -i2d_EC_PUBKEY_fp 3376 EXIST::FUNCTION:EC,FP_API -BN_nist_mod_256 3377 EXIST::FUNCTION: -ECDSA_DATA_new 3378 EXIST::FUNCTION:ECDSA -ECDSA_size 3379 EXIST::FUNCTION:ECDSA -d2i_EC_PUBKEY_bio 3380 EXIST::FUNCTION:BIO,EC -BN_get0_nist_prime_521 3381 EXIST::FUNCTION: -PEM_read_bio_ECPrivateKey 3382 EXIST::FUNCTION:EC -ENGINE_get_ECDH 3383 EXIST::FUNCTION: -d2i_ECDSA_SIG 3384 EXIST::FUNCTION:ECDSA -ECDSA_sign 3385 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3386 EXIST::FUNCTION: -EVP_ecdsa 3387 EXIST::FUNCTION:SHA -PKCS12_add_cert 3388 EXIST::FUNCTION: -ERR_load_ECDH_strings 3389 EXIST::FUNCTION:ECDH -EC_KEY_dup 3390 EXIST::FUNCTION:EC -ECDSA_set_method 3391 EXIST::FUNCTION:ECDSA -d2i_ECParameters 3392 EXIST::FUNCTION:EC -EC_GF2m_simple_method 3393 EXIST::FUNCTION:EC -ECDSA_set_ex_data 3394 EXIST::FUNCTION:ECDSA -EC_KEY_print 3395 EXIST::FUNCTION:BIO,EC -ECDSA_get_ex_new_index 3396 EXIST::FUNCTION:ECDSA -EC_GROUP_set_asn1_flag 3397 EXIST::FUNCTION:EC -EC_KEY_check_key 3398 EXIST::FUNCTION:EC -d2i_EC_PUBKEY_fp 3399 EXIST::FUNCTION:EC,FP_API -ecdh_check 3400 EXIST::FUNCTION:ECDH -ECDSA_DATA_new_method 3401 EXIST::FUNCTION:ECDSA -ENGINE_set_default_ECDH 3402 EXIST::FUNCTION: -PKCS12_add_key 3403 EXIST::FUNCTION: -DSO_merge 3404 EXIST::FUNCTION: -EC_POINT_hex2point 3405 EXIST::FUNCTION:EC -BN_GF2m_mod_inv_arr 3406 EXIST::FUNCTION: -ENGINE_unregister_ECDSA 3407 EXIST::FUNCTION: +BUF_MEM_grow_clean 3239 EXIST::FUNCTION: +CRYPTO_realloc_clean 3240 EXIST::FUNCTION: +BUF_strlcat 3241 EXIST::FUNCTION: +BIO_indent 3242 EXIST::FUNCTION: +BUF_strlcpy 3243 EXIST::FUNCTION: +OpenSSLDie 3244 EXIST::FUNCTION: +BN_get0_nist_prime_384 3245 EXIST::FUNCTION: +ENGINE_register_ECDSA 3246 EXIST::FUNCTION: +BN_nist_mod_192 3247 EXIST::FUNCTION: +EC_GROUP_get_trinomial_basis 3248 EXIST::FUNCTION:EC +ECDH_get_default_method 3249 EXIST::FUNCTION:ECDH +PKCS12_add_safe 3250 EXIST::FUNCTION: +ENGINE_register_ECDH 3251 EXIST::FUNCTION: +i2d_ECPrivateKey 3252 EXIST::FUNCTION:EC +BN_get0_nist_prime_192 3253 EXIST::FUNCTION: +EC_POINT_set_affine_coordinates_GF2m 3254 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_affine_coords_GF2m 3254 EXIST:VMS:FUNCTION:EC +BN_GF2m_mod_exp_arr 3255 EXIST::FUNCTION: +X509_keyid_get0 3256 EXIST::FUNCTION: +EC_GROUP_new_by_nid 3257 EXIST::FUNCTION:EC +BN_GF2m_mod_mul_arr 3258 EXIST::FUNCTION: +EC_KEY_copy 3259 EXIST::FUNCTION:EC +EC_GROUP_check_discriminant 3260 EXIST::FUNCTION:EC +EC_POINT_point2bn 3261 EXIST::FUNCTION:EC +EC_GROUP_new_curve_GF2m 3262 EXIST::FUNCTION:EC +EVP_PKEY_get1_EC_KEY 3263 EXIST::FUNCTION:EC +ENGINE_get_default_ECDH 3264 EXIST::FUNCTION: +ASN1_OCTET_STRING_NDEF_it 3265 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_OCTET_STRING_NDEF_it 3265 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ENGINE_get_static_state 3266 EXIST::FUNCTION: +ECDSA_SIG_new 3267 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_sqr 3268 EXIST::FUNCTION: +EC_POINT_bn2point 3269 EXIST::FUNCTION:EC +EC_GROUP_get_point_conversion_form 3270 EXIST:!VMS:FUNCTION:EC +EC_GROUP_get_point_conv_form 3270 EXIST:VMS:FUNCTION:EC +PEM_read_bio_ECPKParameters 3271 EXIST::FUNCTION:EC +EC_GROUP_get_pentanomial_basis 3272 EXIST::FUNCTION:EC +EC_GROUP_get_nid 3273 EXIST::FUNCTION:EC +ECDSA_sign_setup 3274 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_solve_quad_arr 3275 EXIST::FUNCTION: +EC_KEY_up_ref 3276 EXIST::FUNCTION:EC +BN_GF2m_mod_div 3277 EXIST::FUNCTION: +EC_KEY_free 3278 EXIST::FUNCTION:EC +PEM_write_bio_ECPrivateKey 3279 EXIST::FUNCTION:EC +d2i_EC_PUBKEY 3280 EXIST::FUNCTION:EC +EC_KEY_print_fp 3281 EXIST::FUNCTION:EC,FP_API +BN_GF2m_mod_arr 3282 EXIST::FUNCTION: +ECDH_get_ex_data 3283 EXIST::FUNCTION:ECDH +ECDSA_do_sign 3284 EXIST::FUNCTION:ECDSA +ENGINE_unregister_ECDH 3285 EXIST::FUNCTION: +ECDH_OpenSSL 3286 EXIST::FUNCTION:ECDH +EC_POINT_dup 3287 EXIST::FUNCTION:EC +EC_get_builtin_curves 3288 EXIST::FUNCTION:EC +EVP_PKEY_set1_EC_KEY 3289 EXIST::FUNCTION:EC +BN_GF2m_mod_sqrt_arr 3290 EXIST::FUNCTION: +i2d_ECPrivateKey_bio 3291 EXIST::FUNCTION:BIO,EC +ECPKParameters_print_fp 3292 EXIST::FUNCTION:EC,FP_API +ECDSA_SIG_free 3293 EXIST::FUNCTION:ECDSA +PEM_write_bio_ECPKParameters 3294 EXIST::FUNCTION:EC +EC_GROUP_set_nid 3295 EXIST::FUNCTION:EC +PKCS12_add_safes 3296 EXIST::FUNCTION: +BN_GF2m_poly2arr 3297 EXIST::FUNCTION: +BN_get0_nist_prime_224 3298 EXIST::FUNCTION: +i2d_ECParameters 3299 EXIST::FUNCTION:EC +i2d_ECPKParameters 3300 EXIST::FUNCTION:EC +BN_ncopy 3301 EXIST::FUNCTION: +d2i_ECPKParameters 3302 EXIST::FUNCTION:EC +ENGINE_set_ECDH 3303 EXIST::FUNCTION: +PEM_write_bio_EC_PUBKEY 3304 EXIST::FUNCTION:EC +ECParameters_print 3305 EXIST::FUNCTION:BIO,EC +ASN1_generate_nconf 3306 EXIST::FUNCTION: +BN_GF2m_mod_mul 3307 EXIST::FUNCTION: +EC_GROUP_set_seed 3308 EXIST::FUNCTION:EC +EC_GROUP_get_curve_GF2m 3309 EXIST::FUNCTION:EC +ECPublicKey_set_octet_string 3310 EXIST::FUNCTION:EC +ECDSA_get_ex_data 3311 EXIST::FUNCTION:ECDSA +BN_GF2m_mod 3312 EXIST::FUNCTION: +EC_GROUP_get_seed_len 3313 EXIST::FUNCTION:EC +PEM_read_bio_EC_PUBKEY 3314 EXIST::FUNCTION:EC +i2d_EC_PUBKEY 3315 EXIST::FUNCTION:EC +ECDSA_get_default_method 3316 EXIST::FUNCTION:ECDSA +ASN1_put_eoc 3317 EXIST::FUNCTION: +ECDSA_DATA_free 3318 EXIST::FUNCTION:ECDSA +EC_METHOD_get_field_type 3319 EXIST::FUNCTION:EC +EC_GFp_nist_method 3320 EXIST::FUNCTION:EC +BN_GF2m_mod_sqr_arr 3321 EXIST::FUNCTION: +EC_GROUP_set_curve_GF2m 3322 EXIST::FUNCTION:EC +ENGINE_set_default_ECDSA 3323 EXIST::FUNCTION: +BN_GF2m_mod_sqrt 3324 EXIST::FUNCTION: +ECDH_set_default_method 3325 EXIST::FUNCTION:ECDH +EC_KEY_generate_key 3326 EXIST::FUNCTION:EC +BN_GF2m_arr2poly 3327 EXIST::FUNCTION: +ECPublicKey_get_octet_string 3328 EXIST::FUNCTION:EC +EC_GROUP_check 3329 EXIST::FUNCTION:EC +d2i_ECPrivateKey_bio 3330 EXIST::FUNCTION:BIO,EC +d2i_ECPrivateKey 3331 EXIST::FUNCTION:EC +ASN1_item_ndef_i2d 3332 EXIST::FUNCTION: +i2d_PKCS7_NDEF 3333 EXIST::FUNCTION: +EC_GROUP_get_degree 3334 EXIST::FUNCTION:EC +ASN1_generate_v3 3335 EXIST::FUNCTION: +BN_GF2m_add 3336 EXIST::FUNCTION: +BN_nist_mod_224 3337 EXIST::FUNCTION: +i2d_EC_PUBKEY_bio 3338 EXIST::FUNCTION:BIO,EC +EC_GROUP_get_asn1_flag 3339 EXIST::FUNCTION:EC +ECDH_get_ex_new_index 3340 EXIST::FUNCTION:ECDH +ECDH_size 3341 EXIST::FUNCTION:ECDH +BN_GF2m_mod_inv 3342 EXIST::FUNCTION: +BN_GF2m_mod_exp 3343 EXIST::FUNCTION: +EC_GROUP_get0_seed 3344 EXIST::FUNCTION:EC +ecdsa_check 3345 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_div_arr 3346 EXIST::FUNCTION: +ENGINE_set_ECDSA 3347 EXIST::FUNCTION: +ECPKParameters_print 3348 EXIST::FUNCTION:BIO,EC +PEM_write_EC_PUBKEY 3349 EXIST:!WIN16:FUNCTION:EC +ECDH_set_method 3350 EXIST::FUNCTION:ECDH +ECDH_set_ex_data 3351 EXIST::FUNCTION:ECDH +BN_nist_mod_521 3352 EXIST::FUNCTION: +EC_GROUP_set_point_conversion_form 3353 EXIST:!VMS:FUNCTION:EC +EC_GROUP_set_point_conv_form 3353 EXIST:VMS:FUNCTION:EC +PEM_read_EC_PUBKEY 3354 EXIST:!WIN16:FUNCTION:EC +i2d_ECDSA_SIG 3355 EXIST::FUNCTION:ECDSA +ECDSA_OpenSSL 3356 EXIST::FUNCTION:ECDSA +ECDSA_set_default_method 3357 EXIST::FUNCTION:ECDSA +EC_POINT_set_compressed_coordinates_GF2m 3358 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_compr_coords_GF2m 3358 EXIST:VMS:FUNCTION:EC +ECDH_DATA_new_method 3359 EXIST::FUNCTION:ECDH +BN_get0_nist_prime_256 3360 EXIST::FUNCTION: +PEM_read_ECPrivateKey 3361 EXIST:!WIN16:FUNCTION:EC +ERR_load_ECDSA_strings 3362 EXIST::FUNCTION:ECDSA +EC_GROUP_get_basis_type 3363 EXIST::FUNCTION:EC +ECDH_DATA_new 3364 EXIST::FUNCTION:ECDH +BN_nist_mod_384 3365 EXIST::FUNCTION: +PEM_write_ECPKParameters 3366 EXIST:!WIN16:FUNCTION:EC +ECDH_compute_key 3367 EXIST::FUNCTION:ECDH +ENGINE_register_all_ECDH 3368 EXIST::FUNCTION: +BN_GF2m_mod_solve_quad 3369 EXIST::FUNCTION: +i2d_ECPrivateKey_fp 3370 EXIST::FUNCTION:EC,FP_API +ENGINE_register_all_ECDSA 3371 EXIST::FUNCTION: +EC_POINT_get_affine_coordinates_GF2m 3372 EXIST:!VMS:FUNCTION:EC +EC_POINT_get_affine_coords_GF2m 3372 EXIST:VMS:FUNCTION:EC +EC_GROUP_dup 3373 EXIST::FUNCTION:EC +ENGINE_get_default_ECDSA 3374 EXIST::FUNCTION: +EC_KEY_new 3375 EXIST::FUNCTION:EC +ECDSA_verify 3376 EXIST::FUNCTION:ECDSA +EC_POINT_point2hex 3377 EXIST::FUNCTION:EC +ECDSA_do_verify 3378 EXIST::FUNCTION:ECDSA +d2i_ECPrivateKey_fp 3379 EXIST::FUNCTION:EC,FP_API +PEM_write_ECPrivateKey 3380 EXIST:!WIN16:FUNCTION:EC +PEM_read_ECPKParameters 3381 EXIST:!WIN16:FUNCTION:EC +ECParameters_print_fp 3382 EXIST::FUNCTION:EC,FP_API +ECDH_DATA_free 3383 EXIST::FUNCTION:ECDH +i2d_EC_PUBKEY_fp 3384 EXIST::FUNCTION:EC,FP_API +BN_nist_mod_256 3385 EXIST::FUNCTION: +ECDSA_DATA_new 3386 EXIST::FUNCTION:ECDSA +ECDSA_size 3387 EXIST::FUNCTION:ECDSA +d2i_EC_PUBKEY_bio 3388 EXIST::FUNCTION:BIO,EC +BN_get0_nist_prime_521 3389 EXIST::FUNCTION: +PEM_read_bio_ECPrivateKey 3390 EXIST::FUNCTION:EC +ENGINE_get_ECDH 3391 EXIST::FUNCTION: +d2i_ECDSA_SIG 3392 EXIST::FUNCTION:ECDSA +ECDSA_sign 3393 EXIST::FUNCTION:ECDSA +ENGINE_get_ECDSA 3394 EXIST::FUNCTION: +EVP_ecdsa 3395 EXIST::FUNCTION:SHA +PKCS12_add_cert 3396 EXIST::FUNCTION: +ERR_load_ECDH_strings 3397 EXIST::FUNCTION:ECDH +EC_KEY_dup 3398 EXIST::FUNCTION:EC +ECDSA_set_method 3399 EXIST::FUNCTION:ECDSA +d2i_ECParameters 3400 EXIST::FUNCTION:EC +EC_GF2m_simple_method 3401 EXIST::FUNCTION:EC +ECDSA_set_ex_data 3402 EXIST::FUNCTION:ECDSA +EC_KEY_print 3403 EXIST::FUNCTION:BIO,EC +ECDSA_get_ex_new_index 3404 EXIST::FUNCTION:ECDSA +EC_GROUP_set_asn1_flag 3405 EXIST::FUNCTION:EC +EC_KEY_check_key 3406 EXIST::FUNCTION:EC +d2i_EC_PUBKEY_fp 3407 EXIST::FUNCTION:EC,FP_API +ecdh_check 3408 EXIST::FUNCTION:ECDH +ECDSA_DATA_new_method 3409 EXIST::FUNCTION:ECDSA +ENGINE_set_default_ECDH 3410 EXIST::FUNCTION: +PKCS12_add_key 3411 EXIST::FUNCTION: +DSO_merge 3412 EXIST::FUNCTION: +EC_POINT_hex2point 3413 EXIST::FUNCTION:EC +BN_GF2m_mod_inv_arr 3414 EXIST::FUNCTION: +ENGINE_unregister_ECDSA 3415 EXIST::FUNCTION: |