mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-02-05 18:05:16 +00:00
Code Issues Releases Activity

Resolve conflicts.

Browse Source
This commit is contained in:
Kris Kennaway 2000-04-13 07:15:03 +00:00
parent 3a6352bdee
commit 7e7159cbdc
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=59194
17 changed files with 421 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
crypto/openssl/apps/speed.c
View File

@ -240,16 +240,19 @@ static double Time_F(int s)
#endif
}
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
unsigned char *buf=NULL,*buf2=NULL;
int ret=1;
int mret=1;
#define ALGOR_NUM 14
#define SIZE_NUM 5
#define RSA_NUM 4
#define DSA_NUM 3
long count,rsa_count;
int i,j,k,rsa_num,rsa_num2;
int i,j,k;
unsigned rsa_num,rsa_num2;
#ifndef NO_MD2
unsigned char md2[MD2_DIGEST_LENGTH];
#endif
@ -346,6 +349,7 @@ int MAIN(int argc, char **argv)
int pr_header=0;
apps_startup();
memset(results, 0, sizeof(results));
#ifndef NO_DSA
memset(dsa_key,0,sizeof(dsa_key));
#endif
@ -423,18 +427,20 @@ int MAIN(int argc, char **argv)
if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
else
#endif
#ifndef NO_DEF
#ifndef NO_DES
if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
else
#endif
#ifndef NO_RSA
#ifndef RSA_NULL
if (strcmp(*argv,"openssl") == 0)
{
RSA_set_default_method(RSA_PKCS1());
j--;
}
else
#endif
#endif /* !NO_RSA */
if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
@ -580,9 +586,9 @@ int MAIN(int argc, char **argv)
#endif
#ifndef NO_DES
des_set_key(&key,sch);
des_set_key(&key2,sch2);
des_set_key(&key3,sch3);
des_set_key_unchecked(&key,sch);
des_set_key_unchecked(&key2,sch2);
des_set_key_unchecked(&key3,sch3);
#endif
#ifndef NO_IDEA
idea_set_encrypt_key(key16,&idea_ks);
@ -606,6 +612,7 @@ int MAIN(int argc, char **argv)
memset(rsa_c,0,sizeof(rsa_c));
#endif
#ifndef SIGALRM
#ifndef NO_DES
BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
count=10;
do {
@ -697,10 +704,14 @@ int MAIN(int argc, char **argv)
#define COND(d) (count < (d))
#define COUNT(d) (d)
#else
/* not worth fixing */
# error "You cannot disable DES on systems without SIGALRM."
#endif /* NO_DES */
#else
#define COND(c) (run)
#define COUNT(d) (count)
signal(SIGALRM,sig_done);
#endif
#endif /* SIGALRM */
#ifndef NO_MD2
if (doit[D_MD2])
@ -950,22 +961,22 @@ int MAIN(int argc, char **argv)
}
#endif
RAND_bytes(buf,30);
RAND_pseudo_bytes(buf,36);
#ifndef NO_RSA
for (j=0; j<RSA_NUM; j++)
{
int ret;
if (!rsa_doit[j]) continue;
rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
RSA_PKCS1_PADDING);
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
RSA_SECONDS);
/* RSA_blinding_on(rsa_key[j],NULL); */
Time_F(START);
for (count=0,run=1; COND(rsa_c[j][0]); count++)
{
rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
RSA_PKCS1_PADDING);
if (rsa_num <= 0)
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num,
rsa_key[j]);
if (ret <= 0)
{
BIO_printf(bio_err,"RSA private encrypt failure\n");
ERR_print_errors(bio_err);
@ -980,18 +991,17 @@ int MAIN(int argc, char **argv)
rsa_count=count;
#if 1
rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
RSA_PKCS1_PADDING);
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
RSA_SECONDS);
Time_F(START);
for (count=0,run=1; COND(rsa_c[j][1]); count++)
{
rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
RSA_PKCS1_PADDING);
if (rsa_num2 <= 0)
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num,
rsa_key[j]);
if (ret <= 0)
{
BIO_printf(bio_err,"RSA public encrypt failure\n");
BIO_printf(bio_err,"RSA verify failure\n");
ERR_print_errors(bio_err);
count=1;
break;
@ -1012,8 +1022,13 @@ int MAIN(int argc, char **argv)
}
#endif
RAND_bytes(buf,20);
RAND_pseudo_bytes(buf,20);
#ifndef NO_DSA
if (RAND_status() != 1)
{
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
}
for (j=0; j<DSA_NUM; j++)
{
unsigned int kk;
@ -1030,7 +1045,7 @@ int MAIN(int argc, char **argv)
{
rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
&kk,dsa_key[j]);
if (rsa_num <= 0)
if (rsa_num == 0)
{
BIO_printf(bio_err,"DSA sign failure\n");
ERR_print_errors(bio_err);
@ -1053,7 +1068,7 @@ int MAIN(int argc, char **argv)
{
rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
kk,dsa_key[j]);
if (rsa_num2 <= 0)
if (rsa_num2 == 0)
{
BIO_printf(bio_err,"DSA verify failure\n");
ERR_print_errors(bio_err);
@ -1073,6 +1088,7 @@ int MAIN(int argc, char **argv)
dsa_doit[j]=0;
}
}
if (rnd_fake) RAND_cleanup();
#endif
fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
@ -1149,7 +1165,7 @@ int MAIN(int argc, char **argv)
fprintf(stdout,"\n");
}
#endif
ret=0;
mret=0;
end:
if (buf != NULL) Free(buf);
if (buf2 != NULL) Free(buf2);
@ -1163,7 +1179,7 @@ end:
if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]);
#endif
EXIT(ret);
EXIT(mret);
}
static void print_message(char *s, long num, int length)

36
crypto/openssl/crypto/des/des.h
View File

@ -79,10 +79,7 @@ extern "C" {
typedef unsigned char des_cblock[8];
typedef /* const */ unsigned char const_des_cblock[8];
/* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
* and const_des_cblock * are incompatible pointer types.
* I haven't seen that warning on other systems ... I'll look
* what the standard says. */
* and const_des_cblock * are incompatible pointer types. */
typedef struct des_ks_struct
{
@ -142,8 +139,26 @@ void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
int enc);
void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
des_key_schedule ks,int enc);
/* This is the DES encryption function that gets called by just about
every other DES routine in the library. You should not use this
function except to implement 'modes' of DES. I say this because the
functions that call this routine do the conversion from 'char *' to
long, and this needs to be done to make sure 'non-aligned' memory
access do not occur. The characters are loaded 'little endian'.
Data is a pointer to 2 unsigned long's and ks is the
des_key_schedule to use. enc, is non zero specifies encryption,
zero if decryption. */
void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
/* This functions is the same as des_encrypt() except that the DES
initial permutation (IP) and final permutation (FP) have been left
out. As for des_encrypt(), you should not use this function.
It is used by the routines in the library that implement triple DES.
IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
as des_encrypt() des_encrypt() des_encrypt() except faster :-). */
void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
des_key_schedule ks2, des_key_schedule ks3);
void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
@ -187,18 +202,24 @@ void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
long length,int out_count,des_cblock *seed);
void des_random_seed(des_cblock *key);
void des_random_key(des_cblock *ret);
int des_new_random_key(des_cblock *key);
void des_init_random_number_generator(des_cblock *seed);
void des_rand_data(unsigned char *data, int size);
int des_random_key(des_cblock *ret);
int des_read_password(des_cblock *key,const char *prompt,int verify);
int des_read_2passwords(des_cblock *key1,des_cblock *key2,
const char *prompt,int verify);
int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
void des_set_odd_parity(des_cblock *key);
int des_check_key_parity(const_des_cblock *key);
int des_is_weak_key(const_des_cblock *key);
/* des_set_key (= set_key = des_key_sched = key_sched) calls
* des_set_key_checked if global variable des_check_key is set,
* des_set_key_unchecked otherwise. */
int des_set_key(const_des_cblock *key,des_key_schedule schedule);
int des_key_sched(const_des_cblock *key,des_key_schedule schedule);
int des_set_key_checked(const_des_cblock *key,des_key_schedule schedule);
void des_set_key_unchecked(const_des_cblock *key,des_key_schedule schedule);
void des_string_to_key(const char *str,des_cblock *key);
void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);
void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
@ -208,9 +229,6 @@ void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
des_key_schedule schedule,des_cblock *ivec,int *num);
int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
/* Extra functions from Mark Murray <mark@grondar.za> */
void des_cblock_print_file(const_des_cblock *cb, FILE *fp);
/* The following definitions provide compatibility with the MIT Kerberos
* library. The des_key_schedule structure is not binary compatible. */
@ -240,11 +258,11 @@ void des_cblock_print_file(const_des_cblock *cb, FILE *fp);
# define xcbc_encrypt des_xcbc_encrypt
# define cbc_cksum des_cbc_cksum
# define quad_cksum des_quad_cksum
# define check_parity des_check_key_parity
#endif
typedef des_key_schedule bit_64;
#define des_fixup_key_parity des_set_odd_parity
#define des_check_key_parity check_parity
#ifdef __cplusplus
}

2
crypto/openssl/crypto/err/err_all.c
View File

@ -78,6 +78,7 @@
#include <openssl/x509v3.h>
#include <openssl/conf.h>
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/err.h>
void ERR_load_crypto_strings(void)
@ -110,5 +111,6 @@ void ERR_load_crypto_strings(void)
ERR_load_CRYPTO_strings();
ERR_load_PKCS7_strings();
ERR_load_PKCS12_strings();
ERR_load_RAND_strings();
#endif
}

43
crypto/openssl/crypto/evp/evp.h
View File

@ -148,7 +148,7 @@ extern "C" {
/* Type needs to be a bit field
* Sub-type needs to be for variations on the method, as in, can it do
* arbitary encryption.... */
* arbitrary encryption.... */
typedef struct evp_pkey_st
{
int type;
@ -342,7 +342,7 @@ typedef struct evp_cipher_ctx_st
unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */
int num; /* used by cfb/ofb mode */
char *app_data; /* aplication stuff */
char *app_data; /* application stuff */
union {
#ifndef NO_RC4
struct
@ -417,9 +417,10 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
#define EVP_MD_size(e) ((e)->md_size)
#define EVP_MD_block_size(e) ((e)->block_size)
#define EVP_MD_CTX_md(e) ((e)->digest)
#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest)
#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest)
#define EVP_MD_CTX_type(e) ((e)->digest)
#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)
#define EVP_CIPHER_nid(e) ((e)->nid)
#define EVP_CIPHER_block_size(e) ((e)->block_size)
@ -517,15 +518,14 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
int *outl,unsigned char *in,int inl);
void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
unsigned char *in, int inl);
int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
char *out, int *outl);
int EVP_DecodeBlock(unsigned char *t, unsigned
char *f, int n);
int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
void ERR_load_EVP_strings(void );
@ -590,9 +590,12 @@ EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
void SSLeay_add_all_algorithms(void);
void SSLeay_add_all_ciphers(void);
void SSLeay_add_all_digests(void);
void OpenSSL_add_all_algorithms(void);
void OpenSSL_add_all_ciphers(void);
void OpenSSL_add_all_digests(void);
#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
int EVP_add_cipher(EVP_CIPHER *cipher);
int EVP_add_digest(EVP_MD *digest);
@ -609,6 +612,18 @@ int EVP_PKEY_type(int type);
int EVP_PKEY_bits(EVP_PKEY *pkey);
int EVP_PKEY_size(EVP_PKEY *pkey);
int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
#ifndef NO_RSA
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
RSA * EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
#endif
#ifndef NO_DSA
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
DSA * EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
#endif
#ifndef NO_DH
int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
DH * EVP_PKEY_get1_DH(EVP_PKEY *pkey);
#endif
EVP_PKEY * EVP_PKEY_new(void);
void EVP_PKEY_free(EVP_PKEY *pkey);
EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
@ -617,6 +632,8 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,
long length);
EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
long length);
int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
@ -673,6 +690,9 @@ void EVP_PBE_cleanup(void);
#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
#define EVP_F_EVP_PKEY_DECRYPT 104
#define EVP_F_EVP_PKEY_ENCRYPT 105
#define EVP_F_EVP_PKEY_GET1_DH 119
#define EVP_F_EVP_PKEY_GET1_DSA 120
#define EVP_F_EVP_PKEY_GET1_RSA 121
#define EVP_F_EVP_PKEY_NEW 106
#define EVP_F_EVP_SIGNFINAL 107
#define EVP_F_EVP_VERIFYFINAL 108
@ -689,10 +709,13 @@ void EVP_PBE_cleanup(void);
#define EVP_R_DIFFERENT_KEY_TYPES 101
#define EVP_R_ENCODE_ERROR 115
#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
#define EVP_R_EXPECTING_AN_RSA_KEY 127
#define EVP_R_EXPECTING_A_DH_KEY 128
#define EVP_R_EXPECTING_A_DSA_KEY 129
#define EVP_R_INPUT_NOT_INITIALIZED 111
#define EVP_R_IV_TOO_LARGE 102
#define EVP_R_KEYGEN_FAILURE 120
#define EVP_R_MISSING_PARMATERS 103
#define EVP_R_MISSING_PARAMETERS 103
#define EVP_R_NO_DSA_PARAMETERS 116
#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105

34
crypto/openssl/crypto/rsa/rsa.h
View File

@ -92,6 +92,18 @@ typedef struct rsa_meth_st
int (*finish)(RSA *rsa); /* called at free */
int flags; /* RSA_METHOD_FLAG_* things */
char *app_data; /* may be needed! */
/* New sign and verify functions: some libraries don't allow arbitrary data
* to be signed/verified: this allows them to be used. Note: for this to work
* the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
* RSA_sign(), RSA_verify() should be used instead. Note: for backwards
* compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
* option is set in 'flags'.
*/
int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
} RSA_METHOD;
struct rsa_st
@ -141,12 +153,16 @@ struct rsa_st
*/
#define RSA_FLAG_EXT_PKEY 0x20
/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
*/
#define RSA_FLAG_SIGN_VER 0x40
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3
#define RSA_PKCS1_OAEP_PADDING 4
#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg)
#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
RSA * RSA_new(void);
@ -179,6 +195,8 @@ int RSA_memory_lock(RSA *r);
/* these are the actual SSLeay RSA functions */
RSA_METHOD *RSA_PKCS1(void);
RSA_METHOD *RSA_null_method(void);
void ERR_load_RSA_strings(void );
RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
@ -239,12 +257,11 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
int RSA_padding_check_none(unsigned char *to,int tlen,
unsigned char *f,int fl,int rsa_len);
int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)());
int RSA_set_ex_data(RSA *r,int idx,char *arg);
char *RSA_get_ex_data(RSA *r, int idx);
int RSA_libversion();
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int RSA_set_ex_data(RSA *r,int idx,void *arg);
void *RSA_get_ex_data(RSA *r, int idx);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
@ -262,6 +279,7 @@ int RSA_libversion();
#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
#define RSA_F_RSA_GENERATE_KEY 105
#define RSA_F_RSA_NEW_METHOD 106
#define RSA_F_RSA_NULL 124
#define RSA_F_RSA_PADDING_ADD_NONE 107
#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
@ -292,10 +310,11 @@ int RSA_libversion();
#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
#define RSA_R_DATA_TOO_SMALL 111
#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
#define RSA_R_INVALID_MESSAGE_LENGTH 131
#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
@ -304,6 +323,7 @@ int RSA_libversion();
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117

24
crypto/openssl/crypto/rsa/rsa_lib.c
View File

@ -68,7 +68,7 @@ const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
static RSA_METHOD *default_RSA_meth=NULL;
static int rsa_meth_num=0;
static STACK *rsa_meth=NULL;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
RSA *RSA_new(void)
{
@ -106,7 +106,11 @@ RSA *RSA_new_method(RSA_METHOD *meth)
if (default_RSA_meth == NULL)
{
#ifdef RSA_NULL
default_RSA_meth=RSA_null_method();
#else
default_RSA_meth=RSA_PKCS1();
#endif
}
ret=(RSA *)Malloc(sizeof(RSA));
if (ret == NULL)
@ -143,7 +147,7 @@ RSA *RSA_new_method(RSA_METHOD *meth)
ret=NULL;
}
else
CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
return(ret);
}
@ -166,7 +170,7 @@ void RSA_free(RSA *r)
}
#endif
CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data);
CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
if (r->meth->finish != NULL)
r->meth->finish(r);
@ -184,20 +188,20 @@ void RSA_free(RSA *r)
Free(r);
}
int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)())
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
rsa_meth_num++;
return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
&rsa_meth,argl,argp,new_func,dup_func,free_func));
}
int RSA_set_ex_data(RSA *r, int idx, char *arg)
int RSA_set_ex_data(RSA *r, int idx, void *arg)
{
return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
}
char *RSA_get_ex_data(RSA *r, int idx)
void *RSA_get_ex_data(RSA *r, int idx)
{
return(CRYPTO_get_ex_data(&r->ex_data,idx));
}
@ -262,19 +266,19 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
if (rsa->blinding != NULL)
BN_BLINDING_free(rsa->blinding);
A= &(ctx->bn[0]);
ctx->tos++;
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
goto err;
rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
ctx->tos--;
rsa->flags|=RSA_FLAG_BLINDING;
BN_free(Ai);
ret=1;
err:
BN_CTX_end(ctx);
if (ctx != p_ctx) BN_CTX_free(ctx);
return(ret);
}

3
crypto/openssl/rsaref/rsar_err.c
View File

@ -55,7 +55,8 @@
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file.
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>

9
crypto/openssl/rsaref/rsaref.c
View File

@ -280,7 +280,8 @@ int RSA_ref_public_encrypt(int len, unsigned char *from, unsigned char *to,
R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
while (i > 0)
{
RAND_bytes(buf,16);
if (RAND_bytes(buf,16) <= 0)
goto err;
R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
i-=16;
}
@ -299,4 +300,10 @@ err:
memset(&rnd,0,sizeof(rnd));
return(outlen);
}
#else /* !NO_RSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

13
crypto/openssl/ssl/s23_clnt.c
View File

@ -106,7 +106,7 @@ int ssl23_connect(SSL *s)
int ret= -1;
int new_state,state;
RAND_seed(&Time,sizeof(Time));
RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
@ -226,7 +226,7 @@ static int ssl23_client_hello(SSL *s)
#endif
p=s->s3->client_random;
RAND_bytes(p,SSL3_RANDOM_SIZE);
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
/* Do the message type and length last */
d= &(buf[2]);
@ -287,7 +287,7 @@ static int ssl23_client_hello(SSL *s)
i=ch_len;
s2n(i,d);
memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
p+=i;
@ -311,7 +311,7 @@ static int ssl23_get_server_hello(SSL *s)
{
char buf[8];
unsigned char *p;
int i,ch_len;
int i;
int n;
n=ssl23_read_bytes(s,7);
@ -325,12 +325,13 @@ static int ssl23_get_server_hello(SSL *s)
(p[5] == 0x00) && (p[6] == 0x02))
{
#ifdef NO_SSL2
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
#else
/* we are talking sslv2 */
/* we need to clean up the SSLv3 setup and put in the
* sslv2 stuff. */
int ch_len;
if (s->options & SSL_OP_NO_SSLv2)
{

9
crypto/openssl/ssl/s23_lib.c
View File

@ -69,7 +69,7 @@ static int ssl23_write(SSL *s, const void *buf, int len);
static long ssl23_default_timeout(void );
static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
static SSL_METHOD SSLv23_data= {
TLS1_VERSION,
@ -94,6 +94,9 @@ static SSL_METHOD SSLv23_data= {
ssl_bad_method,
ssl23_default_timeout,
&ssl3_undef_enc_method,
ssl_undefined_function,
ssl3_callback_ctrl,
ssl3_ctx_callback_ctrl,
};
static long ssl23_default_timeout(void)
@ -110,9 +113,9 @@ static int ssl23_num_ciphers(void)
{
return(ssl3_num_ciphers()
#ifndef NO_SSL2
+ssl2_num_ciphers()
+ ssl2_num_ciphers()
#endif
);
);
}
static SSL_CIPHER *ssl23_get_cipher(unsigned int u)

132
crypto/openssl/ssl/s23_srvr.c
View File

@ -105,7 +105,7 @@ int ssl23_accept(SSL *s)
int ret= -1;
int new_state,state;
RAND_seed(&Time,sizeof(Time));
RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
@ -190,23 +190,39 @@ end:
int ssl23_get_client_hello(SSL *s)
{
char buf_space[8];
char buf_space[11]; /* Request this many bytes in initial read.
* We can detect SSL 3.0/TLS 1.0 Client Hellos
* ('type == 3') correctly only when the following
* is in a single record, which is not guaranteed by
* the protocol specification:
* Byte Content
* 0 type \
* 1/2 version > record header
* 3/4 length /
* 5 msg_type \
* 6-8 length > Client Hello message
* 9/10 client_version /
*/
char *buf= &(buf_space[0]);
unsigned char *p,*d,*dd;
unsigned int i;
unsigned int csl,sil,cl;
int n=0,j,tls1=0;
int type=0,use_sslv2_strong=0;
int n=0,j;
int type=0;
int v[2];
#ifndef NO_RSA
int use_sslv2_strong=0;
#endif
/* read the initial header */
v[0]=v[1]=0;
if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
{
/* read the initial header */
v[0]=v[1]=0;
if (!ssl3_setup_buffers(s)) goto err;
n=ssl23_read_bytes(s,7);
if (n != 7) return(n); /* n == -1 || n == 0 */
n=ssl23_read_bytes(s, sizeof buf_space);
if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
p=s->packet;
@ -214,7 +230,9 @@ int ssl23_get_client_hello(SSL *s)
if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
{
/* SSLv2 header */
/*
* SSLv2 header
*/
if ((p[3] == 0x00) && (p[4] == 0x02))
{
v[0]=p[3]; v[1]=p[4];
@ -230,11 +248,14 @@ int ssl23_get_client_hello(SSL *s)
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
tls1=1;
s->version=TLS1_VERSION;
/* type=2; */ /* done later to survive restarts */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
@ -243,12 +264,26 @@ int ssl23_get_client_hello(SSL *s)
}
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
type=1;
if (s->options & SSL_OP_NON_EXPORT_FIRST)
/* Not only utterly confusing, but broken
* ('fractured programming'?) -- the details
* of this block nearly make it work
* as intended in this environment, but on one
* of the fine points (w.r.t. restarts) it fails.
* The obvious fix would be even more devastating
* to program structure; if you want the functionality,
* throw this away and implement it in a way
* that makes sense */
{
#if 0
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
int ne2,ne3;
@ -298,27 +333,51 @@ int ssl23_get_client_hello(SSL *s)
goto next_bit;
}
}
#else
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);
goto err;
#endif
}
}
}
else if ((p[0] == SSL3_RT_HANDSHAKE) &&
(p[1] == SSL3_VERSION_MAJOR) &&
(p[5] == SSL3_MT_CLIENT_HELLO))
(p[5] == SSL3_MT_CLIENT_HELLO) &&
((p[3] == 0 && p[4] < 5 /* silly record length? */)
|| (p[9] == p[1])))
{
v[0]=p[1]; v[1]=p[2];
/* true SSLv3 or tls1 */
if (p[2] >= TLS1_VERSION_MINOR)
/*
* SSLv3 or tls1 header
*/
v[0]=p[1]; /* major version */
/* We must look at client_version inside the Client Hello message
* to get the correct minor version: */
v[1]=p[10];
/* However if we have only a pathologically small fragment of the
* Client Hello message, we simply use the version from the
* record header -- this is incorrect but unlikely to fail in
* practice */
if (p[3] == 0 && p[4] < 6)
v[1]=p[2];
if (v[1] >= TLS1_VERSION_MINOR)
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
s->version=TLS1_VERSION;
type=3;
tls1=1;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
s->version=SSL3_VERSION;
type=3;
}
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
s->version=SSL3_VERSION;
type=3;
}
}
else if ((strncmp("GET ", (char *)p,4) == 0) ||
(strncmp("POST ",(char *)p,5) == 0) ||
@ -335,12 +394,16 @@ int ssl23_get_client_hello(SSL *s)
}
}
next_bit:
if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
{
/* we have a SSLv3/TLSv1 in a SSLv2 header */
/* we have SSLv3/TLSv1 in an SSLv2 header
* (other cases skip this state) */
type=2;
p=s->packet;
v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
v[1] = p[4];
n=((p[0]&0x7f)<<8)|p[1];
if (n > (1024*4))
{
@ -365,14 +428,11 @@ next_bit:
goto err;
}
*(d++)=SSL3_VERSION_MAJOR;
if (tls1)
*(d++)=TLS1_VERSION_MINOR;
else
*(d++)=SSL3_VERSION_MINOR;
*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
*(d++) = v[1];
/* lets populate the random area */
/* get the chalenge_length */
/* get the challenge_length */
i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
memset(d,0,SSL3_RANDOM_SIZE);
memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
@ -406,11 +466,14 @@ next_bit:
s->s3->tmp.message_size=i;
}
/* imaginary new state (for program structure): */
/* s->state = SSL23_SR_CLNT_HELLO_C */
if (type == 1)
{
#ifdef NO_SSL2
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
goto err;
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
#else
/* we are talking sslv2 */
/* we need to clean up the SSLv3/TLSv1 setup and put in the
@ -439,7 +502,7 @@ next_bit:
else
s->s2->ssl2_rollback=1;
/* setup the 5 bytes we have read so we get them from
/* setup the n bytes we have read so we get them from
* the sslv2 buffer */
s->rstate=SSL_ST_READ_HEADER;
s->packet_length=n;
@ -455,7 +518,7 @@ next_bit:
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 */
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
if (!ssl_init_wbio_buffer(s,1)) goto err;
@ -480,17 +543,13 @@ next_bit:
s->s3->rbuf.offset=0;
}
if (tls1)
{
s->version=TLS1_VERSION;
s->method=TLSv1_server_method();
}
if (s->version == TLS1_VERSION)
s->method = TLSv1_server_method();
else
{
s->version=SSL3_VERSION;
s->method=SSLv3_server_method();
}
s->method = SSLv3_server_method();
#if 0 /* ssl3_get_client_hello does this */
s->client_version=(v[0]<<8)|v[1];
#endif
s->handshake_func=s->method->ssl_accept;
}
@ -509,4 +568,3 @@ err:
if (buf != buf_space) Free(buf);
return(-1);
}

75
crypto/openssl/ssl/s2_clnt.c
View File

@ -58,12 +58,12 @@
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
#include <openssl/evp.h>
static SSL_METHOD *ssl2_get_client_method(int ver);
@ -110,7 +110,7 @@ int ssl2_connect(SSL *s)
void (*cb)()=NULL;
int new_state,state;
RAND_seed(&l,sizeof(l));
RAND_add(&l,sizeof(l),0);
ERR_clear_error();
clear_sys_error();
@ -247,7 +247,7 @@ int ssl2_connect(SSL *s)
/* ERR_clear_error();*/
/* If we want to cache session-ids in the client
* and we sucessfully add the session-id to the
* and we successfully add the session-id to the
* cache, and there is a callback, then pass it out.
* 26/11/96 - eay - only add if not a re-used session.
*/
@ -312,7 +312,13 @@ static int get_server_hello(SSL *s)
SSL_R_PEER_ERROR);
return(-1);
}
#ifdef __APPLE_CC__
/* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
* workaround. <appro@fy.chalmers.se> */
s->hit=(i=*(p++))?1:0;
#else
s->hit=(*(p++))?1:0;
#endif
s->s2->tmp.cert_type= *(p++);
n2s(p,i);
if (i < s->version) s->version=i;
@ -364,7 +370,7 @@ static int get_server_hello(SSL *s)
*/
#endif
/* we need to do this incase we were trying to reuse a
/* we need to do this in case we were trying to reuse a
* client session but others are already reusing it.
* If this was a new 'blank' session ID, the session-id
* length will still be 0 */
@ -414,7 +420,7 @@ static int get_server_hello(SSL *s)
/* In theory we could have ciphers sent back that we
* don't want to use but that does not matter since we
* will check against the list we origionally sent and
* will check against the list we originally sent and
* for performance reasons we should not bother to match
* the two lists up just to check. */
for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
@ -431,26 +437,28 @@ static int get_server_hello(SSL *s)
return(-1);
}
s->session->cipher=sk_SSL_CIPHER_value(cl,i);
if (s->session->peer != NULL) /* can't happen*/
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
return(-1);
}
s->session->peer = s->session->sess_cert->peer_key->x509;
/* peer_key->x509 has been set by ssl2_set_certificate. */
CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
}
if (s->session->peer != NULL)
X509_free(s->session->peer);
#if 0 /* What is all this meant to accomplish?? */
/* hmmm, can we have the problem of the other session with this
* cert, Free's it before we increment the reference count. */
CRYPTO_w_lock(CRYPTO_LOCK_X509);
s->session->peer=s->session->sess_cert->key->x509;
/* Shouldn't do this: already locked */
/*CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);*/
s->session->peer->references++;
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
#else
s->session->peer = s->session->sess_cert->peer_key->x509;
/* peer_key->x509 has been set by ssl2_set_certificate. */
CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
#endif
if (s->session->peer != s->session->sess_cert->peer_key->x509)
/* can't happen */
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
return(-1);
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
@ -511,7 +519,7 @@ static int client_hello(SSL *s)
s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
/*challenge id data*/
RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
d+=SSL2_CHALLENGE_LENGTH;
@ -553,12 +561,19 @@ static int client_master_key(SSL *s)
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
if (i > 0) RAND_bytes(sess->key_arg,i);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
i=EVP_CIPHER_key_length(c);
sess->master_key_length=i;
if (i > 0) RAND_bytes(sess->master_key,i);
if (i > 0)
{
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
return(-1);
}
}
if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
enc=8;
@ -755,7 +770,7 @@ static int client_certificate(SSL *s)
{
/* this is not good. If things have failed it
* means there so something wrong with the key.
* We will contiune with a 0 length signature
* We will continue with a 0 length signature
*/
}
memset(&ctx,0,sizeof(ctx));
@ -970,4 +985,10 @@ end:
EVP_PKEY_free(pkey);
return(i);
}
#else /* !NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

10
crypto/openssl/ssl/s2_enc.c
View File

@ -58,10 +58,9 @@
* $FreeBSD$
*/
#ifndef NO_SSL2
#include <stdio.h>
#include "ssl_locl.h"
#ifndef NO_SSL2
#include <stdio.h>
int ssl2_enc_init(SSL *s, int client)
{
@ -181,5 +180,10 @@ void ssl2_mac(SSL *s, unsigned char *md, int send)
EVP_DigestFinal(&c,md,NULL);
/* some would say I should zero the md context */
}
#else /* !NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

98
crypto/openssl/ssl/s2_lib.c
View File

@ -58,12 +58,12 @@
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/md5.h>
#include "ssl_locl.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@ -77,9 +77,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_NULL_WITH_MD5,
SSL2_CK_NULL_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
SSL_EXPORT|SSL_EXP40,
0,
0,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif
/* RC4_128_EXPORT40_WITH_MD5 */
@ -87,63 +90,91 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
SSL_EXPORT|SSL_EXP40,
SSL2_CF_5_BYTE_ENC,
40,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* RC4_128_WITH_MD5 */
{
1,
SSL2_TXT_RC4_128_WITH_MD5,
SSL2_CK_RC4_128_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
{
1,
SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
SSL_EXPORT|SSL_EXP40,
SSL2_CF_5_BYTE_ENC,
40,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* RC2_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_RC2_128_CBC_WITH_MD5,
SSL2_CK_RC2_128_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* IDEA_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
SSL2_CK_IDEA_128_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* DES_64_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_64_CBC_WITH_MD5,
SSL2_CK_DES_64_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* DES_192_EDE3_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* RC4_64_WITH_MD5 */
#if 1
@ -151,9 +182,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_RC4_64_WITH_MD5,
SSL2_CK_RC4_64_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2|SSL_LOW,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
SSL_NOT_EXP|SSL_LOW,
SSL2_CF_8_BYTE_ENC,
64,
64,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif
/* NULL SSLeay (testing) */
@ -163,7 +198,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL2_TXT_NULL,
SSL2_CK_NULL,
0,
0,
0,
0,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif
@ -193,6 +232,9 @@ static SSL_METHOD SSLv2_data= {
ssl_bad_method,
ssl2_default_timeout,
&ssl3_undef_enc_method,
ssl_undefined_function,
ssl2_callback_ctrl, /* local */
ssl2_ctx_callback_ctrl, /* local */
};
static long ssl2_default_timeout(void)
@ -225,14 +267,14 @@ int ssl2_pending(SSL *s)
int ssl2_new(SSL *s)
{
SSL2_CTX *s2;
SSL2_STATE *s2;
if ((s2=(SSL2_CTX *)Malloc(sizeof(SSL2_CTX))) == NULL) goto err;
memset(s2,0,sizeof(SSL2_CTX));
if ((s2=Malloc(sizeof *s2)) == NULL) goto err;
memset(s2,0,sizeof *s2);
if ((s2->rbuf=(unsigned char *)Malloc(
if ((s2->rbuf=Malloc(
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
if ((s2->wbuf=(unsigned char *)Malloc(
if ((s2->wbuf=Malloc(
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
s->s2=s2;
@ -250,7 +292,7 @@ err:
void ssl2_free(SSL *s)
{
SSL2_CTX *s2;
SSL2_STATE *s2;
if(s == NULL)
return;
@ -258,14 +300,14 @@ void ssl2_free(SSL *s)
s2=s->s2;
if (s2->rbuf != NULL) Free(s2->rbuf);
if (s2->wbuf != NULL) Free(s2->wbuf);
memset(s2,0,sizeof(SSL2_CTX));
memset(s2,0,sizeof *s2);
Free(s2);
s->s2=NULL;
}
void ssl2_clear(SSL *s)
{
SSL2_CTX *s2;
SSL2_STATE *s2;
unsigned char *rbuf,*wbuf;
s2=s->s2;
@ -273,7 +315,7 @@ void ssl2_clear(SSL *s)
rbuf=s2->rbuf;
wbuf=s2->wbuf;
memset(s2,0,sizeof(SSL2_CTX));
memset(s2,0,sizeof *s2);
s2->rbuf=rbuf;
s2->wbuf=wbuf;
@ -298,11 +340,21 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
return(ret);
}
long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
{
return(0);
}
long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
{
return(0);
}
long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
{
return(0);
}
/* This function needs to check if the ciphers required are actually
* available */
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
@ -374,7 +426,7 @@ void ssl2_generate_key_material(SSL *s)
MD5_Init(&ctx);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,(unsigned char *)&c,1);
MD5_Update(&ctx,&c,1);
c++;
MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
@ -423,4 +475,10 @@ int ssl2_shutdown(SSL *s)
s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
return(1);
}
#else /* !NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

8
crypto/openssl/ssl/s2_meth.c
View File

@ -58,10 +58,10 @@
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
static SSL_METHOD *ssl2_get_method(int ver);
static SSL_METHOD *ssl2_get_method(int ver)
@ -88,4 +88,10 @@ SSL_METHOD *SSLv2_method(void)
}
return(&SSLv2_data);
}
#else /* !NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

8
crypto/openssl/ssl/s2_pkt.c
View File

@ -58,12 +58,11 @@
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#include <stdio.h>
#include <errno.h>
#define USE_SOCKETS
#include "ssl_locl.h"
static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
@ -642,5 +641,10 @@ static int ssl_mt_error(int n)
}
return(ret);
}
#else /* !NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

21
crypto/openssl/ssl/s2_srvr.c
View File

@ -58,12 +58,12 @@
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
#include <openssl/evp.h>
static SSL_METHOD *ssl2_get_server_method(int ver);
@ -111,7 +111,7 @@ int ssl2_accept(SSL *s)
void (*cb)()=NULL;
int new_state,state;
RAND_seed(&l,sizeof(l));
RAND_add(&l,sizeof(l),0);
ERR_clear_error();
clear_sys_error();
@ -417,7 +417,7 @@ static int get_client_master_key(SSL *s)
i=ek;
else
i=EVP_CIPHER_key_length(c);
RAND_bytes(p,i);
RAND_pseudo_bytes(p,i);
}
#else
if (i < 0)
@ -682,7 +682,7 @@ static int server_hello(SSL *s)
/* make and send conn_id */
s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
d+=SSL2_CONNECTION_ID_LENGTH;
@ -691,7 +691,7 @@ static int server_hello(SSL *s)
s->init_off=0;
}
/* SSL2_ST_SEND_SERVER_HELLO_B */
/* If we are using TCP/IP, the performace is bad if we do 2
/* If we are using TCP/IP, the performance is bad if we do 2
* writes without a read between them. This occurs when
* Session-id reuse is used, so I will put in a buffering module
*/
@ -800,7 +800,7 @@ static int request_certificate(SSL *s)
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
@ -900,7 +900,7 @@ static int request_certificate(SSL *s)
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
buf2=(unsigned char *)Malloc((unsigned int)i);
buf2=Malloc((unsigned int)i);
if (buf2 == NULL)
{
SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
@ -923,6 +923,7 @@ static int request_certificate(SSL *s)
X509_free(s->session->peer);
s->session->peer=x509;
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
s->session->verify_result = s->verify_result;
ret=1;
goto end;
}
@ -967,4 +968,10 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
return(i);
}
#else /* !NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif