ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ag:openssl-1.1.0f
Branches Tags
ag:master ag:tcl ag:tk ag:sqlite ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6
..
compare: ag:openssl-1.1.0h
Branches Tags
ag:tcl ag:tk ag:sqlite ag:master ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6

1 Commits
openssl-1. ... openssl-1.

Author SHA1 Message Date
Steve Dower
807cee26df Import OpenSSL 1.1.0h 2018-04-13 17:45:41 +00:00
513 changed files with 11248 additions and 3603 deletions
Expand all files Collapse all files

8
.gitignore vendored
View File

@@ -27,6 +27,7 @@ Makefile
# Auto generated headers
/crypto/buildinf.h
/apps/progs.h
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd
@@ -52,12 +53,7 @@ Makefile
/test/v3ext
# Certain files that get created by tests on the fly
/test/*.ss
/test/*.srl
/test/.rnd
/test/test*.pem
/test/newkey.pem
/test/*.log
/test/test-runs
/test/buildtest_*
# Fuzz stuff.

15
.travis-apt-pin.preferences Normal file
View File

@@ -0,0 +1,15 @@
Package: clang-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang-common-3.9-dev
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang1-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libllvm3.9v4
Pin: release o=Ubuntu
Pin-Priority: -1

84
.travis.yml
View File

@@ -28,70 +28,29 @@ env:
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-ec" BUILDONLY="yes"
- CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
matrix:
include:
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
- os: linux
compiler: gcc
env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="enable-asan"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="enable-msan"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="no-stdio"
- os: linux
@@ -160,7 +119,14 @@ before_script:
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
else
if which ccache >/dev/null && [ "$CC" != clang-3.9 ]; then
if [ "$CC" == clang-3.9 ]; then
sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
sudo -E apt-get -yq update;
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
elif which ccache >/dev/null; then
CC="ccache $CC";
fi;
$srcdir/config -v $CONFIG_OPTS;
@@ -187,8 +153,24 @@ script:
else
top=.;
fi
- $make update
- $make
- if $make update; then
echo -e '+\057 MAKE UPDATE OK';
else
echo -e '+\057 MAKE UPDATE FAILED'; false;
fi;
git diff --exit-code
- if [ -n "$CHECKDOCS" ]; then
if $make doc-nits; then
echo -e '+\057\057 MAKE DOC-NITS OK';
else
echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
fi;
fi
- if $make ; then
echo -e '+\057\057\057 MAKE OK';
else
echo -e '+\057\057\057 MAKE FAILED'; false;
fi;
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
sudo apt-get -yq install wine;
@@ -196,11 +178,19 @@ script:
fi;
HARNESS_VERBOSE=yes make test;
else
$make build_tests;
if $make build_tests; then
echo -e '+\057\057\075 MAKE BUILD_TESTS OK';
else
echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false;
fi;
fi
- if [ -n "$DESTDIR" ]; then
mkdir "../$DESTDIR";
$make install install_docs DESTDIR="../$DESTDIR";
if $make install install_docs DESTDIR="../$DESTDIR"; then
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
else
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
fi;
fi
- cd $top

125
CHANGES
View File

@@ -2,6 +2,124 @@
OpenSSL CHANGES
_______________
This is a high-level summary of the most important changes.
For a full list of changes, see the git commit log; for example,
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
*) Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be found
in PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There
are no such structures used within SSL/TLS that come from untrusted sources
so this is considered safe.
This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
project.
(CVE-2018-0739)
[Matt Caswell]
*) Incorrect CRYPTO_memcmp on HP-UX PA-RISC
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each
byte. This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the
security claims of the scheme. The module can only be compiled by the
HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg
(IBM).
(CVE-2018-0733)
[Andy Polyakov]
*) Add a build target 'build_all_generated', to build all generated files
and only that. This can be used to prepare everything that requires
things like perl for a system that lacks perl and then move everything
to that system and do the rest of the build there.
[Richard Levitte]
*) Backport SSL_OP_NO_RENGOTIATION
OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
(undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
changes this is no longer possible in 1.1.0. Therefore the new
SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
1.1.0 to provide equivalent functionality.
Note that if an application built against 1.1.0h headers (or above) is run
using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
accepted but nothing will happen, i.e. renegotiation will not be prevented.
[Matt Caswell]
*) Removed the OS390-Unix config target. It relied on a script that doesn't
exist.
[Rich Salz]
*) rsaz_1024_mul_avx2 overflow bug on x86_64
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be
significant. However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
This issue was reported to OpenSSL by David Benjamin (Google). The issue
was originally found via the OSS-Fuzz project.
(CVE-2017-3738)
[Andy Polyakov]
Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3736)
[Andy Polyakov]
*) Malformed X.509 IPAddressFamily could cause OOB read
If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3735)
[Rich Salz]
*) Ignore the '-named_curve auto' value for compatibility of applications
with OpenSSL 1.0.2.
[Tomas Mraz <tmraz@fedoraproject.org>]
*) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
[Emilia Käsper]
Changes between 1.1.0e and 1.1.0f [25 May 2017]
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
@@ -2944,8 +3062,11 @@
to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson]
*) Add SRP support.
[Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
*) A long standing patch to add support for SRP from EdelWeb (Peter
Sylvester and Christophe Renou) was integrated.
[Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
<peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]

44
Configurations/10-main.conf
View File

@@ -204,6 +204,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3 -fomit-frame-pointer"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
bn_ops => "BN_LLONG",
shared_cflag => "-fPIC",
shared_ldflag => "-shared -static-libgcc",
@@ -223,6 +224,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
perlasm_scheme => "elf",
shared_cflag => "-fPIC",
@@ -268,6 +270,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
bn_ops => "BN_LLONG RC4_CHAR",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
@@ -432,7 +435,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add("-Wl,+s -ldld"),
ex_libs => add("-Wl,+s -ldld", threads("-pthread")),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dl",
@@ -551,7 +554,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add("-ldl"),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -568,7 +571,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add("-ldl"),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -583,7 +586,7 @@ sub vms_info {
"MPE/iX-gcc" => {
inherit_from => [ "BASE_unix" ],
cc => "gcc",
cflags => "-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB",
cflags => "-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB",
sys_id => "MPE",
ex_libs => add("-L/SYSLOG/PUB -lsyslog -lsocket -lcurses"),
thread_scheme => "(unknown)",
@@ -599,7 +602,7 @@ sub vms_info {
cc => "gcc",
cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3",
threads("-pthread")),
ex_libs => "-lrt", # for mlock(2)
ex_libs => add("-lrt", threads("-pthread")), # for mlock(2)
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -611,7 +614,7 @@ sub vms_info {
cc => "cc",
cflags => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings",
threads("-pthread")),
ex_libs => "-lrt", # for mlock(2)
ex_libs => add("-lrt", threads("-pthread")), # for mlock(2)
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -632,7 +635,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add("-ldl"),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "BN_LLONG RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -896,7 +899,7 @@ sub vms_info {
#
# ANDROID_NDK=/some/where/android-ndk-10d
# CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm
# CROSS_COMPILE=arm-linux-adroideabi-
# CROSS_COMPILE=arm-linux-androideabi-
# PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin
#
"android" => {
@@ -1177,6 +1180,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
sys_id => "AIX",
bn_ops => "BN_LLONG RC4_CHAR",
thread_scheme => "pthreads",
@@ -1194,6 +1198,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
sys_id => "AIX",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
thread_scheme => "pthreads",
@@ -1251,18 +1256,6 @@ sub vms_info {
thread_scheme => "(unknown)",
},
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
# You need to compile using the c89.sh wrapper in the tools directory, because the
# IBM compiler does not like the -L switch after any object modules.
#
"OS390-Unix" => {
inherit_from => [ "BASE_unix" ],
cc => "c89.sh",
cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE",
bn_ops => "THIRTY_TWO_BIT RC4_CHAR",
thread_scheme => "(unknown)",
},
#### Visual C targets
#
# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
@@ -1590,6 +1583,7 @@ sub vms_info {
inherit_from => [ "darwin-common", asm("ppc32_asm") ],
cflags => add("-arch ppc -std=gnu9x -DB_ENDIAN -Wa,-force_cpusubtype_ALL"),
perlasm_scheme => "osx32",
shared_cflag => add("-fno-common"),
shared_ldflag => "-arch ppc -dynamiclib",
},
"darwin64-ppc-cc" => {
@@ -1659,7 +1653,7 @@ sub vms_info {
cc => "gcc",
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
threads("-pthread")),
ex_libs => add("-ldl"),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -1735,9 +1729,7 @@ sub vms_info {
"uClinux-dist" => {
inherit_from => [ "BASE_unix" ],
cc => "$ENV{'CC'}",
cflags => combine("\$(CFLAGS)",
threads("-D_REENTRANT")),
plib_lflags => "\$(LDFLAGS)",
cflags => combine(threads("-D_REENTRANT")),
ex_libs => add("\$(LDLIBS)"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
@@ -1751,9 +1743,7 @@ sub vms_info {
"uClinux-dist64" => {
inherit_from => [ "BASE_unix" ],
cc => "$ENV{'CC'}",
cflags => combine("\$(CFLAGS)",
threads("-D_REENTRANT")),
plib_lflags => "\$(LDFLAGS)",
cflags => combine(threads("-D_REENTRANT")),
ex_libs => add("\$(LDLIBS)"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",

27
Configurations/README
View File

@@ -18,10 +18,14 @@ configuration in diverse ways:
Configurations of OpenSSL target platforms
==========================================
Target configurations are a collection of facts that we know about
Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
@@ -86,6 +90,27 @@ In each table entry, the following keys are significant:
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to upper case
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known

6
Configurations/common.tmpl
View File

@@ -52,8 +52,7 @@
generator_incs => $unified_info{includes}->{$script},
generator_deps => $unified_info{depends}->{$script},
deps => $unified_info{depends}->{$src},
incs => [ @{$unified_info{includes}->{$bin}},
@{$unified_info{includes}->{$obj}} ],
incs => $unified_info{includes}->{$obj},
%opts);
foreach (@{$unified_info{depends}->{$src}}) {
dogenerate($_, $obj, $bin, %opts);
@@ -74,8 +73,7 @@
$OUT .= src2obj(obj => $obj_no_o,
srcs => $unified_info{sources}->{$obj},
deps => $unified_info{depends}->{$obj},
incs => [ @{$unified_info{includes}->{$bin}},
@{$unified_info{includes}->{$obj}} ],
incs => $unified_info{includes}->{$obj},
%opts);
foreach ((@{$unified_info{sources}->{$obj}},
@{$unified_info{depends}->{$obj}})) {

11
Configurations/descrip.mms.tmpl
View File

@@ -89,7 +89,7 @@
sub dependmagic {
my $target = shift;
return "$target : build_generated\n\t\pipe \$(MMS) depend && \$(MMS) _$target\n_$target";
return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target";
}
#use Data::Dumper;
#print STDERR "DEBUG: before:\n", Dumper($unified_info{before});
@@ -144,6 +144,9 @@ BIN_SCRIPTS=[.tools]c_rehash.pl
MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
# DESTDIR is for package builders so that they can configure for, say,
# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
# In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run
@@ -261,12 +264,18 @@ build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests : build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated : $(GENERATED_MANDATORY) $(GENERATED)
test : tests
{- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep
@ ! {- output_off() if $disabled{tests}; "" -}
SET DEFAULT [.test]{- move("test") -}
CREATE/DIR [.test-runs]
DEFINE SRCTOP {- sourcedir() -}
DEFINE BLDTOP {- builddir() -}
DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
DEFINE OPENSSL_ENGINES {- builddir("engines") -}
DEFINE OPENSSL_DEBUG_MEMORY "on"
IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"

124
Configurations/unix-Makefile.tmpl
View File

@@ -8,6 +8,7 @@
our $exeext = $target{exe_extension} || "";
our $libext = $target{lib_extension} || ".a";
our $shlibext = $target{shared_extension} || ".so";
our $shlibvariant = $target{shlib_variant} || "";
our $shlibextsimple = $target{shared_extension_simple} || ".so";
our $shlibextimport = $target{shared_import_extension} || "";
our $dsoext = $target{dso_extension} || ".so";
@@ -40,7 +41,7 @@
sub shlib {
return () if $disabled{shared};
my $lib = shift;
return $unified_info{sharednames}->{$lib} . $shlibext;
return $unified_info{sharednames}->{$lib}. $shlibvariant. $shlibext;
}
sub shlib_simple {
return () if $disabled{shared};
@@ -97,8 +98,7 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
{- output_on() if $disabled{makedepend}; "" -}
GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
GENERATED={- join(" ",
( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
grep { defined $unified_info{generate}->{$_} }
( grep { defined $unified_info{generate}->{$_} }
map { @{$unified_info{sources}->{$_}} }
grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
@@ -113,6 +113,9 @@ BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
# DESTDIR is for package builders so that they can configure for, say,
# /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
@@ -204,9 +207,8 @@ TARFILE= ../$(NAME).tar
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAG=$(CFLAGS)
# and pass it down to assembler. In any case, we do not define AS or
# ASFLAGS for this reason.
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
# For x86 assembler: Set PROCESSOR to 386 if you want to support
@@ -237,15 +239,21 @@ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils
@ : {- output_off() if $disabled{tests}; "" -}
( cd test; \
mkdir -p test-runs; \
SRCTOP=../$(SRCDIR) \
BLDTOP=../$(BLDDIR) \
RESULT_D=test-runs \
PERL="$(PERL)" \
EXE_EXT={- $exeext -} \
OPENSSL_ENGINES=../$(BLDDIR)/engines \
OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \
OPENSSL_DEBUG_MEMORY=on \
$(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@@ -285,7 +293,7 @@ clean: libclean
-$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"`
$(RM) core
$(RM) tags TAGS doc-nits
$(RM) test/.rnd
$(RM) -r test/test-runs
$(RM) openssl.pc libcrypto.pc libssl.pc
-$(RM) `find . -type l -a \! -path "./.git/*"`
$(RM) $(TARFILE)
@@ -592,19 +600,9 @@ doc-nits:
lint:
lint -DLINT $(INCLUDES) $(SRCS)
{- # because the program apps/openssl has object files as sources, and
# they then have the corresponding C files as source, we need to chain
# the lookups in %unified_info
my $apps_openssl = catfile("apps","openssl");
our @openssl_source = map { @{$unified_info{sources}->{$_}} }
@{$unified_info{sources}->{$apps_openssl}};
""; -}
generate_apps:
( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \
< apps/openssl.cnf > apps/openssl-vms.cnf )
( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b apps/progs.pl \
{- join(" ", @openssl_source) -} \
> apps/progs.h )
generate_crypto_bn:
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
@@ -656,9 +654,12 @@ tags TAGS: FORCE
# Release targets (note: only available on Unix) #####################
# If your tar command doesn't support --owner and --group, make sure to
# use one that does, for example GNU tar
TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
PREPARE_CMD=:
tar:
set -e; \
TMPDIR=/var/tmp/openssl-copy.$$$$; \
DISTDIR=$(NAME); \
mkdir -p $$TMPDIR/$$DISTDIR; \
@@ -669,12 +670,12 @@ tar:
mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
cp $$F $$TMPDIR/$$DISTDIR/$$F; \
done); \
(cd $$TMPDIR; \
(cd $$TMPDIR/$$DISTDIR; \
$(PREPARE_CMD); \
find $$TMPDIR/$$DISTDIR -type d -print | xargs chmod 755; \
find $$TMPDIR/$$DISTDIR -type f -print | xargs chmod a+r; \
find $$TMPDIR/$$DISTDIR -type f -perm -0100 -print | xargs chmod a+x; \
$(TAR_COMMAND) $$DISTDIR) \
find . -type d -print | xargs chmod 755; \
find . -type f -print | xargs chmod a+r; \
find . -type f -perm -0100 -print | xargs chmod a+x); \
(cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \
| (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \
rm -rf $$TMPDIR
cd $(SRCDIR); ls -l $(TARFILE).gz
@@ -722,7 +723,6 @@ libssl.pc:
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir}' ) > libssl.pc
openssl.pc:
@@ -799,20 +799,6 @@ EOF
}
if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
(my $target = $args{src}) =~ s|\.S$|.s|;
return <<"EOF";
$target: $args{generator}->[0] $deps
( trap "rm -f \$@.*" INT 0; \\
$generator \$@.S; \\
\$(CC) $incs \$(CFLAGS) -E \$@.S | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.i && \\
mv -f \$@.i \$@ )
EOF
}
# Otherwise....
return <<"EOF";
$args{src}: $args{generator}->[0] $deps
$generator \$@
@@ -820,7 +806,7 @@ EOF
}
return <<"EOF";
$args{src}: $args{generator}->[0] $deps
\$(CC) $incs \$(CFLAGS) -E \$< | \\
\$(CC) $incs \$(CFLAGS) -E $args{generator}->[0] | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@
EOF
}
@@ -832,12 +818,7 @@ EOF
sub src2obj {
my %args = @_;
my $obj = $args{obj};
my @srcs = map { if ($unified_info{generate}->{$_}) {
(my $x = $_) =~ s/\.S$/.s/; $x
} else {
$_
}
} ( @{$args{srcs}} );
my @srcs = @{$args{srcs}};
my $srcs = join(" ", @srcs);
my $deps = join(" ", @srcs, @{$args{deps}});
my $incs = join("", map { " -I".$_ } @{$args{incs}});
@@ -850,11 +831,30 @@ EOF
dso => '$(DSO_CFLAGS)',
bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
my $makedepprog = $config{makedepprog};
my $recipe = <<"EOF";
$obj$objext: $deps
EOF
if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
my $recipe;
# extension-specific rules
if (grep /\.s$/, @srcs) {
$recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) \$(CFLAGS) $ecflags -c -o \$\@ $srcs
EOF
} elsif (grep /\.S$/, @srcs) {
# In case one wonders why not just $(CC) -c file.S. While it
# does work with contemporary compilers, there are some legacy
# ones that get it wrong. Hence the elaborate scheme... We
# don't care to maintain dependecy lists, because dependency
# is rather weak, at most one header file that lists constants
# which are assigned in ascending order.
$recipe .= <<"EOF";
$obj$objext: $deps
( trap "rm -f \$@.*" INT 0; \\
\$(CPP) $incs \$(CFLAGS) $ecflags $srcs | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.s && \\
\$(CC) \$(CFLAGS) $ecflags -c -o \$\@ \$@.s )
EOF
} elsif (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
$recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
\@touch $obj$depext.tmp
\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
@@ -865,6 +865,7 @@ EOF
EOF
} else {
$recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
EOF
if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
@@ -900,6 +901,7 @@ EOF
my $shlib_target = $target{shared_target};
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
my $target = shlib_simple($lib);
my $target_full = shlib($lib);
return <<"EOF"
# With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact
# that two files get produced, {shlibname}.dll and {libname}.dll.a.
@@ -914,27 +916,28 @@ $target: $lib$libext $deps $ordinalsfile
PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
LIBNAME=$libname LIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
LIBCOMPATVERSIONS=';\$(SHLIB_VERSION_HISTORY)' \\
LIBNAME=$libname SHLIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
STLIBNAME=$lib$libext \\
SHLIBNAME=$target SHLIBNAME_FULL=$target_full \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\
LDFLAGS='\$(LDFLAGS)' \\
SHARED_LDFLAGS='\$(LIB_LDFLAGS)' SHLIB_EXT=$shlibext \\
LDFLAGS='\$(LDFLAGS)' SHARED_LDFLAGS='\$(LIB_LDFLAGS)' \\
RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\
link_shlib.$shlib_target
EOF
. (windowsdll() ? <<"EOF" : "");
rm -f apps/$shlib$shlibext
rm -f test/$shlib$shlibext
rm -f fuzz/$shlib$shlibext
cp -p $shlib$shlibext apps/
cp -p $shlib$shlibext test/
cp -p $shlib$shlibext fuzz/
EOF
}
sub obj2dso {
my %args = @_;
my $lib = $args{lib};
my $libd = dirname($lib);
my $libn = basename($lib);
(my $libname = $libn) =~ s/^lib//;
my $dso = $args{lib};
my $dsod = dirname($dso);
my $dson = basename($dso);
my $shlibdeps = join("", map { my $d = dirname($_);
my $f = basename($_);
(my $l = $f) =~ s/^lib//;
@@ -942,17 +945,16 @@ EOF
my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
my $shlib_target = $target{shared_target};
my $objs = join(" ", map { $_.$objext } @{$args{objs}});
my $target = dso($lib);
my $target = dso($dso);
return <<"EOF";
$target: $objs $deps
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$dsod" \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\
SHLIBNAME_FULL=$target LDFLAGS='\$(LDFLAGS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
SHARED_LDFLAGS='\$(DSO_LDFLAGS)' \\
SHLIB_EXT=$dsoext \\
LIBEXTRAS="$objs" \\
link_dso.$shlib_target
EOF

39
Configurations/windows-makefile.tmpl
View File

@@ -72,7 +72,7 @@ SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -}
PROGRAMS={- our @PROGRAMS = map { $_.$exeext } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
{- output_off() if $disabled{makedepend}; "" -}
@@ -100,16 +100,20 @@ BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl
MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
#
use File::Spec::Functions qw(:DEFAULT splitpath);
our $prefix = $config{prefix} || "$win_installroot\\OpenSSL";
our $prefix = canonpath($config{prefix}
|| "$win_installroot\\OpenSSL");
our ($prefix_dev, $prefix_dir, $prefix_file) =
splitpath($prefix, 1);
$prefix_dev -}
INSTALLTOP_dir={- $prefix_dir -}
INSTALLTOP_dir={- canonpath($prefix_dir) -}
OPENSSLDIR_dev={- #
# The logic here is that if no --openssldir was given,
# OPENSSLDIR will get the value from $prefix plus "/ssl".
@@ -123,13 +127,13 @@ OPENSSLDIR_dev={- #
our $openssldir =
$config{openssldir} ?
(file_name_is_absolute($config{openssldir}) ?
$config{openssldir}
canonpath($config{openssldir})
: catdir($prefix, $config{openssldir}))
: "$win_commonroot\\SSL";
: canonpath("$win_commonroot\\SSL");
our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
splitpath($openssldir, 1);
$openssldir_dev -}
OPENSSLDIR_dir={- $openssldir_dir -}
OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
LIBDIR={- our $libdir = $config{libdir} || "lib";
$libdir -}
ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
@@ -137,7 +141,7 @@ ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
splitpath($enginesdir, 1);
$enginesdir_dev -}
ENGINESDIR_dir={- $enginesdir_dir -}
ENGINESDIR_dir={- canonpath($enginesdir_dir) -}
!IF "$(DESTDIR)" != ""
INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir)
OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir)
@@ -197,12 +201,19 @@ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
@rem {- output_off() if $disabled{tests}; "" -}
-mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
set RESULT_D=$(BLDDIR)\test\test-runs
set PERL=$(PERL)
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@@ -225,11 +236,14 @@ libclean:
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """fuzz/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS)
-del /Q ossl_static.pdb
clean: libclean
-del /Q /F $(PROGRAMS) $(ENGINES) $(SCRIPTS)
{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
-del /Q /F $(ENGINES)
-del /Q /F $(SCRIPTS)
-del /Q /F $(GENERATED)
-del /Q /S /F *.d
-del /Q /S /F *.obj
@@ -355,7 +369,8 @@ configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{b
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
my $generator = '"'.join('" "', @{$args{generator}}).'"';
my ($gen0, @gens) = @{$args{generator}};
my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens);
my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
my $deps = @{$args{deps}} ?
@@ -445,9 +460,7 @@ s/^Note: including file: *//;
END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" }
<<
$obj$objext: $obj$depext
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ @<<
$srcs
<<
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
EOF
return <<"EOF" if ($disabled{makedepend});
$obj$objext: $deps
@@ -493,8 +506,10 @@ $objs $shlib.res$linklibs \$(EX_LIBS)
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext
COPY $shlib$shlibext apps
COPY $shlib$shlibext test
COPY $shlib$shlibext fuzz
EOF
}
sub obj2dso {

185
Configure
View File

@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -11,10 +11,12 @@
use 5.10.0;
use strict;
use FindBin;
use lib "$FindBin::Bin/util/perl";
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
use if $^O ne "VMS", 'File::Glob' => qw/glob/;
use OpenSSL::Glob;
# see INSTALL for instructions.
@@ -60,8 +62,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
# enable-weak-ssl-ciphers
# Enable weak ciphers that are disabled by default. This currently
# only includes RC4 based ciphers.
# Enable weak ciphers that are disabled by default.
# 386 generate 80386 code in assembly modules
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one
@@ -116,6 +117,9 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# but 'long long' type.
. " -DPEDANTIC -pedantic -Wno-long-long"
. " -Wall"
. " -Wextra"
. " -Wno-unused-parameter"
. " -Wno-missing-field-initializers"
. " -Wsign-compare"
. " -Wmissing-prototypes"
. " -Wshadow"
@@ -136,15 +140,11 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# -Wextended-offsetof -- no, needed in CMS ASN1 code
my $clang_devteam_warn = ""
. " -Qunused-arguments"
. " -Wextra"
. " -Wno-unused-parameter"
. " -Wno-missing-field-initializers"
. " -Wno-language-extension-token"
. " -Wno-extended-offsetof"
. " -Wconditional-uninitialized"
. " -Wincompatible-pointer-types-discards-qualifiers"
. " -Wmissing-variable-declarations"
. " -Wundef"
;
# This adds backtrace information to the memory leak info. Is only used
@@ -461,31 +461,10 @@ my @disable_cascades = (
sub { 0 == scalar grep { !$disabled{$_} } @dtls }
=> [ "dtls" ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
"sha" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
# Additionally, SSL 3.0 requires either RSA or DSA+DH
sub { $disabled{rsa}
&& ($disabled{dsa} || $disabled{dh}); }
=> [ "ssl" ],
# (D)TLS 1.0 and TLS 1.1 also require either RSA or DSA+DH
# or ECDSA + ECDH. (D)TLS 1.2 has this requirement as well.
# (XXX: We don't support PSK-only builds).
sub { $disabled{rsa}
&& ($disabled{dsa} || $disabled{dh})
&& ($disabled{ecdsa} || $disabled{ecdh}); }
=> [ "tls1", "tls1_1", "tls1_2",
"dtls1", "dtls1_2" ],
"tls" => [ @tls ],
sub { 0 == scalar grep { !$disabled{$_} } @tls }
=> [ "tls" ],
# SRP and HEARTBEATS require TLSEXT
"tlsext" => [ "srp", "heartbeats" ],
"crypto-mdebug" => [ "crypto-mdebug-backtrace" ],
# Without DSO, we can't load dynamic engines, so don't build them dynamic
@@ -499,7 +478,7 @@ my @disable_cascades = (
# no-autoalginit is only useful when building non-shared
"autoalginit" => [ "shared", "apps" ],
"stdio" => [ "apps", "capieng" ],
"stdio" => [ "apps", "capieng", "egd" ],
"apps" => [ "tests" ],
"comp" => [ "zlib" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
@@ -529,8 +508,6 @@ while ((my $first, my $second) = (shift @list, shift @list)) {
# To remove something from %disabled, use "enable-foo".
# For symmetry, "disable-foo" is a synonym for "no-foo".
my $no_sse2=0;
&usage if ($#ARGV < 0);
my $user_cflags="";
@@ -880,7 +857,7 @@ foreach (sort (keys %disabled))
elsif (/^zlib-dynamic$/)
{ }
elsif (/^sse2$/)
{ $no_sse2 = 1; }
{ }
elsif (/^engine$/)
{
@{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
@@ -913,8 +890,6 @@ foreach (sort (keys %disabled))
{
push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT";
print " OPENSSL_NO_$WHAT";
if (/^err$/) { push @user_defines, "OPENSSL_NO_ERR"; }
}
}
@@ -1168,7 +1143,7 @@ unless ($disabled{asm}) {
# bn-586 is the only one implementing bn_*_part_words
push @{$config{defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/);
push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$no_sse2 && $target{bn_asm_src} =~ /86/);
push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/);
push @{$config{defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
@@ -1200,7 +1175,7 @@ unless ($disabled{asm}) {
push @{$config{defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
# aes-xts.fake indicates presence of AES_xts_[en|de]crypt...
push @{$config{defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//);
$target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($no_sse2);
$target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2});
push @{$config{defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/);
push @{$config{defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/);
}
@@ -1225,29 +1200,29 @@ unless ($disabled{asm}) {
}
}
my $ecc = $target{cc};
if ($^O ne "VMS" && !$disabled{makedepend}) {
# Is the compiler gcc or clang? $ecc is used below to see if
# error-checking can be turned on.
my $ccpcc = "$config{cross_compile_prefix}$target{cc}";
open(PIPE, "$ccpcc --version 2>&1 |");
my $lines = 2;
while ( <PIPE> ) {
# Find the version number and save the major.
m|(?:.*)\b(\d+)\.\d+\.\d+\b(?:.*)|;
my $compiler_major = $1;
# We know that GNU C version 3 and up as well as all clang
# versions support dependency generation
$config{makedepprog} = $ccpcc
if (/clang/ || (/gcc/ && $compiler_major >= 3));
$ecc = "clang" if /clang/;
$ecc = "gcc" if /gcc/;
last if ($config{makedepprog} || !$lines--);
my %predefined;
if ($^O ne "VMS") {
my $cc = "$config{cross_compile_prefix}$target{cc}";
# collect compiler pre-defines from gcc or gcc-alike...
open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |");
while (<PIPE>) {
m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
$predefined{$1} = $2 // "";
}
close(PIPE);
$config{makedepprog} = which('makedepend') unless $config{makedepprog};
$disabled{makedepend} = "unavailable" unless $config{makedepprog};
if (!$disabled{makedepend}) {
# We know that GNU C version 3 and up as well as all clang
# versions support dependency generation
if ($predefined{__GNUC__} >= 3) {
$config{makedepprog} = $cc;
} else {
$config{makedepprog} = which('makedepend');
$disabled{makedepend} = "unavailable" unless $config{makedepprog};
}
}
}
@@ -1292,13 +1267,13 @@ if (defined($config{api})) {
if ($strict_warnings)
{
my $wopt;
die "ERROR --strict-warnings requires gcc or clang"
unless $ecc eq 'gcc' || $ecc eq 'clang';
die "ERROR --strict-warnings requires gcc or gcc-alike"
unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/)
}
if ($ecc eq "clang")
if (defined($predefined{__clang__}))
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
@@ -1355,7 +1330,6 @@ my %unified_info = ();
my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
if ($builder eq "unified") {
use lib catdir(dirname(__FILE__),"util");
use with_fallback qw(Text::Template);
sub cleandir {
@@ -1478,9 +1452,15 @@ if ($builder eq "unified") {
my %sharednames = ();
my %generate = ();
# We want to detect configdata.pm in the source tree, so we
# don't use it if the build tree is different.
my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f);
my $template = Text::Template->new(TYPE => 'FILE',
SOURCE => catfile($sourced, $f));
my $template =
Text::Template->new(TYPE => 'FILE',
SOURCE => catfile($sourced, $f),
PREPEND => qq{use lib "$FindBin::Bin/util/perl";});
die "Something went wrong with $sourced/$f: $!\n" unless $template;
my @text =
split /^/m,
@@ -1781,7 +1761,7 @@ EOF
# If it isn't in the source tree, we assume it's generated
# in the build tree
if (! -f $s) {
if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
$s = cleanfile($buildd, $_, $blddir);
}
# We recognise C and asm files
@@ -1807,7 +1787,7 @@ EOF
# If it isn't in the source tree, we assume it's generated
# in the build tree
if (! -f $s) {
if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
$s = cleanfile($buildd, $_, $blddir);
}
# We recognise C and asm files
@@ -1842,7 +1822,7 @@ EOF
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
if ($ddest ne "" && ! -f $ddest) {
if ($ddest ne "" && ($ddest eq $src_configdata || ! -f $ddest)) {
$ddest = cleanfile($buildd, $_, $blddir);
if ($unified_info{rename}->{$ddest}) {
$ddest = $unified_info{rename}->{$ddest};
@@ -1856,7 +1836,8 @@ EOF
# in the build tree rather than the source tree, and assume
# and that there are lines to build it in a BEGINRAW..ENDRAW
# section or in the Makefile template.
if (! -f $d
if ($d eq $src_configdata
|| ! -f $d
|| (grep { $d eq $_ }
map { cleanfile($srcdir, $_, $blddir) }
grep { /\.h$/ } keys %{$unified_info{generate}})) {
@@ -1867,13 +1848,6 @@ EOF
$d = $unified_info{rename}->{$d};
}
$unified_info{depends}->{$ddest}->{$d} = 1;
# If we depend on a header file or a perl module, let's make
# sure it can get included
if ($dest ne "" && $d =~ /\.(h|pm)$/) {
my $i = dirname($d);
push @{$unified_info{includes}->{$ddest}->{source}}, $i
unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}->{source}};
}
}
}
@@ -1883,7 +1857,7 @@ EOF
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
if (! -f $ddest) {
if ($ddest eq $src_configdata || ! -f $ddest) {
$ddest = cleanfile($buildd, $_, $blddir);
if ($unified_info{rename}->{$ddest}) {
$ddest = $unified_info{rename}->{$ddest};
@@ -1900,6 +1874,43 @@ EOF
}
}
# Massage the result
# If we depend on a header file or a perl module, add an inclusion of
# its directory to allow smoothe inclusion
foreach my $dest (keys %{$unified_info{depends}}) {
next if $dest eq "";
foreach my $d (keys %{$unified_info{depends}->{$dest}}) {
next unless $d =~ /\.(h|pm)$/;
my $i = dirname($d);
my $spot =
$d eq "configdata.pm" || defined($unified_info{generate}->{$d})
? 'build' : 'source';
push @{$unified_info{includes}->{$dest}->{$spot}}, $i
unless grep { $_ eq $i } @{$unified_info{includes}->{$dest}->{$spot}};
}
}
# Trickle down includes placed on libraries, engines and programs to
# their sources (i.e. object files)
foreach my $dest (keys %{$unified_info{engines}},
keys %{$unified_info{libraries}},
keys %{$unified_info{programs}}) {
foreach my $k (("source", "build")) {
next unless defined($unified_info{includes}->{$dest}->{$k});
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
foreach my $obj (grep /\.o$/,
(keys %{$unified_info{sources}->{$dest}},
keys %{$unified_info{shared_sources}->{$dest}})) {
foreach my $inc (@incs) {
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
}
}
}
delete $unified_info{includes}->{$dest};
}
### Make unified_info a bit more efficient
# One level structures
foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
@@ -1915,8 +1926,9 @@ EOF
# Includes
foreach my $dest (sort keys %{$unified_info{includes}}) {
if (defined($unified_info{includes}->{$dest}->{build})) {
my @source_includes =
( @{$unified_info{includes}->{$dest}->{source}} );
my @source_includes = ();
@source_includes = ( @{$unified_info{includes}->{$dest}->{source}} )
if defined($unified_info{includes}->{$dest}->{source});
$unified_info{includes}->{$dest} =
[ @{$unified_info{includes}->{$dest}->{build}} ];
foreach my $inc (@source_includes) {
@@ -2134,14 +2146,6 @@ or position independent code, please let us know (but please first make sure
you have tried with a current version of OpenSSL).
EOF
print <<"EOF" if (-f catfile($srcdir, "configdata.pm") && $srcdir ne $blddir);
WARNING: there are indications that another build was made in the source
directory. This build may have picked up artifacts from that build, the
safest course of action is to clean the source directory and redo this
configuration.
EOF
exit(0);
######################################################################
@@ -2291,6 +2295,17 @@ sub read_config {
eval $content;
warn $@ if $@;
}
my %preexisting = ();
foreach (sort keys %targets) {
$preexisting{$_} = 1 if $table{$_};
}
die <<"EOF",
The following config targets from $fname
shadow pre-existing config targets with the same name:
EOF
map { " $_\n" } sort keys %preexisting
if %preexisting;
# For each target, check that it's configured with a hash table.
foreach (keys %targets) {

8
INSTALL
View File

@@ -408,8 +408,9 @@
has an impact when not built "shared".
no-stdio
Don't use any C "stdio" features. Only libcrypto and libssl
can be built in this way. Using this option will suppress
Don't use anything from the C header file "stdio.h" that
makes use of the "FILE" type. Only libcrypto and libssl can
be built in this way. Using this option will suppress
building the command line applications. Additionally since
the OpenSSL tests also use the command line applications the
tests will also be skipped.
@@ -678,7 +679,8 @@
compiler optimization flags from the CFLAGS line in Makefile and
run "make clean; make" or corresponding.
Please send bug reports to <rt@openssl.org>.
To report a bug please open an issue on GitHub, at
https://github.com/openssl/openssl/issues.
4. If everything tests ok, install OpenSSL with

2
LICENSE
View File

@@ -10,7 +10,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

257
Makefile.shared
View File

@@ -29,6 +29,37 @@ NM=nm
#LIBNAME=foo
LIBNAME=
# STLIBNAME contains the path of the static library to build the shared
# library from, for example:
#STLIBNAME=libfoo.a
STLIBNAME=
# On most Unix platforms, SHLIBNAME contains the path of the short name of
# the shared library to build, for example
#SHLIBNAME=libfoo.so
# On Windows POSIX layers (cygwin and mingw), SHLIBNAME contains the import
# library name for the shared library to be built, for example:
#SHLIBNAME=libfoo.dll.a
# SHLIBNAME_FULL contains the path of the full name of the shared library to
# build, for example:
#SHLIBNAME_FULL=libfoo.so.1.2
# When building DSOs, SHLIBNAME_FULL contains path of the full DSO name, for
# example:
#SHLIBNAME_FULL=dir/dso.so
SHLIBNAME_FULL=
# SHLIBVERSION contains the current version of the shared library (not to
# be confused with the project version)
#SHLIBVERSION=1.2
SHLIBVERSION=
# NOTE: to build shared libraries, LIBNAME, STLIBNAME, SHLIBNAME and
# SHLIBNAME_FULL MUST have values when using this makefile, and in some
# cases, SHLIBVERSION as well. To build DSOs, SHLIBNAME_FULL MUST have
# a value, the rest can be left alone.
# APPNAME contains just the name of the application, without suffix (""
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
# this makefile to build applications.
@@ -36,9 +67,6 @@ LIBNAME=
#APPNAME=foo
APPNAME=
# DSTDIR is the directory where the built file should end up in.
DSTDIR=.
# SRCDIR is the top directory of the source tree.
SRCDIR=.
@@ -55,24 +83,6 @@ OBJECTS=
# names of all object files that go into the target shared object.
LIBEXTRAS=
# LIBVERSION contains the current version of the library.
# For example, to build libfoo.so.1.2, you need to do the following:
#LIBVERSION=1.2
LIBVERSION=
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
# the library. They MUST be in decreasing order.
# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
# and libfoo.so.1, you need to do the following:
#LIBCOMPATVERSIONS=1.2 1
# Note that on systems that use sonames, the last number will appear as
# part of it.
# It's also possible, for systems that support it (Tru64, for example),
# to add extra compatibility info with more precision, by adding a second
# list of versions, separated from the first with a semicolon, like this:
#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
LIBCOMPATVERSIONS=
# LIBDEPS contains all the flags necessary to cover all necessary
# dependencies to other libraries.
LIBDEPS=
@@ -86,20 +96,6 @@ SET_X=:
top:
echo "Trying to use this makefile interactively? Don't."
CALC_VERSIONS= \
SHLIB_COMPAT=; SHLIB_SOVER=; \
if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
prev=""; \
for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
SHLIB_SOVER_NODOT=$$v; \
SHLIB_SOVER=.$$v; \
if [ -n "$$prev" ]; then \
SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
fi; \
prev=$$v; \
done; \
fi
LINK_APP= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
@@ -120,43 +116,37 @@ LINK_SO= \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO)
SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
if [ -n "$$SHLIB_COMPAT" ]; then \
for x in $$SHLIB_COMPAT; do \
( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX; \
ln -s $$prev $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX ); \
prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX ); \
if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \
"$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \
( $(SET_X); \
rm -f $(SHLIBNAME); \
ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \
fi; \
fi
LINK_SO_SHLIB= SHOBJECTS="$(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_SHLIB= SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_SHLIB_VIA_O= \
SHOBJECTS=$(DSTDIR)/lib$(LIBNAME).o; \
SHOBJECTS=$(STLIBNAME).o; \
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL lib$(LIBNAME).a $(LIBEXTRAS); \
ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS) ); \
( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS); \
ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS) ); \
$(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS )
LINK_SO_SHLIB_UNPACKED= \
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
(cd $$UNPACKDIR; ar x ../$(DSTDIR)/lib$(LIBNAME).a) && \
(cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
SHOBJECTS=$$UNPACKDIR/*.o; \
$(LINK_SO) && rm -rf $$UNPACKDIR
@@ -164,15 +154,10 @@ LINK_SO_SHLIB_UNPACKED= \
DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
DO_GNU_SO_COMMON=\
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)"
DO_GNU_DSO=\
SHLIB=$(LIBNAME).so; \
SHLIB_SOVER=; \
SHLIB_SUFFIX=; \
$(DO_GNU_SO_COMMON)
DO_GNU_SO=\
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
$(DO_GNU_SO_COMMON)
@@ -201,8 +186,6 @@ link_shlib.linux-shared:
link_dso.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=; \
@@ -210,9 +193,6 @@ link_dso.bsd:
fi; $(LINK_SO_DSO)
link_shlib.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \
@@ -241,50 +221,33 @@ link_app.bsd:
# Alternative to this heuristic approach is to develop specific
# MacOS X dso module relying on whichever "native" dyld interface.
link_dso.darwin:
@ SHLIB=$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS=''; \
@ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
$(LINK_SO_DSO)
link_shlib.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS='-all_load'; \
@ ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
if [ -n "$(LIBVERSION)" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
fi; \
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \
$(LINK_SO_SHLIB)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
link_dso.cygwin:
@SHLIB=$(LIBNAME); \
SHLIB_SUFFIX=.dll; \
ALLSYMSFLAGS=''; \
@ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
base=-Wl,--enable-auto-image-base; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \
$(LINK_SO_DSO)
link_shlib.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
@ INHIBIT_SYMLINKS=yes; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a rc.o"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \
rm rc.o
link_app.cygwin:
@@ -293,26 +256,18 @@ link_app.cygwin:
# link_dso.mingw-shared and link_app.mingw-shared are mapped to the
# corresponding cygwin targets, as they do the exact same thing.
link_shlib.mingw:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
arch=; \
if expr $(PLATFORM) : mingw64 > /dev/null; then arch=-x64; fi; \
sover=`echo $(LIBVERSION) | sed -e 's/\./_/g'` ; \
SHLIB=lib$(LIBNAME); \
SHLIB_SOVER=-$$sover$$arch; \
SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
@ INHIBIT_SYMLINKS=yes; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
$(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1'"$$dll_name"'|' \
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \
> $(LIBNAME).def; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $(LIBNAME).def rc.o"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \
rm $(LIBNAME).def rc.o
@@ -320,8 +275,6 @@ link_dso.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
@@ -331,21 +284,9 @@ link_shlib.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
if [ -n "$$SHLIB_HIST" ]; then \
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
else \
SHLIB_HIST="$(LIBVERSION)"; \
fi; \
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \
fi; \
$(LINK_SO_SHLIB)
link_app.alpha-osf1:
@@ -360,25 +301,19 @@ link_dso.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
$(CALC_VERSIONS); \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=;\
$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \
NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_SHLIB)
link_app.solaris:
@@ -394,24 +329,18 @@ link_dso.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
$(CALC_VERSIONS); \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr3:
@@ -425,25 +354,20 @@ link_dso.svr5:
else \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr5:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr5:
@@ -454,25 +378,20 @@ link_dso.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SUFFIX,-B,symbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \
$(LINK_SO_SHLIB)
link_app.irix:
@@ -489,29 +408,22 @@ link_app.irix:
#
link_dso.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
SHLIB=$(LIBNAME).sl; \
expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX || :; \
$(LINK_SO_DSO) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL)
link_shlib.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_SHLIB) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL)
link_app.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
@@ -521,23 +433,18 @@ link_app.hpux:
link_dso.aix:
@OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_DSO);
link_shlib.aix:
@ $(CALC_VERSIONS); \
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
@ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_SHLIB_VIA_O)
link_app.aix:
LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
@@ -547,19 +454,11 @@ link_app.aix:
# Targets to build symbolic links when needed
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
symlink.aix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
@ $(SYMLINK_SO)
symlink.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
$(SYMLINK_SO)
@ $(SYMLINK_SO)
symlink.hpux:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
@ $(SYMLINK_SO)
# The following lines means those specific architectures do no symlinks
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:

12
NEWS
View File

@@ -5,6 +5,18 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the
stack (CVE-2018-0739)
o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw

2
README
View File

@@ -1,5 +1,5 @@
OpenSSL 1.1.0f 25 May 2017
OpenSSL 1.1.0h 27 Mar 2018
Copyright (c) 1998-2016 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

6
apps/CA.pl.in
View File

@@ -145,7 +145,7 @@ if ($WHAT eq '-newcert' ) {
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[1];
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT"
@@ -178,12 +178,12 @@ if ($WHAT eq '-newcert' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[1];
my $cname = $ARGV[0];
if (!defined $cname) {
print "Certificate filename is required; reason optional.\n";
exit 1;
}
my $reason = $ARGV[2];
my $reason = $ARGV[1];
$reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason);

4
apps/app_rand.c
View File

@@ -20,7 +20,7 @@ int app_RAND_load_file(const char *file, int dont_warn)
char buffer[200];
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
file = RAND_file_name(buffer, sizeof(buffer));
#ifndef OPENSSL_NO_EGD
else if (RAND_egd(file) > 0) {
/*
@@ -101,7 +101,7 @@ int app_RAND_write_file(const char *file)
return 0;
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_err, "unable to write 'random state'\n");
return 0;

85
apps/apps.c
View File

@@ -18,9 +18,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <sys/types.h>
#ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h>
# include <fcntl.h>
@@ -1390,9 +1388,9 @@ int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial
OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
else {
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif
}
out = BIO_new_file(buf[0], "w");
@@ -1433,11 +1431,11 @@ int rotate_serial(const char *serialfile, const char *new_suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif
if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
@@ -1506,9 +1504,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
goto err;
#ifndef OPENSSL_SYS_VMS
BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile);
BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
#else
BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile);
BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
#endif
dbattr_conf = app_load_config(buf);
@@ -1569,13 +1567,13 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif
out = BIO_new_file(buf[0], "w");
if (out == NULL) {
@@ -1618,17 +1616,17 @@ int rotate_index(const char *dbfile, const char *new_suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif
if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
@@ -2255,29 +2253,27 @@ int app_access(const char* name, int flag)
#ifdef _WIN32
int app_isdir(const char *name)
{
HANDLE hList;
WIN32_FIND_DATA FileData;
DWORD attr;
# if defined(UNICODE) || defined(_UNICODE)
size_t i, len_0 = strlen(name) + 1;
WCHAR tempname[MAX_PATH];
if (len_0 > OSSL_NELEM(FileData.cFileName))
if (len_0 > MAX_PATH)
return -1;
# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
if (!MultiByteToWideChar
(CP_ACP, 0, name, len_0, FileData.cFileName, len_0))
if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
# endif
for (i = 0; i < len_0; i++)
FileData.cFileName[i] = (WCHAR)name[i];
tempname[i] = (WCHAR)name[i];
hList = FindFirstFile(FileData.cFileName, &FileData);
attr = GetFileAttributes(tempname);
# else
hList = FindFirstFile(name, &FileData);
attr = GetFileAttributes(name);
# endif
if (hList == INVALID_HANDLE_VALUE)
if (attr == INVALID_FILE_ATTRIBUTES)
return -1;
FindClose(hList);
return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0);
return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
}
#else
# include <sys/stat.h>
@@ -2575,6 +2571,7 @@ void wait_for_async(SSL *s)
fd_set asyncfds;
OSSL_ASYNC_FD *fds;
size_t numfds;
size_t i;
if (!SSL_get_all_async_fds(s, NULL, &numfds))
return;
@@ -2583,17 +2580,17 @@ void wait_for_async(SSL *s)
fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
if (!SSL_get_all_async_fds(s, fds, &numfds)) {
OPENSSL_free(fds);
return;
}
FD_ZERO(&asyncfds);
while (numfds > 0) {
if (width <= (int)*fds)
width = (int)*fds + 1;
openssl_fdset((int)*fds, &asyncfds);
numfds--;
fds++;
for (i = 0; i < numfds; i++) {
if (width <= (int)fds[i])
width = (int)fds[i] + 1;
openssl_fdset((int)fds[i], &asyncfds);
}
select(width, (void *)&asyncfds, NULL, NULL, NULL);
OPENSSL_free(fds);
#endif
}

16
apps/apps.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -214,8 +214,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
OPT_S_DHPARAM, OPT_S_DEBUGBROKE, OPT_S_COMP, \
OPT_S__LAST
OPT_S_DEBUGBROKE, OPT_S_COMP, OPT_S_MINPROTO, OPT_S_MAXPROTO, \
OPT_S_NO_RENEGOTIATION, OPT_S__LAST
# define OPT_S_OPTIONS \
{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
@@ -230,6 +230,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
{"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
"Enable use of legacy renegotiation (dangerous)"}, \
{"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
"Disable all renegotiation."}, \
{"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
"Allow initial connection to servers that don't support RI"}, \
{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
@@ -248,8 +250,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
{"named_curve", OPT_S_NAMEDCURVE, 's', \
"Elliptic curve used for ECDHE (server-side only)" }, \
{"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \
{"dhparam", OPT_S_DHPARAM, '<', \
"DH parameter file to use, in cert file if not specified"}, \
{"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
{"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
"Perform all sorts of protocol violations for testing purposes"}
@@ -274,7 +276,9 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \
case OPT_S_DHPARAM: \
case OPT_S_MINPROTO: \
case OPT_S_MAXPROTO: \
case OPT_S_NO_RENEGOTIATION: \
case OPT_S_DEBUGBROKE
#define IS_NO_PROT_FLAG(o) \

28
apps/build.info
View File

@@ -1,21 +1,27 @@
{- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget";
our @apps_openssl_src =
( qw(openssl.c
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
srp.c ts.c verify.c version.c x509.c rehash.c
apps.c opt.c s_cb.c s_socket.c
app_rand.c),
split(/\s+/, $target{apps_aux_src}) );
"" -}
IF[{- !$disabled{apps} -}]
PROGRAMS=openssl
SOURCE[openssl]=\
openssl.c \
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
srp.c ts.c verify.c version.c x509.c rehash.c \
apps.c opt.c s_cb.c s_socket.c \
app_rand.c \
{- $target{apps_aux_src} -}
SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
@apps_openssl_src) -}
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
DEPEND[progs.h]=../configdata.pm
SCRIPTS=CA.pl {- $tsget_name -}
SOURCE[CA.pl]=CA.pl.in
SOURCE[{- $tsget_name -}]=tsget.in

302
apps/ca.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -440,30 +440,23 @@ end_of_options:
&& (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL)
goto end;
if (conf != NULL) {
p = NCONF_get_string(conf, NULL, "oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL) {
BIO *oid_bio;
p = NCONF_get_string(conf, NULL, "oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL) {
BIO *oid_bio = BIO_new_file(p, "r");
oid_bio = BIO_new_file(p, "r");
if (oid_bio == NULL) {
/*-
BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
ERR_print_errors(bio_err);
*/
ERR_clear_error();
} else {
OBJ_create_objects(oid_bio);
BIO_free(oid_bio);
}
}
if (!add_oid_section(conf)) {
ERR_print_errors(bio_err);
goto end;
if (oid_bio == NULL) {
ERR_clear_error();
} else {
OBJ_create_objects(oid_bio);
BIO_free(oid_bio);
}
}
if (!add_oid_section(conf)) {
ERR_print_errors(bio_err);
goto end;
}
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL)
@@ -1098,13 +1091,13 @@ end_of_options:
goto end;
tmptm = ASN1_TIME_new();
if (tmptm == NULL)
goto end;
X509_gmtime_adj(tmptm, 0);
X509_CRL_set1_lastUpdate(crl, tmptm);
if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
NULL)) {
if (tmptm == NULL
|| X509_gmtime_adj(tmptm, 0) == NULL
|| !X509_CRL_set1_lastUpdate(crl, tmptm)
|| X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
NULL) == NULL) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
ASN1_TIME_free(tmptm);
goto end;
}
X509_CRL_set1_nextUpdate(crl, tmptm);
@@ -1376,8 +1369,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
NULL;
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
const ASN1_TIME *tm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
@@ -1559,7 +1551,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
@@ -1577,104 +1568,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end;
}
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
/*
* and add it later on because of the method extensions are added
* (altName)
*/
if (email_dn)
dn_subject = subject;
else {
X509_NAME_ENTRY *tmpne;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if ((dn_subject = X509_NAME_dup(subject)) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
}
if (BN_is_zero(serial))
row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
p = "Expired";
else if (rrow[DB_type][0] == 'R')
p = "Revoked";
else if (rrow[DB_type][0] == 'V')
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == 'R') {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto end;
}
/* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err,
@@ -1704,7 +1597,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (enddate != NULL) {
int tdays;
ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
goto end;
days = tdays;
}
@@ -1719,7 +1614,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
X509_set_version(ret, 2);
/* Initialize the context structure */
if (selfsign)
@@ -1774,10 +1668,132 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end;
}
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))
{
const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(ret);
if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
goto end;
}
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject. */
if (!email_dn) {
X509_NAME_ENTRY *tmpne;
X509_NAME *dn_subject;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if ((dn_subject = X509_NAME_dup(subject)) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
if (!X509_set_subject_name(ret, dn_subject)) {
X509_NAME_free(dn_subject);
goto end;
}
X509_NAME_free(dn_subject);
}
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (BN_is_zero(serial))
row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (row[DB_name][0] == '\0') {
/*
* An empty subject! We'll use the serial number instead. If
* unique_subject is in use then we don't want different entries with
* empty subjects matching each other.
*/
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == DB_TYPE_EXP)
p = "Expired";
else if (rrow[DB_type][0] == DB_TYPE_REV)
p = "Revoked";
else if (rrow[DB_type][0] == DB_TYPE_VAL)
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == DB_TYPE_REV) {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto end;
}
if (!default_op) {
@@ -1829,8 +1845,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date] = NULL;
row[DB_file] = OPENSSL_strdup("unknown");
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
@@ -1850,16 +1864,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
irow = NULL;
ok = 1;
end:
if (irow != NULL) {
if (ok != 1) {
for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
OPENSSL_free(irow);
}
OPENSSL_free(irow);
X509_NAME_free(CAname);
X509_NAME_free(subject);
if (dn_subject != subject)
X509_NAME_free(dn_subject);
if (ok <= 0)
X509_free(ret);
else
@@ -2040,6 +2052,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
else
row[DB_serial] = BN_bn2hex(bn);
BN_free(bn);
if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
/* Entries with empty Subjects actually use the serial number instead */
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
}
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
@@ -2200,7 +2217,10 @@ static int do_updatedb(CA_DB *db)
return -1;
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
if (X509_gmtime_adj(a_tm, 0) == NULL) {
ASN1_UTCTIME_free(a_tm);
return -1;
}
a_tm_s = app_malloc(a_tm->length + 1, "time string");
memcpy(a_tm_s, a_tm->data, a_tm->length);

2
apps/ciphers.c
View File

@@ -225,7 +225,7 @@ int ciphers_main(int argc, char **argv)
BIO_printf(bio_out, "%s - ", nm);
}
#endif
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}

10
apps/cms.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -931,11 +931,15 @@ int cms_main(int argc, char **argv)
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
if (!signer)
if (!signer) {
ret = 2;
goto end;
}
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (!key)
if (!key) {
ret = 2;
goto end;
}
for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;

4
apps/dhparam.c
View File

@@ -326,9 +326,9 @@ int dhparam_main(int argc, char **argv)
"\n"
" if (dh == NULL)\n"
" return NULL;\n");
BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof (dhp_%d), NULL);\n",
BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
bits, bits);
BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof (dhg_%d), NULL);\n",
BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
bits, bits);
BIO_printf(out, " if (dhp_bn == NULL || dhg_bn == NULL\n"
" || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n"

3
apps/dsa.c
View File

@@ -217,6 +217,9 @@ int dsa_main(int argc, char **argv)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK) {
if (pubin) {

11
apps/dsaparam.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -234,11 +234,11 @@ int dsaparam_main(int argc, char **argv)
"\n");
BIO_printf(bio_out, " if (dsa == NULL)\n"
" return NULL;\n");
BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof (dsap_%d), NULL);\n",
BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL);\n",
bits_p, bits_p);
BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof (dsaq_%d), NULL);\n",
BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL);\n",
bits_p, bits_p);
BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof (dsag_%d), NULL);\n",
BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL);\n",
bits_p, bits_p);
BIO_printf(bio_out, " if (!dsa->p || !dsa->q || !dsa->g) {\n"
" DSA_free(dsa);\n"
@@ -248,6 +248,9 @@ int dsaparam_main(int argc, char **argv)
OPENSSL_free(data);
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);

20
apps/ecparam.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -357,24 +357,24 @@ int ecparam_main(int argc, char **argv)
" BIGNUM *tmp_3 = NULL;\n"
"\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof (ec_p_%d), NULL)) == NULL)\n"
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof (ec_a_%d), NULL)) == NULL)\n"
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof (ec_b_%d), NULL)) == NULL)\n"
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
" goto err;\n"
"\n");
BIO_printf(out, " /* build generator */\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof (ec_gen_%d), tmp_1)) == NULL)\n"
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
BIO_printf(out, " if (point == NULL)\n"
" goto err;\n");
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof (ec_order_%d), tmp_2)) == NULL)\n"
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof (ec_cofactor_%d), tmp_3)) == NULL)\n"
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
" goto err;\n"
@@ -393,6 +393,9 @@ int ecparam_main(int argc, char **argv)
"}\n");
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
@@ -428,6 +431,9 @@ int ecparam_main(int argc, char **argv)
goto end;
}
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) {
BIO_printf(bio_err, "unable to generate key\n");
EC_KEY_free(eckey);

28
apps/enc.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -96,7 +96,7 @@ int enc_main(int argc, char **argv)
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
char *infile = NULL, *outfile = NULL, *prog;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
char mbuf[sizeof magic - 1];
char mbuf[sizeof(magic) - 1];
OPTION_CHOICE o;
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
int enc = 1, printkey = 0, i, k;
@@ -218,7 +218,7 @@ int enc_main(int argc, char **argv)
in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
if (in == NULL)
goto opthelp;
i = BIO_gets(in, buf, sizeof buf);
i = BIO_gets(in, buf, sizeof(buf));
BIO_free(in);
in = NULL;
if (i <= 0) {
@@ -257,6 +257,10 @@ int enc_main(int argc, char **argv)
break;
}
}
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
@@ -311,7 +315,7 @@ int enc_main(int argc, char **argv)
for (;;) {
char prompt[200];
BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:",
BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
@@ -398,31 +402,31 @@ int enc_main(int argc, char **argv)
else {
if (enc) {
if (hsalt) {
if (!set_hex(hsalt, salt, sizeof salt)) {
if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
} else if (RAND_bytes(salt, sizeof salt) <= 0)
} else if (RAND_bytes(salt, sizeof(salt)) <= 0)
goto end;
/*
* If -P option then don't bother writing
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1
sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
sizeof salt) != sizeof salt)) {
sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
} else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
} else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio,
(unsigned char *)salt,
sizeof salt) != sizeof salt) {
sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
} else if (memcmp(mbuf, magic, sizeof magic - 1)) {
} else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
@@ -449,7 +453,7 @@ int enc_main(int argc, char **argv)
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, sizeof iv)) {
} else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}

1
apps/engine.c
View File

@@ -311,6 +311,7 @@ int engine_main(int argc, char **argv)
break;
case OPT_TT:
test_avail_noise++;
/* fall thru */
case OPT_T:
test_avail++;
break;

2
apps/errstr.c
View File

@@ -58,7 +58,7 @@ int errstr_main(int argc, char **argv)
*/
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
ERR_error_string_n(l, buf, sizeof buf);
ERR_error_string_n(l, buf, sizeof(buf));
BIO_printf(bio_out, "%s\n", buf);
}
}

16
apps/genrsa.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -78,6 +78,7 @@ int genrsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -110,11 +111,16 @@ int genrsa_main(int argc, char **argv)
}
argc = opt_num_rest();
argv = opt_rest();
if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0)
goto end;
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
private = 1;
if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
goto end;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;

4
apps/ocsp.c
View File

@@ -1074,7 +1074,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
*pcbio = cbio;
/* Read the request line. */
len = BIO_gets(cbio, reqbuf, sizeof reqbuf);
len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
if (len <= 0)
return 1;
if (strncmp(reqbuf, "GET ", 4) == 0) {
@@ -1116,7 +1116,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
/* Read and skip past the headers. */
for (;;) {
len = BIO_gets(cbio, inbuf, sizeof inbuf);
len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0)
return 1;
if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))

26
apps/openssl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,8 +69,8 @@ static int apps_startup()
#endif
/* Set non-default library initialisation settings */
if (!OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN
| OPENSSL_INIT_LOAD_CONFIG, NULL))
if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
| OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0;
#ifndef OPENSSL_NO_UI
@@ -154,8 +154,13 @@ int main(int argc, char *argv[])
#endif
}
if (!apps_startup())
if (!apps_startup()) {
BIO_printf(bio_err,
"FATAL: Startup failure (dev note: apps_startup() failed)\n");
ERR_print_errors(bio_err);
ret = 1;
goto end;
}
prog = prog_init();
pname = opt_progname(argv[0]);
@@ -183,7 +188,7 @@ int main(int argc, char *argv[])
for (;;) {
ret = 0;
/* Read a line, continue reading if line ends with \ */
for (p = buf, n = sizeof buf, i = 0, first = 1; n > 0; first = 0) {
for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) {
prompt = first ? "OpenSSL> " : "> ";
p[0] = '\0';
#ifndef READLINE
@@ -329,6 +334,7 @@ int list_main(int argc, char **argv)
switch (o) {
case OPT_EOF: /* Never hit, but suppresses warning */
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
case OPT_HELP:
@@ -358,12 +364,14 @@ int list_main(int argc, char **argv)
}
done = 1;
}
if (!done) {
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
if (!done)
goto opthelp;
return 0;
}

20
apps/opt.c
View File

@@ -60,10 +60,10 @@ char *opt_progname(const char *argv0)
n -= 4;
/* Copy over the name, in lowercase. */
if (n > sizeof prog - 1)
n = sizeof prog - 1;
if (n > sizeof(prog) - 1)
n = sizeof(prog) - 1;
for (q = prog, i = 0; i < n; i++, p++)
*q++ = isupper(*p) ? tolower(*p) : *p;
*q++ = tolower((unsigned char)*p);
*q = '\0';
return prog;
}
@@ -82,9 +82,9 @@ char *opt_progname(const char *argv0)
}
q = strrchr(p, '.');
strncpy(prog, p, sizeof prog - 1);
prog[sizeof prog - 1] = '\0';
if (q != NULL && q - p < sizeof prog)
strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof(prog) - 1] = '\0';
if (q != NULL && q - p < sizeof(prog))
prog[q - p] = '\0';
return prog;
}
@@ -101,8 +101,8 @@ char *opt_progname(const char *argv0)
p++;
break;
}
strncpy(prog, p, sizeof prog - 1);
prog[sizeof prog - 1] = '\0';
strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof(prog) - 1] = '\0';
return prog;
}
#endif
@@ -840,7 +840,7 @@ void opt_help(const OPTIONS *list)
i += 1 + strlen(valtype2param(o));
if (i < MAX_OPT_HELP_WIDTH && i > width)
width = i;
assert(i < (int)sizeof start);
assert(i < (int)sizeof(start));
}
if (standard_prolog)
@@ -857,7 +857,7 @@ void opt_help(const OPTIONS *list)
/* Pad out prefix */
memset(start, ' ', sizeof(start) - 1);
start[sizeof start - 1] = '\0';
start[sizeof(start) - 1] = '\0';
if (o->name == OPT_MORE_STR) {
/* Continuation of previous line; pad and print. */

60
apps/passwd.c
View File

@@ -79,9 +79,9 @@ int passwd_main(int argc, char **argv)
char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
OPTION_CHOICE o;
int in_stdin = 0, pw_source_defined = 0;
#ifndef OPENSSL_NO_UI
# ifndef OPENSSL_NO_UI
int in_noverify = 0;
#endif
# endif
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0;
size_t passwd_malloc_size = 0, pw_maxlen = 256;
@@ -105,9 +105,9 @@ int passwd_main(int argc, char **argv)
pw_source_defined = 1;
break;
case OPT_NOVERIFY:
#ifndef OPENSSL_NO_UI
# ifndef OPENSSL_NO_UI
in_noverify = 1;
#endif
# endif
break;
case OPT_QUIET:
quiet = 1;
@@ -198,26 +198,31 @@ int passwd_main(int argc, char **argv)
}
if ((in == NULL) && (passwds == NULL)) {
/*
* we use the following method to make sure what
* in the 'else' section is always compiled, to
* avoid rot of not-frequently-used code.
*/
if (1) {
#ifndef OPENSSL_NO_UI
# ifndef OPENSSL_NO_UI
/* build a null-terminated list */
static char *passwds_static[2] = { NULL, NULL };
passwds = passwds_static;
if (in == NULL)
if (in == NULL) {
if (EVP_read_pw_string
(passwd_malloc, passwd_malloc_size, "Password: ",
!(passed_salt || in_noverify)) != 0)
goto end;
}
passwds[0] = passwd_malloc;
} else {
#endif
# endif
BIO_printf(bio_err, "password required\n");
goto end;
}
}
if (in == NULL) {
assert(passwds != NULL);
assert(*passwds != NULL);
@@ -228,11 +233,9 @@ int passwd_main(int argc, char **argv)
quiet, table, reverse, pw_maxlen, usecrypt, use1,
useapr1))
goto end;
}
while (*passwds != NULL);
} else
} while (*passwds != NULL);
} else {
/* in != NULL */
{
int done;
assert(passwd != NULL);
@@ -240,13 +243,13 @@ int passwd_main(int argc, char **argv)
int r = BIO_gets(in, passwd, pw_maxlen + 1);
if (r > 0) {
char *c = (strchr(passwd, '\n'));
if (c != NULL)
if (c != NULL) {
*c = 0; /* truncate at newline */
else {
} else {
/* ignore rest of line */
char trash[BUFSIZ];
do
r = BIO_gets(in, trash, sizeof trash);
r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n')));
}
@@ -256,8 +259,7 @@ int passwd_main(int argc, char **argv)
goto end;
}
done = (r <= 0);
}
while (!done);
} while (!done);
}
ret = 0;
@@ -298,9 +300,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
if (magic_len > 4) /* assert it's "1" or "apr1" */
return NULL;
OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
OPENSSL_strlcat(out_buf, salt, sizeof out_buf);
OPENSSL_strlcat(out_buf, magic, sizeof(out_buf));
OPENSSL_strlcat(out_buf, "$", sizeof(out_buf));
OPENSSL_strlcat(out_buf, salt, sizeof(out_buf));
if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
return NULL;
@@ -330,8 +332,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|| !EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
for (i = passwd_len; i > sizeof buf; i -= sizeof buf) {
if (!EVP_DigestUpdate(md, buf, sizeof buf))
for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) {
if (!EVP_DigestUpdate(md, buf, sizeof(buf)))
goto err;
}
if (!EVP_DigestUpdate(md, buf, i))
@@ -351,7 +353,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
goto err;
if (!EVP_DigestUpdate(md2,
(i & 1) ? (unsigned const char *)passwd : buf,
(i & 1) ? passwd_len : sizeof buf))
(i & 1) ? passwd_len : sizeof(buf)))
goto err;
if (i % 3) {
if (!EVP_DigestUpdate(md2, salt_out, salt_len))
@@ -363,7 +365,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
}
if (!EVP_DigestUpdate(md2,
(i & 1) ? buf : (unsigned const char *)passwd,
(i & 1) ? sizeof buf : passwd_len))
(i & 1) ? sizeof(buf) : passwd_len))
goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
@@ -375,7 +377,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{
/* transform buf into output string */
unsigned char buf_perm[sizeof buf];
unsigned char buf_perm[sizeof(buf)];
int dest, source;
char *output;
@@ -387,7 +389,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */
assert(16 == sizeof buf_perm);
assert(16 == sizeof(buf_perm));
# endif
output = salt_out + salt_len;
@@ -433,9 +435,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (!passed_salt) {
# ifndef OPENSSL_NO_DES
if (usecrypt) {
if (*salt_malloc_p == NULL) {
if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(3, "salt buffer");
}
if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
goto end;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
@@ -452,9 +453,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (use1 || useapr1) {
int i;
if (*salt_malloc_p == NULL) {
if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(9, "salt buffer");
}
if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
goto end;

10
apps/pkcs12.c
View File

@@ -323,7 +323,7 @@ int pkcs12_main(int argc, char **argv)
if (1) {
#ifndef OPENSSL_NO_UI
if (EVP_read_pw_string
(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
(macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
@@ -440,7 +440,7 @@ int pkcs12_main(int argc, char **argv)
if (!noprompt) {
if (1) {
#ifndef OPENSSL_NO_UI
if (EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
@@ -453,7 +453,7 @@ int pkcs12_main(int argc, char **argv)
}
if (!twopass)
OPENSSL_strlcpy(macpass, pass, sizeof macpass);
OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
p12 = PKCS12_create(cpass, name, key, ucert, certs,
key_pbe, cert_pbe, iter, -1, keytype);
@@ -506,7 +506,7 @@ int pkcs12_main(int argc, char **argv)
if (!noprompt) {
if (1) {
#ifndef OPENSSL_NO_UI
if (EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
@@ -519,7 +519,7 @@ int pkcs12_main(int argc, char **argv)
}
if (!twopass)
OPENSSL_strlcpy(macpass, pass, sizeof macpass);
OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && PKCS12_mac_present(p12)) {
const ASN1_INTEGER *tmaciter;

4
apps/pkcs8.c
View File

@@ -238,7 +238,7 @@ int pkcs8_main(int argc, char **argv)
#ifndef OPENSSL_NO_UI
p8pass = pass;
if (EVP_read_pw_string
(pass, sizeof pass, "Enter Encryption Password:", 1)) {
(pass, sizeof(pass), "Enter Encryption Password:", 1)) {
X509_ALGOR_free(pbe);
goto end;
}
@@ -300,7 +300,7 @@ int pkcs8_main(int argc, char **argv)
else if (1) {
#ifndef OPENSSL_NO_UI
p8pass = pass;
if (EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0)) {
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}

43
apps/pkeyutl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -81,8 +81,7 @@ int pkeyutl_main(int argc, char **argv)
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
OPTION_CHOICE o;
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform =
FORMAT_PEM;
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0;
int ret = 1, rv = -1;
@@ -193,10 +192,18 @@ int pkeyutl_main(int argc, char **argv)
goto opthelp;
if (kdfalg != NULL) {
if (kdflen == 0)
if (kdflen == 0) {
BIO_printf(bio_err,
"%s: no KDF length given (-kdflen parameter).\n", prog);
goto opthelp;
} else if ((inkey == NULL)
|| (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) {
}
} else if (inkey == NULL) {
BIO_printf(bio_err,
"%s: no private key given (-inkey parameter).\n", prog);
goto opthelp;
} else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_printf(bio_err,
"%s: no peer key given (-peerkey parameter).\n", prog);
goto opthelp;
}
ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
@@ -219,7 +226,8 @@ int pkeyutl_main(int argc, char **argv)
const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(ctx, opt) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter:\n", prog);
BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
prog, opt);
ERR_print_errors(bio_err);
goto end;
}
@@ -307,7 +315,11 @@ int pkeyutl_main(int argc, char **argv)
buf_in, (size_t)buf_inlen);
}
if (rv <= 0) {
BIO_puts(bio_err, "Public Key operation error\n");
if (pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_puts(bio_err, "Public Key operation error\n");
} else {
BIO_puts(bio_err, "Key derivation failed\n");
}
ERR_print_errors(bio_err);
goto end;
}
@@ -383,8 +395,15 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
if (kdfalg) {
int kdfnid = OBJ_sn2nid(kdfalg);
if (kdfnid == NID_undef)
goto end;
if (kdfnid == NID_undef) {
kdfnid = OBJ_ln2nid(kdfalg);
if (kdfnid == NID_undef) {
BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
kdfalg);
goto end;
}
}
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
} else {
if (pkey == NULL)
@@ -435,10 +454,10 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
}
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE* e)
ENGINE *e)
{
EVP_PKEY *peer = NULL;
ENGINE* engine = NULL;
ENGINE *engine = NULL;
int ret;
if (peerform == FORMAT_ENGINE)

12
apps/prime.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -43,6 +43,7 @@ int prime_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -69,9 +70,14 @@ int prime_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
if (argc == 0 && !generate) {
if (generate) {
if (argc != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
} else if (argc == 0) {
BIO_printf(bio_err, "%s: No prime specified\n", prog);
goto end;
goto opthelp;
}
if (generate) {

418
apps/progs.h
View File

@@ -1,418 +0,0 @@
/*
* WARNING: do not edit!
* Generated by apps/progs.pl
*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
typedef enum FUNC_TYPE {
FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
FT_md_alg, FT_cipher_alg
} FUNC_TYPE;
typedef struct function_st {
FUNC_TYPE type;
const char *name;
int (*func)(int argc, char *argv[]);
const OPTIONS *help;
} FUNCTION;
DEFINE_LHASH_OF(FUNCTION);
extern int asn1parse_main(int argc, char *argv[]);
extern int ca_main(int argc, char *argv[]);
extern int ciphers_main(int argc, char *argv[]);
extern int cms_main(int argc, char *argv[]);
extern int crl_main(int argc, char *argv[]);
extern int crl2pkcs7_main(int argc, char *argv[]);
extern int dgst_main(int argc, char *argv[]);
extern int dhparam_main(int argc, char *argv[]);
extern int dsa_main(int argc, char *argv[]);
extern int dsaparam_main(int argc, char *argv[]);
extern int ec_main(int argc, char *argv[]);
extern int ecparam_main(int argc, char *argv[]);
extern int enc_main(int argc, char *argv[]);
extern int engine_main(int argc, char *argv[]);
extern int errstr_main(int argc, char *argv[]);
extern int exit_main(int argc, char *argv[]);
extern int gendsa_main(int argc, char *argv[]);
extern int genpkey_main(int argc, char *argv[]);
extern int genrsa_main(int argc, char *argv[]);
extern int help_main(int argc, char *argv[]);
extern int list_main(int argc, char *argv[]);
extern int nseq_main(int argc, char *argv[]);
extern int ocsp_main(int argc, char *argv[]);
extern int passwd_main(int argc, char *argv[]);
extern int pkcs12_main(int argc, char *argv[]);
extern int pkcs7_main(int argc, char *argv[]);
extern int pkcs8_main(int argc, char *argv[]);
extern int pkey_main(int argc, char *argv[]);
extern int pkeyparam_main(int argc, char *argv[]);
extern int pkeyutl_main(int argc, char *argv[]);
extern int prime_main(int argc, char *argv[]);
extern int rand_main(int argc, char *argv[]);
extern int rehash_main(int argc, char *argv[]);
extern int req_main(int argc, char *argv[]);
extern int rsa_main(int argc, char *argv[]);
extern int rsautl_main(int argc, char *argv[]);
extern int s_client_main(int argc, char *argv[]);
extern int s_server_main(int argc, char *argv[]);
extern int s_time_main(int argc, char *argv[]);
extern int sess_id_main(int argc, char *argv[]);
extern int smime_main(int argc, char *argv[]);
extern int speed_main(int argc, char *argv[]);
extern int spkac_main(int argc, char *argv[]);
extern int srp_main(int argc, char *argv[]);
extern int ts_main(int argc, char *argv[]);
extern int verify_main(int argc, char *argv[]);
extern int version_main(int argc, char *argv[]);
extern int x509_main(int argc, char *argv[]);
extern OPTIONS asn1parse_options[];
extern OPTIONS ca_options[];
extern OPTIONS ciphers_options[];
extern OPTIONS cms_options[];
extern OPTIONS crl_options[];
extern OPTIONS crl2pkcs7_options[];
extern OPTIONS dgst_options[];
extern OPTIONS dhparam_options[];
extern OPTIONS dsa_options[];
extern OPTIONS dsaparam_options[];
extern OPTIONS ec_options[];
extern OPTIONS ecparam_options[];
extern OPTIONS enc_options[];
extern OPTIONS engine_options[];
extern OPTIONS errstr_options[];
extern OPTIONS exit_options[];
extern OPTIONS gendsa_options[];
extern OPTIONS genpkey_options[];
extern OPTIONS genrsa_options[];
extern OPTIONS help_options[];
extern OPTIONS list_options[];
extern OPTIONS nseq_options[];
extern OPTIONS ocsp_options[];
extern OPTIONS passwd_options[];
extern OPTIONS pkcs12_options[];
extern OPTIONS pkcs7_options[];
extern OPTIONS pkcs8_options[];
extern OPTIONS pkey_options[];
extern OPTIONS pkeyparam_options[];
extern OPTIONS pkeyutl_options[];
extern OPTIONS prime_options[];
extern OPTIONS rand_options[];
extern OPTIONS rehash_options[];
extern OPTIONS req_options[];
extern OPTIONS rsa_options[];
extern OPTIONS rsautl_options[];
extern OPTIONS s_client_options[];
extern OPTIONS s_server_options[];
extern OPTIONS s_time_options[];
extern OPTIONS sess_id_options[];
extern OPTIONS smime_options[];
extern OPTIONS speed_options[];
extern OPTIONS spkac_options[];
extern OPTIONS srp_options[];
extern OPTIONS ts_options[];
extern OPTIONS verify_options[];
extern OPTIONS version_options[];
extern OPTIONS x509_options[];
#ifdef INCLUDE_FUNCTION_TABLE
static FUNCTION functions[] = {
{ FT_general, "asn1parse", asn1parse_main, asn1parse_options },
{ FT_general, "ca", ca_main, ca_options },
#ifndef OPENSSL_NO_SOCK
{ FT_general, "ciphers", ciphers_main, ciphers_options },
#endif
#ifndef OPENSSL_NO_CMS
{ FT_general, "cms", cms_main, cms_options },
#endif
{ FT_general, "crl", crl_main, crl_options },
{ FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options },
{ FT_general, "dgst", dgst_main, dgst_options },
#ifndef OPENSSL_NO_DH
{ FT_general, "dhparam", dhparam_main, dhparam_options },
#endif
#ifndef OPENSSL_NO_DSA
{ FT_general, "dsa", dsa_main, dsa_options },
#endif
#ifndef OPENSSL_NO_DSA
{ FT_general, "dsaparam", dsaparam_main, dsaparam_options },
#endif
#ifndef OPENSSL_NO_EC
{ FT_general, "ec", ec_main, ec_options },
#endif
#ifndef OPENSSL_NO_EC
{ FT_general, "ecparam", ecparam_main, ecparam_options },
#endif
{ FT_general, "enc", enc_main, enc_options },
#ifndef OPENSSL_NO_ENGINE
{ FT_general, "engine", engine_main, engine_options },
#endif
{ FT_general, "errstr", errstr_main, errstr_options },
{ FT_general, "exit", exit_main, exit_options },
#ifndef OPENSSL_NO_DSA
{ FT_general, "gendsa", gendsa_main, gendsa_options },
#endif
{ FT_general, "genpkey", genpkey_main, genpkey_options },
#ifndef OPENSSL_NO_RSA
{ FT_general, "genrsa", genrsa_main, genrsa_options },
#endif
{ FT_general, "help", help_main, help_options },
{ FT_general, "list", list_main, list_options },
{ FT_general, "nseq", nseq_main, nseq_options },
#ifndef OPENSSL_NO_OCSP
{ FT_general, "ocsp", ocsp_main, ocsp_options },
#endif
{ FT_general, "passwd", passwd_main, passwd_options },
#ifndef OPENSSL_NO_DES
{ FT_general, "pkcs12", pkcs12_main, pkcs12_options },
#endif
{ FT_general, "pkcs7", pkcs7_main, pkcs7_options },
{ FT_general, "pkcs8", pkcs8_main, pkcs8_options },
{ FT_general, "pkey", pkey_main, pkey_options },
{ FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options },
{ FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options },
{ FT_general, "prime", prime_main, prime_options },
{ FT_general, "rand", rand_main, rand_options },
{ FT_general, "rehash", rehash_main, rehash_options },
{ FT_general, "req", req_main, req_options },
{ FT_general, "rsa", rsa_main, rsa_options },
#ifndef OPENSSL_NO_RSA
{ FT_general, "rsautl", rsautl_main, rsautl_options },
#endif
#ifndef OPENSSL_NO_SOCK
{ FT_general, "s_client", s_client_main, s_client_options },
#endif
#ifndef OPENSSL_NO_SOCK
{ FT_general, "s_server", s_server_main, s_server_options },
#endif
#ifndef OPENSSL_NO_SOCK
{ FT_general, "s_time", s_time_main, s_time_options },
#endif
{ FT_general, "sess_id", sess_id_main, sess_id_options },
{ FT_general, "smime", smime_main, smime_options },
{ FT_general, "speed", speed_main, speed_options },
{ FT_general, "spkac", spkac_main, spkac_options },
#ifndef OPENSSL_NO_SRP
{ FT_general, "srp", srp_main, srp_options },
#endif
#ifndef OPENSSL_NO_TS
{ FT_general, "ts", ts_main, ts_options },
#endif
{ FT_general, "verify", verify_main, verify_options },
{ FT_general, "version", version_main, version_options },
{ FT_general, "x509", x509_main, x509_options },
#ifndef OPENSSL_NO_MD2
{ FT_md, "md2", dgst_main},
#endif
#ifndef OPENSSL_NO_MD4
{ FT_md, "md4", dgst_main},
#endif
{ FT_md, "md5", dgst_main},
#ifndef OPENSSL_NO_GOST
{ FT_md, "gost", dgst_main},
#endif
{ FT_md, "sha1", dgst_main},
{ FT_md, "sha224", dgst_main},
{ FT_md, "sha256", dgst_main},
{ FT_md, "sha384", dgst_main},
{ FT_md, "sha512", dgst_main},
#ifndef OPENSSL_NO_MDC2
{ FT_md, "mdc2", dgst_main},
#endif
#ifndef OPENSSL_NO_RMD160
{ FT_md, "rmd160", dgst_main},
#endif
#ifndef OPENSSL_NO_BLAKE2
{ FT_md, "blake2b512", dgst_main},
#endif
#ifndef OPENSSL_NO_BLAKE2
{ FT_md, "blake2s256", dgst_main},
#endif
{ FT_cipher, "aes-128-cbc", enc_main, enc_options },
{ FT_cipher, "aes-128-ecb", enc_main, enc_options },
{ FT_cipher, "aes-192-cbc", enc_main, enc_options },
{ FT_cipher, "aes-192-ecb", enc_main, enc_options },
{ FT_cipher, "aes-256-cbc", enc_main, enc_options },
{ FT_cipher, "aes-256-ecb", enc_main, enc_options },
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-128-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-128-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-192-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-192-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-256-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-256-ecb", enc_main, enc_options },
#endif
{ FT_cipher, "base64", enc_main, enc_options },
#ifdef ZLIB
{ FT_cipher, "zlib", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des3", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "desx", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC4
{ FT_cipher, "rc4", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC4
{ FT_cipher, "rc4-40", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-64-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-40-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-ofb", enc_main, enc_options },
#endif
{ 0, NULL, NULL}
};
#endif

19
apps/progs.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -11,13 +11,22 @@
use strict;
use warnings;
use configdata qw/@disablables/;
use lib '.';
use configdata qw/@disablables %unified_info/;
my %commands = ();
my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
foreach my $filename (@ARGV) {
open F, $filename or die "Coudn't open $_: $!\n";
my $apps_openssl = shift @ARGV;
# because the program apps/openssl has object files as sources, and
# they then have the corresponding C files as source, we need to chain
# the lookups in %unified_info
my @openssl_source =
map { @{$unified_info{sources}->{$_}} }
@{$unified_info{sources}->{$apps_openssl}};
foreach my $filename (@openssl_source) {
open F, $filename or die "Couldn't open $filename: $!\n";
foreach (grep /$cmdre/, <F>) {
my @foo = /$cmdre/;
$commands{$1} = 1;
@@ -32,7 +41,7 @@ print <<'EOF';
* WARNING: do not edit!
* Generated by apps/progs.pl
*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

12
apps/rand.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -76,9 +76,13 @@ int rand_main(int argc, char **argv)
}
argc = opt_num_rest();
argv = opt_rest();
if (argc != 1 || !opt_int(argv[0], &num) || num < 0)
if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0)
goto end;
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
@@ -102,7 +106,7 @@ int rand_main(int argc, char **argv)
chunk = num;
if (chunk > (int)sizeof(buf))
chunk = sizeof buf;
chunk = sizeof(buf);
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto end;

2
apps/rehash.c
View File

@@ -305,7 +305,7 @@ static int massage_filename(char *name)
if (q != NULL) {
for (q++; *q != '\0'; q++) {
if (!isdigit(*q))
if (!isdigit((unsigned char)*q))
return 1;
}
}

36
apps/req.c
View File

@@ -973,7 +973,7 @@ static int prompt_info(X509_REQ *req,
/* If OBJ not recognised ignore it */
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start;
if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name)
if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
@@ -984,19 +984,19 @@ static int prompt_info(X509_REQ *req,
def = "";
}
BIO_snprintf(buf, sizeof buf, "%s_value", v->name);
BIO_snprintf(buf, sizeof(buf), "%s_value", v->name);
if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error();
value = NULL;
}
BIO_snprintf(buf, sizeof buf, "%s_min", v->name);
BIO_snprintf(buf, sizeof(buf), "%s_min", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
BIO_snprintf(buf, sizeof buf, "%s_max", v->name);
BIO_snprintf(buf, sizeof(buf), "%s_max", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
@@ -1032,7 +1032,7 @@ static int prompt_info(X509_REQ *req,
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start2;
if (BIO_snprintf(buf, sizeof buf, "%s_default", type)
if (BIO_snprintf(buf, sizeof(buf), "%s_default", type)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
@@ -1044,20 +1044,20 @@ static int prompt_info(X509_REQ *req,
def = "";
}
BIO_snprintf(buf, sizeof buf, "%s_value", type);
BIO_snprintf(buf, sizeof(buf), "%s_value", type);
if ((value = NCONF_get_string(req_conf, attr_sect, buf))
== NULL) {
ERR_clear_error();
value = NULL;
}
BIO_snprintf(buf, sizeof buf, "%s_min", type);
BIO_snprintf(buf, sizeof(buf), "%s_min", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
BIO_snprintf(buf, sizeof buf, "%s_max", type);
BIO_snprintf(buf, sizeof(buf), "%s_max", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
@@ -1155,13 +1155,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
OPENSSL_strlcpy(buf, value, sizeof buf);
OPENSSL_strlcat(buf, "\n", sizeof buf);
OPENSSL_strlcpy(buf, value, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
if (!fgets(buf, sizeof buf, stdin))
if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
@@ -1174,8 +1174,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
OPENSSL_strlcpy(buf, def, sizeof buf);
OPENSSL_strlcat(buf, "\n", sizeof buf);
OPENSSL_strlcpy(buf, def, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);
@@ -1214,13 +1214,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
OPENSSL_strlcpy(buf, value, sizeof buf);
OPENSSL_strlcat(buf, "\n", sizeof buf);
OPENSSL_strlcpy(buf, value, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
if (!fgets(buf, sizeof buf, stdin))
if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
@@ -1233,8 +1233,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
OPENSSL_strlcpy(buf, def, sizeof buf);
OPENSSL_strlcat(buf, "\n", sizeof buf);
OPENSSL_strlcpy(buf, def, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);

4
apps/rsa.c
View File

@@ -215,7 +215,7 @@ int rsa_main(int argc, char **argv)
}
if (check) {
int r = RSA_check_key(rsa);
int r = RSA_check_key_ex(rsa, NULL);
if (r == 1)
BIO_printf(out, "RSA key ok\n");
@@ -224,7 +224,7 @@ int rsa_main(int argc, char **argv)
while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX &&
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
BIO_printf(out, "RSA key error: %s\n",
ERR_reason_error_string(err));

41
apps/s_client.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1370,11 +1370,13 @@ int s_client_main(int argc, char **argv)
}
}
#ifdef AF_UNIX
if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
BIO_printf(bio_err,
"Can't use unix sockets and datagrams together\n");
goto end;
}
#endif
if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
BIO_printf(bio_err, "Bad split send fragment size\n");
@@ -1484,6 +1486,9 @@ int s_client_main(int argc, char **argv)
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
@@ -1493,9 +1498,11 @@ int s_client_main(int argc, char **argv)
}
}
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
if (max_version != 0
&& SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end;
if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
@@ -1518,9 +1525,6 @@ int s_client_main(int argc, char **argv)
SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
}
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download)) {
BIO_printf(bio_err, "Error loading store locations\n");
@@ -2459,7 +2463,7 @@ int s_client_main(int argc, char **argv)
if (in_init)
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
#if defined(OPENSSL_SYS_WINDOWS)
/*
* Give the socket time to send its last data before we close it.
* No amount of setting SO_LINGER etc on the socket seems to persuade
@@ -2467,8 +2471,23 @@ int s_client_main(int argc, char **argv)
* for a short time seems to do it (units in ms)
* TODO: Find a better way to do this
*/
#if defined(OPENSSL_SYS_WINDOWS)
Sleep(50);
#elif defined(OPENSSL_SYS_CYGWIN)
usleep(50000);
#endif
/*
* If we ended with an alert being sent, but still with data in the
* network buffer to be read, then calling BIO_closesocket() will
* result in a TCP-RST being sent. On some platforms (notably
* Windows) then this will result in the peer immediately abandoning
* the connection including any buffered alert data before it has
* had a chance to be read. Shutting down the sending side first,
* and then closing the socket sends TCP-FIN first followed by
* TCP-RST. This seems to allow the peer to read the alert data.
*/
shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
BIO_closesocket(SSL_get_fd(con));
end:
if (con != NULL) {
@@ -2534,10 +2553,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, "---\nCertificate chain\n");
for (i = 0; i < sk_X509_num(sk); i++) {
X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
buf, sizeof buf);
buf, sizeof(buf));
BIO_printf(bio, "%2d s:%s\n", i, buf);
X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
buf, sizeof buf);
buf, sizeof(buf));
BIO_printf(bio, " i:%s\n", buf);
if (c_showcerts)
PEM_write_bio_X509(bio, sk_X509_value(sk, i));
@@ -2552,9 +2571,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
/* Redundant if we showed the whole chain */
if (!(c_showcerts && got_a_chain))
PEM_write_bio_X509(bio, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio, "issuer=%s\n", buf);
} else
BIO_printf(bio, "no peer certificate available\n");

35
apps/s_server.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -704,13 +704,14 @@ OPTIONS s_server_options[] = {
"PEM serverinfo file for certificate"},
{"certform", OPT_CERTFORM, 'F',
"Certificate format (PEM or DER) PEM default"},
{"key", OPT_KEY, '<',
{"key", OPT_KEY, 's',
"Private Key if not in -cert; default is " TEST_CERT},
{"keyform", OPT_KEYFORM, 'f',
"Key format (PEM, DER or ENGINE) PEM default"},
{"pass", OPT_PASS, 's', "Private key file pass phrase source"},
{"dcert", OPT_DCERT, '<',
"Second certificate file to use (usually for DSA)"},
{"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
{"dcertform", OPT_DCERTFORM, 'F',
"Second certificate format (PEM or DER) PEM default"},
{"dkey", OPT_DKEY, '<',
@@ -1614,6 +1615,10 @@ int s_server_main(int argc, char *argv[])
}
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
@@ -1622,9 +1627,11 @@ int s_server_main(int argc, char *argv[])
goto end;
}
}
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
if (max_version != 0
&& SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end;
if (session_id_prefix) {
@@ -1686,8 +1693,6 @@ int s_server_main(int argc, char *argv[])
}
ssl_ctx_add_crls(ctx, crls, 0);
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download)) {
@@ -1852,7 +1857,7 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx,
(void *)&s_server_session_id_context,
sizeof s_server_session_id_context)) {
sizeof(s_server_session_id_context))) {
BIO_printf(bio_err, "error setting session id context\n");
ERR_print_errors(bio_err);
goto end;
@@ -1866,7 +1871,7 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx2,
(void *)&s_server_session_id_context,
sizeof s_server_session_id_context)) {
sizeof(s_server_session_id_context))) {
BIO_printf(bio_err, "error setting session id context\n");
ERR_print_errors(bio_err);
goto end;
@@ -2534,15 +2539,15 @@ static int init_ssl_connection(SSL *con)
if (peer != NULL) {
BIO_printf(bio_s_out, "Client certificate\n");
PEM_write_bio_X509(bio_s_out, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "issuer=%s\n", buf);
X509_free(peer);
peer = NULL;
}
if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con);
@@ -2574,6 +2579,9 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out, "Reused session-id\n");
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION))
BIO_printf(bio_s_out, "Renegotiation is DISABLED\n");
if (keymatexportlabel != NULL) {
BIO_printf(bio_s_out, "Keying material exporter:\n");
BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
@@ -2853,9 +2861,10 @@ static int www_body(int s, int stype, unsigned char *context)
PEM_write_bio_X509(io, peer);
X509_free(peer);
peer = NULL;
} else
} else {
BIO_puts(io, "no client certificate available\n");
BIO_puts(io, "</BODY></HTML>\r\n\r\n");
}
BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break;
} else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) {

58
apps/s_socket.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -136,6 +136,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
int sock;
int i;
BIO_ADDRINFO *res = NULL;
const BIO_ADDRINFO *next;
int sock_family, sock_type, sock_protocol;
const BIO_ADDR *sock_address;
int sock_options = BIO_SOCK_REUSEADDR;
int ret = 0;
if (!BIO_sock_init())
@@ -151,10 +155,29 @@ int do_server(int *accept_sock, const char *host, const char *port,
OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
&& (type == 0 || type == BIO_ADDRINFO_socktype(res)));
asock = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res),
BIO_ADDRINFO_protocol(res), 0);
sock_family = BIO_ADDRINFO_family(res);
sock_type = BIO_ADDRINFO_socktype(res);
sock_protocol = BIO_ADDRINFO_protocol(res);
sock_address = BIO_ADDRINFO_address(res);
next = BIO_ADDRINFO_next(res);
if (sock_family == AF_INET6)
sock_options |= BIO_SOCK_V6_ONLY;
if (next != NULL
&& BIO_ADDRINFO_socktype(next) == sock_type
&& BIO_ADDRINFO_protocol(next) == sock_protocol) {
if (sock_family == AF_INET
&& BIO_ADDRINFO_family(next) == AF_INET6) {
sock_family = AF_INET6;
sock_address = BIO_ADDRINFO_address(next);
} else if (sock_family == AF_INET6
&& BIO_ADDRINFO_family(next) == AF_INET) {
sock_options &= ~BIO_SOCK_V6_ONLY;
}
}
asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
if (asock == INVALID_SOCKET
|| !BIO_listen(asock, BIO_ADDRINFO_address(res), BIO_SOCK_REUSEADDR)) {
|| !BIO_listen(asock, sock_address, sock_options)) {
BIO_ADDRINFO_free(res);
ERR_print_errors(bio_err);
if (asock != INVALID_SOCKET)
@@ -171,13 +194,38 @@ int do_server(int *accept_sock, const char *host, const char *port,
if (type == SOCK_STREAM) {
do {
sock = BIO_accept_ex(asock, NULL, 0);
} while (sock < 0 && BIO_sock_should_retry(ret));
} while (sock < 0 && BIO_sock_should_retry(sock));
if (sock < 0) {
ERR_print_errors(bio_err);
BIO_closesocket(asock);
break;
}
i = (*cb)(sock, type, context);
/*
* Give the socket time to send its last data before we close it.
* No amount of setting SO_LINGER etc on the socket seems to
* persuade Windows to send the data before closing the socket...
* but sleeping for a short time seems to do it (units in ms)
* TODO: Find a better way to do this
*/
#if defined(OPENSSL_SYS_WINDOWS)
Sleep(50);
#elif defined(OPENSSL_SYS_CYGWIN)
usleep(50000);
#endif
/*
* If we ended with an alert being sent, but still with data in the
* network buffer to be read, then calling BIO_closesocket() will
* result in a TCP-RST being sent. On some platforms (notably
* Windows) then this will result in the peer immediately abandoning
* the connection including any buffered alert data before it has
* had a chance to be read. Shutting down the sending side first,
* and then closing the socket sends TCP-FIN first followed by
* TCP-RST. This seems to allow the peer to read the alert data.
*/
shutdown(sock, 1); /* SHUT_WR */
BIO_closesocket(sock);
} else {
i = (*cb)(asock, type, context);

83
apps/s_time.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,8 +7,6 @@
* https://www.openssl.org/source/license.html
*/
#define NO_SHUTDOWN
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -28,22 +26,8 @@
# include OPENSSL_UNISTD
#endif
#undef ioctl
#define ioctl ioctlsocket
#define SSL_CONNECT_NAME "localhost:4433"
/* no default cert. */
/*
* #define TEST_CERT "client.pem"
*/
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
#define max(a,b) (((a) > (b)) ? (a) : (b))
#undef SECONDS
#define SECONDS 30
#define SECONDSSTR "30"
@@ -185,21 +169,20 @@ int s_time_main(int argc, char **argv)
if (cipher == NULL)
cipher = getenv("SSL_CIPHER");
if (cipher == NULL) {
if (cipher == NULL)
BIO_printf(bio_err, "No CIPHER specified\n");
goto end;
}
if ((ctx = SSL_CTX_new(meth)) == NULL)
goto end;
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_quiet_shutdown(ctx, 1);
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end;
if (st_bugs)
SSL_CTX_set_options(ctx, SSL_OP_ALL);
if (!SSL_CTX_set_cipher_list(ctx, cipher))
if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher))
goto end;
if (!set_cert_stuff(ctx, certfile, keyfile))
goto end;
@@ -225,18 +208,14 @@ int s_time_main(int argc, char **argv)
goto end;
if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof buf,
buf_len = BIO_snprintf(buf, sizeof(buf),
fmt_http_get_cmd, www_path);
if (SSL_write(scon, buf, buf_len) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
BIO_closesocket(SSL_get_fd(scon));
nConn += 1;
@@ -283,18 +262,14 @@ int s_time_main(int argc, char **argv)
}
if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof buf,
buf_len = BIO_snprintf(buf, sizeof(buf),
fmt_http_get_cmd, www_path);
if (SSL_write(scon, buf, buf_len) <= 0)
goto end;
while (SSL_read(scon, buf, sizeof(buf)) > 0)
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
continue;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
BIO_closesocket(SSL_get_fd(scon));
nConn = 0;
@@ -314,18 +289,14 @@ int s_time_main(int argc, char **argv)
goto end;
if (www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
www_path);
if (SSL_write(scon, buf, strlen(buf)) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
BIO_closesocket(SSL_get_fd(scon));
nConn += 1;
@@ -367,13 +338,13 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
{
BIO *conn;
SSL *serverCon;
int width, i;
fd_set readfds;
int i;
if ((conn = BIO_new(BIO_s_connect())) == NULL)
return (NULL);
return NULL;
BIO_set_conn_hostname(conn, host);
BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
if (scon == NULL)
serverCon = SSL_new(ctx);
@@ -385,26 +356,7 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
SSL_set_bio(serverCon, conn, conn);
/* ok, lets connect */
for (;;) {
i = SSL_connect(serverCon);
if (BIO_sock_should_retry(i)) {
BIO_printf(bio_err, "DELAY\n");
i = SSL_get_fd(serverCon);
width = i + 1;
FD_ZERO(&readfds);
openssl_fdset(i, &readfds);
/*
* Note: under VMS with SOCKETSHR the 2nd parameter is currently
* of type (int *) whereas under other systems it is (void *) if
* you don't have a cast it will choke the compiler: if you do
* have a cast then you can either go for (int *) or (void *).
*/
select(width, (void *)&readfds, NULL, NULL, NULL);
continue;
}
break;
}
i = SSL_connect(serverCon);
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
if (verify_args.error != X509_V_OK)
@@ -417,6 +369,17 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
return NULL;
}
#if defined(SOL_SOCKET) && defined(SO_LINGER)
{
struct linger no_linger;
no_linger.l_onoff = 1;
no_linger.l_linger = 0;
(void) setsockopt(SSL_get_fd(serverCon), SOL_SOCKET, SO_LINGER,
(char*)&no_linger, sizeof(no_linger));
}
#endif
return serverCon;
}
#endif /* OPENSSL_NO_SOCK */

39
apps/speed.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -293,7 +293,8 @@ static SIGRETTYPE sig_done(int sig)
# if !defined(SIGALRM)
# define SIGALRM
# endif
static unsigned int lapse, schlock;
static unsigned int lapse;
static volatile unsigned int schlock;
static void alarm_win32(unsigned int secs)
{
lapse = secs * 1000;
@@ -1240,6 +1241,7 @@ int speed_main(int argc, char **argv)
|| !defined(OPENSSL_NO_EC)
long rsa_count = 1;
#endif
size_t loop;
/* What follows are the buffers and key material. */
#ifndef OPENSSL_NO_RC5
@@ -1378,6 +1380,7 @@ int speed_main(int argc, char **argv)
usertime = 0;
break;
case OPT_EVP:
evp_md = NULL;
evp_cipher = EVP_get_cipherbyname(opt_arg());
if (evp_cipher == NULL)
evp_md = EVP_get_digestbyname(opt_arg());
@@ -1465,12 +1468,8 @@ int speed_main(int argc, char **argv)
continue;
}
#ifndef OPENSSL_NO_RSA
# ifndef RSA_NULL
if (strcmp(*argv, "openssl") == 0) {
RSA_set_default_method(RSA_PKCS1_OpenSSL());
if (strcmp(*argv, "openssl") == 0)
continue;
}
# endif
if (strcmp(*argv, "rsa") == 0) {
rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] =
rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] =
@@ -1508,8 +1507,8 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_EC
if (strcmp(*argv, "ecdsa") == 0) {
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++)
ecdsa_doit[ecdsa_choices[loop].retval] = 1;
continue;
}
if (found(*argv, ecdsa_choices, &i)) {
@@ -1517,8 +1516,8 @@ int speed_main(int argc, char **argv)
continue;
}
if (strcmp(*argv, "ecdh") == 0) {
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++)
ecdh_doit[ecdh_choices[loop].retval] = 1;
continue;
}
if (found(*argv, ecdh_choices, &i)) {
@@ -1585,10 +1584,10 @@ int speed_main(int argc, char **argv)
dsa_doit[i] = 1;
#endif
#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++)
ecdsa_doit[ecdsa_choices[loop].retval] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++)
ecdh_doit[ecdh_choices[loop].retval] = 1;
#endif
}
for (i = 0; i < ALGOR_NUM; i++)
@@ -2403,7 +2402,7 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_DSA
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
RAND_seed(rnd_seed, sizeof(rnd_seed));
}
for (testnum = 0; testnum < DSA_NUM; testnum++) {
int st = 0;
@@ -2471,7 +2470,7 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_EC
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
RAND_seed(rnd_seed, sizeof(rnd_seed));
}
for (testnum = 0; testnum < EC_NUM; testnum++) {
int st = 1;
@@ -2555,7 +2554,7 @@ int speed_main(int argc, char **argv)
}
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
RAND_seed(rnd_seed, sizeof(rnd_seed));
}
for (testnum = 0; testnum < EC_NUM; testnum++) {
int ecdh_checks = 1;
@@ -2878,7 +2877,7 @@ static char *sstrsep(char **string, const char *delim)
if (**string == 0)
return NULL;
memset(isdelim, 0, sizeof isdelim);
memset(isdelim, 0, sizeof(isdelim));
isdelim[0] = 1;
while (*delim) {
@@ -2939,7 +2938,7 @@ static int do_multi(int multi)
char *p;
f = fdopen(fds[n], "r");
while (fgets(buf, sizeof buf, f)) {
while (fgets(buf, sizeof(buf), f)) {
p = strchr(buf, '\n');
if (p)
*p = '\0';

19
apps/spkac.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -116,19 +116,22 @@ int spkac_main(int argc, char **argv)
goto end;
}
if (keyfile) {
if (keyfile != NULL) {
pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key");
if (!pkey) {
if (pkey == NULL)
goto end;
}
spki = NETSCAPE_SPKI_new();
if (challenge)
if (spki == NULL)
goto end;
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (spkstr == NULL)
goto end;
out = bio_open_default(outfile, 'w', FORMAT_TEXT);
if (out == NULL) {
@@ -154,7 +157,7 @@ int spkac_main(int argc, char **argv)
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if (!spki) {
if (spki == NULL) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
goto end;
@@ -169,9 +172,9 @@ int spkac_main(int argc, char **argv)
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0)
if (i > 0) {
BIO_printf(bio_err, "Signature OK\n");
else {
} else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
goto end;

23
apps/srp.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -293,11 +293,12 @@ int srp_main(int argc, char **argv)
"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
goto opthelp;
}
if ((mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD)
&& argc < 1) {
BIO_printf(bio_err,
"Need at least one user for options -add, -delete, -modify. \n");
goto opthelp;
if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) {
if (argc == 0) {
BIO_printf(bio_err, "Need at least one user.\n");
goto opthelp;
}
user = *argv++;
}
if ((passinarg || passoutarg) && argc != 1) {
BIO_printf(bio_err,
@@ -391,10 +392,7 @@ int srp_main(int argc, char **argv)
if (verbose > 1)
BIO_printf(bio_err, "Starting user processing\n");
if (argc > 0)
user = *(argv++);
while (mode == OPT_LIST || user) {
while (mode == OPT_LIST || user != NULL) {
int userindex = -1;
if (user != NULL && verbose > 1)
@@ -557,9 +555,8 @@ int srp_main(int argc, char **argv)
doupdatedb = 1;
}
}
if (--argc > 0) {
user = *(argv++);
} else {
user = *argv++;
if (user == NULL) {
/* no more processing in any mode if no users left */
break;
}

1
apps/tsget.in
View File

@@ -198,4 +198,3 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
WWW::Curl::Easy::global_cleanup();

1
apps/verify.c
View File

@@ -282,6 +282,7 @@ static int cb(int ok, X509_STORE_CTX *ctx)
switch (cert_error) {
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(ctx);
/* fall thru */
case X509_V_ERR_CERT_HAS_EXPIRED:
/*

9
apps/version.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -61,6 +61,7 @@ int version_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -89,10 +90,14 @@ int version_main(int argc, char **argv)
dirty = version = 1;
break;
case OPT_A:
cflags = version = date = platform = dir = engdir = 1;
options = cflags = version = date = platform = dir = engdir = 1;
break;
}
}
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra parameters given.\n");
goto opthelp;
}
if (!dirty)
version = 1;

12
apps/vms_term_sock.c
View File

@@ -143,7 +143,7 @@ int main (int argc, char *argv[], char *envp[])
** Process the terminal input
*/
LogMessage ("Waiting on terminal I/O ...\n");
len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ;
len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ;
TermBuff[len] = '\0';
LogMessage ("Received terminal I/O [%s]", TermBuff);
@@ -209,7 +209,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket)
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 2,
sizeof(TerminalDeviceBuff) - 2,
0, 0, 0, 0);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
@@ -317,7 +317,7 @@ static int CreateSocketPair (int SocketFamily,
/*
** Initialize the socket information
*/
slen = sizeof (sin);
slen = sizeof(sin);
memset ((char *) &sin, 0, slen);
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
@@ -434,12 +434,12 @@ static int CreateSocketPair (int SocketFamily,
/*
** Now issue the connect
*/
memset ((char *) &sin, 0, sizeof (sin)) ;
memset ((char *) &sin, 0, sizeof(sin)) ;
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
sin.sin_port = LocalHostPort ;
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin));
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin));
if (status < 0 ) {
LogMessage ("CreateSocketPair: connect () - %d", errno);
sys$cantim (&sptb, 0);
@@ -528,7 +528,7 @@ static int TerminalDeviceAst (int astparm)
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 1,
sizeof(TerminalDeviceBuff) - 1,
0, 0, 0, 0);
/*

20
apps/x509.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -123,7 +123,7 @@ OPTIONS x509_options[] = {
{"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},
{"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
{"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
{"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"},
{"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
{"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
@@ -450,10 +450,6 @@ int x509_main(int argc, char **argv)
if (!nmflag_set)
nmflag = XN_FLAG_ONELINE;
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (need_rand)
app_RAND_load_file(NULL, 0);
@@ -579,10 +575,12 @@ int x509_main(int argc, char **argv)
goto end;
}
if (!noout || text || next_serial) {
OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
}
if (!noout || text || next_serial)
OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
if (alias)
X509_alias_set1(x, (unsigned char *)alias, -1);
@@ -726,11 +724,11 @@ int x509_main(int argc, char **argv)
char *m;
int len;
X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf);
X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
BIO_printf(out, "/*\n"
" * Subject: %s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf);
X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof(buf));
BIO_printf(out, " * Issuer: %s\n"
" */\n", buf);

8
config.com
View File

@@ -1,5 +1,5 @@
$ ! OpenSSL config: determine the architecture and run Configure
$ ! Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
$ ! Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
$ !
$ ! Licensed under the OpenSSL license (the "License"). You may not use
$ ! this file except in compliance with the License. You can obtain a
@@ -73,7 +73,7 @@ $ collected_args = collected_args + " --debug"
$ P = ""
$ ENDIF
$ IF P .NES. "" THEN -
collected_args = collected_args + " " + P1
collected_args = collected_args + " """ + P1 + """"
$ P1 = P2
$ P2 = P3
$ P3 = P4
@@ -87,7 +87,7 @@ $ ENDLOOP1:
$
$ target = "vms-''arch'''pointer_size'"
$ IF verbose THEN -
WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""''collected_args'"
WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""",collected_args
$ IF .not. dryrun THEN -
PERL 'here'Configure "''target'" 'debug' 'collected_args'
PERL 'here'Configure "''target'"'collected_args'
$ EXIT $STATUS

14
crypto/aes/asm/aes-armv4.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -200,10 +200,10 @@ AES_encrypt:
#ifndef __thumb2__
sub r3,pc,#8 @ AES_encrypt
#else
adr r3,AES_encrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $tbl,AES_Te
#else
sub $tbl,r3,#AES_encrypt-AES_Te @ Te
@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key:
#ifndef __thumb2__
sub r3,pc,#8 @ AES_set_encrypt_key
#else
adr r3,AES_set_encrypt_key
adr r3,.
#endif
teq r0,#0
#ifdef __thumb2__
@@ -481,7 +481,7 @@ _armv4_AES_set_encrypt_key:
mov lr,r1 @ bits
mov $key,r2 @ key
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $tbl,AES_Te+1024 @ Te4
#else
sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
@@ -976,10 +976,10 @@ AES_decrypt:
#ifndef __thumb2__
sub r3,pc,#8 @ AES_decrypt
#else
adr r3,AES_decrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $tbl,AES_Td
#else
sub $tbl,r3,#AES_decrypt-AES_Td @ Td

21
crypto/aes/asm/aes-s390x.pl
View File

@@ -813,7 +813,7 @@ _s390x_AES_set_encrypt_key:
.Lproceed:
___
$code.=<<___ if (!$softonly);
# convert bits to km code, [128,192,256]->[18,19,20]
# convert bits to km(c) code, [128,192,256]->[18,19,20]
lhi %r5,-128
lhi %r0,18
ar %r5,$bits
@@ -821,13 +821,10 @@ $code.=<<___ if (!$softonly);
ar %r5,%r0
larl %r1,OPENSSL_s390xcap_P
lg %r0,0(%r1)
tmhl %r0,0x4000 # check for message-security assist
jz .Lekey_internal
llihh %r0,0x8000
srlg %r0,%r0,0(%r5)
ng %r0,48(%r1) # check kmc capability vector
ng %r0,32(%r1) # check availability of both km...
ng %r0,48(%r1) # ...and kmc support for given key length
jz .Lekey_internal
lmg %r0,%r1,0($inp) # just copy 128 bits...
@@ -842,7 +839,7 @@ $code.=<<___ if (!$softonly);
stg %r1,24($key)
1: st $bits,236($key) # save bits [for debugging purposes]
lgr $t0,%r5
st %r5,240($key) # save km code
st %r5,240($key) # save km(c) code
lghi %r2,0
br %r14
___
@@ -1439,12 +1436,7 @@ $code.=<<___ if (!$softonly);
.Lctr32_hw_switch:
___
$code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower
larl $s0,OPENSSL_s390xcap_P
lg $s0,8($s0)
tmhh $s0,0x0004 # check for message_security-assist-4
jz .Lctr32_km_loop
$code.=<<___ if (!$softonly && 0);# kmctr code was measured to be ~12% slower
llgfr $s0,%r0
lgr $s1,%r1
larl %r1,OPENSSL_s390xcap_P
@@ -1488,7 +1480,7 @@ $code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower
br $ra
.align 16
___
$code.=<<___;
$code.=<<___ if (!$softonly);
.Lctr32_km_loop:
la $s2,16($sp)
lgr $s3,$fp
@@ -2227,7 +2219,6 @@ ___
}
$code.=<<___;
.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
.comm OPENSSL_s390xcap_P,80,8
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;

7
crypto/aes/asm/aesni-sha1-x86_64.pl
View File

@@ -34,6 +34,8 @@
# Haswell 4.43[+3.6(4.2)] 8.00(8.58) 4.55(5.21) +75%(+65%)
# Skylake 2.63[+3.5(4.1)] 6.17(6.69) 4.23(4.44) +46%(+51%)
# Bulldozer 5.77[+6.0] 11.72 6.37 +84%
# Ryzen(**) 2.71[+1.93] 4.64 2.74 +69%
# Goldmont(**) 3.82[+1.70] 5.52 4.20 +31%
#
# AES-192-CBC
# Westmere 4.51 9.81 6.80 +44%
@@ -47,13 +49,16 @@
# Sandy Bridge 7.05 12.06(13.15) 7.12(7.72) +69%(+70%)
# Ivy Bridge 7.05 11.65 7.12 +64%
# Haswell 6.19 9.76(10.34) 6.21(6.25) +57%(+65%)
# Skylake 3.62 7.16(7.68) 4.56(4.76) +57%(+61$)
# Skylake 3.62 7.16(7.68) 4.56(4.76) +57%(+61%)
# Bulldozer 8.00 13.95 8.25 +69%
# Ryzen(**) 3.71 5.64 3.72 +52%
# Goldmont(**) 5.35 7.05 5.76 +22%
#
# (*) There are two code paths: SSSE3 and AVX. See sha1-568.pl for
# background information. Above numbers in parentheses are SSSE3
# results collected on AVX-capable CPU, i.e. apply on OSes that
# don't support AVX.
# (**) SHAEXT results.
#
# Needless to mention that it makes no sense to implement "stitched"
# *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1

15
crypto/aes/asm/aesni-sha256-x86_64.pl
View File

@@ -28,18 +28,21 @@
# for standalone AESNI-CBC encrypt, standalone SHA256, and stitched
# subroutine:
#
# AES-128/-192/-256+SHA256 this(**)gain
# Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43%
# Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50%
# Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59%
# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40%
# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58%
# AES-128/-192/-256+SHA256 this(**) gain
# Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43%
# Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50%
# Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59%
# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40%
# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58%
# Ryzen(***) 2.71/-/3.71+2.05 2.74/-/3.73 +74%/-/54%
# Goldmont(***) 3.82/-/5.35+4.16 4.73/-/5.94 +69%/-/60%
#
# (*) there are XOP, AVX1 and AVX2 code paths, meaning that
# Westmere is omitted from loop, this is because gain was not
# estimated high enough to justify the effort;
# (**) these are EVP-free results, results obtained with 'speed
# -evp aes-256-cbc-hmac-sha256' will vary by percent or two;
# (***) these are SHAEXT results;
$flavour = shift;
$output = shift;

14
crypto/aes/asm/bsaes-armv7.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -744,9 +744,9 @@ $code.=<<___;
.type _bsaes_decrypt8,%function
.align 4
_bsaes_decrypt8:
adr $const,_bsaes_decrypt8
adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $const,.LM0ISR
#else
add $const,$const,#.LM0ISR-_bsaes_decrypt8
@@ -843,9 +843,9 @@ _bsaes_const:
.type _bsaes_encrypt8,%function
.align 4
_bsaes_encrypt8:
adr $const,_bsaes_encrypt8
adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $const,.LM0SR
#else
sub $const,$const,#_bsaes_encrypt8-.LM0SR
@@ -951,9 +951,9 @@ $code.=<<___;
.type _bsaes_key_convert,%function
.align 4
_bsaes_key_convert:
adr $const,_bsaes_key_convert
adr $const,.
vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $const,.LM0
#else
sub $const,$const,#_bsaes_key_convert-.LM0

4
crypto/armcap.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,7 +69,7 @@ static unsigned long (*getauxval) (unsigned long) = NULL;
# endif
/*
* ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP.
*/
# if defined(__arm__) || defined (__arm)

6
crypto/asn1/a_bitstr.c
View File

@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include <limits.h>
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
@@ -88,6 +89,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
goto err;
}
if (len > INT_MAX) {
i = ASN1_R_STRING_TOO_LONG;
goto err;
}
if ((a == NULL) || ((*a) == NULL)) {
if ((ret = ASN1_BIT_STRING_new()) == NULL)
return (NULL);

5
crypto/asn1/a_digest.c
View File

@@ -9,13 +9,10 @@
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
#include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/buffer.h>

3
crypto/asn1/a_i2d_fp.c
View File

@@ -38,6 +38,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
int i, j = 0, n, ret = 1;
n = i2d(x, NULL);
if (n <= 0)
return 0;
b = OPENSSL_malloc(n);
if (b == NULL) {
ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);

4
crypto/asn1/a_mbstr.c
View File

@@ -100,14 +100,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if ((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf);
return -1;
}
if ((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf);
return -1;
}

4
crypto/asn1/a_object.c
View File

@@ -42,7 +42,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
{
int i, first, len = 0, c, use_bn;
char ftmp[24], *tmp = ftmp;
int tmpsize = sizeof ftmp;
int tmpsize = sizeof(ftmp);
const char *p;
unsigned long l;
BIGNUM *bl = NULL;
@@ -177,7 +177,7 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
if ((a == NULL) || (a->data == NULL))
return (BIO_write(bp, "NULL", 4));
i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
if (i > (int)(sizeof(buf) - 1)) {
p = OPENSSL_malloc(i + 1);
if (p == NULL)

5
crypto/asn1/a_sign.c
View File

@@ -9,13 +9,10 @@
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
#include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>

23
crypto/asn1/a_strex.c
View File

@@ -63,7 +63,7 @@ typedef int char_io (void *arg, const void *buf, int len);
* even 4 byte forms.
*/
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
char_io *io_ch, void *arg)
{
unsigned short chflgs;
@@ -73,13 +73,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
if (c > 0xffffffffL)
return -1;
if (c > 0xffff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
if (!io_ch(arg, tmphex, 10))
return -1;
return 10;
}
if (c > 0xff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
if (!io_ch(arg, tmphex, 6))
return -1;
return 6;
@@ -116,7 +116,7 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
* If we get this far and do any escaping at all must escape the escape
* character itself: backslash.
*/
if (chtmp == '\\' && flags & ESC_FLAGS) {
if (chtmp == '\\' && (flags & ESC_FLAGS)) {
if (!io_ch(arg, "\\\\", 2))
return -1;
return 2;
@@ -143,6 +143,7 @@ static int do_buf(unsigned char *buf, int buflen,
unsigned short orflags;
unsigned char *p, *q;
unsigned long c;
p = buf;
q = buf + buflen;
outlen = 0;
@@ -182,7 +183,7 @@ static int do_buf(unsigned char *buf, int buflen,
if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
int utflen;
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
for (i = 0; i < utflen; i++) {
/*
* We don't need to worry about setting orflags correctly
@@ -190,17 +191,15 @@ static int do_buf(unsigned char *buf, int buflen,
* otherwise each character will be > 0x7f and so the
* character will never be escaped on first and last.
*/
len =
do_esc_char(utfbuf[i], (unsigned short)(flags | orflags),
quotes, io_ch, arg);
len = do_esc_char(utfbuf[i], flags | orflags, quotes,
io_ch, arg);
if (len < 0)
return -1;
outlen += len;
}
} else {
len =
do_esc_char(c, (unsigned short)(flags | orflags), quotes,
io_ch, arg);
len = do_esc_char(c, flags | orflags, quotes,
io_ch, arg);
if (len < 0)
return -1;
outlen += len;
@@ -479,7 +478,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
if (fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len;
if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp;
} else {

3
crypto/asn1/a_strnid.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -214,6 +214,7 @@ static ASN1_STRING_TABLE *stable_get(int nid)
rv->mask = tmp->mask;
rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
} else {
rv->nid = nid;
rv->minsize = -1;
rv->maxsize = -1;
rv->flags = STABLE_FLAGS_MALLOC;

5
crypto/asn1/a_verify.c
View File

@@ -9,13 +9,10 @@
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
#include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <openssl/bn.h>
#include <openssl/x509.h>
#include <openssl/objects.h>

21
crypto/asn1/ameth_lib.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -143,7 +143,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
const char *str, int len)
{
int i;
const EVP_PKEY_ASN1_METHOD *ameth;
const EVP_PKEY_ASN1_METHOD *ameth = NULL;
if (len == -1)
len = strlen(str);
if (pe) {
@@ -163,12 +164,12 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
#endif
*pe = NULL;
}
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
ameth = EVP_PKEY_asn1_get0(i);
if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
continue;
if (((int)strlen(ameth->pem_str) == len)
&& (strncasecmp(ameth->pem_str, str, len) == 0))
if ((int)strlen(ameth->pem_str) == len
&& strncasecmp(ameth->pem_str, str, len) == 0)
return ameth;
}
return NULL;
@@ -176,11 +177,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
{
EVP_PKEY_ASN1_METHOD tmp = { 0, };
if (app_methods == NULL) {
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
if (app_methods == NULL)
return 0;
}
tmp.pkey_id = ameth->pkey_id;
if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) {
EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0,
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED);
return 0;
}
if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
return 0;
sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);

3
crypto/asn1/asn1_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -203,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
{ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},

1
crypto/asn1/asn1_locl.h
View File

@@ -65,6 +65,7 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
const ASN1_ITEM *it);
void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

8
crypto/asn1/asn1_par.c
View File

@@ -38,13 +38,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p = str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag);
BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
BIO_snprintf(str, sizeof str, "cont [ %d ]", tag);
BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
BIO_snprintf(str, sizeof str, "appl [ %d ]", tag);
BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
else if (tag > 30)
BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag);
BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
else
p = ASN1_tag2str(tag);

3
crypto/asn1/asn_mime.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -425,6 +425,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
|| hdr->value == NULL) {
sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
sk_BIO_pop_free(parts, BIO_vfree);
return NULL;
}

4
crypto/asn1/bio_asn1.c
View File

@@ -65,7 +65,7 @@ static int asn1_bio_gets(BIO *h, char *str, int size);
static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int asn1_bio_new(BIO *h);
static int asn1_bio_free(BIO *data);
static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
@@ -301,7 +301,7 @@ static int asn1_bio_gets(BIO *b, char *str, int size)
return BIO_gets(next, str, size);
}
static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
static long asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
BIO *next = BIO_next(b);
if (next == NULL)

49
crypto/asn1/tasn_dec.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -17,9 +17,18 @@
#include "internal/numbers.h"
#include "asn1_locl.h"
/*
* Constructed types with a recursive definition (such as can be found in PKCS7)
* could eventually exceed the stack given malicious input with excessive
* recursion. Therefore we limit the stack depth. This is the maximum number of
* recursive invocations of asn1_item_embed_d2i().
*/
#define ASN1_MAX_CONSTRUCTED_NEST 30
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx);
int tag, int aclass, char opt, ASN1_TLC *ctx,
int depth);
static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf);
@@ -37,11 +46,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx);
ASN1_TLC *ctx, int depth);
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx);
ASN1_TLC *ctx, int depth);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@ -111,7 +120,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int tag, int aclass, char opt, ASN1_TLC *ctx)
{
int rv;
rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx);
rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
if (rv <= 0)
ASN1_item_ex_free(pval, it);
return rv;
@@ -124,7 +133,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx)
int tag, int aclass, char opt, ASN1_TLC *ctx,
int depth)
{
const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_EXTERN_FUNCS *ef;
@@ -145,6 +155,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
else
asn1_cb = 0;
if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NESTED_TOO_DEEP);
goto err;
}
switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE:
if (it->templates) {
@@ -160,7 +175,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
goto err;
}
return asn1_template_ex_d2i(pval, in, len,
it->templates, opt, ctx);
it->templates, opt, ctx, depth);
}
return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx);
@@ -221,7 +236,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
/*
* We mark field as OPTIONAL so its absence can be recognised.
*/
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
/* If field not present, try the next one */
if (ret == -1)
continue;
@@ -344,7 +359,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
* attempt to read in field, allowing each to be OPTIONAL
*/
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
depth);
if (!ret) {
errtt = seqtt;
goto err;
@@ -420,7 +436,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx)
ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -455,7 +471,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
return 0;
}
/* We've found the field so it can't be OPTIONAL now */
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
@@ -479,7 +495,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
}
}
} else
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
*in = p;
return 1;
@@ -491,7 +507,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx)
ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -573,7 +589,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
}
skfield = NULL;
if (!asn1_item_embed_d2i(&skfield, &p, len,
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx,
depth)) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
/* |skfield| may be partially allocated despite failure. */
@@ -595,7 +612,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
/* IMPLICIT tagging */
ret = asn1_item_embed_d2i(val, &p, len,
ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
ctx);
ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
@@ -604,7 +621,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} else {
/* Nothing special */
ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, 0, opt, ctx);
-1, 0, opt, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;

6
crypto/asn1/tasn_fre.c
View File

@@ -13,9 +13,6 @@
#include <openssl/objects.h>
#include "asn1_locl.h"
static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int embed);
/* Free up an ASN1 structure */
void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
@@ -28,8 +25,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_item_embed_free(pval, it, 0);
}
static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int embed)
void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
{
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;

13
crypto/asn1/tasn_new.c
View File

@@ -124,8 +124,13 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
goto memerr;
}
/* 0 : init. lock */
if (asn1_do_lock(pval, 0, it) < 0)
goto memerr2;
if (asn1_do_lock(pval, 0, it) < 0) {
if (!embed) {
OPENSSL_free(*pval);
*pval = NULL;
}
goto memerr;
}
asn1_enc_init(pval, it);
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt);
@@ -142,7 +147,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
return 1;
memerr2:
ASN1_item_ex_free(pval, it);
asn1_item_embed_free(pval, it, embed);
memerr:
ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
@@ -151,7 +156,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
return 0;
auxerr2:
ASN1_item_ex_free(pval, it);
asn1_item_embed_free(pval, it, embed);
auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG

2
crypto/asn1/tasn_prn.c
View File

@@ -409,7 +409,7 @@ static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
ln = OBJ_nid2ln(OBJ_obj2nid(oid));
if (!ln)
ln = "";
OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
return 0;
return 1;

4
crypto/async/arch/async_posix.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,7 +11,7 @@
#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
#include <openssl/e_os2.h>
#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) \
#if defined(OPENSSL_SYS_UNIX) \
&& defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
&& !defined(__ANDROID__) && !defined(__OpenBSD__)

6
crypto/async/async.c
View File

@@ -36,7 +36,7 @@ static async_ctx *async_ctx_new(void)
{
async_ctx *nctx = NULL;
nctx = OPENSSL_malloc(sizeof (async_ctx));
nctx = OPENSSL_malloc(sizeof(async_ctx));
if (nctx == NULL) {
ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE);
goto err;
@@ -81,7 +81,7 @@ static ASYNC_JOB *async_job_new(void)
{
ASYNC_JOB *job = NULL;
job = OPENSSL_zalloc(sizeof (ASYNC_JOB));
job = OPENSSL_zalloc(sizeof(ASYNC_JOB));
if (job == NULL) {
ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
@@ -330,7 +330,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
return 0;
}
pool = OPENSSL_zalloc(sizeof *pool);
pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) {
ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
return 0;

2
crypto/async/async_wait.c
View File

@@ -47,7 +47,7 @@ int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
{
struct fd_lookup_st *fdlookup;
fdlookup = OPENSSL_zalloc(sizeof *fdlookup);
fdlookup = OPENSSL_zalloc(sizeof(*fdlookup));
if (fdlookup == NULL)
return 0;

14
crypto/bf/bf_locl.h
View File

@@ -17,12 +17,19 @@
l1=l2=0; \
switch (n) { \
case 8: l2 =((unsigned long)(*(--(c)))) ; \
/* fall thru */ \
case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
/* fall thru */ \
case 6: l2|=((unsigned long)(*(--(c))))<<16; \
/* fall thru */ \
case 5: l2|=((unsigned long)(*(--(c))))<<24; \
/* fall thru */ \
case 4: l1 =((unsigned long)(*(--(c)))) ; \
/* fall thru */ \
case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
/* fall thru */ \
case 2: l1|=((unsigned long)(*(--(c))))<<16; \
/* fall thru */ \
case 1: l1|=((unsigned long)(*(--(c))))<<24; \
} \
}
@@ -32,12 +39,19 @@
c+=n; \
switch (n) { \
case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
/* fall thru */ \
case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
/* fall thru */ \
case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
/* fall thru */ \
case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
/* fall thru */ \
case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
/* fall thru */ \
case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
/* fall thru */ \
case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
/* fall thru */ \
case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
} \
}

4
crypto/bio/b_addr.c
View File

@@ -76,7 +76,7 @@ int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
}
#endif
#ifdef AF_UNIX
if (ap->sa.sa_family == AF_UNIX) {
if (sa->sa_family == AF_UNIX) {
ap->s_un = *(const struct sockaddr_un *)sa;
return 1;
}
@@ -668,7 +668,7 @@ int BIO_lookup(const char *host, const char *service,
int gai_ret = 0;
struct addrinfo hints;
memset(&hints, 0, sizeof hints);
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = socktype;

43
crypto/bio/b_dump.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -14,7 +14,6 @@
#include <stdio.h>
#include "bio_lcl.h"
#define TRUNCATE
#define DUMP_WIDTH 16
#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
@@ -29,17 +28,10 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
{
int ret = 0;
char buf[288 + 1], tmp[20], str[128 + 1];
int i, j, rows, trc;
int i, j, rows;
unsigned char ch;
int dump_width;
trc = 0;
#ifdef TRUNCATE
for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--)
trc++;
#endif
if (indent < 0)
indent = 0;
if (indent) {
@@ -54,50 +46,43 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
if ((rows * dump_width) < len)
rows++;
for (i = 0; i < rows; i++) {
OPENSSL_strlcpy(buf, str, sizeof buf);
BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width);
OPENSSL_strlcat(buf, tmp, sizeof buf);
OPENSSL_strlcpy(buf, str, sizeof(buf));
BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
OPENSSL_strlcat(buf, tmp, sizeof(buf));
for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len) {
OPENSSL_strlcat(buf, " ", sizeof buf);
OPENSSL_strlcat(buf, " ", sizeof(buf));
} else {
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch,
BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch,
j == 7 ? '-' : ' ');
OPENSSL_strlcat(buf, tmp, sizeof buf);
OPENSSL_strlcat(buf, tmp, sizeof(buf));
}
}
OPENSSL_strlcat(buf, " ", sizeof buf);
OPENSSL_strlcat(buf, " ", sizeof(buf));
for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len)
break;
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
#ifndef CHARSET_EBCDIC
BIO_snprintf(tmp, sizeof tmp, "%c",
BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= ' ') && (ch <= '~')) ? ch : '.');
#else
BIO_snprintf(tmp, sizeof tmp, "%c",
BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
? os_toebcdic[ch]
: '.');
#endif
OPENSSL_strlcat(buf, tmp, sizeof buf);
OPENSSL_strlcat(buf, tmp, sizeof(buf));
}
OPENSSL_strlcat(buf, "\n", sizeof buf);
OPENSSL_strlcat(buf, "\n", sizeof(buf));
/*
* if this is the last call then update the ddt_dump thing so that we
* will move the selection point in the debug window
*/
ret += cb((void *)buf, strlen(buf), u);
}
#ifdef TRUNCATE
if (trc > 0) {
BIO_snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n", str,
len + trc);
ret += cb((void *)buf, strlen(buf), u);
}
#endif
return (ret);
return ret;
}
#ifndef OPENSSL_NO_STDIO

6
crypto/bio/b_print.c
View File

@@ -258,6 +258,7 @@ _dopr(char **sbuffer,
break;
case 'E':
flags |= DP_F_UP;
/* fall thru */
case 'e':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, LDOUBLE);
@@ -269,6 +270,7 @@ _dopr(char **sbuffer,
break;
case 'G':
flags |= DP_F_UP;
/* fall thru */
case 'g':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, LDOUBLE);
@@ -663,7 +665,7 @@ fmtfp(char **sbuffer,
iconvert[iplace++] = "0123456789"[intpart % 10];
intpart = (intpart / 10);
} while (intpart && (iplace < (int)sizeof(iconvert)));
if (iplace == sizeof iconvert)
if (iplace == sizeof(iconvert))
iplace--;
iconvert[iplace] = 0;
@@ -681,7 +683,7 @@ fmtfp(char **sbuffer,
fracpart = (fracpart / 10);
}
if (fplace == sizeof fconvert)
if (fplace == sizeof(fconvert))
fplace--;
fconvert[fplace] = 0;

15
crypto/bio/b_sock2.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -172,8 +172,10 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
return 0;
# ifndef OPENSSL_SYS_WINDOWS
/* SO_REUSEADDR has different behavior on Windows than on
* other operating systems, don't set it there. */
/*
* SO_REUSEADDR has different behavior on Windows than on
* other operating systems, don't set it there.
*/
if (options & BIO_SOCK_REUSEADDR) {
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) != 0) {
SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
@@ -200,7 +202,12 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
}
# ifdef IPV6_V6ONLY
if ((options & BIO_SOCK_V6_ONLY) && BIO_ADDR_family(addr) == AF_INET6) {
if (BIO_ADDR_family(addr) == AF_INET6) {
/*
* Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.
* Therefore we always have to use setsockopt here.
*/
on = options & BIO_SOCK_V6_ONLY ? 1 : 0;
if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) != 0) {
SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY);

4
crypto/bio/bf_buff.c
View File

@@ -19,7 +19,7 @@ static int buffer_gets(BIO *h, char *str, int size);
static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int buffer_new(BIO *h);
static int buffer_free(BIO *data);
static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
#define DEFAULT_BUFFER_SIZE 4096
static const BIO_METHOD methods_buffer = {
@@ -388,7 +388,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
return (0);
}
static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
long ret = 1;

11
crypto/bio/bf_lbuf.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,7 +20,7 @@ static int linebuffer_gets(BIO *h, char *str, int size);
static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int linebuffer_new(BIO *h);
static int linebuffer_free(BIO *data);
static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
/* A 10k maximum should be enough for most purposes */
#define DEFAULT_LINEBUFFER_SIZE 1024*10
@@ -116,9 +116,10 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
do {
const char *p;
char c;
for (p = in; p < in + inl && *p != '\n'; p++) ;
if (*p == '\n') {
for (p = in, c = '\0'; p < in + inl && (c = *p) != '\n'; p++) ;
if (c == '\n') {
p++;
foundnl = 1;
} else
@@ -292,7 +293,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
return (0);
}
static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
long ret = 1;

4
crypto/bio/bf_nbio.c
View File

@@ -24,7 +24,7 @@ static int nbiof_gets(BIO *h, char *str, int size);
static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int nbiof_new(BIO *h);
static int nbiof_free(BIO *data);
static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
static long nbiof_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
typedef struct nbio_test_st {
/* only set if we sent a 'should retry' error */
int lrn;
@@ -165,7 +165,7 @@ static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
return (ret);
}
static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
long ret = 1;

32
crypto/bio/bf_null.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,9 +21,7 @@ static int nullf_read(BIO *h, char *buf, int size);
static int nullf_puts(BIO *h, const char *str);
static int nullf_gets(BIO *h, char *str, int size);
static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int nullf_new(BIO *h);
static int nullf_free(BIO *data);
static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
static const BIO_METHOD methods_nullf = {
BIO_TYPE_NULL_FILTER,
"NULL filter",
@@ -32,8 +30,8 @@ static const BIO_METHOD methods_nullf = {
nullf_puts,
nullf_gets,
nullf_ctrl,
nullf_new,
nullf_free,
NULL,
NULL,
nullf_callback_ctrl,
};
@@ -42,26 +40,6 @@ const BIO_METHOD *BIO_f_null(void)
return (&methods_nullf);
}
static int nullf_new(BIO *bi)
{
bi->init = 1;
bi->ptr = NULL;
bi->flags = 0;
return (1);
}
static int nullf_free(BIO *a)
{
if (a == NULL)
return (0);
/*-
a->ptr=NULL;
a->init=0;
a->flags=0;
*/
return (1);
}
static int nullf_read(BIO *b, char *out, int outl)
{
int ret = 0;
@@ -111,7 +89,7 @@ static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
return (ret);
}
static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
long ret = 1;

2
crypto/bio/bio_cb.c
View File

@@ -27,7 +27,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
if (BIO_CB_RETURN & cmd)
r = ret;
len = BIO_snprintf(buf, sizeof buf, "BIO[%p]: ", (void *)bio);
len = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio);
/* Ignore errors and continue printing the other information. */
if (len < 0)

3
crypto/bio/bio_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -34,6 +34,7 @@ static ERR_STRING_DATA BIO_str_functs[] = {
{ERR_FUNC(BIO_F_BIO_LISTEN), "BIO_listen"},
{ERR_FUNC(BIO_F_BIO_LOOKUP), "BIO_lookup"},
{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"},
{ERR_FUNC(BIO_F_BIO_METH_NEW), "BIO_meth_new"},
{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},

8
crypto/bio/bio_lib.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -42,6 +42,8 @@ BIO *BIO_new(const BIO_METHOD *method)
CRYPTO_THREAD_lock_free(bio->lock);
goto err;
}
if (method->create == NULL)
bio->init = 1;
return bio;
@@ -350,9 +352,7 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
return (ret);
}
long BIO_callback_ctrl(BIO *b, int cmd,
void (*fp) (struct bio_st *, int, const char *, int,
long, long))
long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
long ret;
long (*cb) (BIO *, int, const char *, int, long, long);

19
crypto/bio/bio_meth.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,16 +37,21 @@ BIO_METHOD *BIO_meth_new(int type, const char *name)
{
BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD));
if (biom != NULL) {
biom->type = type;
biom->name = name;
if (biom == NULL
|| (biom->name = OPENSSL_strdup(name)) == NULL) {
OPENSSL_free(biom);
BIOerr(BIO_F_BIO_METH_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
return biom;
}
void BIO_meth_free(BIO_METHOD *biom)
{
OPENSSL_free(biom);
if (biom != NULL) {
OPENSSL_free(biom->name);
OPENSSL_free(biom);
}
}
int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int)
@@ -131,14 +136,14 @@ int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
return 1;
}
long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, bio_info_cb *)
long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *)
{
return biom->callback_ctrl;
}
int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
long (*callback_ctrl) (BIO *, int,
bio_info_cb *))
BIO_info_cb *))
{
biom->callback_ctrl = callback_ctrl;
return 1;

Some files were not shown because too many files have changed in this diff Show More