resolve conflictsdiff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/apps/ca.c
(christos)
--- src/crypto/external/bsd/openssl/dist/apps/ca.c 2009/07/19 23:30:38 1.2
+++ src/crypto/external/bsd/openssl/dist/apps/ca.c 2009/08/05 18:38:21 1.3
@@ -873,29 +873,29 @@ bad: | @@ -873,29 +873,29 @@ bad: | |||
873 | } | 873 | } | |
874 | 874 | |||
875 | /*****************************************************************/ | 875 | /*****************************************************************/ | |
876 | /* we need to load the database file */ | 876 | /* we need to load the database file */ | |
877 | if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) | 877 | if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) | |
878 | { | 878 | { | |
879 | lookup_fail(section,ENV_DATABASE); | 879 | lookup_fail(section,ENV_DATABASE); | |
880 | goto err; | 880 | goto err; | |
881 | } | 881 | } | |
882 | db = load_index(dbfile, &db_attr); | 882 | db = load_index(dbfile, &db_attr); | |
883 | if (db == NULL) goto err; | 883 | if (db == NULL) goto err; | |
884 | 884 | |||
885 | /* Lets check some fields */ | 885 | /* Lets check some fields */ | |
886 | for (i=0; i<sk_PSTRING_num(db->db->data); i++) | 886 | for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) | |
887 | { | 887 | { | |
888 | pp=sk_PSTRING_value(db->db->data,i); | 888 | pp=sk_OPENSSL_PSTRING_value(db->db->data,i); | |
889 | if ((pp[DB_type][0] != DB_TYPE_REV) && | 889 | if ((pp[DB_type][0] != DB_TYPE_REV) && | |
890 | (pp[DB_rev_date][0] != '\0')) | 890 | (pp[DB_rev_date][0] != '\0')) | |
891 | { | 891 | { | |
892 | BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1); | 892 | BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1); | |
893 | goto err; | 893 | goto err; | |
894 | } | 894 | } | |
895 | if ((pp[DB_type][0] == DB_TYPE_REV) && | 895 | if ((pp[DB_type][0] == DB_TYPE_REV) && | |
896 | !make_revoked(NULL, pp[DB_rev_date])) | 896 | !make_revoked(NULL, pp[DB_rev_date])) | |
897 | { | 897 | { | |
898 | BIO_printf(bio_err," in entry %d\n", i+1); | 898 | BIO_printf(bio_err," in entry %d\n", i+1); | |
899 | goto err; | 899 | goto err; | |
900 | } | 900 | } | |
901 | if (!check_time_format((char *)pp[DB_exp_date])) | 901 | if (!check_time_format((char *)pp[DB_exp_date])) | |
@@ -928,27 +928,27 @@ bad: | @@ -928,27 +928,27 @@ bad: | |||
928 | } | 928 | } | |
929 | } | 929 | } | |
930 | if (verbose) | 930 | if (verbose) | |
931 | { | 931 | { | |
932 | BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ | 932 | BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ | |
933 | #ifdef OPENSSL_SYS_VMS | 933 | #ifdef OPENSSL_SYS_VMS | |
934 | { | 934 | { | |
935 | BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | 935 | BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | |
936 | out = BIO_push(tmpbio, out); | 936 | out = BIO_push(tmpbio, out); | |
937 | } | 937 | } | |
938 | #endif | 938 | #endif | |
939 | TXT_DB_write(out,db->db); | 939 | TXT_DB_write(out,db->db); | |
940 | BIO_printf(bio_err,"%d entries loaded from the database\n", | 940 | BIO_printf(bio_err,"%d entries loaded from the database\n", | |
941 | sk_PSTRING_num(db->db->data)); | 941 | sk_OPENSSL_PSTRING_num(db->db->data)); | |
942 | BIO_printf(bio_err,"generating index\n"); | 942 | BIO_printf(bio_err,"generating index\n"); | |
943 | } | 943 | } | |
944 | 944 | |||
945 | if (!index_index(db)) goto err; | 945 | if (!index_index(db)) goto err; | |
946 | 946 | |||
947 | /*****************************************************************/ | 947 | /*****************************************************************/ | |
948 | /* Update the db file for expired certificates */ | 948 | /* Update the db file for expired certificates */ | |
949 | if (doupdatedb) | 949 | if (doupdatedb) | |
950 | { | 950 | { | |
951 | if (verbose) | 951 | if (verbose) | |
952 | BIO_printf(bio_err, "Updating %s ...\n", | 952 | BIO_printf(bio_err, "Updating %s ...\n", | |
953 | dbfile); | 953 | dbfile); | |
954 | 954 | |||
@@ -1398,29 +1398,29 @@ bad: | @@ -1398,29 +1398,29 @@ bad: | |||
1398 | if (verbose) BIO_printf(bio_err,"making CRL\n"); | 1398 | if (verbose) BIO_printf(bio_err,"making CRL\n"); | |
1399 | if ((crl=X509_CRL_new()) == NULL) goto err; | 1399 | if ((crl=X509_CRL_new()) == NULL) goto err; | |
1400 | if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; | 1400 | if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; | |
1401 | 1401 | |||
1402 | tmptm = ASN1_TIME_new(); | 1402 | tmptm = ASN1_TIME_new(); | |
1403 | if (!tmptm) goto err; | 1403 | if (!tmptm) goto err; | |
1404 | X509_gmtime_adj(tmptm,0); | 1404 | X509_gmtime_adj(tmptm,0); | |
1405 | X509_CRL_set_lastUpdate(crl, tmptm); | 1405 | X509_CRL_set_lastUpdate(crl, tmptm); | |
1406 | X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, NULL); | 1406 | X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, NULL); | |
1407 | X509_CRL_set_nextUpdate(crl, tmptm); | 1407 | X509_CRL_set_nextUpdate(crl, tmptm); | |
1408 | 1408 | |||
1409 | ASN1_TIME_free(tmptm); | 1409 | ASN1_TIME_free(tmptm); | |
1410 | 1410 | |||
1411 | for (i=0; i<sk_PSTRING_num(db->db->data); i++) | 1411 | for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) | |
1412 | { | 1412 | { | |
1413 | pp=sk_PSTRING_value(db->db->data,i); | 1413 | pp=sk_OPENSSL_PSTRING_value(db->db->data,i); | |
1414 | if (pp[DB_type][0] == DB_TYPE_REV) | 1414 | if (pp[DB_type][0] == DB_TYPE_REV) | |
1415 | { | 1415 | { | |
1416 | if ((r=X509_REVOKED_new()) == NULL) goto err; | 1416 | if ((r=X509_REVOKED_new()) == NULL) goto err; | |
1417 | j = make_revoked(r, pp[DB_rev_date]); | 1417 | j = make_revoked(r, pp[DB_rev_date]); | |
1418 | if (!j) goto err; | 1418 | if (!j) goto err; | |
1419 | if (j == 2) crl_v2 = 1; | 1419 | if (j == 2) crl_v2 = 1; | |
1420 | if (!BN_hex2bn(&serial, pp[DB_serial])) | 1420 | if (!BN_hex2bn(&serial, pp[DB_serial])) | |
1421 | goto err; | 1421 | goto err; | |
1422 | tmpser = BN_to_ASN1_INTEGER(serial, NULL); | 1422 | tmpser = BN_to_ASN1_INTEGER(serial, NULL); | |
1423 | BN_free(serial); | 1423 | BN_free(serial); | |
1424 | serial = NULL; | 1424 | serial = NULL; | |
1425 | if (!tmpser) | 1425 | if (!tmpser) | |
1426 | goto err; | 1426 | goto err; | |
@@ -1675,29 +1675,29 @@ static int do_body(X509 **xret, EVP_PKEY | @@ -1675,29 +1675,29 @@ static int do_body(X509 **xret, EVP_PKEY | |||
1675 | { | 1675 | { | |
1676 | X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; | 1676 | X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; | |
1677 | ASN1_UTCTIME *tm,*tmptm; | 1677 | ASN1_UTCTIME *tm,*tmptm; | |
1678 | ASN1_STRING *str,*str2; | 1678 | ASN1_STRING *str,*str2; | |
1679 | ASN1_OBJECT *obj; | 1679 | ASN1_OBJECT *obj; | |
1680 | X509 *ret=NULL; | 1680 | X509 *ret=NULL; | |
1681 | X509_CINF *ci; | 1681 | X509_CINF *ci; | |
1682 | X509_NAME_ENTRY *ne; | 1682 | X509_NAME_ENTRY *ne; | |
1683 | X509_NAME_ENTRY *tne,*push; | 1683 | X509_NAME_ENTRY *tne,*push; | |
1684 | EVP_PKEY *pktmp; | 1684 | EVP_PKEY *pktmp; | |
1685 | int ok= -1,i,j,last,nid; | 1685 | int ok= -1,i,j,last,nid; | |
1686 | const char *p; | 1686 | const char *p; | |
1687 | CONF_VALUE *cv; | 1687 | CONF_VALUE *cv; | |
1688 | STRING row[DB_NUMBER]; | 1688 | OPENSSL_STRING row[DB_NUMBER]; | |
1689 | STRING *irow=NULL; | 1689 | OPENSSL_STRING *irow=NULL; | |
1690 | STRING *rrow=NULL; | 1690 | OPENSSL_STRING *rrow=NULL; | |
1691 | char buf[25]; | 1691 | char buf[25]; | |
1692 | 1692 | |||
1693 | tmptm=ASN1_UTCTIME_new(); | 1693 | tmptm=ASN1_UTCTIME_new(); | |
1694 | if (tmptm == NULL) | 1694 | if (tmptm == NULL) | |
1695 | { | 1695 | { | |
1696 | BIO_printf(bio_err,"malloc error\n"); | 1696 | BIO_printf(bio_err,"malloc error\n"); | |
1697 | return(0); | 1697 | return(0); | |
1698 | } | 1698 | } | |
1699 | 1699 | |||
1700 | for (i=0; i<DB_NUMBER; i++) | 1700 | for (i=0; i<DB_NUMBER; i++) | |
1701 | row[i]=NULL; | 1701 | row[i]=NULL; | |
1702 | 1702 | |||
1703 | if (subj) | 1703 | if (subj) | |
@@ -1919,27 +1919,27 @@ again2: | @@ -1919,27 +1919,27 @@ again2: | |||
1919 | 1919 | |||
1920 | if (BN_is_zero(serial)) | 1920 | if (BN_is_zero(serial)) | |
1921 | row[DB_serial]=BUF_strdup("00"); | 1921 | row[DB_serial]=BUF_strdup("00"); | |
1922 | else | 1922 | else | |
1923 | row[DB_serial]=BN_bn2hex(serial); | 1923 | row[DB_serial]=BN_bn2hex(serial); | |
1924 | if (row[DB_serial] == NULL) | 1924 | if (row[DB_serial] == NULL) | |
1925 | { | 1925 | { | |
1926 | BIO_printf(bio_err,"Memory allocation failure\n"); | 1926 | BIO_printf(bio_err,"Memory allocation failure\n"); | |
1927 | goto err; | 1927 | goto err; | |
1928 | } | 1928 | } | |
1929 | 1929 | |||
1930 | if (db->attributes.unique_subject) | 1930 | if (db->attributes.unique_subject) | |
1931 | { | 1931 | { | |
1932 | STRING *crow=row; | 1932 | OPENSSL_STRING *crow=row; | |
1933 | 1933 | |||
1934 | rrow=TXT_DB_get_by_index(db->db,DB_name,crow); | 1934 | rrow=TXT_DB_get_by_index(db->db,DB_name,crow); | |
1935 | if (rrow != NULL) | 1935 | if (rrow != NULL) | |
1936 | { | 1936 | { | |
1937 | BIO_printf(bio_err, | 1937 | BIO_printf(bio_err, | |
1938 | "ERROR:There is already a certificate for %s\n", | 1938 | "ERROR:There is already a certificate for %s\n", | |
1939 | row[DB_name]); | 1939 | row[DB_name]); | |
1940 | } | 1940 | } | |
1941 | } | 1941 | } | |
1942 | if (rrow == NULL) | 1942 | if (rrow == NULL) | |
1943 | { | 1943 | { | |
1944 | rrow=TXT_DB_get_by_index(db->db,DB_serial,row); | 1944 | rrow=TXT_DB_get_by_index(db->db,DB_serial,row); | |
1945 | if (rrow != NULL) | 1945 | if (rrow != NULL) | |
@@ -2622,29 +2622,29 @@ static int do_updatedb (CA_DB *db) | @@ -2622,29 +2622,29 @@ static int do_updatedb (CA_DB *db) | |||
2622 | { | 2622 | { | |
2623 | cnt = -1; | 2623 | cnt = -1; | |
2624 | goto err; | 2624 | goto err; | |
2625 | } | 2625 | } | |
2626 | 2626 | |||
2627 | memcpy(a_tm_s, a_tm->data, a_tm->length); | 2627 | memcpy(a_tm_s, a_tm->data, a_tm->length); | |
2628 | a_tm_s[a_tm->length] = '\0'; | 2628 | a_tm_s[a_tm->length] = '\0'; | |
2629 | 2629 | |||
2630 | if (strncmp(a_tm_s, "49", 2) <= 0) | 2630 | if (strncmp(a_tm_s, "49", 2) <= 0) | |
2631 | a_y2k = 1; | 2631 | a_y2k = 1; | |
2632 | else | 2632 | else | |
2633 | a_y2k = 0; | 2633 | a_y2k = 0; | |
2634 | 2634 | |||
2635 | for (i = 0; i < sk_PSTRING_num(db->db->data); i++) | 2635 | for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) | |
2636 | { | 2636 | { | |
2637 | rrow = sk_PSTRING_value(db->db->data, i); | 2637 | rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); | |
2638 | 2638 | |||
2639 | if (rrow[DB_type][0] == 'V') | 2639 | if (rrow[DB_type][0] == 'V') | |
2640 | { | 2640 | { | |
2641 | /* ignore entries that are not valid */ | 2641 | /* ignore entries that are not valid */ | |
2642 | if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) | 2642 | if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) | |
2643 | db_y2k = 1; | 2643 | db_y2k = 1; | |
2644 | else | 2644 | else | |
2645 | db_y2k = 0; | 2645 | db_y2k = 0; | |
2646 | 2646 | |||
2647 | if (db_y2k == a_y2k) | 2647 | if (db_y2k == a_y2k) | |
2648 | { | 2648 | { | |
2649 | /* all on the same y2k side */ | 2649 | /* all on the same y2k side */ | |
2650 | if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) | 2650 | if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) |
--- src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c 2009/07/19 23:30:39 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c 2009/08/05 18:38:21 1.3
@@ -341,54 +341,63 @@ static char *dlfcn_merger(DSO *dso, cons | @@ -341,54 +341,63 @@ static char *dlfcn_merger(DSO *dso, cons | |||
341 | if(!merged) | 341 | if(!merged) | |
342 | { | 342 | { | |
343 | DSOerr(DSO_F_DLFCN_MERGER, | 343 | DSOerr(DSO_F_DLFCN_MERGER, | |
344 | ERR_R_MALLOC_FAILURE); | 344 | ERR_R_MALLOC_FAILURE); | |
345 | return(NULL); | 345 | return(NULL); | |
346 | } | 346 | } | |
347 | strcpy(merged, filespec2); | 347 | strcpy(merged, filespec2); | |
348 | merged[spec2len] = '/'; | 348 | merged[spec2len] = '/'; | |
349 | strcpy(&merged[spec2len + 1], filespec1); | 349 | strcpy(&merged[spec2len + 1], filespec1); | |
350 | } | 350 | } | |
351 | return(merged); | 351 | return(merged); | |
352 | } | 352 | } | |
353 | 353 | |||
354 | #ifdef OPENSSL_SYS_MACOSX | |||
355 | #define DSO_ext ".dylib" | |||
356 | #define DSO_extlen 6 | |||
357 | #else | |||
358 | #define DSO_ext ".so" | |||
359 | #define DSO_extlen 3 | |||
360 | #endif | |||
361 | ||||
362 | ||||
354 | static char *dlfcn_name_converter(DSO *dso, const char *filename) | 363 | static char *dlfcn_name_converter(DSO *dso, const char *filename) | |
355 | { | 364 | { | |
356 | char *translated; | 365 | char *translated; | |
357 | int len, rsize, transform; | 366 | int len, rsize, transform; | |
358 | 367 | |||
359 | len = strlen(filename); | 368 | len = strlen(filename); | |
360 | rsize = len + 1; | 369 | rsize = len + 1; | |
361 | transform = (strstr(filename, "/") == NULL); | 370 | transform = (strstr(filename, "/") == NULL); | |
362 | if(transform) | 371 | if(transform) | |
363 | { | 372 | { | |
364 | /* We will convert this to "%s.so" or "lib%s.so" */ | 373 | /* We will convert this to "%s.so" or "lib%s.so" etc */ | |
365 | rsize += 3; /* The length of ".so" */ | 374 | rsize += DSO_extlen; /* The length of ".so" */ | |
366 | if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) | 375 | if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) | |
367 | rsize += 3; /* The length of "lib" */ | 376 | rsize += 3; /* The length of "lib" */ | |
368 | } | 377 | } | |
369 | translated = OPENSSL_malloc(rsize); | 378 | translated = OPENSSL_malloc(rsize); | |
370 | if(translated == NULL) | 379 | if(translated == NULL) | |
371 | { | 380 | { | |
372 | DSOerr(DSO_F_DLFCN_NAME_CONVERTER, | 381 | DSOerr(DSO_F_DLFCN_NAME_CONVERTER, | |
373 | DSO_R_NAME_TRANSLATION_FAILED); | 382 | DSO_R_NAME_TRANSLATION_FAILED); | |
374 | return(NULL); | 383 | return(NULL); | |
375 | } | 384 | } | |
376 | if(transform) | 385 | if(transform) | |
377 | { | 386 | { | |
378 | if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) | 387 | if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) | |
379 | snprintf(translated, rsize, "lib%s.so", filename); | 388 | snprintf(translated, rsize, "lib%s" DSO_ext, filename); | |
380 | else | 389 | else | |
381 | snprintf(translated, rsize, "%s.so", filename); | 390 | snprintf(translated, rsize, "%s" DSO_ext, filename); | |
382 | } | 391 | } | |
383 | else | 392 | else | |
384 | snprintf(translated, rsize, "%s", filename); | 393 | snprintf(translated, rsize, "%s", filename); | |
385 | return(translated); | 394 | return(translated); | |
386 | } | 395 | } | |
387 | 396 | |||
388 | #ifdef __sgi | 397 | #ifdef __sgi | |
389 | /* | 398 | /* | |
390 | This is a quote from IRIX manual for dladdr(3c): | 399 | This is a quote from IRIX manual for dladdr(3c): | |
391 | 400 | |||
392 | <dlfcn.h> does not contain a prototype for dladdr or definition of | 401 | <dlfcn.h> does not contain a prototype for dladdr or definition of | |
393 | Dl_info. The #include <dlfcn.h> in the SYNOPSIS line is traditional, | 402 | Dl_info. The #include <dlfcn.h> in the SYNOPSIS line is traditional, | |
394 | but contains no dladdr prototype and no IRIX library contains an | 403 | but contains no dladdr prototype and no IRIX library contains an |
--- src/crypto/external/bsd/openssl/dist/crypto/engine/Attic/eng_cryptodev.c 2009/07/19 23:30:39 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/engine/Attic/eng_cryptodev.c 2009/08/05 18:38:21 1.3
@@ -23,27 +23,27 @@ | @@ -23,27 +23,27 @@ | |||
23 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 23 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | |
24 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | * | 27 | * | |
28 | */ | 28 | */ | |
29 | 29 | |||
30 | #include <openssl/objects.h> | 30 | #include <openssl/objects.h> | |
31 | #include <openssl/engine.h> | 31 | #include <openssl/engine.h> | |
32 | #include <openssl/evp.h> | 32 | #include <openssl/evp.h> | |
33 | #include <openssl/bn.h> | 33 | #include <openssl/bn.h> | |
34 | 34 | |||
35 | #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ | 35 | #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ | |
36 | (defined(OpenBSD) || defined(__FreeBSD_version)) | 36 | (defined(OpenBSD) || defined(__FreeBSD__)) | |
37 | #include <sys/param.h> | 37 | #include <sys/param.h> | |
38 | # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || defined(__NetBSD__) | 38 | # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || defined(__NetBSD__) | |
39 | # define HAVE_CRYPTODEV | 39 | # define HAVE_CRYPTODEV | |
40 | # endif | 40 | # endif | |
41 | # if (OpenBSD >= 200110) | 41 | # if (OpenBSD >= 200110) | |
42 | # define HAVE_SYSLOG_R | 42 | # define HAVE_SYSLOG_R | |
43 | # endif | 43 | # endif | |
44 | #endif | 44 | #endif | |
45 | 45 | |||
46 | #ifndef HAVE_CRYPTODEV | 46 | #ifndef HAVE_CRYPTODEV | |
47 | 47 | |||
48 | void | 48 | void | |
49 | ENGINE_load_cryptodev(void) | 49 | ENGINE_load_cryptodev(void) | |
@@ -76,27 +76,27 @@ struct dev_crypto_state { | @@ -76,27 +76,27 @@ struct dev_crypto_state { | |||
76 | unsigned char digest_res[HASH_MAX_LEN]; | 76 | unsigned char digest_res[HASH_MAX_LEN]; | |
77 | char *mac_data; | 77 | char *mac_data; | |
78 | int mac_len; | 78 | int mac_len; | |
79 | 79 | |||
80 | int copy; | 80 | int copy; | |
81 | #endif | 81 | #endif | |
82 | }; | 82 | }; | |
83 | 83 | |||
84 | static u_int32_t cryptodev_asymfeat = 0; | 84 | static u_int32_t cryptodev_asymfeat = 0; | |
85 | 85 | |||
86 | static int open_dev_crypto(void); | 86 | static int open_dev_crypto(void); | |
87 | static int get_dev_crypto(void); | 87 | static int get_dev_crypto(void); | |
88 | static int get_cryptodev_ciphers(const int **cnids); | 88 | static int get_cryptodev_ciphers(const int **cnids); | |
89 | static int get_cryptodev_digests(const int **cnids); | 89 | /*static int get_cryptodev_digests(const int **cnids);*/ | |
90 | static int cryptodev_usable_ciphers(const int **nids); | 90 | static int cryptodev_usable_ciphers(const int **nids); | |
91 | static int cryptodev_usable_digests(const int **nids); | 91 | static int cryptodev_usable_digests(const int **nids); | |
92 | static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 92 | static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
93 | const unsigned char *in, size_t inl); | 93 | const unsigned char *in, size_t inl); | |
94 | static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 94 | static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
95 | const unsigned char *iv, int enc); | 95 | const unsigned char *iv, int enc); | |
96 | static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); | 96 | static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); | |
97 | static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | 97 | static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |
98 | const int **nids, int nid); | 98 | const int **nids, int nid); | |
99 | static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | 99 | static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | |
100 | const int **nids, int nid); | 100 | const int **nids, int nid); | |
101 | static int bn2crparam(const BIGNUM *a, struct crparam *crp); | 101 | static int bn2crparam(const BIGNUM *a, struct crparam *crp); | |
102 | static int crparam2bn(struct crparam *crp, BIGNUM *a); | 102 | static int crparam2bn(struct crparam *crp, BIGNUM *a); | |
@@ -114,65 +114,67 @@ static int cryptodev_dsa_bn_mod_exp(DSA | @@ -114,65 +114,67 @@ static int cryptodev_dsa_bn_mod_exp(DSA | |||
114 | static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | 114 | static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | |
115 | BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | 115 | BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | |
116 | BN_CTX *ctx, BN_MONT_CTX *mont); | 116 | BN_CTX *ctx, BN_MONT_CTX *mont); | |
117 | static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, | 117 | static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, | |
118 | int dlen, DSA *dsa); | 118 | int dlen, DSA *dsa); | |
119 | static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, | 119 | static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, | |
120 | DSA_SIG *sig, DSA *dsa); | 120 | DSA_SIG *sig, DSA *dsa); | |
121 | static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | 121 | static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | |
122 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | 122 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | |
123 | BN_MONT_CTX *m_ctx); | 123 | BN_MONT_CTX *m_ctx); | |
124 | static int cryptodev_dh_compute_key(unsigned char *key, | 124 | static int cryptodev_dh_compute_key(unsigned char *key, | |
125 | const BIGNUM *pub_key, DH *dh); | 125 | const BIGNUM *pub_key, DH *dh); | |
126 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | 126 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | |
127 | void (*f)()); | 127 | void (*f)(void)); | |
128 | void ENGINE_load_cryptodev(void); | 128 | void ENGINE_load_cryptodev(void); | |
129 | 129 | |||
130 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | 130 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | |
131 | { 0, NULL, NULL, 0 } | 131 | { 0, NULL, NULL, 0 } | |
132 | }; | 132 | }; | |
133 | 133 | |||
134 | static struct { | 134 | static struct { | |
135 | int id; | 135 | int id; | |
136 | int nid; | 136 | int nid; | |
137 | int ivmax; | 137 | int ivmax; | |
138 | int keylen; | 138 | int keylen; | |
139 | } ciphers[] = { | 139 | } ciphers[] = { | |
140 | { CRYPTO_ARC4, NID_rc4, 0, 16, }, | 140 | { CRYPTO_ARC4, NID_rc4, 0, 16, }, | |
141 | { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | 141 | { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | |
142 | { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | 142 | { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | |
143 | { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | 143 | { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | |
144 | { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, | 144 | { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, | |
145 | { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, | 145 | { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, | |
146 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | 146 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | |
147 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | 147 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | |
148 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, | 148 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, | |
149 | { 0, NID_undef, 0, 0, }, | 149 | { 0, NID_undef, 0, 0, }, | |
150 | }; | 150 | }; | |
151 | 151 | |||
152 | #if 0 /* not (yet?) used */ | |||
152 | static struct { | 153 | static struct { | |
153 | int id; | 154 | int id; | |
154 | int nid; | 155 | int nid; | |
155 | int keylen; | 156 | int keylen; | |
156 | } digests[] = { | 157 | } digests[] = { | |
157 | { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, | 158 | { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, | |
158 | { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, | 159 | { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, | |
159 | { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, | 160 | { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, | |
160 | { CRYPTO_MD5_KPDK, NID_undef, 0}, | 161 | { CRYPTO_MD5_KPDK, NID_undef, 0}, | |
161 | { CRYPTO_SHA1_KPDK, NID_undef, 0}, | 162 | { CRYPTO_SHA1_KPDK, NID_undef, 0}, | |
162 | { CRYPTO_MD5, NID_md5, 16}, | 163 | { CRYPTO_MD5, NID_md5, 16}, | |
163 | { CRYPTO_SHA1, NID_sha1, 20}, | 164 | { CRYPTO_SHA1, NID_sha1, 20}, | |
164 | { 0, NID_undef, 0}, | 165 | { 0, NID_undef, 0}, | |
165 | }; | 166 | }; | |
167 | #endif /* 0 */ | |||
166 | 168 | |||
167 | /* | 169 | /* | |
168 | * Return a fd if /dev/crypto seems usable, 0 otherwise. | 170 | * Return a fd if /dev/crypto seems usable, 0 otherwise. | |
169 | */ | 171 | */ | |
170 | static int | 172 | static int | |
171 | open_dev_crypto(void) | 173 | open_dev_crypto(void) | |
172 | { | 174 | { | |
173 | static int fd = -1; | 175 | static int fd = -1; | |
174 | 176 | |||
175 | if (fd == -1) { | 177 | if (fd == -1) { | |
176 | if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) | 178 | if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) | |
177 | return (-1); | 179 | return (-1); | |
178 | /* close on exec */ | 180 | /* close on exec */ | |
@@ -231,26 +233,27 @@ get_cryptodev_ciphers(const int **cnids) | @@ -231,26 +233,27 @@ get_cryptodev_ciphers(const int **cnids) | |||
231 | if (count > 0) | 233 | if (count > 0) | |
232 | *cnids = nids; | 234 | *cnids = nids; | |
233 | else | 235 | else | |
234 | *cnids = NULL; | 236 | *cnids = NULL; | |
235 | return (count); | 237 | return (count); | |
236 | } | 238 | } | |
237 | 239 | |||
238 | /* | 240 | /* | |
239 | * Find out what digests /dev/crypto will let us have a session for. | 241 | * Find out what digests /dev/crypto will let us have a session for. | |
240 | * XXX note, that some of these openssl doesn't deal with yet! | 242 | * XXX note, that some of these openssl doesn't deal with yet! | |
241 | * returning them here is harmless, as long as we return NULL | 243 | * returning them here is harmless, as long as we return NULL | |
242 | * when asked for a handler in the cryptodev_engine_digests routine | 244 | * when asked for a handler in the cryptodev_engine_digests routine | |
243 | */ | 245 | */ | |
246 | #if 0 /* not (yet?) used */ | |||
244 | static int | 247 | static int | |
245 | get_cryptodev_digests(const int **cnids) | 248 | get_cryptodev_digests(const int **cnids) | |
246 | { | 249 | { | |
247 | static int nids[CRYPTO_ALGORITHM_MAX]; | 250 | static int nids[CRYPTO_ALGORITHM_MAX]; | |
248 | struct session_op sess; | 251 | struct session_op sess; | |
249 | int fd, i, count = 0; | 252 | int fd, i, count = 0; | |
250 | 253 | |||
251 | if ((fd = get_dev_crypto()) < 0) { | 254 | if ((fd = get_dev_crypto()) < 0) { | |
252 | *cnids = NULL; | 255 | *cnids = NULL; | |
253 | return (0); | 256 | return (0); | |
254 | } | 257 | } | |
255 | memset(&sess, 0, sizeof(sess)); | 258 | memset(&sess, 0, sizeof(sess)); | |
256 | sess.mackey = (void *)"123456789abcdefghijklmno"; | 259 | sess.mackey = (void *)"123456789abcdefghijklmno"; | |
@@ -261,26 +264,27 @@ get_cryptodev_digests(const int **cnids) | @@ -261,26 +264,27 @@ get_cryptodev_digests(const int **cnids) | |||
261 | sess.mackeylen = digests[i].keylen; | 264 | sess.mackeylen = digests[i].keylen; | |
262 | sess.cipher = 0; | 265 | sess.cipher = 0; | |
263 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | 266 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | |
264 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | 267 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | |
265 | nids[count++] = digests[i].nid; | 268 | nids[count++] = digests[i].nid; | |
266 | } | 269 | } | |
267 | 270 | |||
268 | if (count > 0) | 271 | if (count > 0) | |
269 | *cnids = nids; | 272 | *cnids = nids; | |
270 | else | 273 | else | |
271 | *cnids = NULL; | 274 | *cnids = NULL; | |
272 | return (count); | 275 | return (count); | |
273 | } | 276 | } | |
277 | #endif /* 0 */ | |||
274 | 278 | |||
275 | /* | 279 | /* | |
276 | * Find the useable ciphers|digests from dev/crypto - this is the first | 280 | * Find the useable ciphers|digests from dev/crypto - this is the first | |
277 | * thing called by the engine init crud which determines what it | 281 | * thing called by the engine init crud which determines what it | |
278 | * can use for ciphers from this engine. We want to return | 282 | * can use for ciphers from this engine. We want to return | |
279 | * only what we can do, anythine else is handled by software. | 283 | * only what we can do, anythine else is handled by software. | |
280 | * | 284 | * | |
281 | * If we can't initialize the device to do anything useful for | 285 | * If we can't initialize the device to do anything useful for | |
282 | * any reason, we want to return a NULL array, and 0 length, | 286 | * any reason, we want to return a NULL array, and 0 length, | |
283 | * which forces everything to be done is software. By putting | 287 | * which forces everything to be done is software. By putting | |
284 | * the initalization of the device in here, we ensure we can | 288 | * the initalization of the device in here, we ensure we can | |
285 | * use this engine as the default, and if for whatever reason | 289 | * use this engine as the default, and if for whatever reason | |
286 | * /dev/crypto won't do what we want it will just be done in | 290 | * /dev/crypto won't do what we want it will just be done in | |
@@ -319,80 +323,80 @@ cryptodev_usable_digests(const int **nid | @@ -319,80 +323,80 @@ cryptodev_usable_digests(const int **nid | |||
319 | */ | 323 | */ | |
320 | *nids = NULL; | 324 | *nids = NULL; | |
321 | return (0); | 325 | return (0); | |
322 | #endif | 326 | #endif | |
323 | } | 327 | } | |
324 | 328 | |||
325 | static int | 329 | static int | |
326 | cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 330 | cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
327 | const unsigned char *in, size_t inl) | 331 | const unsigned char *in, size_t inl) | |
328 | { | 332 | { | |
329 | struct crypt_op cryp; | 333 | struct crypt_op cryp; | |
330 | struct dev_crypto_state *state = ctx->cipher_data; | 334 | struct dev_crypto_state *state = ctx->cipher_data; | |
331 | struct session_op *sess = &state->d_sess; | 335 | struct session_op *sess = &state->d_sess; | |
332 | void *iiv; | 336 | const void *iiv; | |
333 | unsigned char save_iv[EVP_MAX_IV_LENGTH]; | 337 | unsigned char save_iv[EVP_MAX_IV_LENGTH]; | |
334 | 338 | |||
335 | if (state->d_fd < 0) | 339 | if (state->d_fd < 0) | |
336 | return (0); | 340 | return (0); | |
337 | if (!inl) | 341 | if (!inl) | |
338 | return (1); | 342 | return (1); | |
339 | if ((inl % ctx->cipher->block_size) != 0) | 343 | if ((inl % ctx->cipher->block_size) != 0) | |
340 | return (0); | 344 | return (0); | |
341 | 345 | |||
342 | memset(&cryp, 0, sizeof(cryp)); | 346 | memset(&cryp, 0, sizeof(cryp)); | |
343 | 347 | |||
344 | cryp.ses = sess->ses; | 348 | cryp.ses = sess->ses; | |
345 | cryp.flags = 0; | 349 | cryp.flags = 0; | |
346 | cryp.len = inl; | 350 | cryp.len = inl; | |
347 | cryp.src = (void *) in; | 351 | cryp.src = (void *) in; | |
348 | cryp.dst = (void *) out; | 352 | cryp.dst = (void *) out; | |
349 | cryp.mac = 0; | 353 | cryp.mac = 0; | |
350 | 354 | |||
351 | cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | 355 | cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | |
352 | 356 | |||
353 | if (ctx->cipher->iv_len) { | 357 | if (ctx->cipher->iv_len) { | |
354 | cryp.iv = (void *) ctx->iv; | 358 | cryp.iv = (void *) ctx->iv; | |
355 | if (!ctx->encrypt) { | 359 | if (!ctx->encrypt) { | |
356 | iiv = (char *) in + inl - ctx->cipher->iv_len; | 360 | iiv = in + inl - ctx->cipher->iv_len; | |
357 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | 361 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | |
358 | } | 362 | } | |
359 | } else | 363 | } else | |
360 | cryp.iv = NULL; | 364 | cryp.iv = NULL; | |
361 | 365 | |||
362 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { | 366 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { | |
363 | /* XXX need better errror handling | 367 | /* XXX need better errror handling | |
364 | * this can fail for a number of different reasons. | 368 | * this can fail for a number of different reasons. | |
365 | */ | 369 | */ | |
366 | return (0); | 370 | return (0); | |
367 | } | 371 | } | |
368 | 372 | |||
369 | if (ctx->cipher->iv_len) { | 373 | if (ctx->cipher->iv_len) { | |
370 | if (ctx->encrypt) | 374 | if (ctx->encrypt) | |
371 | iiv = (char *) out + inl - ctx->cipher->iv_len; | 375 | iiv = out + inl - ctx->cipher->iv_len; | |
372 | else | 376 | else | |
373 | iiv = save_iv; | 377 | iiv = save_iv; | |
374 | memcpy(ctx->iv, iiv, ctx->cipher->iv_len); | 378 | memcpy(ctx->iv, iiv, ctx->cipher->iv_len); | |
375 | } | 379 | } | |
376 | return (1); | 380 | return (1); | |
377 | } | 381 | } | |
378 | 382 | |||
379 | static int | 383 | static int | |
380 | cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 384 | cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
381 | const unsigned char *iv, int enc) | 385 | const unsigned char *iv, int enc) | |
382 | { | 386 | { | |
383 | struct dev_crypto_state *state = ctx->cipher_data; | 387 | struct dev_crypto_state *state = ctx->cipher_data; | |
384 | struct session_op *sess = &state->d_sess; | 388 | struct session_op *sess = &state->d_sess; | |
385 | int cipher, i; | 389 | int cipher = -1, i; | |
386 | 390 | |||
387 | for (i = 0; ciphers[i].id; i++) | 391 | for (i = 0; ciphers[i].id; i++) | |
388 | if (ctx->cipher->nid == ciphers[i].nid && | 392 | if (ctx->cipher->nid == ciphers[i].nid && | |
389 | ctx->cipher->iv_len <= ciphers[i].ivmax && | 393 | ctx->cipher->iv_len <= ciphers[i].ivmax && | |
390 | ctx->key_len == ciphers[i].keylen) { | 394 | ctx->key_len == ciphers[i].keylen) { | |
391 | cipher = ciphers[i].id; | 395 | cipher = ciphers[i].id; | |
392 | break; | 396 | break; | |
393 | } | 397 | } | |
394 | 398 | |||
395 | if (!ciphers[i].id) { | 399 | if (!ciphers[i].id) { | |
396 | state->d_fd = -1; | 400 | state->d_fd = -1; | |
397 | return (0); | 401 | return (0); | |
398 | } | 402 | } | |
@@ -1251,27 +1255,27 @@ static DH_METHOD cryptodev_dh = { | @@ -1251,27 +1255,27 @@ static DH_METHOD cryptodev_dh = { | |||
1251 | NULL, | 1255 | NULL, | |
1252 | NULL, | 1256 | NULL, | |
1253 | NULL, | 1257 | NULL, | |
1254 | NULL, | 1258 | NULL, | |
1255 | 0, /* flags */ | 1259 | 0, /* flags */ | |
1256 | NULL /* app_data */ | 1260 | NULL /* app_data */ | |
1257 | }; | 1261 | }; | |
1258 | 1262 | |||
1259 | /* | 1263 | /* | |
1260 | * ctrl right now is just a wrapper that doesn't do much | 1264 | * ctrl right now is just a wrapper that doesn't do much | |
1261 | * but I expect we'll want some options soon. | 1265 | * but I expect we'll want some options soon. | |
1262 | */ | 1266 | */ | |
1263 | static int | 1267 | static int | |
1264 | cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | 1268 | cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) | |
1265 | { | 1269 | { | |
1266 | #ifdef HAVE_SYSLOG_R | 1270 | #ifdef HAVE_SYSLOG_R | |
1267 | struct syslog_data sd = SYSLOG_DATA_INIT; | 1271 | struct syslog_data sd = SYSLOG_DATA_INIT; | |
1268 | #endif | 1272 | #endif | |
1269 | 1273 | |||
1270 | switch (cmd) { | 1274 | switch (cmd) { | |
1271 | default: | 1275 | default: | |
1272 | #ifdef HAVE_SYSLOG_R | 1276 | #ifdef HAVE_SYSLOG_R | |
1273 | syslog_r(LOG_ERR, &sd, | 1277 | syslog_r(LOG_ERR, &sd, | |
1274 | "cryptodev_ctrl: unknown command %d", cmd); | 1278 | "cryptodev_ctrl: unknown command %d", cmd); | |
1275 | #else | 1279 | #else | |
1276 | syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); | 1280 | syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); | |
1277 | #endif | 1281 | #endif |
--- src/crypto/external/bsd/openssl/dist/crypto/lhash/Attic/lhash.h 2009/07/19 23:30:40 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/lhash/Attic/lhash.h 2009/08/05 18:38:21 1.3
@@ -220,22 +220,22 @@ void lh_node_usage_stats_bio(const _LHAS | @@ -220,22 +220,22 @@ void lh_node_usage_stats_bio(const _LHAS | |||
220 | #define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) | 220 | #define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) | |
221 | #define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ | 221 | #define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ | |
222 | lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) | 222 | lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) | |
223 | #define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) | 223 | #define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) | |
224 | #define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) | 224 | #define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) | |
225 | #define LHM_lh_node_stats_bio(type, lh, out) \ | 225 | #define LHM_lh_node_stats_bio(type, lh, out) \ | |
226 | lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) | 226 | lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) | |
227 | #define LHM_lh_node_usage_stats_bio(type, lh, out) \ | 227 | #define LHM_lh_node_usage_stats_bio(type, lh, out) \ | |
228 | lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) | 228 | lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) | |
229 | #define LHM_lh_stats_bio(type, lh, out) \ | 229 | #define LHM_lh_stats_bio(type, lh, out) \ | |
230 | lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) | 230 | lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) | |
231 | #define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) | 231 | #define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) | |
232 | 232 | |||
233 | DECLARE_LHASH_OF(STRING); | 233 | DECLARE_LHASH_OF(OPENSSL_STRING); | |
234 | DECLARE_LHASH_OF(CSTRING); | 234 | DECLARE_LHASH_OF(OPENSSL_CSTRING); | |
235 | 235 | |||
236 | #ifdef __cplusplus | 236 | #ifdef __cplusplus | |
237 | } | 237 | } | |
238 | #endif | 238 | #endif | |
239 | 239 | |||
240 | #endif | 240 | #endif | |
241 | 241 |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c 2009/07/19 23:30:42 1.2
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c 2009/08/05 18:38:22 1.3
@@ -150,82 +150,90 @@ int ssl3_read_n(SSL *s, int n, int max, | @@ -150,82 +150,90 @@ int ssl3_read_n(SSL *s, int n, int max, | |||
150 | if (!extend) | 150 | if (!extend) | |
151 | { | 151 | { | |
152 | /* start with empty packet ... */ | 152 | /* start with empty packet ... */ | |
153 | if (left == 0) | 153 | if (left == 0) | |
154 | rb->offset = align; | 154 | rb->offset = align; | |
155 | else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) | 155 | else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) | |
156 | { | 156 | { | |
157 | /* check if next packet length is large | 157 | /* check if next packet length is large | |
158 | * enough to justify payload alignment... */ | 158 | * enough to justify payload alignment... */ | |
159 | pkt = rb->buf + rb->offset; | 159 | pkt = rb->buf + rb->offset; | |
160 | if (pkt[0] == SSL3_RT_APPLICATION_DATA | 160 | if (pkt[0] == SSL3_RT_APPLICATION_DATA | |
161 | && (pkt[3]<<8|pkt[4]) >= 128) | 161 | && (pkt[3]<<8|pkt[4]) >= 128) | |
162 | { | 162 | { | |
163 | /* Note that even if packet is corrupted | 163 | /* Note that even if packet is corrupted | |
164 | * and its length field is insane, we can | 164 | * and its length field is insane, we can | |
165 | * only be led to wrong decision about | 165 | * only be led to wrong decision about | |
166 | * whether memmove will occur or not. | 166 | * whether memmove will occur or not. | |
167 | * Header values has no effect on memmove | 167 | * Header values has no effect on memmove | |
168 | * arguments and therefore no buffer | 168 | * arguments and therefore no buffer | |
169 | * overrun can be triggered. */ | 169 | * overrun can be triggered. */ | |
170 | memmove (rb->buf+align,pkt,left); | 170 | memmove (rb->buf+align,pkt,left); | |
171 | rb->offset = align; | 171 | rb->offset = align; | |
172 | } | 172 | } | |
173 | } | 173 | } | |
174 | s->packet = rb->buf + rb->offset; | 174 | s->packet = rb->buf + rb->offset; | |
175 | s->packet_length = 0; | 175 | s->packet_length = 0; | |
176 | /* ... now we can act as if 'extend' was set */ | 176 | /* ... now we can act as if 'extend' was set */ | |
177 | } | 177 | } | |
178 | 178 | |||
179 | /* extend reads should not span multiple packets for DTLS */ | 179 | /* For DTLS/UDP reads should not span multiple packets | |
180 | if ( (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) | 180 | * because the read operation returns the whole packet | |
181 | && extend) | 181 | * at once (as long as it fits into the buffer). */ | |
182 | if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) | |||
182 | { | 183 | { | |
183 | if ( left > 0 && n > left) | 184 | if (left > 0 && n > left) | |
184 | n = left; | 185 | n = left; | |
185 | } | 186 | } | |
186 | 187 | |||
187 | /* if there is enough in the buffer from a previous read, take some */ | 188 | /* if there is enough in the buffer from a previous read, take some */ | |
188 | if (left >= n) | 189 | if (left >= n) | |
189 | { | 190 | { | |
190 | s->packet_length+=n; | 191 | s->packet_length+=n; | |
191 | rb->left=left-n; | 192 | rb->left=left-n; | |
192 | rb->offset+=n; | 193 | rb->offset+=n; | |
193 | return(n); | 194 | return(n); | |
194 | } | 195 | } | |
195 | 196 | |||
196 | /* else we need to read more data */ | 197 | /* else we need to read more data */ | |
197 | 198 | |||
198 | len = s->packet_length; | 199 | len = s->packet_length; | |
199 | pkt = rb->buf+align; | 200 | pkt = rb->buf+align; | |
200 | /* Move any available bytes to front of buffer: | 201 | /* Move any available bytes to front of buffer: | |
201 | * 'len' bytes already pointed to by 'packet', | 202 | * 'len' bytes already pointed to by 'packet', | |
202 | * 'left' extra ones at the end */ | 203 | * 'left' extra ones at the end */ | |
203 | if (s->packet != pkt) /* len > 0 */ | 204 | if (s->packet != pkt) /* len > 0 */ | |
204 | { | 205 | { | |
205 | memmove(pkt, s->packet, len+left); | 206 | memmove(pkt, s->packet, len+left); | |
206 | s->packet = pkt; | 207 | s->packet = pkt; | |
207 | rb->offset = len + align; | 208 | rb->offset = len + align; | |
208 | } | 209 | } | |
209 | 210 | |||
210 | max = rb->len - rb->offset; | 211 | if (n > (int)(rb->len - rb->offset)) /* does not happen */ | |
211 | if (n > max) /* does not happen */ | |||
212 | { | 212 | { | |
213 | SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); | 213 | SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); | |
214 | return -1; | 214 | return -1; | |
215 | } | 215 | } | |
216 | 216 | |||
217 | if (!s->read_ahead) | 217 | if (!s->read_ahead) | |
218 | max=n; | 218 | /* ignore max parameter */ | |
219 | max = n; | |||
220 | else | |||
221 | { | |||
222 | if (max < n) | |||
223 | max = n; | |||
224 | if (max > (int)(rb->len - rb->offset)) | |||
225 | max = rb->len - rb->offset; | |||
226 | } | |||
219 | 227 | |||
220 | while (left < n) | 228 | while (left < n) | |
221 | { | 229 | { | |
222 | /* Now we have len+left bytes at the front of s->s3->rbuf.buf | 230 | /* Now we have len+left bytes at the front of s->s3->rbuf.buf | |
223 | * and need to read in more until we have len+n (up to | 231 | * and need to read in more until we have len+n (up to | |
224 | * len+max if possible) */ | 232 | * len+max if possible) */ | |
225 | 233 | |||
226 | clear_sys_error(); | 234 | clear_sys_error(); | |
227 | if (s->rbio != NULL) | 235 | if (s->rbio != NULL) | |
228 | { | 236 | { | |
229 | s->rwstate=SSL_READING; | 237 | s->rwstate=SSL_READING; | |
230 | i=BIO_read(s->rbio,pkt+len+left, max-left); | 238 | i=BIO_read(s->rbio,pkt+len+left, max-left); | |
231 | } | 239 | } | |
@@ -234,26 +242,34 @@ int ssl3_read_n(SSL *s, int n, int max, | @@ -234,26 +242,34 @@ int ssl3_read_n(SSL *s, int n, int max, | |||
234 | SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); | 242 | SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); | |
235 | i = -1; | 243 | i = -1; | |
236 | } | 244 | } | |
237 | 245 | |||
238 | if (i <= 0) | 246 | if (i <= 0) | |
239 | { | 247 | { | |
240 | rb->left = left; | 248 | rb->left = left; | |
241 | if (s->mode & SSL_MODE_RELEASE_BUFFERS) | 249 | if (s->mode & SSL_MODE_RELEASE_BUFFERS) | |
242 | if (len+left == 0) | 250 | if (len+left == 0) | |
243 | ssl3_release_read_buffer(s); | 251 | ssl3_release_read_buffer(s); | |
244 | return(i); | 252 | return(i); | |
245 | } | 253 | } | |
246 | left+=i; | 254 | left+=i; | |
255 | /* reads should *never* span multiple packets for DTLS because | |||
256 | * the underlying transport protocol is message oriented as opposed | |||
257 | * to byte oriented as in the TLS case. */ | |||
258 | if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) | |||
259 | { | |||
260 | if (n > left) | |||
261 | n = left; /* makes the while condition false */ | |||
262 | } | |||
247 | } | 263 | } | |
248 | 264 | |||
249 | /* done reading, now the book-keeping */ | 265 | /* done reading, now the book-keeping */ | |
250 | rb->offset += n; | 266 | rb->offset += n; | |
251 | rb->left = left - n; | 267 | rb->left = left - n; | |
252 | s->packet_length += n; | 268 | s->packet_length += n; | |
253 | s->rwstate=SSL_NOTHING; | 269 | s->rwstate=SSL_NOTHING; | |
254 | return(n); | 270 | return(n); | |
255 | } | 271 | } | |
256 | 272 | |||
257 | /* Call this to get a new input record. | 273 | /* Call this to get a new input record. | |
258 | * It will return <= 0 if more data is needed, normally due to an error | 274 | * It will return <= 0 if more data is needed, normally due to an error | |
259 | * or non-blocking IO. | 275 | * or non-blocking IO. |