ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ag:openssl-1.1.0f
Branches Tags
ag:master ag:tcl ag:tk ag:sqlite ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6
..
compare: ag:openssl-1.1.0i
Branches Tags
ag:tcl ag:tk ag:sqlite ag:master ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6

2 Commits
openssl-1. ... openssl-1.

Author SHA1 Message Date
Steve Dower
6960e8d7c7 Import OpenSSL 1.1.0i 2018-08-14 08:22:53 -07:00
Steve Dower
807cee26df Import OpenSSL 1.1.0h 2018-04-13 17:45:41 +00:00
674 changed files with 16369 additions and 5770 deletions
Expand all files Collapse all files

9
.gitignore vendored
View File

@@ -27,6 +27,7 @@ Makefile
# Auto generated headers
/crypto/buildinf.h
/apps/progs.h
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd
@@ -50,14 +51,10 @@ Makefile
/test/ssltest_old
/test/x509aux
/test/v3ext
/test/versions
# Certain files that get created by tests on the fly
/test/*.ss
/test/*.srl
/test/.rnd
/test/test*.pem
/test/newkey.pem
/test/*.log
/test/test-runs
/test/buildtest_*
# Fuzz stuff.

15
.travis-apt-pin.preferences Normal file
View File

@@ -0,0 +1,15 @@
Package: clang-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang-common-3.9-dev
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang1-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libllvm3.9v4
Pin: release o=Ubuntu
Pin-Priority: -1

94
.travis.yml
View File

@@ -28,70 +28,29 @@ env:
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-ec" BUILDONLY="yes"
- CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
matrix:
include:
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
- os: linux
compiler: gcc
env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="enable-asan"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="enable-msan"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="no-stdio"
- os: linux
@@ -102,7 +61,7 @@ matrix:
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
env: UBUNTU_GCC_HACK="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
- os: linux
addons:
apt:
@@ -110,7 +69,7 @@ matrix:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
env: CONFIG_OPTS="no-pic"
- os: linux
addons:
apt:
@@ -126,7 +85,7 @@ matrix:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
env: CONFIG_OPTS="no-pic"
- os: linux
addons:
apt:
@@ -153,6 +112,10 @@ before_script:
srcdir=.;
top=.;
fi
- if [ -n "$UBUNTU_GCC_HACK" ]; then
$CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt;
CC="$CC -specs=gcc-specs.txt";
fi
- if [ "$CC" == i686-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
@@ -160,7 +123,14 @@ before_script:
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
else
if which ccache >/dev/null && [ "$CC" != clang-3.9 ]; then
if [ "$CC" == clang-3.9 ]; then
sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
sudo -E apt-get -yq update;
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
elif which ccache >/dev/null; then
CC="ccache $CC";
fi;
$srcdir/config -v $CONFIG_OPTS;
@@ -187,8 +157,24 @@ script:
else
top=.;
fi
- $make update
- $make
- if $make update; then
echo -e '+\057 MAKE UPDATE OK';
else
echo -e '+\057 MAKE UPDATE FAILED'; false;
fi;
git diff --exit-code
- if [ -n "$CHECKDOCS" ]; then
if $make doc-nits; then
echo -e '+\057\057 MAKE DOC-NITS OK';
else
echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
fi;
fi
- if $make ; then
echo -e '+\057\057\057 MAKE OK';
else
echo -e '+\057\057\057 MAKE FAILED'; false;
fi;
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
sudo apt-get -yq install wine;
@@ -196,11 +182,19 @@ script:
fi;
HARNESS_VERBOSE=yes make test;
else
$make build_tests;
if $make build_tests; then
echo -e '+\057\057\075 MAKE BUILD_TESTS OK';
else
echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false;
fi;
fi
- if [ -n "$DESTDIR" ]; then
mkdir "../$DESTDIR";
$make install install_docs DESTDIR="../$DESTDIR";
if $make install DESTDIR="../$DESTDIR"; then
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
else
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
fi;
fi
- cd $top

200
CHANGES
View File

@@ -2,6 +2,199 @@
OpenSSL CHANGES
_______________
This is a high-level summary of the most important changes.
For a full list of changes, see the git commit log; for example,
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.0h and 1.1.0i [14 Aug 2018]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
*) Fixed a text canonicalisation bug in CMS
Where a CMS detached signature is used with text content the text goes
through a canonicalisation process first prior to signing or verifying a
signature. This process strips trailing space at the end of lines, converts
line terminators to CRLF and removes additional trailing line terminators
at the end of a file. A bug in the canonicalisation process meant that
some characters, such as form-feed, were incorrectly treated as whitespace
and removed. This is contrary to the specification (RFC5485). This fix
could mean that detached text data signed with an earlier version of
OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
signed with a fixed OpenSSL may fail to verify with an earlier version of
OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
and use the "-binary" flag (for the "cms" command line application) or set
the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
[Matt Caswell]
Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
*) Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be found
in PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There
are no such structures used within SSL/TLS that come from untrusted sources
so this is considered safe.
This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
project.
(CVE-2018-0739)
[Matt Caswell]
*) Incorrect CRYPTO_memcmp on HP-UX PA-RISC
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each
byte. This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the
security claims of the scheme. The module can only be compiled by the
HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg
(IBM).
(CVE-2018-0733)
[Andy Polyakov]
*) Add a build target 'build_all_generated', to build all generated files
and only that. This can be used to prepare everything that requires
things like perl for a system that lacks perl and then move everything
to that system and do the rest of the build there.
[Richard Levitte]
*) Backport SSL_OP_NO_RENGOTIATION
OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
(undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
changes this is no longer possible in 1.1.0. Therefore the new
SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
1.1.0 to provide equivalent functionality.
Note that if an application built against 1.1.0h headers (or above) is run
using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
accepted but nothing will happen, i.e. renegotiation will not be prevented.
[Matt Caswell]
*) Removed the OS390-Unix config target. It relied on a script that doesn't
exist.
[Rich Salz]
*) rsaz_1024_mul_avx2 overflow bug on x86_64
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be
significant. However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
This issue was reported to OpenSSL by David Benjamin (Google). The issue
was originally found via the OSS-Fuzz project.
(CVE-2017-3738)
[Andy Polyakov]
Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3736)
[Andy Polyakov]
*) Malformed X.509 IPAddressFamily could cause OOB read
If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3735)
[Rich Salz]
*) Ignore the '-named_curve auto' value for compatibility of applications
with OpenSSL 1.0.2.
[Tomas Mraz <tmraz@fedoraproject.org>]
*) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
[Emilia Käsper]
Changes between 1.1.0e and 1.1.0f [25 May 2017]
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
@@ -2944,8 +3137,11 @@
to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson]
*) Add SRP support.
[Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
*) A long standing patch to add support for SRP from EdelWeb (Peter
Sylvester and Christophe Renou) was integrated.
[Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
<peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]

67
CONTRIBUTING
View File

@@ -1,26 +1,26 @@
HOW TO CONTRIBUTE PATCHES TO OpenSSL
------------------------------------
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the
above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
Development is done on GitHub, https://github.com/openssl/openssl.
To submit a patch, make a pull request on GitHub. If you think the patch
could use feedback from the community, please start a thread on openssl-dev
to discuss it.
To request new features or report bugs, please open an issue on GitHub
Having addressed the following items before the PR will help make the
acceptance and review process faster:
To submit a patch, please open a pull request on GitHub. If you are thinking
of making a large contribution, open an issue for it before starting work,
to get comments from the community. Someone may be already working on
the same thing or there may be reasons why that feature isn't implemented.
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a Contributor
License Agreement (CLA), giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details. If your
contribution is too small to require a CLA, put "CLA: trivial" on a
line by itself in your commit message body.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
@@ -34,21 +34,38 @@ acceptance and review process faster:
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits; You will be asked to remove
them before a patch is considered acceptable.
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
warnings. Where gcc or clang is available you should use the
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via Travis and AppVeyor are expected, and done whenever
a PR is created or updated.
platforms: try to ensure you only use portable features. Clean builds
via Travis and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/apps, doc/crypto
and doc/ssl for examples of our style.
documentation. Please look at the "pod" files in doc for
examples of our style.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log oneliners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
with a specific release without having to sift through the higher
noise ratio in git-log.
8. For larger or more important user visible changes, as well as
security fixes, please add a line in NEWS. On exception, it might be
worth adding a multi-line entry (such as the entry that announces all
the types that became opaque with OpenSSL 1.1.0).
This file helps users get a very quick summary of what comes with a
specific release, to see if an upgrade is worth the effort.

97
Configurations/10-main.conf
View File

@@ -14,7 +14,7 @@ sub vc_win64a_info {
asflags => "/c /Cp /Cx /Zi",
asoutflag => "/Fo" };
} else {
$die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n");
$die->("NASM not found - make sure it's installed and available on %PATH%\n");
$vc_win64a_info = { as => "{unknown}",
asflags => "",
asoutflag => "" };
@@ -39,7 +39,7 @@ sub vc_win32_info {
asoutflag => "/Fo",
perlasm_scheme => "win32" };
} else {
$die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n");
$die->("NASM not found - make sure it's installed and available on %PATH%\n");
$vc_win32_info = { as => "{unknown}",
asflags => "",
asoutflag => "",
@@ -204,6 +204,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3 -fomit-frame-pointer"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
bn_ops => "BN_LLONG",
shared_cflag => "-fPIC",
shared_ldflag => "-shared -static-libgcc",
@@ -223,6 +224,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
perlasm_scheme => "elf",
shared_cflag => "-fPIC",
@@ -268,6 +270,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
bn_ops => "BN_LLONG RC4_CHAR",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
@@ -425,18 +428,25 @@ sub vms_info {
# even PA-RISC 2.0-specific code paths, which are chosen at run-time,
# thus adequate performance is provided even with PA-RISC 1.1 build.
# <appro@fy.chalmers.se>
"hpux-parisc-gcc" => {
"hpux-common" => {
inherit_from => [ "BASE_unix" ],
template => 1,
defines => add("_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED",
"_HPUX_ALT_XOPEN_SOCKET_API"),
thread_scheme => "pthreads",
dso_scheme => "dlfcn", # overridden in 32-bit PA-RISC builds
shared_target => "hpux-shared",
},
"hpux-parisc-gcc" => {
inherit_from => [ "hpux-common" ],
cc => "gcc",
cflags => combine(picker(default => "-DB_ENDIAN -DBN_DIV2W",
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add("-Wl,+s -ldld"),
ex_libs => add("-Wl,+s -ldld", threads("-pthread")),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dl",
shared_target => "hpux-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -446,7 +456,7 @@ sub vms_info {
multilib => "/pa1.1",
},
"hpux64-parisc2-gcc" => {
inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ],
inherit_from => [ "hpux-common", asm("parisc20_64_asm") ],
cc => "gcc",
cflags => combine(picker(default => "-DB_ENDIAN",
debug => "-O0 -g",
@@ -454,9 +464,6 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-ldl"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic",
shared_ldflag => "-shared",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -468,7 +475,7 @@ sub vms_info {
# Chris Ruemmler <ruemmler@cup.hp.com>
# Kevin Steves <ks@hp.se>
"hpux-parisc-cc" => {
inherit_from => [ "BASE_unix" ],
inherit_from => [ "hpux-common" ],
cc => "cc",
cflags => combine(picker(default => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY",
debug => "+O0 +d -g",
@@ -476,9 +483,7 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-Wl,+s -ldld",threads("-lpthread")),
bn_ops => "RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dl",
shared_target => "hpux-shared",
shared_cflag => "+Z",
shared_ldflag => "-b",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -489,7 +494,7 @@ sub vms_info {
multilib => "/pa1.1",
},
"hpux64-parisc2-cc" => {
inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ],
inherit_from => [ "hpux-common", asm("parisc20_64_asm") ],
cc => "cc",
cflags => combine(picker(default => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY",
debug => "+O0 +d -g",
@@ -497,9 +502,6 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-ldl",threads("-lpthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "+Z",
shared_ldflag => "+DD64 -b",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -508,7 +510,7 @@ sub vms_info {
# HP/UX IA-64 targets
"hpux-ia64-cc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ],
inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "cc",
cflags => combine(picker(default => "-Ae +DD32 +Olit=all -z -DB_ENDIAN",
debug => "+O0 +d -g",
@@ -516,9 +518,6 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-ldl",threads("-lpthread")),
bn_ops => "SIXTY_FOUR_BIT",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "+Z",
shared_ldflag => "+DD32 -b",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -527,7 +526,7 @@ sub vms_info {
# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted
# with debugging of the following config.
"hpux64-ia64-cc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ],
inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "cc",
cflags => combine(picker(default => "-Ae +DD64 +Olit=all -z -DB_ENDIAN",
debug => "+O0 +d -g",
@@ -535,9 +534,6 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-ldl", threads("-lpthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "+Z",
shared_ldflag => "+DD64 -b",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -545,34 +541,28 @@ sub vms_info {
},
# GCC builds...
"hpux-ia64-gcc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ],
inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "gcc",
cflags => combine(picker(default => "-DB_ENDIAN",
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add("-ldl"),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic",
shared_ldflag => "-shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "/hpux32",
},
"hpux64-ia64-gcc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ],
inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "gcc",
cflags => combine(picker(default => "-mlp64 -DB_ENDIAN",
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add("-ldl"),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic",
shared_ldflag => "-mlp64 -shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -583,7 +573,7 @@ sub vms_info {
"MPE/iX-gcc" => {
inherit_from => [ "BASE_unix" ],
cc => "gcc",
cflags => "-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB",
cflags => "-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB",
sys_id => "MPE",
ex_libs => add("-L/SYSLOG/PUB -lsyslog -lsocket -lcurses"),
thread_scheme => "(unknown)",
@@ -599,7 +589,7 @@ sub vms_info {
cc => "gcc",
cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3",
threads("-pthread")),
ex_libs => "-lrt", # for mlock(2)
ex_libs => add("-lrt", threads("-pthread")), # for mlock(2)
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -611,7 +601,7 @@ sub vms_info {
cc => "cc",
cflags => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings",
threads("-pthread")),
ex_libs => "-lrt", # for mlock(2)
ex_libs => add("-lrt", threads("-pthread")), # for mlock(2)
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -632,7 +622,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O3"),
threads("-pthread")),
ex_libs => add("-ldl"),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "BN_LLONG RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -896,7 +886,7 @@ sub vms_info {
#
# ANDROID_NDK=/some/where/android-ndk-10d
# CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm
# CROSS_COMPILE=arm-linux-adroideabi-
# CROSS_COMPILE=arm-linux-androideabi-
# PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin
#
"android" => {
@@ -1177,6 +1167,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
sys_id => "AIX",
bn_ops => "BN_LLONG RC4_CHAR",
thread_scheme => "pthreads",
@@ -1194,6 +1185,7 @@ sub vms_info {
debug => "-O0 -g",
release => "-O"),
threads("-pthread")),
ex_libs => add(threads("-pthread")),
sys_id => "AIX",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
thread_scheme => "pthreads",
@@ -1218,6 +1210,7 @@ sub vms_info {
perlasm_scheme => "aix32",
dso_scheme => "dlfcn",
shared_target => "aix-shared",
shared_cflag => "-qpic",
shared_ldflag => "-q32 -G",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
arflags => "-X 32",
@@ -1236,6 +1229,7 @@ sub vms_info {
perlasm_scheme => "aix64",
dso_scheme => "dlfcn",
shared_target => "aix-shared",
shared_cflag => "-qpic",
shared_ldflag => "-q64 -G",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
arflags => "-X 64",
@@ -1251,18 +1245,6 @@ sub vms_info {
thread_scheme => "(unknown)",
},
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
# You need to compile using the c89.sh wrapper in the tools directory, because the
# IBM compiler does not like the -L switch after any object modules.
#
"OS390-Unix" => {
inherit_from => [ "BASE_unix" ],
cc => "c89.sh",
cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE",
bn_ops => "THIRTY_TWO_BIT RC4_CHAR",
thread_scheme => "(unknown)",
},
#### Visual C targets
#
# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
@@ -1590,6 +1572,7 @@ sub vms_info {
inherit_from => [ "darwin-common", asm("ppc32_asm") ],
cflags => add("-arch ppc -std=gnu9x -DB_ENDIAN -Wa,-force_cpusubtype_ALL"),
perlasm_scheme => "osx32",
shared_cflag => add("-fno-common"),
shared_ldflag => "-arch ppc -dynamiclib",
},
"darwin64-ppc-cc" => {
@@ -1659,7 +1642,7 @@ sub vms_info {
cc => "gcc",
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
threads("-pthread")),
ex_libs => add("-ldl"),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -1735,9 +1718,7 @@ sub vms_info {
"uClinux-dist" => {
inherit_from => [ "BASE_unix" ],
cc => "$ENV{'CC'}",
cflags => combine("\$(CFLAGS)",
threads("-D_REENTRANT")),
plib_lflags => "\$(LDFLAGS)",
cflags => combine(threads("-D_REENTRANT")),
ex_libs => add("\$(LDLIBS)"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
@@ -1751,9 +1732,7 @@ sub vms_info {
"uClinux-dist64" => {
inherit_from => [ "BASE_unix" ],
cc => "$ENV{'CC'}",
cflags => combine("\$(CFLAGS)",
threads("-D_REENTRANT")),
plib_lflags => "\$(LDFLAGS)",
cflags => combine(threads("-D_REENTRANT")),
ex_libs => add("\$(LDLIBS)"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",

112
Configurations/90-team.conf
View File

@@ -1,112 +0,0 @@
## -*- mode: perl; -*-
## Build configuration targets for openssl-team members
%targets = (
"purify" => {
cc => "purify gcc",
cflags => "-g -Wall",
thread_scheme => "(unknown)",
ex_libs => add(" ","-lsocket -lnsl"),
},
"debug" => {
cc => "gcc",
cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
thread_scheme => "(unknown)",
},
"debug-erbridge" => {
inherit_from => [ "x86_64_asm" ],
cc => "gcc",
cflags => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-m64",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "64",
},
"debug-linux-pentium" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ppro" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ia32-aes" => {
cc => "gcc",
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
cpuid_asm_src => "x86cpuid.s",
bn_asm_src => "bn-586.s co-586.s x86-mont.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes_x86core.s aes_cbc.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s",
cast_asm_src => "cast-586.s",
rc4_asm_src => "rc4-586.s",
rmd160_asm_src => "rmd-586.s",
rc5_asm_src => "rc5-586.s",
wp_asm_src => "wp_block.s wp-mmx.s",
modes_asm_src => "ghash-x86.s",
padlock_asm_src => "e_padlock-x86.s",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"dist" => {
cc => "cc",
cflags => "-O",
thread_scheme => "(unknown)",
},
"debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "bsd-gcc-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"darwin64-debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
sys_id => "MACOSX",
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "macosx",
dso_scheme => "dlfcn",
shared_target => "darwin-shared",
shared_cflag => "-fPIC -fno-common",
shared_ldflag => "-arch x86_64 -dynamiclib",
shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
);

27
Configurations/README
View File

@@ -18,10 +18,14 @@ configuration in diverse ways:
Configurations of OpenSSL target platforms
==========================================
Target configurations are a collection of facts that we know about
Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
@@ -86,6 +90,27 @@ In each table entry, the following keys are significant:
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to upper case
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known

6
Configurations/common.tmpl
View File

@@ -52,8 +52,7 @@
generator_incs => $unified_info{includes}->{$script},
generator_deps => $unified_info{depends}->{$script},
deps => $unified_info{depends}->{$src},
incs => [ @{$unified_info{includes}->{$bin}},
@{$unified_info{includes}->{$obj}} ],
incs => $unified_info{includes}->{$obj},
%opts);
foreach (@{$unified_info{depends}->{$src}}) {
dogenerate($_, $obj, $bin, %opts);
@@ -74,8 +73,7 @@
$OUT .= src2obj(obj => $obj_no_o,
srcs => $unified_info{sources}->{$obj},
deps => $unified_info{depends}->{$obj},
incs => [ @{$unified_info{includes}->{$bin}},
@{$unified_info{includes}->{$obj}} ],
incs => $unified_info{includes}->{$obj},
%opts);
foreach ((@{$unified_info{sources}->{$obj}},
@{$unified_info{depends}->{$obj}})) {

11
Configurations/descrip.mms.tmpl
View File

@@ -89,7 +89,7 @@
sub dependmagic {
my $target = shift;
return "$target : build_generated\n\t\pipe \$(MMS) depend && \$(MMS) _$target\n_$target";
return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target";
}
#use Data::Dumper;
#print STDERR "DEBUG: before:\n", Dumper($unified_info{before});
@@ -144,6 +144,9 @@ BIN_SCRIPTS=[.tools]c_rehash.pl
MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
# DESTDIR is for package builders so that they can configure for, say,
# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
# In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run
@@ -261,12 +264,18 @@ build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests : build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated : $(GENERATED_MANDATORY) $(GENERATED)
test : tests
{- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep
@ ! {- output_off() if $disabled{tests}; "" -}
SET DEFAULT [.test]{- move("test") -}
CREATE/DIR [.test-runs]
DEFINE SRCTOP {- sourcedir() -}
DEFINE BLDTOP {- builddir() -}
DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
DEFINE OPENSSL_ENGINES {- builddir("engines") -}
DEFINE OPENSSL_DEBUG_MEMORY "on"
IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"

12
Configurations/dist.conf Normal file
View File

@@ -0,0 +1,12 @@
## -*- mode: perl; -*-
## Build configuration targets for openssl-team members
# This is to support 'make dist'
%targets = (
"dist" => {
inherit_from => [ 'BASE_unix' ],
cc => "cc",
cflags => "-O",
thread_scheme => "(unknown)",
},
);

128
Configurations/unix-Makefile.tmpl
View File

@@ -8,6 +8,7 @@
our $exeext = $target{exe_extension} || "";
our $libext = $target{lib_extension} || ".a";
our $shlibext = $target{shared_extension} || ".so";
our $shlibvariant = $target{shlib_variant} || "";
our $shlibextsimple = $target{shared_extension_simple} || ".so";
our $shlibextimport = $target{shared_import_extension} || "";
our $dsoext = $target{dso_extension} || ".so";
@@ -40,7 +41,7 @@
sub shlib {
return () if $disabled{shared};
my $lib = shift;
return $unified_info{sharednames}->{$lib} . $shlibext;
return $unified_info{sharednames}->{$lib}. $shlibvariant. $shlibext;
}
sub shlib_simple {
return () if $disabled{shared};
@@ -97,8 +98,7 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
{- output_on() if $disabled{makedepend}; "" -}
GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
GENERATED={- join(" ",
( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
grep { defined $unified_info{generate}->{$_} }
( grep { defined $unified_info{generate}->{$_} }
map { @{$unified_info{sources}->{$_}} }
grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
@@ -113,6 +113,9 @@ BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
# DESTDIR is for package builders so that they can configure for, say,
# /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
@@ -204,9 +207,8 @@ TARFILE= ../$(NAME).tar
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAG=$(CFLAGS)
# and pass it down to assembler. In any case, we do not define AS or
# ASFLAGS for this reason.
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
# For x86 assembler: Set PROCESSOR to 386 if you want to support
@@ -237,15 +239,21 @@ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils
@ : {- output_off() if $disabled{tests}; "" -}
( cd test; \
mkdir -p test-runs; \
SRCTOP=../$(SRCDIR) \
BLDTOP=../$(BLDDIR) \
RESULT_D=test-runs \
PERL="$(PERL)" \
EXE_EXT={- $exeext -} \
OPENSSL_ENGINES=../$(BLDDIR)/engines \
OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \
OPENSSL_DEBUG_MEMORY=on \
$(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@@ -285,7 +293,7 @@ clean: libclean
-$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"`
$(RM) core
$(RM) tags TAGS doc-nits
$(RM) test/.rnd
$(RM) -r test/test-runs
$(RM) openssl.pc libcrypto.pc libssl.pc
-$(RM) `find . -type l -a \! -path "./.git/*"`
$(RM) $(TARFILE)
@@ -592,19 +600,9 @@ doc-nits:
lint:
lint -DLINT $(INCLUDES) $(SRCS)
{- # because the program apps/openssl has object files as sources, and
# they then have the corresponding C files as source, we need to chain
# the lookups in %unified_info
my $apps_openssl = catfile("apps","openssl");
our @openssl_source = map { @{$unified_info{sources}->{$_}} }
@{$unified_info{sources}->{$apps_openssl}};
""; -}
generate_apps:
( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \
< apps/openssl.cnf > apps/openssl-vms.cnf )
( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b apps/progs.pl \
{- join(" ", @openssl_source) -} \
> apps/progs.h )
generate_crypto_bn:
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
@@ -656,25 +654,30 @@ tags TAGS: FORCE
# Release targets (note: only available on Unix) #####################
# If your tar command doesn't support --owner and --group, make sure to
# use one that does, for example GNU tar
TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
PREPARE_CMD=:
tar:
set -e; \
TMPDIR=/var/tmp/openssl-copy.$$$$; \
DISTDIR=$(NAME); \
mkdir -p $$TMPDIR/$$DISTDIR; \
(cd $(SRCDIR); \
excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf)"; \
echo "$$excl_re"; \
git ls-tree -r --name-only --full-tree HEAD \
| grep -v '^fuzz/corpora' \
| egrep -v "$$excl_re" \
| while read F; do \
mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
cp $$F $$TMPDIR/$$DISTDIR/$$F; \
done); \
(cd $$TMPDIR; \
(cd $$TMPDIR/$$DISTDIR; \
$(PREPARE_CMD); \
find $$TMPDIR/$$DISTDIR -type d -print | xargs chmod 755; \
find $$TMPDIR/$$DISTDIR -type f -print | xargs chmod a+r; \
find $$TMPDIR/$$DISTDIR -type f -perm -0100 -print | xargs chmod a+x; \
$(TAR_COMMAND) $$DISTDIR) \
find . -type d -print | xargs chmod 755; \
find . -type f -print | xargs chmod a+r; \
find . -type f -perm -0100 -print | xargs chmod a+x); \
(cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \
| (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \
rm -rf $$TMPDIR
cd $(SRCDIR); ls -l $(TARFILE).gz
@@ -722,7 +725,6 @@ libssl.pc:
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir}' ) > libssl.pc
openssl.pc:
@@ -799,20 +801,6 @@ EOF
}
if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
(my $target = $args{src}) =~ s|\.S$|.s|;
return <<"EOF";
$target: $args{generator}->[0] $deps
( trap "rm -f \$@.*" INT 0; \\
$generator \$@.S; \\
\$(CC) $incs \$(CFLAGS) -E \$@.S | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.i && \\
mv -f \$@.i \$@ )
EOF
}
# Otherwise....
return <<"EOF";
$args{src}: $args{generator}->[0] $deps
$generator \$@
@@ -820,7 +808,7 @@ EOF
}
return <<"EOF";
$args{src}: $args{generator}->[0] $deps
\$(CC) $incs \$(CFLAGS) -E \$< | \\
\$(CC) $incs \$(CFLAGS) -E $args{generator}->[0] | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@
EOF
}
@@ -832,12 +820,7 @@ EOF
sub src2obj {
my %args = @_;
my $obj = $args{obj};
my @srcs = map { if ($unified_info{generate}->{$_}) {
(my $x = $_) =~ s/\.S$/.s/; $x
} else {
$_
}
} ( @{$args{srcs}} );
my @srcs = @{$args{srcs}};
my $srcs = join(" ", @srcs);
my $deps = join(" ", @srcs, @{$args{deps}});
my $incs = join("", map { " -I".$_ } @{$args{incs}});
@@ -850,11 +833,30 @@ EOF
dso => '$(DSO_CFLAGS)',
bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
my $makedepprog = $config{makedepprog};
my $recipe = <<"EOF";
$obj$objext: $deps
EOF
if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
my $recipe;
# extension-specific rules
if (grep /\.s$/, @srcs) {
$recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) \$(CFLAGS) $ecflags -c -o \$\@ $srcs
EOF
} elsif (grep /\.S$/, @srcs) {
# In case one wonders why not just $(CC) -c file.S. While it
# does work with contemporary compilers, there are some legacy
# ones that get it wrong. Hence the elaborate scheme... We
# don't care to maintain dependecy lists, because dependency
# is rather weak, at most one header file that lists constants
# which are assigned in ascending order.
$recipe .= <<"EOF";
$obj$objext: $deps
( trap "rm -f \$@.*" INT 0; \\
\$(CC) $incs \$(CFLAGS) $ecflags -E $srcs | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.s && \\
\$(CC) \$(CFLAGS) $ecflags -c -o \$\@ \$@.s )
EOF
} elsif (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
$recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
\@touch $obj$depext.tmp
\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
@@ -865,6 +867,7 @@ EOF
EOF
} else {
$recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
EOF
if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
@@ -900,6 +903,7 @@ EOF
my $shlib_target = $target{shared_target};
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
my $target = shlib_simple($lib);
my $target_full = shlib($lib);
return <<"EOF"
# With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact
# that two files get produced, {shlibname}.dll and {libname}.dll.a.
@@ -914,27 +918,28 @@ $target: $lib$libext $deps $ordinalsfile
PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
LIBNAME=$libname LIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
LIBCOMPATVERSIONS=';\$(SHLIB_VERSION_HISTORY)' \\
LIBNAME=$libname SHLIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
STLIBNAME=$lib$libext \\
SHLIBNAME=$target SHLIBNAME_FULL=$target_full \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\
LDFLAGS='\$(LDFLAGS)' \\
SHARED_LDFLAGS='\$(LIB_LDFLAGS)' SHLIB_EXT=$shlibext \\
LDFLAGS='\$(LDFLAGS)' SHARED_LDFLAGS='\$(LIB_LDFLAGS)' \\
RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\
link_shlib.$shlib_target
EOF
. (windowsdll() ? <<"EOF" : "");
rm -f apps/$shlib$shlibext
rm -f test/$shlib$shlibext
rm -f fuzz/$shlib$shlibext
cp -p $shlib$shlibext apps/
cp -p $shlib$shlibext test/
cp -p $shlib$shlibext fuzz/
EOF
}
sub obj2dso {
my %args = @_;
my $lib = $args{lib};
my $libd = dirname($lib);
my $libn = basename($lib);
(my $libname = $libn) =~ s/^lib//;
my $dso = $args{lib};
my $dsod = dirname($dso);
my $dson = basename($dso);
my $shlibdeps = join("", map { my $d = dirname($_);
my $f = basename($_);
(my $l = $f) =~ s/^lib//;
@@ -942,17 +947,16 @@ EOF
my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
my $shlib_target = $target{shared_target};
my $objs = join(" ", map { $_.$objext } @{$args{objs}});
my $target = dso($lib);
my $target = dso($dso);
return <<"EOF";
$target: $objs $deps
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$dsod" \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\
SHLIBNAME_FULL=$target LDFLAGS='\$(LDFLAGS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
SHARED_LDFLAGS='\$(DSO_LDFLAGS)' \\
SHLIB_EXT=$dsoext \\
LIBEXTRAS="$objs" \\
link_dso.$shlib_target
EOF

2
Configurations/windows-checker.pm
View File

@@ -6,7 +6,7 @@ use Config;
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|\\|) {
if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
die <<EOF;
******************************************************************************

113
Configurations/windows-makefile.tmpl
View File

@@ -72,7 +72,7 @@ SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -}
PROGRAMS={- our @PROGRAMS = map { $_.$exeext } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
{- output_off() if $disabled{makedepend}; "" -}
@@ -88,28 +88,32 @@ GENERATED={- join(" ",
grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_LIBS={- join(" ", map { quotify1($_.$libext) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_PROGRAMPDBS={- join(" ", map { quotify1($_.".pdb") } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl
MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl
BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl"
MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl"
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
"\"".catfile("apps","openssl")."\"" -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
#
use File::Spec::Functions qw(:DEFAULT splitpath);
our $prefix = $config{prefix} || "$win_installroot\\OpenSSL";
our $prefix = canonpath($config{prefix}
|| "$win_installroot\\OpenSSL");
our ($prefix_dev, $prefix_dir, $prefix_file) =
splitpath($prefix, 1);
$prefix_dev -}
INSTALLTOP_dir={- $prefix_dir -}
INSTALLTOP_dir={- canonpath($prefix_dir) -}
OPENSSLDIR_dev={- #
# The logic here is that if no --openssldir was given,
# OPENSSLDIR will get the value from $prefix plus "/ssl".
@@ -123,13 +127,13 @@ OPENSSLDIR_dev={- #
our $openssldir =
$config{openssldir} ?
(file_name_is_absolute($config{openssldir}) ?
$config{openssldir}
canonpath($config{openssldir})
: catdir($prefix, $config{openssldir}))
: "$win_commonroot\\SSL";
: canonpath("$win_commonroot\\SSL");
our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
splitpath($openssldir, 1);
$openssldir_dev -}
OPENSSLDIR_dir={- $openssldir_dir -}
OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
LIBDIR={- our $libdir = $config{libdir} || "lib";
$libdir -}
ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
@@ -137,7 +141,7 @@ ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
splitpath($enginesdir, 1);
$enginesdir_dev -}
ENGINESDIR_dir={- $enginesdir_dir -}
ENGINESDIR_dir={- canonpath($enginesdir_dir) -}
!IF "$(DESTDIR)" != ""
INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir)
OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir)
@@ -178,6 +182,9 @@ MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY)
AS={- $target{as} -}
ASFLAGS={- $target{asflags} -}
ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl"
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
PROCESSOR= {- $config{processor} -}
@@ -197,25 +204,32 @@ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
@rem {- output_off() if $disabled{tests}; "" -}
@{- output_off() if $disabled{tests}; "" -}
-mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
set RESULT_D=$(BLDDIR)\test\test-runs
set PERL=$(PERL)
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -}
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
list-tests:
@rem {- output_off() if $disabled{tests}; "" -}
@{- output_off() if $disabled{tests}; "" -}
@set SRCTOP=$(SRCDIR)
@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -}
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
install: install_sw install_ssldirs install_docs
@@ -225,11 +239,14 @@ libclean:
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """fuzz/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS)
-del /Q ossl_static.pdb
clean: libclean
-del /Q /F $(PROGRAMS) $(ENGINES) $(SCRIPTS)
{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
-del /Q /F $(ENGINES)
-del /Q /F $(SCRIPTS)
-del /Q /F $(GENERATED)
-del /Q /S /F *.d
-del /Q /S /F *.obj
@@ -271,16 +288,17 @@ install_ssldirs:
"$(OPENSSLDIR)\misc"
install_dev:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing development files
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
@rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
"$(INSTALLTOP)\include\openssl"
@rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \
@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
"$(SRCDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \
@@ -292,8 +310,8 @@ install_dev:
uninstall_dev:
install_engines:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing engines
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing engines"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
@@ -303,8 +321,8 @@ install_engines:
uninstall_engines:
install_runtime:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing runtime files
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing runtime files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
@@ -329,14 +347,14 @@ uninstall_html_docs:
# Building targets ###################################################
configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@echo "Detected changed: $?"
@echo "Reconfiguring..."
@$(ECHO) "Detected changed: $?"
@$(ECHO) "Reconfiguring..."
"$(PERL)" "$(SRCDIR)\Configure" reconf
@echo "**************************************************"
@echo "*** ***"
@echo "*** Please run the same make command again ***"
@echo "*** ***"
@echo "**************************************************"
@$(ECHO) "**************************************************"
@$(ECHO) "*** ***"
@$(ECHO) "*** Please run the same make command again ***"
@$(ECHO) "*** ***"
@$(ECHO) "**************************************************"
@exit 1
{-
@@ -355,7 +373,8 @@ configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{b
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
my $generator = '"'.join('" "', @{$args{generator}}).'"';
my ($gen0, @gens) = @{$args{generator}};
my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens);
my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
my $deps = @{$args{deps}} ?
@@ -445,9 +464,7 @@ s/^Note: including file: *//;
END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" }
<<
$obj$objext: $obj$depext
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ @<<
$srcs
<<
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
EOF
return <<"EOF" if ($disabled{makedepend});
$obj$objext: $deps
@@ -493,8 +510,10 @@ $objs $shlib.res$linklibs \$(EX_LIBS)
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext
COPY $shlib$shlibext apps
COPY $shlib$shlibext test
COPY $shlib$shlibext fuzz
EOF
}
sub obj2dso {
@@ -589,8 +608,6 @@ EOF
foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
if (dirname($prod) eq $dir) {
push @deps, $prod.$extinfo{$type};
} else {
push @actions, "\t@rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
}
}
}

241
Configure
View File

@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -11,13 +11,18 @@
use 5.10.0;
use strict;
use FindBin;
use lib "$FindBin::Bin/util/perl";
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
use if $^O ne "VMS", 'File::Glob' => qw/glob/;
use OpenSSL::Glob;
# see INSTALL for instructions.
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
# Options:
@@ -60,8 +65,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
# enable-weak-ssl-ciphers
# Enable weak ciphers that are disabled by default. This currently
# only includes RC4 based ciphers.
# Enable weak ciphers that are disabled by default.
# 386 generate 80386 code in assembly modules
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one
@@ -116,6 +120,9 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# but 'long long' type.
. " -DPEDANTIC -pedantic -Wno-long-long"
. " -Wall"
. " -Wextra"
. " -Wno-unused-parameter"
. " -Wno-missing-field-initializers"
. " -Wsign-compare"
. " -Wmissing-prototypes"
. " -Wshadow"
@@ -136,15 +143,11 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# -Wextended-offsetof -- no, needed in CMS ASN1 code
my $clang_devteam_warn = ""
. " -Qunused-arguments"
. " -Wextra"
. " -Wno-unused-parameter"
. " -Wno-missing-field-initializers"
. " -Wno-language-extension-token"
. " -Wno-extended-offsetof"
. " -Wconditional-uninitialized"
. " -Wincompatible-pointer-types-discards-qualifiers"
. " -Wmissing-variable-declarations"
. " -Wundef"
;
# This adds backtrace information to the memory leak info. Is only used
@@ -461,31 +464,10 @@ my @disable_cascades = (
sub { 0 == scalar grep { !$disabled{$_} } @dtls }
=> [ "dtls" ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
"sha" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
# Additionally, SSL 3.0 requires either RSA or DSA+DH
sub { $disabled{rsa}
&& ($disabled{dsa} || $disabled{dh}); }
=> [ "ssl" ],
# (D)TLS 1.0 and TLS 1.1 also require either RSA or DSA+DH
# or ECDSA + ECDH. (D)TLS 1.2 has this requirement as well.
# (XXX: We don't support PSK-only builds).
sub { $disabled{rsa}
&& ($disabled{dsa} || $disabled{dh})
&& ($disabled{ecdsa} || $disabled{ecdh}); }
=> [ "tls1", "tls1_1", "tls1_2",
"dtls1", "dtls1_2" ],
"tls" => [ @tls ],
sub { 0 == scalar grep { !$disabled{$_} } @tls }
=> [ "tls" ],
# SRP and HEARTBEATS require TLSEXT
"tlsext" => [ "srp", "heartbeats" ],
"crypto-mdebug" => [ "crypto-mdebug-backtrace" ],
# Without DSO, we can't load dynamic engines, so don't build them dynamic
@@ -499,7 +481,7 @@ my @disable_cascades = (
# no-autoalginit is only useful when building non-shared
"autoalginit" => [ "shared", "apps" ],
"stdio" => [ "apps", "capieng" ],
"stdio" => [ "apps", "capieng", "egd" ],
"apps" => [ "tests" ],
"comp" => [ "zlib" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
@@ -529,8 +511,6 @@ while ((my $first, my $second) = (shift @list, shift @list)) {
# To remove something from %disabled, use "enable-foo".
# For symmetry, "disable-foo" is a synonym for "no-foo".
my $no_sse2=0;
&usage if ($#ARGV < 0);
my $user_cflags="";
@@ -779,21 +759,21 @@ while (@argvcopy)
else
{ $config{options} .= " ".$_; }
}
}
if (defined($config{api}) && !exists $apitable->{$config{api}}) {
die "***** Unsupported api compatibility level: $config{api}\n",
}
if (defined($config{api}) && !exists $apitable->{$config{api}}) {
die "***** Unsupported api compatibility level: $config{api}\n",
}
if (keys %deprecated_options)
{
warn "***** Deprecated options: ",
join(", ", keys %deprecated_options), "\n";
}
if (keys %unsupported_options)
{
die "***** Unsupported options: ",
join(", ", keys %unsupported_options), "\n";
}
if (keys %deprecated_options)
{
warn "***** Deprecated options: ",
join(", ", keys %deprecated_options), "\n";
}
if (keys %unsupported_options)
{
die "***** Unsupported options: ",
join(", ", keys %unsupported_options), "\n";
}
if ($libs =~ /(^|\s)-Wl,-rpath,/
@@ -880,7 +860,7 @@ foreach (sort (keys %disabled))
elsif (/^zlib-dynamic$/)
{ }
elsif (/^sse2$/)
{ $no_sse2 = 1; }
{ }
elsif (/^engine$/)
{
@{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
@@ -913,8 +893,6 @@ foreach (sort (keys %disabled))
{
push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT";
print " OPENSSL_NO_$WHAT";
if (/^err$/) { push @user_defines, "OPENSSL_NO_ERR"; }
}
}
@@ -933,11 +911,12 @@ if ($d) {
$target = $t;
}
}
&usage if !$table{$target} || $table{$target}->{template};
$config{target} = $target;
my %target = resolve_config($target);
&usage if (!%target || $target{template});
my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
$config{conf_files} = [ sort keys %conf_files ];
%target = ( %{$table{DEFAULTS}}, %target );
@@ -1168,7 +1147,7 @@ unless ($disabled{asm}) {
# bn-586 is the only one implementing bn_*_part_words
push @{$config{defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/);
push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$no_sse2 && $target{bn_asm_src} =~ /86/);
push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/);
push @{$config{defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
@@ -1200,7 +1179,7 @@ unless ($disabled{asm}) {
push @{$config{defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
# aes-xts.fake indicates presence of AES_xts_[en|de]crypt...
push @{$config{defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//);
$target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($no_sse2);
$target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2});
push @{$config{defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/);
push @{$config{defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/);
}
@@ -1225,29 +1204,31 @@ unless ($disabled{asm}) {
}
}
my $ecc = $target{cc};
if ($^O ne "VMS" && !$disabled{makedepend}) {
# Is the compiler gcc or clang? $ecc is used below to see if
# error-checking can be turned on.
my $ccpcc = "$config{cross_compile_prefix}$target{cc}";
open(PIPE, "$ccpcc --version 2>&1 |");
my $lines = 2;
while ( <PIPE> ) {
# Find the version number and save the major.
m|(?:.*)\b(\d+)\.\d+\.\d+\b(?:.*)|;
my $compiler_major = $1;
# We know that GNU C version 3 and up as well as all clang
# versions support dependency generation
$config{makedepprog} = $ccpcc
if (/clang/ || (/gcc/ && $compiler_major >= 3));
$ecc = "clang" if /clang/;
$ecc = "gcc" if /gcc/;
last if ($config{makedepprog} || !$lines--);
my %predefined;
if ($^O ne "VMS") {
my $cc = "$config{cross_compile_prefix}$target{cc}";
# collect compiler pre-defines from gcc or gcc-alike...
open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |");
while (<PIPE>) {
m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
$predefined{$1} = $2 // "";
}
close(PIPE);
$config{makedepprog} = which('makedepend') unless $config{makedepprog};
$disabled{makedepend} = "unavailable" unless $config{makedepprog};
if (!$disabled{makedepend}) {
# We know that GNU C version 3 and up as well as all clang
# versions support dependency generation, but Xcode did not
# handle $cc -M before clang support (but claims __GNUC__ = 3)
if (($predefined{__GNUC__} // -1) >= 3
&& !($predefined{__APPLE_CC__} && !$predefined{__clang__})) {
$config{makedepprog} = $cc;
} else {
$config{makedepprog} = which('makedepend');
$disabled{makedepend} = "unavailable" unless $config{makedepprog};
}
}
}
@@ -1292,13 +1273,13 @@ if (defined($config{api})) {
if ($strict_warnings)
{
my $wopt;
die "ERROR --strict-warnings requires gcc or clang"
unless $ecc eq 'gcc' || $ecc eq 'clang';
die "ERROR --strict-warnings requires gcc or gcc-alike"
unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/)
}
if ($ecc eq "clang")
if (defined($predefined{__clang__}))
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
@@ -1355,7 +1336,6 @@ my %unified_info = ();
my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
if ($builder eq "unified") {
use lib catdir(dirname(__FILE__),"util");
use with_fallback qw(Text::Template);
sub cleandir {
@@ -1478,9 +1458,15 @@ if ($builder eq "unified") {
my %sharednames = ();
my %generate = ();
# We want to detect configdata.pm in the source tree, so we
# don't use it if the build tree is different.
my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f);
my $template = Text::Template->new(TYPE => 'FILE',
SOURCE => catfile($sourced, $f));
my $template =
Text::Template->new(TYPE => 'FILE',
SOURCE => catfile($sourced, $f),
PREPEND => qq{use lib "$FindBin::Bin/util/perl";});
die "Something went wrong with $sourced/$f: $!\n" unless $template;
my @text =
split /^/m,
@@ -1781,7 +1767,7 @@ EOF
# If it isn't in the source tree, we assume it's generated
# in the build tree
if (! -f $s) {
if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
$s = cleanfile($buildd, $_, $blddir);
}
# We recognise C and asm files
@@ -1807,7 +1793,7 @@ EOF
# If it isn't in the source tree, we assume it's generated
# in the build tree
if (! -f $s) {
if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
$s = cleanfile($buildd, $_, $blddir);
}
# We recognise C and asm files
@@ -1842,7 +1828,7 @@ EOF
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
if ($ddest ne "" && ! -f $ddest) {
if ($ddest ne "" && ($ddest eq $src_configdata || ! -f $ddest)) {
$ddest = cleanfile($buildd, $_, $blddir);
if ($unified_info{rename}->{$ddest}) {
$ddest = $unified_info{rename}->{$ddest};
@@ -1856,7 +1842,8 @@ EOF
# in the build tree rather than the source tree, and assume
# and that there are lines to build it in a BEGINRAW..ENDRAW
# section or in the Makefile template.
if (! -f $d
if ($d eq $src_configdata
|| ! -f $d
|| (grep { $d eq $_ }
map { cleanfile($srcdir, $_, $blddir) }
grep { /\.h$/ } keys %{$unified_info{generate}})) {
@@ -1867,13 +1854,6 @@ EOF
$d = $unified_info{rename}->{$d};
}
$unified_info{depends}->{$ddest}->{$d} = 1;
# If we depend on a header file or a perl module, let's make
# sure it can get included
if ($dest ne "" && $d =~ /\.(h|pm)$/) {
my $i = dirname($d);
push @{$unified_info{includes}->{$ddest}->{source}}, $i
unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}->{source}};
}
}
}
@@ -1883,7 +1863,7 @@ EOF
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
if (! -f $ddest) {
if ($ddest eq $src_configdata || ! -f $ddest) {
$ddest = cleanfile($buildd, $_, $blddir);
if ($unified_info{rename}->{$ddest}) {
$ddest = $unified_info{rename}->{$ddest};
@@ -1900,6 +1880,43 @@ EOF
}
}
# Massage the result
# If we depend on a header file or a perl module, add an inclusion of
# its directory to allow smoothe inclusion
foreach my $dest (keys %{$unified_info{depends}}) {
next if $dest eq "";
foreach my $d (keys %{$unified_info{depends}->{$dest}}) {
next unless $d =~ /\.(h|pm)$/;
my $i = dirname($d);
my $spot =
$d eq "configdata.pm" || defined($unified_info{generate}->{$d})
? 'build' : 'source';
push @{$unified_info{includes}->{$dest}->{$spot}}, $i
unless grep { $_ eq $i } @{$unified_info{includes}->{$dest}->{$spot}};
}
}
# Trickle down includes placed on libraries, engines and programs to
# their sources (i.e. object files)
foreach my $dest (keys %{$unified_info{engines}},
keys %{$unified_info{libraries}},
keys %{$unified_info{programs}}) {
foreach my $k (("source", "build")) {
next unless defined($unified_info{includes}->{$dest}->{$k});
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
foreach my $obj (grep /\.o$/,
(keys %{$unified_info{sources}->{$dest}},
keys %{$unified_info{shared_sources}->{$dest}})) {
foreach my $inc (@incs) {
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
}
}
}
delete $unified_info{includes}->{$dest};
}
### Make unified_info a bit more efficient
# One level structures
foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
@@ -1915,8 +1932,9 @@ EOF
# Includes
foreach my $dest (sort keys %{$unified_info{includes}}) {
if (defined($unified_info{includes}->{$dest}->{build})) {
my @source_includes =
( @{$unified_info{includes}->{$dest}->{source}} );
my @source_includes = ();
@source_includes = ( @{$unified_info{includes}->{$dest}->{source}} )
if defined($unified_info{includes}->{$dest}->{source});
$unified_info{includes}->{$dest} =
[ @{$unified_info{includes}->{$dest}->{build}} ];
foreach my $inc (@source_includes) {
@@ -2113,6 +2131,8 @@ my %builders = (
$builders{$builder}->($builder_platform, @builder_opts);
$SIG{__DIE__} = $orig_death_handler;
print <<"EOF";
Configured for $target.
@@ -2134,14 +2154,6 @@ or position independent code, please let us know (but please first make sure
you have tried with a current version of OpenSSL).
EOF
print <<"EOF" if (-f catfile($srcdir, "configdata.pm") && $srcdir ne $blddir);
WARNING: there are indications that another build was made in the source
directory. This build may have picked up artifacts from that build, the
safest course of action is to clean the source directory and redo this
configuration.
EOF
exit(0);
######################################################################
@@ -2149,6 +2161,24 @@ exit(0);
# Helpers and utility functions
#
# Death handler, to print a helpful message in case of failure #######
#
sub death_handler {
die @_ if $^S; # To prevent the added message in eval blocks
my $build_file = $target{build_file} // "build file";
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.
Please read INSTALL and associated NOTES files. You may also have to look over
your available compiler tool chain or change your configuration.
_____
# Dying is terminal, so it's ok to reset the signal handler here.
$SIG{__DIE__} = $orig_death_handler;
die @message;
}
# Configuration file reading #########################################
# Note: All of the helper functions are for lazy evaluation. They all
@@ -2291,6 +2321,17 @@ sub read_config {
eval $content;
warn $@ if $@;
}
my %preexisting = ();
foreach (sort keys %targets) {
$preexisting{$_} = 1 if $table{$_};
}
die <<"EOF",
The following config targets from $fname
shadow pre-existing config targets with the same name:
EOF
map { " $_\n" } sort keys %preexisting
if %preexisting;
# For each target, check that it's configured with a hash table.
foreach (keys %targets) {

13
INSTALL
View File

@@ -3,7 +3,8 @@
--------------------
This document describes installation on all supported operating
systems (the Linux/Unix family, OpenVMS and Windows)
systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS,
and Windows).
To install OpenSSL, you will need:
@@ -76,7 +77,7 @@
If you want to just get on with it, do:
on Unix:
on Unix (again, this includes Mac OS/X):
$ ./config
$ make
@@ -408,8 +409,9 @@
has an impact when not built "shared".
no-stdio
Don't use any C "stdio" features. Only libcrypto and libssl
can be built in this way. Using this option will suppress
Don't use anything from the C header file "stdio.h" that
makes use of the "FILE" type. Only libcrypto and libssl can
be built in this way. Using this option will suppress
building the command line applications. Additionally since
the OpenSSL tests also use the command line applications the
tests will also be skipped.
@@ -678,7 +680,8 @@
compiler optimization flags from the CFLAGS line in Makefile and
run "make clean; make" or corresponding.
Please send bug reports to <rt@openssl.org>.
To report a bug please open an issue on GitHub, at
https://github.com/openssl/openssl/issues.
4. If everything tests ok, install OpenSSL with

2
LICENSE
View File

@@ -10,7 +10,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

257
Makefile.shared
View File

@@ -29,6 +29,37 @@ NM=nm
#LIBNAME=foo
LIBNAME=
# STLIBNAME contains the path of the static library to build the shared
# library from, for example:
#STLIBNAME=libfoo.a
STLIBNAME=
# On most Unix platforms, SHLIBNAME contains the path of the short name of
# the shared library to build, for example
#SHLIBNAME=libfoo.so
# On Windows POSIX layers (cygwin and mingw), SHLIBNAME contains the import
# library name for the shared library to be built, for example:
#SHLIBNAME=libfoo.dll.a
# SHLIBNAME_FULL contains the path of the full name of the shared library to
# build, for example:
#SHLIBNAME_FULL=libfoo.so.1.2
# When building DSOs, SHLIBNAME_FULL contains path of the full DSO name, for
# example:
#SHLIBNAME_FULL=dir/dso.so
SHLIBNAME_FULL=
# SHLIBVERSION contains the current version of the shared library (not to
# be confused with the project version)
#SHLIBVERSION=1.2
SHLIBVERSION=
# NOTE: to build shared libraries, LIBNAME, STLIBNAME, SHLIBNAME and
# SHLIBNAME_FULL MUST have values when using this makefile, and in some
# cases, SHLIBVERSION as well. To build DSOs, SHLIBNAME_FULL MUST have
# a value, the rest can be left alone.
# APPNAME contains just the name of the application, without suffix (""
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
# this makefile to build applications.
@@ -36,9 +67,6 @@ LIBNAME=
#APPNAME=foo
APPNAME=
# DSTDIR is the directory where the built file should end up in.
DSTDIR=.
# SRCDIR is the top directory of the source tree.
SRCDIR=.
@@ -55,24 +83,6 @@ OBJECTS=
# names of all object files that go into the target shared object.
LIBEXTRAS=
# LIBVERSION contains the current version of the library.
# For example, to build libfoo.so.1.2, you need to do the following:
#LIBVERSION=1.2
LIBVERSION=
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
# the library. They MUST be in decreasing order.
# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
# and libfoo.so.1, you need to do the following:
#LIBCOMPATVERSIONS=1.2 1
# Note that on systems that use sonames, the last number will appear as
# part of it.
# It's also possible, for systems that support it (Tru64, for example),
# to add extra compatibility info with more precision, by adding a second
# list of versions, separated from the first with a semicolon, like this:
#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
LIBCOMPATVERSIONS=
# LIBDEPS contains all the flags necessary to cover all necessary
# dependencies to other libraries.
LIBDEPS=
@@ -86,20 +96,6 @@ SET_X=:
top:
echo "Trying to use this makefile interactively? Don't."
CALC_VERSIONS= \
SHLIB_COMPAT=; SHLIB_SOVER=; \
if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
prev=""; \
for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
SHLIB_SOVER_NODOT=$$v; \
SHLIB_SOVER=.$$v; \
if [ -n "$$prev" ]; then \
SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
fi; \
prev=$$v; \
done; \
fi
LINK_APP= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
@@ -120,43 +116,37 @@ LINK_SO= \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO)
SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
if [ -n "$$SHLIB_COMPAT" ]; then \
for x in $$SHLIB_COMPAT; do \
( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX; \
ln -s $$prev $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX ); \
prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX ); \
if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \
"$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \
( $(SET_X); \
rm -f $(SHLIBNAME); \
ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \
fi; \
fi
LINK_SO_SHLIB= SHOBJECTS="$(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_SHLIB= SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_SHLIB_VIA_O= \
SHOBJECTS=$(DSTDIR)/lib$(LIBNAME).o; \
SHOBJECTS=$(STLIBNAME).o; \
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL lib$(LIBNAME).a $(LIBEXTRAS); \
ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS) ); \
( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS); \
ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS) ); \
$(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS )
LINK_SO_SHLIB_UNPACKED= \
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
(cd $$UNPACKDIR; ar x ../$(DSTDIR)/lib$(LIBNAME).a) && \
(cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
SHOBJECTS=$$UNPACKDIR/*.o; \
$(LINK_SO) && rm -rf $$UNPACKDIR
@@ -164,15 +154,10 @@ LINK_SO_SHLIB_UNPACKED= \
DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
DO_GNU_SO_COMMON=\
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)"
DO_GNU_DSO=\
SHLIB=$(LIBNAME).so; \
SHLIB_SOVER=; \
SHLIB_SUFFIX=; \
$(DO_GNU_SO_COMMON)
DO_GNU_SO=\
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
$(DO_GNU_SO_COMMON)
@@ -201,8 +186,6 @@ link_shlib.linux-shared:
link_dso.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=; \
@@ -210,9 +193,6 @@ link_dso.bsd:
fi; $(LINK_SO_DSO)
link_shlib.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \
@@ -241,50 +221,33 @@ link_app.bsd:
# Alternative to this heuristic approach is to develop specific
# MacOS X dso module relying on whichever "native" dyld interface.
link_dso.darwin:
@ SHLIB=$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS=''; \
@ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
$(LINK_SO_DSO)
link_shlib.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS='-all_load'; \
@ ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
if [ -n "$(LIBVERSION)" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
fi; \
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \
$(LINK_SO_SHLIB)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
link_dso.cygwin:
@SHLIB=$(LIBNAME); \
SHLIB_SUFFIX=.dll; \
ALLSYMSFLAGS=''; \
@ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
base=-Wl,--enable-auto-image-base; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \
$(LINK_SO_DSO)
link_shlib.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
@ INHIBIT_SYMLINKS=yes; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a rc.o"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \
rm rc.o
link_app.cygwin:
@@ -293,26 +256,18 @@ link_app.cygwin:
# link_dso.mingw-shared and link_app.mingw-shared are mapped to the
# corresponding cygwin targets, as they do the exact same thing.
link_shlib.mingw:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
arch=; \
if expr $(PLATFORM) : mingw64 > /dev/null; then arch=-x64; fi; \
sover=`echo $(LIBVERSION) | sed -e 's/\./_/g'` ; \
SHLIB=lib$(LIBNAME); \
SHLIB_SOVER=-$$sover$$arch; \
SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
@ INHIBIT_SYMLINKS=yes; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
$(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1'"$$dll_name"'|' \
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \
> $(LIBNAME).def; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $(LIBNAME).def rc.o"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \
rm $(LIBNAME).def rc.o
@@ -320,8 +275,6 @@ link_dso.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
@@ -331,21 +284,9 @@ link_shlib.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
if [ -n "$$SHLIB_HIST" ]; then \
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
else \
SHLIB_HIST="$(LIBVERSION)"; \
fi; \
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \
fi; \
$(LINK_SO_SHLIB)
link_app.alpha-osf1:
@@ -360,25 +301,19 @@ link_dso.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
$(CALC_VERSIONS); \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=;\
$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \
NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_SHLIB)
link_app.solaris:
@@ -394,24 +329,18 @@ link_dso.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
$(CALC_VERSIONS); \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr3:
@@ -425,25 +354,20 @@ link_dso.svr5:
else \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr5:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr5:
@@ -454,25 +378,20 @@ link_dso.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SUFFIX,-B,symbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \
$(LINK_SO_SHLIB)
link_app.irix:
@@ -489,29 +408,22 @@ link_app.irix:
#
link_dso.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
SHLIB=$(LIBNAME).sl; \
expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX || :; \
$(LINK_SO_DSO) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL)
link_shlib.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_SHLIB) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL)
link_app.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
@@ -521,23 +433,18 @@ link_app.hpux:
link_dso.aix:
@OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_DSO);
link_shlib.aix:
@ $(CALC_VERSIONS); \
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
@ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_SHLIB_VIA_O)
link_app.aix:
LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
@@ -547,19 +454,11 @@ link_app.aix:
# Targets to build symbolic links when needed
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
symlink.aix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
@ $(SYMLINK_SO)
symlink.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
$(SYMLINK_SO)
@ $(SYMLINK_SO)
symlink.hpux:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
@ $(SYMLINK_SO)
# The following lines means those specific architectures do no symlinks
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:

17
NEWS
View File

@@ -5,6 +5,23 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018]
o Client DoS due to large DH parameter (CVE-2018-0732)
o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the
stack (CVE-2018-0739)
o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw

4
README
View File

@@ -1,7 +1,7 @@
OpenSSL 1.1.0f 25 May 2017
OpenSSL 1.1.0i 14 Aug 2018
Copyright (c) 1998-2016 The OpenSSL Project
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

6
apps/CA.pl.in
View File

@@ -145,7 +145,7 @@ if ($WHAT eq '-newcert' ) {
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[1];
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT"
@@ -178,12 +178,12 @@ if ($WHAT eq '-newcert' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[1];
my $cname = $ARGV[0];
if (!defined $cname) {
print "Certificate filename is required; reason optional.\n";
exit 1;
}
my $reason = $ARGV[2];
my $reason = $ARGV[1];
$reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason);

4
apps/app_rand.c
View File

@@ -20,7 +20,7 @@ int app_RAND_load_file(const char *file, int dont_warn)
char buffer[200];
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
file = RAND_file_name(buffer, sizeof(buffer));
#ifndef OPENSSL_NO_EGD
else if (RAND_egd(file) > 0) {
/*
@@ -101,7 +101,7 @@ int app_RAND_write_file(const char *file)
return 0;
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_err, "unable to write 'random state'\n");
return 0;

90
apps/apps.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -18,9 +18,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <sys/types.h>
#ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h>
# include <fcntl.h>
@@ -1014,7 +1012,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
};
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
if ((*flags & XN_FLAG_SEP_MASK) == 0)
if (*flags != XN_FLAG_COMPAT
&& (*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}
@@ -1390,9 +1389,9 @@ int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial
OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
else {
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif
}
out = BIO_new_file(buf[0], "w");
@@ -1433,11 +1432,11 @@ int rotate_serial(const char *serialfile, const char *new_suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif
if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
@@ -1506,9 +1505,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
goto err;
#ifndef OPENSSL_SYS_VMS
BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile);
BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
#else
BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile);
BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
#endif
dbattr_conf = app_load_config(buf);
@@ -1569,13 +1568,13 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif
out = BIO_new_file(buf[0], "w");
if (out == NULL) {
@@ -1618,17 +1617,17 @@ int rotate_index(const char *dbfile, const char *new_suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif
if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
@@ -2255,29 +2254,27 @@ int app_access(const char* name, int flag)
#ifdef _WIN32
int app_isdir(const char *name)
{
HANDLE hList;
WIN32_FIND_DATA FileData;
DWORD attr;
# if defined(UNICODE) || defined(_UNICODE)
size_t i, len_0 = strlen(name) + 1;
WCHAR tempname[MAX_PATH];
if (len_0 > OSSL_NELEM(FileData.cFileName))
if (len_0 > MAX_PATH)
return -1;
# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
if (!MultiByteToWideChar
(CP_ACP, 0, name, len_0, FileData.cFileName, len_0))
if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
# endif
for (i = 0; i < len_0; i++)
FileData.cFileName[i] = (WCHAR)name[i];
tempname[i] = (WCHAR)name[i];
hList = FindFirstFile(FileData.cFileName, &FileData);
attr = GetFileAttributes(tempname);
# else
hList = FindFirstFile(name, &FileData);
attr = GetFileAttributes(name);
# endif
if (hList == INVALID_HANDLE_VALUE)
if (attr == INVALID_FILE_ATTRIBUTES)
return -1;
FindClose(hList);
return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0);
return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
}
#else
# include <sys/stat.h>
@@ -2575,6 +2572,7 @@ void wait_for_async(SSL *s)
fd_set asyncfds;
OSSL_ASYNC_FD *fds;
size_t numfds;
size_t i;
if (!SSL_get_all_async_fds(s, NULL, &numfds))
return;
@@ -2583,17 +2581,17 @@ void wait_for_async(SSL *s)
fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
if (!SSL_get_all_async_fds(s, fds, &numfds)) {
OPENSSL_free(fds);
return;
}
FD_ZERO(&asyncfds);
while (numfds > 0) {
if (width <= (int)*fds)
width = (int)*fds + 1;
openssl_fdset((int)*fds, &asyncfds);
numfds--;
fds++;
for (i = 0; i < numfds; i++) {
if (width <= (int)fds[i])
width = (int)fds[i] + 1;
openssl_fdset((int)fds[i], &asyncfds);
}
select(width, (void *)&asyncfds, NULL, NULL, NULL);
OPENSSL_free(fds);
#endif
}

16
apps/apps.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -214,8 +214,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
OPT_S_DHPARAM, OPT_S_DEBUGBROKE, OPT_S_COMP, \
OPT_S__LAST
OPT_S_DEBUGBROKE, OPT_S_COMP, OPT_S_MINPROTO, OPT_S_MAXPROTO, \
OPT_S_NO_RENEGOTIATION, OPT_S__LAST
# define OPT_S_OPTIONS \
{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
@@ -230,6 +230,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
{"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
"Enable use of legacy renegotiation (dangerous)"}, \
{"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
"Disable all renegotiation."}, \
{"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
"Allow initial connection to servers that don't support RI"}, \
{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
@@ -248,8 +250,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
{"named_curve", OPT_S_NAMEDCURVE, 's', \
"Elliptic curve used for ECDHE (server-side only)" }, \
{"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \
{"dhparam", OPT_S_DHPARAM, '<', \
"DH parameter file to use, in cert file if not specified"}, \
{"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
{"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
"Perform all sorts of protocol violations for testing purposes"}
@@ -274,7 +276,9 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \
case OPT_S_DHPARAM: \
case OPT_S_MINPROTO: \
case OPT_S_MAXPROTO: \
case OPT_S_NO_RENEGOTIATION: \
case OPT_S_DEBUGBROKE
#define IS_NO_PROT_FLAG(o) \

22
apps/asn1pars.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -41,7 +41,7 @@ OPTIONS asn1parse_options[] = {
{"dump", OPT_DUMP, 0, "unknown data in hex form"},
{"dlimit", OPT_DLIMIT, 'p',
"dump the first arg bytes of unknown data in hex form"},
{"strparse", OPT_STRPARSE, 's',
{"strparse", OPT_STRPARSE, 'p',
"offset; a series of these can be used to 'dig'"},
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
@@ -113,13 +113,13 @@ int asn1parse_main(int argc, char **argv)
offset = strtol(opt_arg(), NULL, 0);
break;
case OPT_LENGTH:
length = atoi(opt_arg());
length = strtol(opt_arg(), NULL, 0);
break;
case OPT_DUMP:
dump = -1;
break;
case OPT_DLIMIT:
dump = atoi(opt_arg());
dump = strtol(opt_arg(), NULL, 0);
break;
case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg());
@@ -191,7 +191,7 @@ int asn1parse_main(int argc, char **argv)
num = 0;
for (;;) {
if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
if (!BUF_MEM_grow(buf, num + BUFSIZ))
goto end;
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0)
@@ -211,9 +211,9 @@ int asn1parse_main(int argc, char **argv)
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
ASN1_TYPE *atmp;
int typ;
j = atoi(sk_OPENSSL_STRING_value(osk, i));
if (j == 0) {
BIO_printf(bio_err, "'%s' is an invalid number\n",
j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is out of range\n",
sk_OPENSSL_STRING_value(osk, i));
continue;
}
@@ -244,14 +244,14 @@ int asn1parse_main(int argc, char **argv)
num = tmplen;
}
if (offset >= num) {
BIO_printf(bio_err, "Error: offset too large\n");
if (offset < 0 || offset >= num) {
BIO_printf(bio_err, "Error: offset out of range\n");
goto end;
}
num -= offset;
if ((length == 0) || ((long)length > num))
if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout) {
if (BIO_write(derout, str + offset, length) != (int)length) {

28
apps/build.info
View File

@@ -1,21 +1,27 @@
{- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget";
our @apps_openssl_src =
( qw(openssl.c
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
srp.c ts.c verify.c version.c x509.c rehash.c
apps.c opt.c s_cb.c s_socket.c
app_rand.c),
split(/\s+/, $target{apps_aux_src}) );
"" -}
IF[{- !$disabled{apps} -}]
PROGRAMS=openssl
SOURCE[openssl]=\
openssl.c \
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
srp.c ts.c verify.c version.c x509.c rehash.c \
apps.c opt.c s_cb.c s_socket.c \
app_rand.c \
{- $target{apps_aux_src} -}
SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
@apps_openssl_src) -}
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
DEPEND[progs.h]=../configdata.pm
SCRIPTS=CA.pl {- $tsget_name -}
SOURCE[CA.pl]=CA.pl.in
SOURCE[{- $tsget_name -}]=tsget.in

331
apps/ca.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -440,30 +440,23 @@ end_of_options:
&& (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL)
goto end;
if (conf != NULL) {
p = NCONF_get_string(conf, NULL, "oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL) {
BIO *oid_bio;
p = NCONF_get_string(conf, NULL, "oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL) {
BIO *oid_bio = BIO_new_file(p, "r");
oid_bio = BIO_new_file(p, "r");
if (oid_bio == NULL) {
/*-
BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
ERR_print_errors(bio_err);
*/
ERR_clear_error();
} else {
OBJ_create_objects(oid_bio);
BIO_free(oid_bio);
}
}
if (!add_oid_section(conf)) {
ERR_print_errors(bio_err);
goto end;
if (oid_bio == NULL) {
ERR_clear_error();
} else {
OBJ_create_objects(oid_bio);
BIO_free(oid_bio);
}
}
if (!add_oid_section(conf)) {
ERR_print_errors(bio_err);
goto end;
}
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL)
@@ -732,10 +725,10 @@ end_of_options:
/*****************************************************************/
if (req || gencrl) {
/* FIXME: Is it really always text? */
Sout = bio_open_default(outfile, 'w', FORMAT_TEXT);
if (Sout == NULL)
goto end;
if (spkac_file != NULL) {
output_der = 1;
batch = 1;
}
}
if (md == NULL
@@ -879,10 +872,6 @@ end_of_options:
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (outfile) {
output_der = 1;
batch = 1;
}
}
}
if (ss_cert_file != NULL) {
@@ -936,10 +925,13 @@ end_of_options:
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
if (!BN_add_word(serial, 1))
if (!BN_add_word(serial, 1)) {
X509_free(x);
goto end;
}
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
X509_free(x);
goto end;
}
}
@@ -1024,6 +1016,11 @@ end_of_options:
if (verbose)
BIO_printf(bio_err, "writing %s\n", buf[2]);
Sout = bio_open_default(outfile, 'w',
output_der ? FORMAT_ASN1 : FORMAT_TEXT);
if (Sout == NULL)
goto end;
Cout = BIO_new_file(buf[2], "w");
if (Cout == NULL) {
perror(buf[2]);
@@ -1032,6 +1029,8 @@ end_of_options:
write_new_certificate(Cout, xi, 0, notext);
write_new_certificate(Sout, xi, output_der, notext);
BIO_free_all(Cout);
BIO_free_all(Sout);
Sout = NULL;
}
if (sk_X509_num(cert_sk)) {
@@ -1098,13 +1097,13 @@ end_of_options:
goto end;
tmptm = ASN1_TIME_new();
if (tmptm == NULL)
goto end;
X509_gmtime_adj(tmptm, 0);
X509_CRL_set1_lastUpdate(crl, tmptm);
if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
NULL)) {
if (tmptm == NULL
|| X509_gmtime_adj(tmptm, 0) == NULL
|| !X509_CRL_set1_lastUpdate(crl, tmptm)
|| X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
NULL) == NULL) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
ASN1_TIME_free(tmptm);
goto end;
}
X509_CRL_set1_nextUpdate(crl, tmptm);
@@ -1180,6 +1179,11 @@ end_of_options:
if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
goto end;
Sout = bio_open_default(outfile, 'w',
output_der ? FORMAT_ASN1 : FORMAT_TEXT);
if (Sout == NULL)
goto end;
PEM_write_bio_X509_CRL(Sout, crl);
if (crlnumberfile != NULL) /* Rename the crlnumber file */
@@ -1376,8 +1380,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
NULL;
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
const ASN1_TIME *tm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
@@ -1559,7 +1562,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
@@ -1577,104 +1579,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end;
}
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
/*
* and add it later on because of the method extensions are added
* (altName)
*/
if (email_dn)
dn_subject = subject;
else {
X509_NAME_ENTRY *tmpne;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if ((dn_subject = X509_NAME_dup(subject)) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
}
if (BN_is_zero(serial))
row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
p = "Expired";
else if (rrow[DB_type][0] == 'R')
p = "Revoked";
else if (rrow[DB_type][0] == 'V')
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == 'R') {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto end;
}
/* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err,
@@ -1704,7 +1608,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (enddate != NULL) {
int tdays;
ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
goto end;
days = tdays;
}
@@ -1719,7 +1625,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
X509_set_version(ret, 2);
/* Initialize the context structure */
if (selfsign)
@@ -1774,10 +1679,132 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end;
}
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))
{
const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(ret);
if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
goto end;
}
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject. */
if (!email_dn) {
X509_NAME_ENTRY *tmpne;
X509_NAME *dn_subject;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if ((dn_subject = X509_NAME_dup(subject)) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
if (!X509_set_subject_name(ret, dn_subject)) {
X509_NAME_free(dn_subject);
goto end;
}
X509_NAME_free(dn_subject);
}
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (BN_is_zero(serial))
row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (row[DB_name][0] == '\0') {
/*
* An empty subject! We'll use the serial number instead. If
* unique_subject is in use then we don't want different entries with
* empty subjects matching each other.
*/
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == DB_TYPE_EXP)
p = "Expired";
else if (rrow[DB_type][0] == DB_TYPE_REV)
p = "Revoked";
else if (rrow[DB_type][0] == DB_TYPE_VAL)
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == DB_TYPE_REV) {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto end;
}
if (!default_op) {
@@ -1829,8 +1856,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date] = NULL;
row[DB_file] = OPENSSL_strdup("unknown");
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
@@ -1850,16 +1875,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
irow = NULL;
ok = 1;
end:
if (irow != NULL) {
if (ok != 1) {
for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
OPENSSL_free(irow);
}
OPENSSL_free(irow);
X509_NAME_free(CAname);
X509_NAME_free(subject);
if (dn_subject != subject)
X509_NAME_free(dn_subject);
if (ok <= 0)
X509_free(ret);
else
@@ -2040,6 +2063,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
else
row[DB_serial] = BN_bn2hex(bn);
BN_free(bn);
if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
/* Entries with empty Subjects actually use the serial number instead */
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
}
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
@@ -2200,7 +2228,10 @@ static int do_updatedb(CA_DB *db)
return -1;
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
if (X509_gmtime_adj(a_tm, 0) == NULL) {
ASN1_UTCTIME_free(a_tm);
return -1;
}
a_tm_s = app_malloc(a_tm->length + 1, "time string");
memcpy(a_tm_s, a_tm->data, a_tm->length);

2
apps/ciphers.c
View File

@@ -225,7 +225,7 @@ int ciphers_main(int argc, char **argv)
BIO_printf(bio_out, "%s - ", nm);
}
#endif
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}

10
apps/cms.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -931,11 +931,15 @@ int cms_main(int argc, char **argv)
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
if (!signer)
if (!signer) {
ret = 2;
goto end;
}
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (!key)
if (!key) {
ret = 2;
goto end;
}
for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;

15
apps/dhparam.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -151,6 +151,11 @@ int dhparam_main(int argc, char **argv)
goto end;
}
# endif
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
/* DH parameters */
if (num && !g)
g = 2;
@@ -266,10 +271,6 @@ int dhparam_main(int argc, char **argv)
/* dh != NULL */
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (text) {
DHparams_print(out, dh);
}
@@ -326,9 +327,9 @@ int dhparam_main(int argc, char **argv)
"\n"
" if (dh == NULL)\n"
" return NULL;\n");
BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof (dhp_%d), NULL);\n",
BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
bits, bits);
BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof (dhg_%d), NULL);\n",
BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
bits, bits);
BIO_printf(out, " if (dhp_bn == NULL || dhg_bn == NULL\n"
" || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n"

3
apps/dsa.c
View File

@@ -217,6 +217,9 @@ int dsa_main(int argc, char **argv)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK) {
if (pubin) {

34
apps/dsaparam.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -226,28 +226,34 @@ int dsaparam_main(int argc, char **argv)
data = app_malloc(len + 20, "BN space");
BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p);
print_bignum_var(bio_out, p, "dsap", len, data);
print_bignum_var(bio_out, q, "dsaq", len, data);
print_bignum_var(bio_out, g, "dsag", len, data);
BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p);
print_bignum_var(bio_out, p, "dsap", bits_p, data);
print_bignum_var(bio_out, q, "dsaq", bits_p, data);
print_bignum_var(bio_out, g, "dsag", bits_p, data);
BIO_printf(bio_out, " DSA *dsa = DSA_new();\n"
" BIGNUM *p, *q, *g;\n"
"\n");
BIO_printf(bio_out, " if (dsa == NULL)\n"
" return NULL;\n");
BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof (dsap_%d), NULL);\n",
bits_p, bits_p);
BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof (dsaq_%d), NULL);\n",
bits_p, bits_p);
BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof (dsag_%d), NULL);\n",
bits_p, bits_p);
BIO_printf(bio_out, " if (!dsa->p || !dsa->q || !dsa->g) {\n"
" DSA_free(dsa);\n"
BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n",
bits_p, bits_p);
BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n",
bits_p, bits_p);
BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n",
bits_p, bits_p);
BIO_printf(bio_out, " DSA_free(dsa);\n"
" BN_free(p);\n"
" BN_free(q);\n"
" BN_free(g);\n"
" return NULL;\n"
" }\n"
" return(dsa);\n}\n");
" return dsa;\n}\n");
OPENSSL_free(data);
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);

20
apps/ecparam.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -357,24 +357,24 @@ int ecparam_main(int argc, char **argv)
" BIGNUM *tmp_3 = NULL;\n"
"\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof (ec_p_%d), NULL)) == NULL)\n"
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof (ec_a_%d), NULL)) == NULL)\n"
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof (ec_b_%d), NULL)) == NULL)\n"
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
" goto err;\n"
"\n");
BIO_printf(out, " /* build generator */\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof (ec_gen_%d), tmp_1)) == NULL)\n"
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
BIO_printf(out, " if (point == NULL)\n"
" goto err;\n");
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof (ec_order_%d), tmp_2)) == NULL)\n"
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof (ec_cofactor_%d), tmp_3)) == NULL)\n"
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
" goto err;\n"
@@ -393,6 +393,9 @@ int ecparam_main(int argc, char **argv)
"}\n");
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
@@ -428,6 +431,9 @@ int ecparam_main(int argc, char **argv)
goto end;
}
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) {
BIO_printf(bio_err, "unable to generate key\n");
EC_KEY_free(eckey);

28
apps/enc.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -96,7 +96,7 @@ int enc_main(int argc, char **argv)
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
char *infile = NULL, *outfile = NULL, *prog;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
char mbuf[sizeof magic - 1];
char mbuf[sizeof(magic) - 1];
OPTION_CHOICE o;
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
int enc = 1, printkey = 0, i, k;
@@ -218,7 +218,7 @@ int enc_main(int argc, char **argv)
in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
if (in == NULL)
goto opthelp;
i = BIO_gets(in, buf, sizeof buf);
i = BIO_gets(in, buf, sizeof(buf));
BIO_free(in);
in = NULL;
if (i <= 0) {
@@ -257,6 +257,10 @@ int enc_main(int argc, char **argv)
break;
}
}
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
@@ -311,7 +315,7 @@ int enc_main(int argc, char **argv)
for (;;) {
char prompt[200];
BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:",
BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
@@ -398,31 +402,31 @@ int enc_main(int argc, char **argv)
else {
if (enc) {
if (hsalt) {
if (!set_hex(hsalt, salt, sizeof salt)) {
if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
} else if (RAND_bytes(salt, sizeof salt) <= 0)
} else if (RAND_bytes(salt, sizeof(salt)) <= 0)
goto end;
/*
* If -P option then don't bother writing
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1
sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
sizeof salt) != sizeof salt)) {
sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
} else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
} else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio,
(unsigned char *)salt,
sizeof salt) != sizeof salt) {
sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
} else if (memcmp(mbuf, magic, sizeof magic - 1)) {
} else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
@@ -449,7 +453,7 @@ int enc_main(int argc, char **argv)
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, sizeof iv)) {
} else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}

1
apps/engine.c
View File

@@ -311,6 +311,7 @@ int engine_main(int argc, char **argv)
break;
case OPT_TT:
test_avail_noise++;
/* fall thru */
case OPT_T:
test_avail++;
break;

2
apps/errstr.c
View File

@@ -58,7 +58,7 @@ int errstr_main(int argc, char **argv)
*/
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
ERR_error_string_n(l, buf, sizeof buf);
ERR_error_string_n(l, buf, sizeof(buf));
BIO_printf(bio_out, "%s\n", buf);
}
}

16
apps/genrsa.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -78,6 +78,7 @@ int genrsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -110,11 +111,16 @@ int genrsa_main(int argc, char **argv)
}
argc = opt_num_rest();
argv = opt_rest();
if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0)
goto end;
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
private = 1;
if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
goto end;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;

7
apps/ocsp.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -639,7 +639,6 @@ int ocsp_main(int argc, char **argv)
OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
ret = 0;
goto end;
}
@@ -1074,7 +1073,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
*pcbio = cbio;
/* Read the request line. */
len = BIO_gets(cbio, reqbuf, sizeof reqbuf);
len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
if (len <= 0)
return 1;
if (strncmp(reqbuf, "GET ", 4) == 0) {
@@ -1116,7 +1115,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
/* Read and skip past the headers. */
for (;;) {
len = BIO_gets(cbio, inbuf, sizeof inbuf);
len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0)
return 1;
if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))

26
apps/openssl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,8 +69,8 @@ static int apps_startup()
#endif
/* Set non-default library initialisation settings */
if (!OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN
| OPENSSL_INIT_LOAD_CONFIG, NULL))
if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
| OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0;
#ifndef OPENSSL_NO_UI
@@ -154,8 +154,13 @@ int main(int argc, char *argv[])
#endif
}
if (!apps_startup())
if (!apps_startup()) {
BIO_printf(bio_err,
"FATAL: Startup failure (dev note: apps_startup() failed)\n");
ERR_print_errors(bio_err);
ret = 1;
goto end;
}
prog = prog_init();
pname = opt_progname(argv[0]);
@@ -183,7 +188,7 @@ int main(int argc, char *argv[])
for (;;) {
ret = 0;
/* Read a line, continue reading if line ends with \ */
for (p = buf, n = sizeof buf, i = 0, first = 1; n > 0; first = 0) {
for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) {
prompt = first ? "OpenSSL> " : "> ";
p[0] = '\0';
#ifndef READLINE
@@ -329,6 +334,7 @@ int list_main(int argc, char **argv)
switch (o) {
case OPT_EOF: /* Never hit, but suppresses warning */
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
case OPT_HELP:
@@ -358,12 +364,14 @@ int list_main(int argc, char **argv)
}
done = 1;
}
if (!done) {
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
if (!done)
goto opthelp;
return 0;
}

20
apps/opt.c
View File

@@ -60,10 +60,10 @@ char *opt_progname(const char *argv0)
n -= 4;
/* Copy over the name, in lowercase. */
if (n > sizeof prog - 1)
n = sizeof prog - 1;
if (n > sizeof(prog) - 1)
n = sizeof(prog) - 1;
for (q = prog, i = 0; i < n; i++, p++)
*q++ = isupper(*p) ? tolower(*p) : *p;
*q++ = tolower((unsigned char)*p);
*q = '\0';
return prog;
}
@@ -82,9 +82,9 @@ char *opt_progname(const char *argv0)
}
q = strrchr(p, '.');
strncpy(prog, p, sizeof prog - 1);
prog[sizeof prog - 1] = '\0';
if (q != NULL && q - p < sizeof prog)
strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof(prog) - 1] = '\0';
if (q != NULL && q - p < sizeof(prog))
prog[q - p] = '\0';
return prog;
}
@@ -101,8 +101,8 @@ char *opt_progname(const char *argv0)
p++;
break;
}
strncpy(prog, p, sizeof prog - 1);
prog[sizeof prog - 1] = '\0';
strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof(prog) - 1] = '\0';
return prog;
}
#endif
@@ -840,7 +840,7 @@ void opt_help(const OPTIONS *list)
i += 1 + strlen(valtype2param(o));
if (i < MAX_OPT_HELP_WIDTH && i > width)
width = i;
assert(i < (int)sizeof start);
assert(i < (int)sizeof(start));
}
if (standard_prolog)
@@ -857,7 +857,7 @@ void opt_help(const OPTIONS *list)
/* Pad out prefix */
memset(start, ' ', sizeof(start) - 1);
start[sizeof start - 1] = '\0';
start[sizeof(start) - 1] = '\0';
if (o->name == OPT_MORE_STR) {
/* Continuation of previous line; pad and print. */

60
apps/passwd.c
View File

@@ -79,9 +79,9 @@ int passwd_main(int argc, char **argv)
char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
OPTION_CHOICE o;
int in_stdin = 0, pw_source_defined = 0;
#ifndef OPENSSL_NO_UI
# ifndef OPENSSL_NO_UI
int in_noverify = 0;
#endif
# endif
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0;
size_t passwd_malloc_size = 0, pw_maxlen = 256;
@@ -105,9 +105,9 @@ int passwd_main(int argc, char **argv)
pw_source_defined = 1;
break;
case OPT_NOVERIFY:
#ifndef OPENSSL_NO_UI
# ifndef OPENSSL_NO_UI
in_noverify = 1;
#endif
# endif
break;
case OPT_QUIET:
quiet = 1;
@@ -198,26 +198,31 @@ int passwd_main(int argc, char **argv)
}
if ((in == NULL) && (passwds == NULL)) {
/*
* we use the following method to make sure what
* in the 'else' section is always compiled, to
* avoid rot of not-frequently-used code.
*/
if (1) {
#ifndef OPENSSL_NO_UI
# ifndef OPENSSL_NO_UI
/* build a null-terminated list */
static char *passwds_static[2] = { NULL, NULL };
passwds = passwds_static;
if (in == NULL)
if (in == NULL) {
if (EVP_read_pw_string
(passwd_malloc, passwd_malloc_size, "Password: ",
!(passed_salt || in_noverify)) != 0)
goto end;
}
passwds[0] = passwd_malloc;
} else {
#endif
# endif
BIO_printf(bio_err, "password required\n");
goto end;
}
}
if (in == NULL) {
assert(passwds != NULL);
assert(*passwds != NULL);
@@ -228,11 +233,9 @@ int passwd_main(int argc, char **argv)
quiet, table, reverse, pw_maxlen, usecrypt, use1,
useapr1))
goto end;
}
while (*passwds != NULL);
} else
} while (*passwds != NULL);
} else {
/* in != NULL */
{
int done;
assert(passwd != NULL);
@@ -240,13 +243,13 @@ int passwd_main(int argc, char **argv)
int r = BIO_gets(in, passwd, pw_maxlen + 1);
if (r > 0) {
char *c = (strchr(passwd, '\n'));
if (c != NULL)
if (c != NULL) {
*c = 0; /* truncate at newline */
else {
} else {
/* ignore rest of line */
char trash[BUFSIZ];
do
r = BIO_gets(in, trash, sizeof trash);
r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n')));
}
@@ -256,8 +259,7 @@ int passwd_main(int argc, char **argv)
goto end;
}
done = (r <= 0);
}
while (!done);
} while (!done);
}
ret = 0;
@@ -298,9 +300,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
if (magic_len > 4) /* assert it's "1" or "apr1" */
return NULL;
OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
OPENSSL_strlcat(out_buf, salt, sizeof out_buf);
OPENSSL_strlcat(out_buf, magic, sizeof(out_buf));
OPENSSL_strlcat(out_buf, "$", sizeof(out_buf));
OPENSSL_strlcat(out_buf, salt, sizeof(out_buf));
if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
return NULL;
@@ -330,8 +332,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|| !EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
for (i = passwd_len; i > sizeof buf; i -= sizeof buf) {
if (!EVP_DigestUpdate(md, buf, sizeof buf))
for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) {
if (!EVP_DigestUpdate(md, buf, sizeof(buf)))
goto err;
}
if (!EVP_DigestUpdate(md, buf, i))
@@ -351,7 +353,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
goto err;
if (!EVP_DigestUpdate(md2,
(i & 1) ? (unsigned const char *)passwd : buf,
(i & 1) ? passwd_len : sizeof buf))
(i & 1) ? passwd_len : sizeof(buf)))
goto err;
if (i % 3) {
if (!EVP_DigestUpdate(md2, salt_out, salt_len))
@@ -363,7 +365,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
}
if (!EVP_DigestUpdate(md2,
(i & 1) ? buf : (unsigned const char *)passwd,
(i & 1) ? sizeof buf : passwd_len))
(i & 1) ? sizeof(buf) : passwd_len))
goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
@@ -375,7 +377,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{
/* transform buf into output string */
unsigned char buf_perm[sizeof buf];
unsigned char buf_perm[sizeof(buf)];
int dest, source;
char *output;
@@ -387,7 +389,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */
assert(16 == sizeof buf_perm);
assert(16 == sizeof(buf_perm));
# endif
output = salt_out + salt_len;
@@ -433,9 +435,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (!passed_salt) {
# ifndef OPENSSL_NO_DES
if (usecrypt) {
if (*salt_malloc_p == NULL) {
if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(3, "salt buffer");
}
if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
goto end;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
@@ -452,9 +453,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (use1 || useapr1) {
int i;
if (*salt_malloc_p == NULL) {
if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(9, "salt buffer");
}
if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
goto end;

10
apps/pkcs12.c
View File

@@ -323,7 +323,7 @@ int pkcs12_main(int argc, char **argv)
if (1) {
#ifndef OPENSSL_NO_UI
if (EVP_read_pw_string
(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
(macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
@@ -440,7 +440,7 @@ int pkcs12_main(int argc, char **argv)
if (!noprompt) {
if (1) {
#ifndef OPENSSL_NO_UI
if (EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
@@ -453,7 +453,7 @@ int pkcs12_main(int argc, char **argv)
}
if (!twopass)
OPENSSL_strlcpy(macpass, pass, sizeof macpass);
OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
p12 = PKCS12_create(cpass, name, key, ucert, certs,
key_pbe, cert_pbe, iter, -1, keytype);
@@ -506,7 +506,7 @@ int pkcs12_main(int argc, char **argv)
if (!noprompt) {
if (1) {
#ifndef OPENSSL_NO_UI
if (EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
@@ -519,7 +519,7 @@ int pkcs12_main(int argc, char **argv)
}
if (!twopass)
OPENSSL_strlcpy(macpass, pass, sizeof macpass);
OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && PKCS12_mac_present(p12)) {
const ASN1_INTEGER *tmaciter;

4
apps/pkcs8.c
View File

@@ -238,7 +238,7 @@ int pkcs8_main(int argc, char **argv)
#ifndef OPENSSL_NO_UI
p8pass = pass;
if (EVP_read_pw_string
(pass, sizeof pass, "Enter Encryption Password:", 1)) {
(pass, sizeof(pass), "Enter Encryption Password:", 1)) {
X509_ALGOR_free(pbe);
goto end;
}
@@ -300,7 +300,7 @@ int pkcs8_main(int argc, char **argv)
else if (1) {
#ifndef OPENSSL_NO_UI
p8pass = pass;
if (EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0)) {
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}

43
apps/pkeyutl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -81,8 +81,7 @@ int pkeyutl_main(int argc, char **argv)
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
OPTION_CHOICE o;
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform =
FORMAT_PEM;
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0;
int ret = 1, rv = -1;
@@ -193,10 +192,18 @@ int pkeyutl_main(int argc, char **argv)
goto opthelp;
if (kdfalg != NULL) {
if (kdflen == 0)
if (kdflen == 0) {
BIO_printf(bio_err,
"%s: no KDF length given (-kdflen parameter).\n", prog);
goto opthelp;
} else if ((inkey == NULL)
|| (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) {
}
} else if (inkey == NULL) {
BIO_printf(bio_err,
"%s: no private key given (-inkey parameter).\n", prog);
goto opthelp;
} else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_printf(bio_err,
"%s: no peer key given (-peerkey parameter).\n", prog);
goto opthelp;
}
ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
@@ -219,7 +226,8 @@ int pkeyutl_main(int argc, char **argv)
const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(ctx, opt) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter:\n", prog);
BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
prog, opt);
ERR_print_errors(bio_err);
goto end;
}
@@ -307,7 +315,11 @@ int pkeyutl_main(int argc, char **argv)
buf_in, (size_t)buf_inlen);
}
if (rv <= 0) {
BIO_puts(bio_err, "Public Key operation error\n");
if (pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_puts(bio_err, "Public Key operation error\n");
} else {
BIO_puts(bio_err, "Key derivation failed\n");
}
ERR_print_errors(bio_err);
goto end;
}
@@ -383,8 +395,15 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
if (kdfalg) {
int kdfnid = OBJ_sn2nid(kdfalg);
if (kdfnid == NID_undef)
goto end;
if (kdfnid == NID_undef) {
kdfnid = OBJ_ln2nid(kdfalg);
if (kdfnid == NID_undef) {
BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
kdfalg);
goto end;
}
}
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
} else {
if (pkey == NULL)
@@ -435,10 +454,10 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
}
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE* e)
ENGINE *e)
{
EVP_PKEY *peer = NULL;
ENGINE* engine = NULL;
ENGINE *engine = NULL;
int ret;
if (peerform == FORMAT_ENGINE)

12
apps/prime.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -43,6 +43,7 @@ int prime_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -69,9 +70,14 @@ int prime_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
if (argc == 0 && !generate) {
if (generate) {
if (argc != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
} else if (argc == 0) {
BIO_printf(bio_err, "%s: No prime specified\n", prog);
goto end;
goto opthelp;
}
if (generate) {

418
apps/progs.h
View File

@@ -1,418 +0,0 @@
/*
* WARNING: do not edit!
* Generated by apps/progs.pl
*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
typedef enum FUNC_TYPE {
FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
FT_md_alg, FT_cipher_alg
} FUNC_TYPE;
typedef struct function_st {
FUNC_TYPE type;
const char *name;
int (*func)(int argc, char *argv[]);
const OPTIONS *help;
} FUNCTION;
DEFINE_LHASH_OF(FUNCTION);
extern int asn1parse_main(int argc, char *argv[]);
extern int ca_main(int argc, char *argv[]);
extern int ciphers_main(int argc, char *argv[]);
extern int cms_main(int argc, char *argv[]);
extern int crl_main(int argc, char *argv[]);
extern int crl2pkcs7_main(int argc, char *argv[]);
extern int dgst_main(int argc, char *argv[]);
extern int dhparam_main(int argc, char *argv[]);
extern int dsa_main(int argc, char *argv[]);
extern int dsaparam_main(int argc, char *argv[]);
extern int ec_main(int argc, char *argv[]);
extern int ecparam_main(int argc, char *argv[]);
extern int enc_main(int argc, char *argv[]);
extern int engine_main(int argc, char *argv[]);
extern int errstr_main(int argc, char *argv[]);
extern int exit_main(int argc, char *argv[]);
extern int gendsa_main(int argc, char *argv[]);
extern int genpkey_main(int argc, char *argv[]);
extern int genrsa_main(int argc, char *argv[]);
extern int help_main(int argc, char *argv[]);
extern int list_main(int argc, char *argv[]);
extern int nseq_main(int argc, char *argv[]);
extern int ocsp_main(int argc, char *argv[]);
extern int passwd_main(int argc, char *argv[]);
extern int pkcs12_main(int argc, char *argv[]);
extern int pkcs7_main(int argc, char *argv[]);
extern int pkcs8_main(int argc, char *argv[]);
extern int pkey_main(int argc, char *argv[]);
extern int pkeyparam_main(int argc, char *argv[]);
extern int pkeyutl_main(int argc, char *argv[]);
extern int prime_main(int argc, char *argv[]);
extern int rand_main(int argc, char *argv[]);
extern int rehash_main(int argc, char *argv[]);
extern int req_main(int argc, char *argv[]);
extern int rsa_main(int argc, char *argv[]);
extern int rsautl_main(int argc, char *argv[]);
extern int s_client_main(int argc, char *argv[]);
extern int s_server_main(int argc, char *argv[]);
extern int s_time_main(int argc, char *argv[]);
extern int sess_id_main(int argc, char *argv[]);
extern int smime_main(int argc, char *argv[]);
extern int speed_main(int argc, char *argv[]);
extern int spkac_main(int argc, char *argv[]);
extern int srp_main(int argc, char *argv[]);
extern int ts_main(int argc, char *argv[]);
extern int verify_main(int argc, char *argv[]);
extern int version_main(int argc, char *argv[]);
extern int x509_main(int argc, char *argv[]);
extern OPTIONS asn1parse_options[];
extern OPTIONS ca_options[];
extern OPTIONS ciphers_options[];
extern OPTIONS cms_options[];
extern OPTIONS crl_options[];
extern OPTIONS crl2pkcs7_options[];
extern OPTIONS dgst_options[];
extern OPTIONS dhparam_options[];
extern OPTIONS dsa_options[];
extern OPTIONS dsaparam_options[];
extern OPTIONS ec_options[];
extern OPTIONS ecparam_options[];
extern OPTIONS enc_options[];
extern OPTIONS engine_options[];
extern OPTIONS errstr_options[];
extern OPTIONS exit_options[];
extern OPTIONS gendsa_options[];
extern OPTIONS genpkey_options[];
extern OPTIONS genrsa_options[];
extern OPTIONS help_options[];
extern OPTIONS list_options[];
extern OPTIONS nseq_options[];
extern OPTIONS ocsp_options[];
extern OPTIONS passwd_options[];
extern OPTIONS pkcs12_options[];
extern OPTIONS pkcs7_options[];
extern OPTIONS pkcs8_options[];
extern OPTIONS pkey_options[];
extern OPTIONS pkeyparam_options[];
extern OPTIONS pkeyutl_options[];
extern OPTIONS prime_options[];
extern OPTIONS rand_options[];
extern OPTIONS rehash_options[];
extern OPTIONS req_options[];
extern OPTIONS rsa_options[];
extern OPTIONS rsautl_options[];
extern OPTIONS s_client_options[];
extern OPTIONS s_server_options[];
extern OPTIONS s_time_options[];
extern OPTIONS sess_id_options[];
extern OPTIONS smime_options[];
extern OPTIONS speed_options[];
extern OPTIONS spkac_options[];
extern OPTIONS srp_options[];
extern OPTIONS ts_options[];
extern OPTIONS verify_options[];
extern OPTIONS version_options[];
extern OPTIONS x509_options[];
#ifdef INCLUDE_FUNCTION_TABLE
static FUNCTION functions[] = {
{ FT_general, "asn1parse", asn1parse_main, asn1parse_options },
{ FT_general, "ca", ca_main, ca_options },
#ifndef OPENSSL_NO_SOCK
{ FT_general, "ciphers", ciphers_main, ciphers_options },
#endif
#ifndef OPENSSL_NO_CMS
{ FT_general, "cms", cms_main, cms_options },
#endif
{ FT_general, "crl", crl_main, crl_options },
{ FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options },
{ FT_general, "dgst", dgst_main, dgst_options },
#ifndef OPENSSL_NO_DH
{ FT_general, "dhparam", dhparam_main, dhparam_options },
#endif
#ifndef OPENSSL_NO_DSA
{ FT_general, "dsa", dsa_main, dsa_options },
#endif
#ifndef OPENSSL_NO_DSA
{ FT_general, "dsaparam", dsaparam_main, dsaparam_options },
#endif
#ifndef OPENSSL_NO_EC
{ FT_general, "ec", ec_main, ec_options },
#endif
#ifndef OPENSSL_NO_EC
{ FT_general, "ecparam", ecparam_main, ecparam_options },
#endif
{ FT_general, "enc", enc_main, enc_options },
#ifndef OPENSSL_NO_ENGINE
{ FT_general, "engine", engine_main, engine_options },
#endif
{ FT_general, "errstr", errstr_main, errstr_options },
{ FT_general, "exit", exit_main, exit_options },
#ifndef OPENSSL_NO_DSA
{ FT_general, "gendsa", gendsa_main, gendsa_options },
#endif
{ FT_general, "genpkey", genpkey_main, genpkey_options },
#ifndef OPENSSL_NO_RSA
{ FT_general, "genrsa", genrsa_main, genrsa_options },
#endif
{ FT_general, "help", help_main, help_options },
{ FT_general, "list", list_main, list_options },
{ FT_general, "nseq", nseq_main, nseq_options },
#ifndef OPENSSL_NO_OCSP
{ FT_general, "ocsp", ocsp_main, ocsp_options },
#endif
{ FT_general, "passwd", passwd_main, passwd_options },
#ifndef OPENSSL_NO_DES
{ FT_general, "pkcs12", pkcs12_main, pkcs12_options },
#endif
{ FT_general, "pkcs7", pkcs7_main, pkcs7_options },
{ FT_general, "pkcs8", pkcs8_main, pkcs8_options },
{ FT_general, "pkey", pkey_main, pkey_options },
{ FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options },
{ FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options },
{ FT_general, "prime", prime_main, prime_options },
{ FT_general, "rand", rand_main, rand_options },
{ FT_general, "rehash", rehash_main, rehash_options },
{ FT_general, "req", req_main, req_options },
{ FT_general, "rsa", rsa_main, rsa_options },
#ifndef OPENSSL_NO_RSA
{ FT_general, "rsautl", rsautl_main, rsautl_options },
#endif
#ifndef OPENSSL_NO_SOCK
{ FT_general, "s_client", s_client_main, s_client_options },
#endif
#ifndef OPENSSL_NO_SOCK
{ FT_general, "s_server", s_server_main, s_server_options },
#endif
#ifndef OPENSSL_NO_SOCK
{ FT_general, "s_time", s_time_main, s_time_options },
#endif
{ FT_general, "sess_id", sess_id_main, sess_id_options },
{ FT_general, "smime", smime_main, smime_options },
{ FT_general, "speed", speed_main, speed_options },
{ FT_general, "spkac", spkac_main, spkac_options },
#ifndef OPENSSL_NO_SRP
{ FT_general, "srp", srp_main, srp_options },
#endif
#ifndef OPENSSL_NO_TS
{ FT_general, "ts", ts_main, ts_options },
#endif
{ FT_general, "verify", verify_main, verify_options },
{ FT_general, "version", version_main, version_options },
{ FT_general, "x509", x509_main, x509_options },
#ifndef OPENSSL_NO_MD2
{ FT_md, "md2", dgst_main},
#endif
#ifndef OPENSSL_NO_MD4
{ FT_md, "md4", dgst_main},
#endif
{ FT_md, "md5", dgst_main},
#ifndef OPENSSL_NO_GOST
{ FT_md, "gost", dgst_main},
#endif
{ FT_md, "sha1", dgst_main},
{ FT_md, "sha224", dgst_main},
{ FT_md, "sha256", dgst_main},
{ FT_md, "sha384", dgst_main},
{ FT_md, "sha512", dgst_main},
#ifndef OPENSSL_NO_MDC2
{ FT_md, "mdc2", dgst_main},
#endif
#ifndef OPENSSL_NO_RMD160
{ FT_md, "rmd160", dgst_main},
#endif
#ifndef OPENSSL_NO_BLAKE2
{ FT_md, "blake2b512", dgst_main},
#endif
#ifndef OPENSSL_NO_BLAKE2
{ FT_md, "blake2s256", dgst_main},
#endif
{ FT_cipher, "aes-128-cbc", enc_main, enc_options },
{ FT_cipher, "aes-128-ecb", enc_main, enc_options },
{ FT_cipher, "aes-192-cbc", enc_main, enc_options },
{ FT_cipher, "aes-192-ecb", enc_main, enc_options },
{ FT_cipher, "aes-256-cbc", enc_main, enc_options },
{ FT_cipher, "aes-256-ecb", enc_main, enc_options },
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-128-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-128-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-192-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-192-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-256-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-256-ecb", enc_main, enc_options },
#endif
{ FT_cipher, "base64", enc_main, enc_options },
#ifdef ZLIB
{ FT_cipher, "zlib", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des3", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "desx", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC4
{ FT_cipher, "rc4", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC4
{ FT_cipher, "rc4-40", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-64-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-40-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-ofb", enc_main, enc_options },
#endif
{ 0, NULL, NULL}
};
#endif

19
apps/progs.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -11,13 +11,22 @@
use strict;
use warnings;
use configdata qw/@disablables/;
use lib '.';
use configdata qw/@disablables %unified_info/;
my %commands = ();
my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
foreach my $filename (@ARGV) {
open F, $filename or die "Coudn't open $_: $!\n";
my $apps_openssl = shift @ARGV;
# because the program apps/openssl has object files as sources, and
# they then have the corresponding C files as source, we need to chain
# the lookups in %unified_info
my @openssl_source =
map { @{$unified_info{sources}->{$_}} }
@{$unified_info{sources}->{$apps_openssl}};
foreach my $filename (@openssl_source) {
open F, $filename or die "Couldn't open $filename: $!\n";
foreach (grep /$cmdre/, <F>) {
my @foo = /$cmdre/;
$commands{$1} = 1;
@@ -32,7 +41,7 @@ print <<'EOF';
* WARNING: do not edit!
* Generated by apps/progs.pl
*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

12
apps/rand.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -76,9 +76,13 @@ int rand_main(int argc, char **argv)
}
argc = opt_num_rest();
argv = opt_rest();
if (argc != 1 || !opt_int(argv[0], &num) || num < 0)
if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0)
goto end;
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
@@ -102,7 +106,7 @@ int rand_main(int argc, char **argv)
chunk = num;
if (chunk > (int)sizeof(buf))
chunk = sizeof buf;
chunk = sizeof(buf);
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto end;

22
apps/rehash.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -130,9 +130,10 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
for (ep = bp->first_entry; ep; ep = ep->next) {
if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
BIO_printf(bio_err,
"%s: skipping duplicate %s in %s\n", opt_getprog(),
"%s: warning: skipping duplicate %s in %s\n",
opt_getprog(),
type == TYPE_CERT ? "certificate" : "CRL", filename);
return 1;
return 0;
}
if (strcmp(filename, ep->filename) == 0) {
found = ep;
@@ -144,7 +145,7 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
if (ep == NULL) {
if (bp->num_needed >= MAX_COLLISIONS) {
BIO_printf(bio_err,
"%s: hash table overflow for %s\n",
"%s: error: hash table overflow for %s\n",
opt_getprog(), filename);
return 1;
}
@@ -235,7 +236,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
/* Does it have X.509 data in it? */
if ((b = BIO_new_file(fullpath, "r")) == NULL) {
BIO_printf(bio_err, "%s: skipping %s, cannot open file\n",
BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n",
opt_getprog(), filename);
errs++;
goto end;
@@ -247,7 +248,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
if (sk_X509_INFO_num(inf) != 1) {
BIO_printf(bio_err,
"%s: skipping %s,"
"%s: warning: skipping %s,"
"it does not contain exactly one certificate or CRL\n",
opt_getprog(), filename);
/* This is not an error. */
@@ -305,7 +306,7 @@ static int massage_filename(char *name)
if (q != NULL) {
for (q++; *q != '\0'; q++) {
if (!isdigit(*q))
if (!isdigit((unsigned char)*q))
return 1;
}
}
@@ -502,13 +503,14 @@ int rehash_main(int argc, char **argv)
if (*argv) {
while (*argv)
errs += do_dir(*argv++, h);
} else if ((env = getenv("SSL_CERT_DIR")) != NULL) {
} else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
m = OPENSSL_strdup(env);
for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":"))
for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
errs += do_dir(e, h);
OPENSSL_free(m);
} else {
errs += do_dir("/etc/ssl/certs", h);
errs += do_dir(X509_get_default_cert_dir(), h);
}
end:

36
apps/req.c
View File

@@ -973,7 +973,7 @@ static int prompt_info(X509_REQ *req,
/* If OBJ not recognised ignore it */
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start;
if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name)
if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
@@ -984,19 +984,19 @@ static int prompt_info(X509_REQ *req,
def = "";
}
BIO_snprintf(buf, sizeof buf, "%s_value", v->name);
BIO_snprintf(buf, sizeof(buf), "%s_value", v->name);
if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error();
value = NULL;
}
BIO_snprintf(buf, sizeof buf, "%s_min", v->name);
BIO_snprintf(buf, sizeof(buf), "%s_min", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
BIO_snprintf(buf, sizeof buf, "%s_max", v->name);
BIO_snprintf(buf, sizeof(buf), "%s_max", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
@@ -1032,7 +1032,7 @@ static int prompt_info(X509_REQ *req,
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start2;
if (BIO_snprintf(buf, sizeof buf, "%s_default", type)
if (BIO_snprintf(buf, sizeof(buf), "%s_default", type)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
@@ -1044,20 +1044,20 @@ static int prompt_info(X509_REQ *req,
def = "";
}
BIO_snprintf(buf, sizeof buf, "%s_value", type);
BIO_snprintf(buf, sizeof(buf), "%s_value", type);
if ((value = NCONF_get_string(req_conf, attr_sect, buf))
== NULL) {
ERR_clear_error();
value = NULL;
}
BIO_snprintf(buf, sizeof buf, "%s_min", type);
BIO_snprintf(buf, sizeof(buf), "%s_min", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
BIO_snprintf(buf, sizeof buf, "%s_max", type);
BIO_snprintf(buf, sizeof(buf), "%s_max", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
@@ -1155,13 +1155,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
OPENSSL_strlcpy(buf, value, sizeof buf);
OPENSSL_strlcat(buf, "\n", sizeof buf);
OPENSSL_strlcpy(buf, value, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
if (!fgets(buf, sizeof buf, stdin))
if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
@@ -1174,8 +1174,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
OPENSSL_strlcpy(buf, def, sizeof buf);
OPENSSL_strlcat(buf, "\n", sizeof buf);
OPENSSL_strlcpy(buf, def, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);
@@ -1214,13 +1214,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
OPENSSL_strlcpy(buf, value, sizeof buf);
OPENSSL_strlcat(buf, "\n", sizeof buf);
OPENSSL_strlcpy(buf, value, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
if (!fgets(buf, sizeof buf, stdin))
if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
@@ -1233,8 +1233,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
OPENSSL_strlcpy(buf, def, sizeof buf);
OPENSSL_strlcat(buf, "\n", sizeof buf);
OPENSSL_strlcpy(buf, def, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);

4
apps/rsa.c
View File

@@ -215,7 +215,7 @@ int rsa_main(int argc, char **argv)
}
if (check) {
int r = RSA_check_key(rsa);
int r = RSA_check_key_ex(rsa, NULL);
if (r == 1)
BIO_printf(out, "RSA key ok\n");
@@ -224,7 +224,7 @@ int rsa_main(int argc, char **argv)
while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX &&
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
BIO_printf(out, "RSA key error: %s\n",
ERR_reason_error_string(err));

51
apps/s_client.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -593,7 +593,8 @@ OPTIONS s_client_options[] = {
"Disable name checks when matching DANE-EE(3) TLSA records"},
{"reconnect", OPT_RECONNECT, '-',
"Drop and re-make the connection with the same Session-ID"},
{"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"},
{"showcerts", OPT_SHOWCERTS, '-',
"Show all certificates sent by the server"},
{"debug", OPT_DEBUG, '-', "Extra output"},
{"msg", OPT_MSG, '-', "Show protocol messages"},
{"msgfile", OPT_MSGFILE, '>',
@@ -1370,11 +1371,13 @@ int s_client_main(int argc, char **argv)
}
}
#ifdef AF_UNIX
if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
BIO_printf(bio_err,
"Can't use unix sockets and datagrams together\n");
goto end;
}
#endif
if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
BIO_printf(bio_err, "Bad split send fragment size\n");
@@ -1484,6 +1487,9 @@ int s_client_main(int argc, char **argv)
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
@@ -1493,9 +1499,11 @@ int s_client_main(int argc, char **argv)
}
}
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
if (max_version != 0
&& SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end;
if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
@@ -1518,9 +1526,6 @@ int s_client_main(int argc, char **argv)
SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
}
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download)) {
BIO_printf(bio_err, "Error loading store locations\n");
@@ -2110,8 +2115,7 @@ int s_client_main(int argc, char **argv)
FD_ZERO(&readfds);
FD_ZERO(&writefds);
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
@@ -2231,10 +2235,8 @@ int s_client_main(int argc, char **argv)
}
}
if ((SSL_version(con) == DTLS1_VERSION)
&& DTLSv1_handle_timeout(con) > 0) {
if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0)
BIO_printf(bio_err, "TIMEOUT occurred\n");
}
if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len);
@@ -2459,7 +2461,7 @@ int s_client_main(int argc, char **argv)
if (in_init)
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
#if defined(OPENSSL_SYS_WINDOWS)
/*
* Give the socket time to send its last data before we close it.
* No amount of setting SO_LINGER etc on the socket seems to persuade
@@ -2467,8 +2469,23 @@ int s_client_main(int argc, char **argv)
* for a short time seems to do it (units in ms)
* TODO: Find a better way to do this
*/
#if defined(OPENSSL_SYS_WINDOWS)
Sleep(50);
#elif defined(OPENSSL_SYS_CYGWIN)
usleep(50000);
#endif
/*
* If we ended with an alert being sent, but still with data in the
* network buffer to be read, then calling BIO_closesocket() will
* result in a TCP-RST being sent. On some platforms (notably
* Windows) then this will result in the peer immediately abandoning
* the connection including any buffered alert data before it has
* had a chance to be read. Shutting down the sending side first,
* and then closing the socket sends TCP-FIN first followed by
* TCP-RST. This seems to allow the peer to read the alert data.
*/
shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
BIO_closesocket(SSL_get_fd(con));
end:
if (con != NULL) {
@@ -2534,10 +2551,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, "---\nCertificate chain\n");
for (i = 0; i < sk_X509_num(sk); i++) {
X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
buf, sizeof buf);
buf, sizeof(buf));
BIO_printf(bio, "%2d s:%s\n", i, buf);
X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
buf, sizeof buf);
buf, sizeof(buf));
BIO_printf(bio, " i:%s\n", buf);
if (c_showcerts)
PEM_write_bio_X509(bio, sk_X509_value(sk, i));
@@ -2552,9 +2569,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
/* Redundant if we showed the whole chain */
if (!(c_showcerts && got_a_chain))
PEM_write_bio_X509(bio, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio, "issuer=%s\n", buf);
} else
BIO_printf(bio, "no peer certificate available\n");

52
apps/s_server.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -704,13 +704,14 @@ OPTIONS s_server_options[] = {
"PEM serverinfo file for certificate"},
{"certform", OPT_CERTFORM, 'F',
"Certificate format (PEM or DER) PEM default"},
{"key", OPT_KEY, '<',
{"key", OPT_KEY, 's',
"Private Key if not in -cert; default is " TEST_CERT},
{"keyform", OPT_KEYFORM, 'f',
"Key format (PEM, DER or ENGINE) PEM default"},
{"pass", OPT_PASS, 's', "Private key file pass phrase source"},
{"dcert", OPT_DCERT, '<',
"Second certificate file to use (usually for DSA)"},
{"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
{"dcertform", OPT_DCERTFORM, 'F',
"Second certificate format (PEM or DER) PEM default"},
{"dkey", OPT_DKEY, '<',
@@ -1614,6 +1615,10 @@ int s_server_main(int argc, char *argv[])
}
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
@@ -1622,9 +1627,11 @@ int s_server_main(int argc, char *argv[])
goto end;
}
}
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
if (max_version != 0
&& SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end;
if (session_id_prefix) {
@@ -1686,8 +1693,6 @@ int s_server_main(int argc, char *argv[])
}
ssl_ctx_add_crls(ctx, crls, 0);
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download)) {
@@ -1852,7 +1857,7 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx,
(void *)&s_server_session_id_context,
sizeof s_server_session_id_context)) {
sizeof(s_server_session_id_context))) {
BIO_printf(bio_err, "error setting session id context\n");
ERR_print_errors(bio_err);
goto end;
@@ -1866,7 +1871,7 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx2,
(void *)&s_server_session_id_context,
sizeof s_server_session_id_context)) {
sizeof(s_server_session_id_context))) {
BIO_printf(bio_err, "error setting session id context\n");
ERR_print_errors(bio_err);
goto end;
@@ -2007,9 +2012,7 @@ static int sv_body(int s, int stype, unsigned char *context)
SSL *con = NULL;
BIO *sbio;
struct timeval timeout;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#else
#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS))
struct timeval *timeoutp;
#endif
@@ -2144,26 +2147,23 @@ static int sv_body(int s, int stype, unsigned char *context)
* second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient.
*/
tv.tv_sec = 1;
tv.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &tv);
timeout.tv_sec = 1;
timeout.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &timeout);
if (has_stdin_waiting())
read_from_terminal = 1;
if ((i < 0) || (!i && !read_from_terminal))
continue;
#else
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
if ((SSL_version(con) == DTLS1_VERSION)
&& DTLSv1_handle_timeout(con) > 0) {
if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0)
BIO_printf(bio_err, "TIMEOUT occurred\n");
}
if (i <= 0)
continue;
@@ -2534,15 +2534,15 @@ static int init_ssl_connection(SSL *con)
if (peer != NULL) {
BIO_printf(bio_s_out, "Client certificate\n");
PEM_write_bio_X509(bio_s_out, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "issuer=%s\n", buf);
X509_free(peer);
peer = NULL;
}
if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con);
@@ -2574,6 +2574,9 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out, "Reused session-id\n");
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION))
BIO_printf(bio_s_out, "Renegotiation is DISABLED\n");
if (keymatexportlabel != NULL) {
BIO_printf(bio_s_out, "Keying material exporter:\n");
BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
@@ -2853,9 +2856,10 @@ static int www_body(int s, int stype, unsigned char *context)
PEM_write_bio_X509(io, peer);
X509_free(peer);
peer = NULL;
} else
} else {
BIO_puts(io, "no client certificate available\n");
BIO_puts(io, "</BODY></HTML>\r\n\r\n");
}
BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break;
} else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) {

58
apps/s_socket.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -136,6 +136,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
int sock;
int i;
BIO_ADDRINFO *res = NULL;
const BIO_ADDRINFO *next;
int sock_family, sock_type, sock_protocol;
const BIO_ADDR *sock_address;
int sock_options = BIO_SOCK_REUSEADDR;
int ret = 0;
if (!BIO_sock_init())
@@ -151,10 +155,29 @@ int do_server(int *accept_sock, const char *host, const char *port,
OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
&& (type == 0 || type == BIO_ADDRINFO_socktype(res)));
asock = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res),
BIO_ADDRINFO_protocol(res), 0);
sock_family = BIO_ADDRINFO_family(res);
sock_type = BIO_ADDRINFO_socktype(res);
sock_protocol = BIO_ADDRINFO_protocol(res);
sock_address = BIO_ADDRINFO_address(res);
next = BIO_ADDRINFO_next(res);
if (sock_family == AF_INET6)
sock_options |= BIO_SOCK_V6_ONLY;
if (next != NULL
&& BIO_ADDRINFO_socktype(next) == sock_type
&& BIO_ADDRINFO_protocol(next) == sock_protocol) {
if (sock_family == AF_INET
&& BIO_ADDRINFO_family(next) == AF_INET6) {
sock_family = AF_INET6;
sock_address = BIO_ADDRINFO_address(next);
} else if (sock_family == AF_INET6
&& BIO_ADDRINFO_family(next) == AF_INET) {
sock_options &= ~BIO_SOCK_V6_ONLY;
}
}
asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
if (asock == INVALID_SOCKET
|| !BIO_listen(asock, BIO_ADDRINFO_address(res), BIO_SOCK_REUSEADDR)) {
|| !BIO_listen(asock, sock_address, sock_options)) {
BIO_ADDRINFO_free(res);
ERR_print_errors(bio_err);
if (asock != INVALID_SOCKET)
@@ -171,13 +194,38 @@ int do_server(int *accept_sock, const char *host, const char *port,
if (type == SOCK_STREAM) {
do {
sock = BIO_accept_ex(asock, NULL, 0);
} while (sock < 0 && BIO_sock_should_retry(ret));
} while (sock < 0 && BIO_sock_should_retry(sock));
if (sock < 0) {
ERR_print_errors(bio_err);
BIO_closesocket(asock);
break;
}
i = (*cb)(sock, type, context);
/*
* Give the socket time to send its last data before we close it.
* No amount of setting SO_LINGER etc on the socket seems to
* persuade Windows to send the data before closing the socket...
* but sleeping for a short time seems to do it (units in ms)
* TODO: Find a better way to do this
*/
#if defined(OPENSSL_SYS_WINDOWS)
Sleep(50);
#elif defined(OPENSSL_SYS_CYGWIN)
usleep(50000);
#endif
/*
* If we ended with an alert being sent, but still with data in the
* network buffer to be read, then calling BIO_closesocket() will
* result in a TCP-RST being sent. On some platforms (notably
* Windows) then this will result in the peer immediately abandoning
* the connection including any buffered alert data before it has
* had a chance to be read. Shutting down the sending side first,
* and then closing the socket sends TCP-FIN first followed by
* TCP-RST. This seems to allow the peer to read the alert data.
*/
shutdown(sock, 1); /* SHUT_WR */
BIO_closesocket(sock);
} else {
i = (*cb)(asock, type, context);

83
apps/s_time.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,8 +7,6 @@
* https://www.openssl.org/source/license.html
*/
#define NO_SHUTDOWN
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -28,22 +26,8 @@
# include OPENSSL_UNISTD
#endif
#undef ioctl
#define ioctl ioctlsocket
#define SSL_CONNECT_NAME "localhost:4433"
/* no default cert. */
/*
* #define TEST_CERT "client.pem"
*/
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
#define max(a,b) (((a) > (b)) ? (a) : (b))
#undef SECONDS
#define SECONDS 30
#define SECONDSSTR "30"
@@ -185,21 +169,20 @@ int s_time_main(int argc, char **argv)
if (cipher == NULL)
cipher = getenv("SSL_CIPHER");
if (cipher == NULL) {
if (cipher == NULL)
BIO_printf(bio_err, "No CIPHER specified\n");
goto end;
}
if ((ctx = SSL_CTX_new(meth)) == NULL)
goto end;
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_quiet_shutdown(ctx, 1);
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end;
if (st_bugs)
SSL_CTX_set_options(ctx, SSL_OP_ALL);
if (!SSL_CTX_set_cipher_list(ctx, cipher))
if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher))
goto end;
if (!set_cert_stuff(ctx, certfile, keyfile))
goto end;
@@ -225,18 +208,14 @@ int s_time_main(int argc, char **argv)
goto end;
if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof buf,
buf_len = BIO_snprintf(buf, sizeof(buf),
fmt_http_get_cmd, www_path);
if (SSL_write(scon, buf, buf_len) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
BIO_closesocket(SSL_get_fd(scon));
nConn += 1;
@@ -283,18 +262,14 @@ int s_time_main(int argc, char **argv)
}
if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof buf,
buf_len = BIO_snprintf(buf, sizeof(buf),
fmt_http_get_cmd, www_path);
if (SSL_write(scon, buf, buf_len) <= 0)
goto end;
while (SSL_read(scon, buf, sizeof(buf)) > 0)
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
continue;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
BIO_closesocket(SSL_get_fd(scon));
nConn = 0;
@@ -314,18 +289,14 @@ int s_time_main(int argc, char **argv)
goto end;
if (www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
www_path);
if (SSL_write(scon, buf, strlen(buf)) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
BIO_closesocket(SSL_get_fd(scon));
nConn += 1;
@@ -367,13 +338,13 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
{
BIO *conn;
SSL *serverCon;
int width, i;
fd_set readfds;
int i;
if ((conn = BIO_new(BIO_s_connect())) == NULL)
return (NULL);
return NULL;
BIO_set_conn_hostname(conn, host);
BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
if (scon == NULL)
serverCon = SSL_new(ctx);
@@ -385,26 +356,7 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
SSL_set_bio(serverCon, conn, conn);
/* ok, lets connect */
for (;;) {
i = SSL_connect(serverCon);
if (BIO_sock_should_retry(i)) {
BIO_printf(bio_err, "DELAY\n");
i = SSL_get_fd(serverCon);
width = i + 1;
FD_ZERO(&readfds);
openssl_fdset(i, &readfds);
/*
* Note: under VMS with SOCKETSHR the 2nd parameter is currently
* of type (int *) whereas under other systems it is (void *) if
* you don't have a cast it will choke the compiler: if you do
* have a cast then you can either go for (int *) or (void *).
*/
select(width, (void *)&readfds, NULL, NULL, NULL);
continue;
}
break;
}
i = SSL_connect(serverCon);
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
if (verify_args.error != X509_V_OK)
@@ -417,6 +369,17 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
return NULL;
}
#if defined(SOL_SOCKET) && defined(SO_LINGER)
{
struct linger no_linger;
no_linger.l_onoff = 1;
no_linger.l_linger = 0;
(void) setsockopt(SSL_get_fd(serverCon), SOL_SOCKET, SO_LINGER,
(char*)&no_linger, sizeof(no_linger));
}
#endif
return serverCon;
}
#endif /* OPENSSL_NO_SOCK */

248
apps/speed.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -129,13 +129,6 @@
#define BUFSIZE (1024*16+1)
#define MAX_MISALIGNMENT 63
#define ALGOR_NUM 30
#define SIZE_NUM 6
#define PRIME_NUM 3
#define RSA_NUM 7
#define DSA_NUM 3
#define EC_NUM 17
#define MAX_ECDH_SIZE 256
#define MISALIGN 64
@@ -144,37 +137,6 @@ static volatile int run = 0;
static int mr = 0;
static int usertime = 1;
typedef void *(*kdf_fn) (
const void *in, size_t inlen, void *out, size_t *xoutlen);
typedef struct loopargs_st {
ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx;
unsigned char *buf;
unsigned char *buf2;
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned int siglen;
#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsa_key[DSA_NUM];
#endif
#ifndef OPENSSL_NO_EC
EC_KEY *ecdsa[EC_NUM];
EC_KEY *ecdh_a[EC_NUM];
EC_KEY *ecdh_b[EC_NUM];
unsigned char *secret_a;
unsigned char *secret_b;
size_t outlen;
kdf_fn kdf;
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
GCM128_CONTEXT *gcm_ctx;
} loopargs_t;
#ifndef OPENSSL_NO_MD2
static int EVP_Digest_MD2_loop(void *args);
#endif
@@ -227,7 +189,6 @@ static int ECDSA_sign_loop(void *args);
static int ECDSA_verify_loop(void *args);
static int ECDH_compute_key_loop(void *args);
#endif
static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs);
static double Time_F(int s);
static void print_message(const char *s, long num, int length);
@@ -238,32 +199,10 @@ static void print_result(int alg, int run_no, int count, double time_used);
static int do_multi(int multi);
#endif
static const char *names[ALGOR_NUM] = {
"md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
"des cbc", "des ede3", "idea cbc", "seed cbc",
"rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
"aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
"camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
"evp", "sha256", "sha512", "whirlpool",
"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
};
static double results[ALGOR_NUM][SIZE_NUM];
static const int lengths[SIZE_NUM] = {
static const int lengths[] = {
16, 64, 256, 1024, 8 * 1024, 16 * 1024
};
#ifndef OPENSSL_NO_RSA
static double rsa_results[RSA_NUM][2];
#endif
#ifndef OPENSSL_NO_DSA
static double dsa_results[DSA_NUM][2];
#endif
#ifndef OPENSSL_NO_EC
static double ecdsa_results[EC_NUM][2];
static double ecdh_results[EC_NUM][1];
#endif
#define SIZE_NUM OSSL_NELEM(lengths)
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
static const char rnd_seed[] =
@@ -293,7 +232,8 @@ static SIGRETTYPE sig_done(int sig)
# if !defined(SIGALRM)
# define SIGALRM
# endif
static unsigned int lapse, schlock;
static unsigned int lapse;
static volatile unsigned int schlock;
static void alarm_win32(unsigned int secs)
{
lapse = secs * 1000;
@@ -347,9 +287,14 @@ static double Time_F(int s)
static void multiblock_speed(const EVP_CIPHER *evp_cipher);
static int found(const char *name, const OPT_PAIR *pairs, int *result)
#define found(value, pairs, result)\
opt_found(value, result, pairs, OSSL_NELEM(pairs))
static int opt_found(const char *name, unsigned int *result,
const OPT_PAIR pairs[], unsigned int nbelem)
{
for (; pairs->name; pairs++)
unsigned int idx;
for (idx = 0; idx < nbelem; ++idx, pairs++)
if (strcmp(name, pairs->name) == 0) {
*result = pairs->retval;
return 1;
@@ -386,7 +331,7 @@ OPTIONS speed_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL},
{NULL}
};
#define D_MD2 0
@@ -419,7 +364,19 @@ OPTIONS speed_options[] = {
#define D_IGE_192_AES 27
#define D_IGE_256_AES 28
#define D_GHASH 29
static OPT_PAIR doit_choices[] = {
/* name of algorithms to test */
static const char *names[] = {
"md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
"des cbc", "des ede3", "idea cbc", "seed cbc",
"rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
"aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
"camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
"evp", "sha256", "sha512", "whirlpool",
"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
};
#define ALGOR_NUM OSSL_NELEM(names)
/* list of configured algorithm (remaining) */
static const OPT_PAIR doit_choices[] = {
#ifndef OPENSSL_NO_MD2
{"md2", D_MD2},
#endif
@@ -483,21 +440,24 @@ static OPT_PAIR doit_choices[] = {
{"cast", D_CBC_CAST},
{"cast5", D_CBC_CAST},
#endif
{"ghash", D_GHASH},
{NULL}
{"ghash", D_GHASH}
};
static double results[ALGOR_NUM][SIZE_NUM];
#ifndef OPENSSL_NO_DSA
# define R_DSA_512 0
# define R_DSA_1024 1
# define R_DSA_2048 2
static OPT_PAIR dsa_choices[] = {
static const OPT_PAIR dsa_choices[] = {
{"dsa512", R_DSA_512},
{"dsa1024", R_DSA_1024},
{"dsa2048", R_DSA_2048},
{NULL},
{"dsa2048", R_DSA_2048}
};
#endif
# define DSA_NUM OSSL_NELEM(dsa_choices)
static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
#endif /* OPENSSL_NO_DSA */
#define R_RSA_512 0
#define R_RSA_1024 1
@@ -506,16 +466,18 @@ static OPT_PAIR dsa_choices[] = {
#define R_RSA_4096 4
#define R_RSA_7680 5
#define R_RSA_15360 6
static OPT_PAIR rsa_choices[] = {
static const OPT_PAIR rsa_choices[] = {
{"rsa512", R_RSA_512},
{"rsa1024", R_RSA_1024},
{"rsa2048", R_RSA_2048},
{"rsa3072", R_RSA_3072},
{"rsa4096", R_RSA_4096},
{"rsa7680", R_RSA_7680},
{"rsa15360", R_RSA_15360},
{NULL}
{"rsa15360", R_RSA_15360}
};
# define RSA_NUM OSSL_NELEM(rsa_choices)
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
#define R_EC_P160 0
#define R_EC_P192 1
@@ -535,7 +497,7 @@ static OPT_PAIR rsa_choices[] = {
#define R_EC_B571 15
#define R_EC_X25519 16
#ifndef OPENSSL_NO_EC
static OPT_PAIR ecdsa_choices[] = {
static const OPT_PAIR ecdsa_choices[] = {
{"ecdsap160", R_EC_P160},
{"ecdsap192", R_EC_P192},
{"ecdsap224", R_EC_P224},
@@ -551,11 +513,13 @@ static OPT_PAIR ecdsa_choices[] = {
{"ecdsab233", R_EC_B233},
{"ecdsab283", R_EC_B283},
{"ecdsab409", R_EC_B409},
{"ecdsab571", R_EC_B571},
{NULL}
{"ecdsab571", R_EC_B571}
};
# define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
static OPT_PAIR ecdh_choices[] = {
static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
static const OPT_PAIR ecdh_choices[] = {
{"ecdhp160", R_EC_P160},
{"ecdhp192", R_EC_P192},
{"ecdhp224", R_EC_P224},
@@ -575,7 +539,10 @@ static OPT_PAIR ecdh_choices[] = {
{"ecdhx25519", R_EC_X25519},
{NULL}
};
#endif
# define EC_NUM OSSL_NELEM(ecdh_choices)
static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
#endif /* OPENSSL_NO_EC */
#ifndef SIGALRM
# define COND(d) (count < (d))
@@ -585,7 +552,40 @@ static OPT_PAIR ecdh_choices[] = {
# define COUNT(d) (count)
#endif /* SIGALRM */
static int testnum;
static unsigned int testnum;
typedef void *(*kdf_fn) (const void *in, size_t inlen, void *out,
size_t *xoutlen);
typedef struct loopargs_st {
ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx;
unsigned char *buf;
unsigned char *buf2;
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned int siglen;
#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsa_key[DSA_NUM];
#endif
#ifndef OPENSSL_NO_EC
EC_KEY *ecdsa[ECDSA_NUM];
EC_KEY *ecdh_a[EC_NUM];
EC_KEY *ecdh_b[EC_NUM];
unsigned char *secret_a;
unsigned char *secret_b;
size_t outlen;
kdf_fn kdf;
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
GCM128_CONTEXT *gcm_ctx;
} loopargs_t;
static int run_benchmark(int async_jobs, int (*loop_function) (void *),
loopargs_t * loopargs);
/* Nb of iterations to do per algorithm and key-size */
static long c[ALGOR_NUM][SIZE_NUM];
@@ -994,7 +994,7 @@ static int DSA_verify_loop(void *args)
#endif
#ifndef OPENSSL_NO_EC
static long ecdsa_c[EC_NUM][2];
static long ecdsa_c[ECDSA_NUM][2];
static int ECDSA_sign_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
@@ -1221,21 +1221,19 @@ int speed_main(int argc, char **argv)
{
ENGINE *e = NULL;
loopargs_t *loopargs = NULL;
int async_init = 0;
int loopargs_len = 0;
char *prog;
const char *prog;
const char *engine_id = NULL;
const EVP_CIPHER *evp_cipher = NULL;
double d = 0.0;
OPTION_CHOICE o;
int multiblock = 0, pr_header = 0;
int async_init = 0, multiblock = 0, pr_header = 0;
int doit[ALGOR_NUM] = { 0 };
int ret = 1, i, k, misalign = 0;
int ret = 1, misalign = 0;
long count = 0;
unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0;
#ifndef NO_FORK
int multi = 0;
#endif
unsigned int async_jobs = 0;
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_EC)
long rsa_count = 1;
@@ -1323,7 +1321,7 @@ int speed_main(int argc, char **argv)
/*
* We only test over the following curves as they are representative, To
* add tests over more curves, simply add the curve NID and curve name to
* the following arrays and increase the EC_NUM value accordingly.
* the following arrays and increase the |ecdh_choices| list accordingly.
*/
static const unsigned int test_curves[EC_NUM] = {
/* Prime Curves */
@@ -1358,7 +1356,7 @@ int speed_main(int argc, char **argv)
571, 253 /* X25519 */
};
int ecdsa_doit[EC_NUM] = { 0 };
int ecdsa_doit[ECDSA_NUM] = { 0 };
int ecdh_doit[EC_NUM] = { 0 };
#endif /* ndef OPENSSL_NO_EC */
@@ -1378,6 +1376,7 @@ int speed_main(int argc, char **argv)
usertime = 0;
break;
case OPT_EVP:
evp_md = NULL;
evp_cipher = EVP_get_cipherbyname(opt_arg());
if (evp_cipher == NULL)
evp_md = EVP_get_digestbyname(opt_arg());
@@ -1415,9 +1414,7 @@ int speed_main(int argc, char **argv)
goto opterr;
}
if (async_jobs > 99999) {
BIO_printf(bio_err,
"%s: too many async_jobs\n",
prog);
BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
goto opterr;
}
#endif
@@ -1465,17 +1462,11 @@ int speed_main(int argc, char **argv)
continue;
}
#ifndef OPENSSL_NO_RSA
# ifndef RSA_NULL
if (strcmp(*argv, "openssl") == 0) {
RSA_set_default_method(RSA_PKCS1_OpenSSL());
if (strcmp(*argv, "openssl") == 0)
continue;
}
# endif
if (strcmp(*argv, "rsa") == 0) {
rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] =
rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] =
rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] =
rsa_doit[R_RSA_15360] = 1;
for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
rsa_doit[loop] = 1;
continue;
}
if (found(*argv, rsa_choices, &i)) {
@@ -1508,8 +1499,8 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_EC
if (strcmp(*argv, "ecdsa") == 0) {
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
ecdsa_doit[loop] = 1;
continue;
}
if (found(*argv, ecdsa_choices, &i)) {
@@ -1517,8 +1508,8 @@ int speed_main(int argc, char **argv)
continue;
}
if (strcmp(*argv, "ecdh") == 0) {
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
ecdh_doit[loop] = 1;
continue;
}
if (found(*argv, ecdh_choices, &i)) {
@@ -1585,10 +1576,10 @@ int speed_main(int argc, char **argv)
dsa_doit[i] = 1;
#endif
#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
ecdsa_doit[loop] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
ecdh_doit[loop] = 1;
#endif
}
for (i = 0; i < ALGOR_NUM; i++)
@@ -1851,6 +1842,8 @@ int speed_main(int argc, char **argv)
}
}
}
/* default iteration count for the last EC Curve */
ecdh_c[R_EC_X25519][0] = count / 1800;
# endif
# else
@@ -2403,7 +2396,7 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_DSA
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
RAND_seed(rnd_seed, sizeof(rnd_seed));
}
for (testnum = 0; testnum < DSA_NUM; testnum++) {
int st = 0;
@@ -2471,9 +2464,9 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_EC
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
RAND_seed(rnd_seed, sizeof(rnd_seed));
}
for (testnum = 0; testnum < EC_NUM; testnum++) {
for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
int st = 1;
if (!ecdsa_doit[testnum])
@@ -2555,7 +2548,7 @@ int speed_main(int argc, char **argv)
}
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
RAND_seed(rnd_seed, sizeof(rnd_seed));
}
for (testnum = 0; testnum < EC_NUM; testnum++) {
int ecdh_checks = 1;
@@ -2585,7 +2578,7 @@ int speed_main(int argc, char **argv)
ecdh_checks = 0;
rsa_count = 1;
} else {
int secret_size_a, secret_size_b;
int secret_size_a, secret_size_b, j;
/*
* If field size is not more than 24 octets, then use SHA-1
* hash of result; otherwise, use result (see section 4.8 of
@@ -2614,8 +2607,8 @@ int speed_main(int argc, char **argv)
else
ecdh_checks = 1;
for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) {
if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k])
for (j = 0; j < secret_size_a && ecdh_checks == 1; j++) {
if (loopargs[i].secret_a[j] != loopargs[i].secret_b[j])
ecdh_checks = 0;
}
@@ -2645,7 +2638,7 @@ int speed_main(int argc, char **argv)
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
for (testnum++; testnum < EC_NUM; testnum++)
for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++)
ecdh_doit[testnum] = 0;
}
}
@@ -2694,7 +2687,7 @@ int speed_main(int argc, char **argv)
if (!doit[k])
continue;
if (mr)
printf("+F:%d:%s", k, names[k]);
printf("+F:%u:%s", k, names[k]);
else
printf("%-13s", names[k]);
for (testnum = 0; testnum < SIZE_NUM; testnum++) {
@@ -2743,7 +2736,7 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_EC
testnum = 1;
for (k = 0; k < EC_NUM; k++) {
for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
if (!ecdsa_doit[k])
continue;
if (testnum && !mr) {
@@ -2801,8 +2794,9 @@ int speed_main(int argc, char **argv)
DSA_free(loopargs[i].dsa_key[k]);
#endif
#ifndef OPENSSL_NO_EC
for (k = 0; k < EC_NUM; k++) {
for (k = 0; k < ECDSA_NUM; k++)
EC_KEY_free(loopargs[i].ecdsa[k]);
for (k = 0; k < EC_NUM; k++) {
EC_KEY_free(loopargs[i].ecdh_a[k]);
EC_KEY_free(loopargs[i].ecdh_b[k]);
}
@@ -2878,7 +2872,7 @@ static char *sstrsep(char **string, const char *delim)
if (**string == 0)
return NULL;
memset(isdelim, 0, sizeof isdelim);
memset(isdelim, 0, sizeof(isdelim));
isdelim[0] = 1;
while (*delim) {
@@ -2939,7 +2933,7 @@ static int do_multi(int multi)
char *p;
f = fdopen(fds[n], "r");
while (fgets(buf, sizeof buf, f)) {
while (fgets(buf, sizeof(buf), f)) {
p = strchr(buf, '\n');
if (p)
*p = '\0';
@@ -2951,7 +2945,7 @@ static int do_multi(int multi)
printf("Got: %s from %d\n", buf, n);
if (strncmp(buf, "+F:", 3) == 0) {
int alg;
int j;
unsigned int j;
p = buf + 3;
alg = atoi(sstrsep(&p, sep));

19
apps/spkac.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -116,19 +116,22 @@ int spkac_main(int argc, char **argv)
goto end;
}
if (keyfile) {
if (keyfile != NULL) {
pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key");
if (!pkey) {
if (pkey == NULL)
goto end;
}
spki = NETSCAPE_SPKI_new();
if (challenge)
if (spki == NULL)
goto end;
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (spkstr == NULL)
goto end;
out = bio_open_default(outfile, 'w', FORMAT_TEXT);
if (out == NULL) {
@@ -154,7 +157,7 @@ int spkac_main(int argc, char **argv)
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if (!spki) {
if (spki == NULL) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
goto end;
@@ -169,9 +172,9 @@ int spkac_main(int argc, char **argv)
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0)
if (i > 0) {
BIO_printf(bio_err, "Signature OK\n");
else {
} else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
goto end;

23
apps/srp.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -293,11 +293,12 @@ int srp_main(int argc, char **argv)
"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
goto opthelp;
}
if ((mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD)
&& argc < 1) {
BIO_printf(bio_err,
"Need at least one user for options -add, -delete, -modify. \n");
goto opthelp;
if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) {
if (argc == 0) {
BIO_printf(bio_err, "Need at least one user.\n");
goto opthelp;
}
user = *argv++;
}
if ((passinarg || passoutarg) && argc != 1) {
BIO_printf(bio_err,
@@ -391,10 +392,7 @@ int srp_main(int argc, char **argv)
if (verbose > 1)
BIO_printf(bio_err, "Starting user processing\n");
if (argc > 0)
user = *(argv++);
while (mode == OPT_LIST || user) {
while (mode == OPT_LIST || user != NULL) {
int userindex = -1;
if (user != NULL && verbose > 1)
@@ -557,9 +555,8 @@ int srp_main(int argc, char **argv)
doupdatedb = 1;
}
}
if (--argc > 0) {
user = *(argv++);
} else {
user = *argv++;
if (user == NULL) {
/* no more processing in any mode if no users left */
break;
}

1
apps/tsget.in
View File

@@ -198,4 +198,3 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
WWW::Curl::Easy::global_cleanup();

4
apps/verify.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file,
X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
X509_STORE_CTX_free(csc);
printf("error %s: X.509 store context initialization failed\n",
(file == NULL) ? "stdin" : file);
goto end;
@@ -282,6 +283,7 @@ static int cb(int ok, X509_STORE_CTX *ctx)
switch (cert_error) {
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(ctx);
/* fall thru */
case X509_V_ERR_CERT_HAS_EXPIRED:
/*

9
apps/version.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -61,6 +61,7 @@ int version_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -89,10 +90,14 @@ int version_main(int argc, char **argv)
dirty = version = 1;
break;
case OPT_A:
cflags = version = date = platform = dir = engdir = 1;
options = cflags = version = date = platform = dir = engdir = 1;
break;
}
}
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra parameters given.\n");
goto opthelp;
}
if (!dirty)
version = 1;

12
apps/vms_term_sock.c
View File

@@ -143,7 +143,7 @@ int main (int argc, char *argv[], char *envp[])
** Process the terminal input
*/
LogMessage ("Waiting on terminal I/O ...\n");
len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ;
len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ;
TermBuff[len] = '\0';
LogMessage ("Received terminal I/O [%s]", TermBuff);
@@ -209,7 +209,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket)
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 2,
sizeof(TerminalDeviceBuff) - 2,
0, 0, 0, 0);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
@@ -317,7 +317,7 @@ static int CreateSocketPair (int SocketFamily,
/*
** Initialize the socket information
*/
slen = sizeof (sin);
slen = sizeof(sin);
memset ((char *) &sin, 0, slen);
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
@@ -434,12 +434,12 @@ static int CreateSocketPair (int SocketFamily,
/*
** Now issue the connect
*/
memset ((char *) &sin, 0, sizeof (sin)) ;
memset ((char *) &sin, 0, sizeof(sin)) ;
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
sin.sin_port = LocalHostPort ;
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin));
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin));
if (status < 0 ) {
LogMessage ("CreateSocketPair: connect () - %d", errno);
sys$cantim (&sptb, 0);
@@ -528,7 +528,7 @@ static int TerminalDeviceAst (int astparm)
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 1,
sizeof(TerminalDeviceBuff) - 1,
0, 0, 0, 0);
/*

20
apps/x509.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -123,7 +123,7 @@ OPTIONS x509_options[] = {
{"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},
{"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
{"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
{"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"},
{"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
{"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
@@ -450,10 +450,6 @@ int x509_main(int argc, char **argv)
if (!nmflag_set)
nmflag = XN_FLAG_ONELINE;
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (need_rand)
app_RAND_load_file(NULL, 0);
@@ -579,10 +575,12 @@ int x509_main(int argc, char **argv)
goto end;
}
if (!noout || text || next_serial) {
OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
}
if (!noout || text || next_serial)
OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
if (alias)
X509_alias_set1(x, (unsigned char *)alias, -1);
@@ -726,11 +724,11 @@ int x509_main(int argc, char **argv)
char *m;
int len;
X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf);
X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
BIO_printf(out, "/*\n"
" * Subject: %s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf);
X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof(buf));
BIO_printf(out, " * Issuer: %s\n"
" */\n", buf);

2
appveyor.yml
View File

@@ -41,5 +41,5 @@ test_script:
- cd _build
- nmake test
- mkdir ..\_install
- nmake install install_docs DESTDIR=..\_install
- nmake install DESTDIR=..\_install
- cd ..

8
config.com
View File

@@ -1,5 +1,5 @@
$ ! OpenSSL config: determine the architecture and run Configure
$ ! Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
$ ! Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
$ !
$ ! Licensed under the OpenSSL license (the "License"). You may not use
$ ! this file except in compliance with the License. You can obtain a
@@ -73,7 +73,7 @@ $ collected_args = collected_args + " --debug"
$ P = ""
$ ENDIF
$ IF P .NES. "" THEN -
collected_args = collected_args + " " + P1
collected_args = collected_args + " """ + P1 + """"
$ P1 = P2
$ P2 = P3
$ P3 = P4
@@ -87,7 +87,7 @@ $ ENDLOOP1:
$
$ target = "vms-''arch'''pointer_size'"
$ IF verbose THEN -
WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""''collected_args'"
WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""",collected_args
$ IF .not. dryrun THEN -
PERL 'here'Configure "''target'" 'debug' 'collected_args'
PERL 'here'Configure "''target'"'collected_args'
$ EXIT $STATUS

14
crypto/aes/asm/aes-armv4.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -200,10 +200,10 @@ AES_encrypt:
#ifndef __thumb2__
sub r3,pc,#8 @ AES_encrypt
#else
adr r3,AES_encrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $tbl,AES_Te
#else
sub $tbl,r3,#AES_encrypt-AES_Te @ Te
@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key:
#ifndef __thumb2__
sub r3,pc,#8 @ AES_set_encrypt_key
#else
adr r3,AES_set_encrypt_key
adr r3,.
#endif
teq r0,#0
#ifdef __thumb2__
@@ -481,7 +481,7 @@ _armv4_AES_set_encrypt_key:
mov lr,r1 @ bits
mov $key,r2 @ key
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $tbl,AES_Te+1024 @ Te4
#else
sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
@@ -976,10 +976,10 @@ AES_decrypt:
#ifndef __thumb2__
sub r3,pc,#8 @ AES_decrypt
#else
adr r3,AES_decrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $tbl,AES_Td
#else
sub $tbl,r3,#AES_decrypt-AES_Td @ Td

21
crypto/aes/asm/aes-s390x.pl
View File

@@ -813,7 +813,7 @@ _s390x_AES_set_encrypt_key:
.Lproceed:
___
$code.=<<___ if (!$softonly);
# convert bits to km code, [128,192,256]->[18,19,20]
# convert bits to km(c) code, [128,192,256]->[18,19,20]
lhi %r5,-128
lhi %r0,18
ar %r5,$bits
@@ -821,13 +821,10 @@ $code.=<<___ if (!$softonly);
ar %r5,%r0
larl %r1,OPENSSL_s390xcap_P
lg %r0,0(%r1)
tmhl %r0,0x4000 # check for message-security assist
jz .Lekey_internal
llihh %r0,0x8000
srlg %r0,%r0,0(%r5)
ng %r0,48(%r1) # check kmc capability vector
ng %r0,32(%r1) # check availability of both km...
ng %r0,48(%r1) # ...and kmc support for given key length
jz .Lekey_internal
lmg %r0,%r1,0($inp) # just copy 128 bits...
@@ -842,7 +839,7 @@ $code.=<<___ if (!$softonly);
stg %r1,24($key)
1: st $bits,236($key) # save bits [for debugging purposes]
lgr $t0,%r5
st %r5,240($key) # save km code
st %r5,240($key) # save km(c) code
lghi %r2,0
br %r14
___
@@ -1439,12 +1436,7 @@ $code.=<<___ if (!$softonly);
.Lctr32_hw_switch:
___
$code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower
larl $s0,OPENSSL_s390xcap_P
lg $s0,8($s0)
tmhh $s0,0x0004 # check for message_security-assist-4
jz .Lctr32_km_loop
$code.=<<___ if (!$softonly && 0);# kmctr code was measured to be ~12% slower
llgfr $s0,%r0
lgr $s1,%r1
larl %r1,OPENSSL_s390xcap_P
@@ -1488,7 +1480,7 @@ $code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower
br $ra
.align 16
___
$code.=<<___;
$code.=<<___ if (!$softonly);
.Lctr32_km_loop:
la $s2,16($sp)
lgr $s3,$fp
@@ -2227,7 +2219,6 @@ ___
}
$code.=<<___;
.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
.comm OPENSSL_s390xcap_P,80,8
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;

7
crypto/aes/asm/aesni-sha1-x86_64.pl
View File

@@ -34,6 +34,8 @@
# Haswell 4.43[+3.6(4.2)] 8.00(8.58) 4.55(5.21) +75%(+65%)
# Skylake 2.63[+3.5(4.1)] 6.17(6.69) 4.23(4.44) +46%(+51%)
# Bulldozer 5.77[+6.0] 11.72 6.37 +84%
# Ryzen(**) 2.71[+1.93] 4.64 2.74 +69%
# Goldmont(**) 3.82[+1.70] 5.52 4.20 +31%
#
# AES-192-CBC
# Westmere 4.51 9.81 6.80 +44%
@@ -47,13 +49,16 @@
# Sandy Bridge 7.05 12.06(13.15) 7.12(7.72) +69%(+70%)
# Ivy Bridge 7.05 11.65 7.12 +64%
# Haswell 6.19 9.76(10.34) 6.21(6.25) +57%(+65%)
# Skylake 3.62 7.16(7.68) 4.56(4.76) +57%(+61$)
# Skylake 3.62 7.16(7.68) 4.56(4.76) +57%(+61%)
# Bulldozer 8.00 13.95 8.25 +69%
# Ryzen(**) 3.71 5.64 3.72 +52%
# Goldmont(**) 5.35 7.05 5.76 +22%
#
# (*) There are two code paths: SSSE3 and AVX. See sha1-568.pl for
# background information. Above numbers in parentheses are SSSE3
# results collected on AVX-capable CPU, i.e. apply on OSes that
# don't support AVX.
# (**) SHAEXT results.
#
# Needless to mention that it makes no sense to implement "stitched"
# *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1

15
crypto/aes/asm/aesni-sha256-x86_64.pl
View File

@@ -28,18 +28,21 @@
# for standalone AESNI-CBC encrypt, standalone SHA256, and stitched
# subroutine:
#
# AES-128/-192/-256+SHA256 this(**)gain
# Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43%
# Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50%
# Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59%
# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40%
# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58%
# AES-128/-192/-256+SHA256 this(**) gain
# Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43%
# Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50%
# Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59%
# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40%
# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58%
# Ryzen(***) 2.71/-/3.71+2.05 2.74/-/3.73 +74%/-/54%
# Goldmont(***) 3.82/-/5.35+4.16 4.73/-/5.94 +69%/-/60%
#
# (*) there are XOP, AVX1 and AVX2 code paths, meaning that
# Westmere is omitted from loop, this is because gain was not
# estimated high enough to justify the effort;
# (**) these are EVP-free results, results obtained with 'speed
# -evp aes-256-cbc-hmac-sha256' will vary by percent or two;
# (***) these are SHAEXT results;
$flavour = shift;
$output = shift;

14
crypto/aes/asm/bsaes-armv7.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -744,9 +744,9 @@ $code.=<<___;
.type _bsaes_decrypt8,%function
.align 4
_bsaes_decrypt8:
adr $const,_bsaes_decrypt8
adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $const,.LM0ISR
#else
add $const,$const,#.LM0ISR-_bsaes_decrypt8
@@ -843,9 +843,9 @@ _bsaes_const:
.type _bsaes_encrypt8,%function
.align 4
_bsaes_encrypt8:
adr $const,_bsaes_encrypt8
adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $const,.LM0SR
#else
sub $const,$const,#_bsaes_encrypt8-.LM0SR
@@ -951,9 +951,9 @@ $code.=<<___;
.type _bsaes_key_convert,%function
.align 4
_bsaes_key_convert:
adr $const,_bsaes_key_convert
adr $const,.
vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key
#ifdef __APPLE__
#if defined(__thumb2__) || defined(__APPLE__)
adr $const,.LM0
#else
sub $const,$const,#_bsaes_key_convert-.LM0

4
crypto/arm_arch.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,7 +69,7 @@
# endif
# endif
# if !__ASSEMBLER__
# ifndef __ASSEMBLER__
extern unsigned int OPENSSL_armcap_P;
# endif

5
crypto/armcap.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,6 +13,7 @@
#include <setjmp.h>
#include <signal.h>
#include <openssl/crypto.h>
#include <internal/cryptlib.h>
#include "arm_arch.h"
@@ -69,7 +70,7 @@ static unsigned long (*getauxval) (unsigned long) = NULL;
# endif
/*
* ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP.
*/
# if defined(__arm__) || defined (__arm)

4
crypto/armv4cpuid.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -125,7 +125,7 @@ CRYPTO_memcmp:
ldmia sp!,{r4,r5}
.Lno_data:
neg r0,ip
rsb r0,ip,#0
mov r0,r0,lsr#31
#if __ARM_ARCH__>=5
bx lr

6
crypto/asn1/a_bitstr.c
View File

@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include <limits.h>
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
@@ -88,6 +89,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
goto err;
}
if (len > INT_MAX) {
i = ASN1_R_STRING_TOO_LONG;
goto err;
}
if ((a == NULL) || ((*a) == NULL)) {
if ((ret = ASN1_BIT_STRING_new()) == NULL)
return (NULL);

5
crypto/asn1/a_digest.c
View File

@@ -9,13 +9,10 @@
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
#include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/buffer.h>

3
crypto/asn1/a_i2d_fp.c
View File

@@ -38,6 +38,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
int i, j = 0, n, ret = 1;
n = i2d(x, NULL);
if (n <= 0)
return 0;
b = OPENSSL_malloc(n);
if (b == NULL) {
ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);

4
crypto/asn1/a_mbstr.c
View File

@@ -100,14 +100,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if ((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf);
return -1;
}
if ((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf);
return -1;
}

27
crypto/asn1/a_object.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -19,7 +19,7 @@
int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
{
unsigned char *p;
unsigned char *p, *allocated = NULL;
int objsize;
if ((a == NULL) || (a->data == NULL))
@@ -29,20 +29,31 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
if (pp == NULL || objsize == -1)
return objsize;
p = *pp;
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length);
p += a->length;
*pp = p;
return (objsize);
/*
* If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + a->length;
return objsize;
}
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
{
int i, first, len = 0, c, use_bn;
char ftmp[24], *tmp = ftmp;
int tmpsize = sizeof ftmp;
int tmpsize = sizeof(ftmp);
const char *p;
unsigned long l;
BIGNUM *bl = NULL;
@@ -177,7 +188,7 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
if ((a == NULL) || (a->data == NULL))
return (BIO_write(bp, "NULL", 4));
i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
if (i > (int)(sizeof(buf) - 1)) {
p = OPENSSL_malloc(i + 1);
if (p == NULL)

5
crypto/asn1/a_sign.c
View File

@@ -9,13 +9,10 @@
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
#include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>

100
crypto/asn1/a_strex.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -63,7 +63,7 @@ typedef int char_io (void *arg, const void *buf, int len);
* even 4 byte forms.
*/
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
char_io *io_ch, void *arg)
{
unsigned short chflgs;
@@ -73,13 +73,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
if (c > 0xffffffffL)
return -1;
if (c > 0xffff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
if (!io_ch(arg, tmphex, 10))
return -1;
return 10;
}
if (c > 0xff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
if (!io_ch(arg, tmphex, 6))
return -1;
return 6;
@@ -116,7 +116,7 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
* If we get this far and do any escaping at all must escape the escape
* character itself: backslash.
*/
if (chtmp == '\\' && flags & ESC_FLAGS) {
if (chtmp == '\\' && (flags & ESC_FLAGS)) {
if (!io_ch(arg, "\\\\", 2))
return -1;
return 2;
@@ -139,19 +139,40 @@ static int do_buf(unsigned char *buf, int buflen,
int type, unsigned short flags, char *quotes, char_io *io_ch,
void *arg)
{
int i, outlen, len;
int i, outlen, len, charwidth;
unsigned short orflags;
unsigned char *p, *q;
unsigned long c;
p = buf;
q = buf + buflen;
outlen = 0;
charwidth = type & BUF_TYPE_WIDTH_MASK;
switch (charwidth) {
case 4:
if (buflen & 3) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
return -1;
}
break;
case 2:
if (buflen & 1) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
return -1;
}
break;
default:
break;
}
while (p != q) {
if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
orflags = CHARTYPE_FIRST_ESC_2253;
else
orflags = 0;
switch (type & BUF_TYPE_WIDTH_MASK) {
switch (charwidth) {
case 4:
c = ((unsigned long)*p++) << 24;
c |= ((unsigned long)*p++) << 16;
@@ -172,6 +193,7 @@ static int do_buf(unsigned char *buf, int buflen,
i = UTF8_getc(p, buflen, &c);
if (i < 0)
return -1; /* Invalid UTF8String */
buflen -= i;
p += i;
break;
default:
@@ -182,7 +204,7 @@ static int do_buf(unsigned char *buf, int buflen,
if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
int utflen;
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
for (i = 0; i < utflen; i++) {
/*
* We don't need to worry about setting orflags correctly
@@ -190,17 +212,15 @@ static int do_buf(unsigned char *buf, int buflen,
* otherwise each character will be > 0x7f and so the
* character will never be escaped on first and last.
*/
len =
do_esc_char(utfbuf[i], (unsigned short)(flags | orflags),
quotes, io_ch, arg);
len = do_esc_char(utfbuf[i], flags | orflags, quotes,
io_ch, arg);
if (len < 0)
return -1;
outlen += len;
}
} else {
len =
do_esc_char(c, (unsigned short)(flags | orflags), quotes,
io_ch, arg);
len = do_esc_char(c, flags | orflags, quotes,
io_ch, arg);
if (len < 0)
return -1;
outlen += len;
@@ -479,7 +499,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
if (fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len;
if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp;
} else {
@@ -593,53 +613,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
*out = stmp.data;
return stmp.length;
}
/* Return 1 if host is a valid hostname and 0 otherwise */
int asn1_valid_host(const ASN1_STRING *host)
{
int hostlen = host->length;
const unsigned char *hostptr = host->data;
int type = host->type;
int i;
signed char width = -1;
unsigned short chflags = 0, prevchflags;
if (type > 0 && type < 31)
width = tag2nbyte[type];
if (width == -1 || hostlen == 0)
return 0;
/* Treat UTF8String as width 1 as any MSB set is invalid */
if (width == 0)
width = 1;
for (i = 0 ; i < hostlen; i+= width) {
prevchflags = chflags;
/* Value must be <= 0x7F: check upper bytes are all zeroes */
if (width == 4) {
if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0)
return 0;
} else if (width == 2) {
if (*hostptr++ != 0)
return 0;
}
if (*hostptr > 0x7f)
return 0;
chflags = char_type[*hostptr++];
if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) {
/* Nothing else allowed at start or end of string */
if (i == 0 || i == hostlen - 1)
return 0;
/* Otherwise invalid if not dot or hyphen */
if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)))
return 0;
/*
* If previous is dot or hyphen then illegal unless both
* are hyphens: as .- -. .. are all illegal
*/
if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)
&& ((prevchflags & CHARTYPE_HOST_DOT)
|| (chflags & CHARTYPE_HOST_DOT)))
return 0;
}
}
return 1;
}

3
crypto/asn1/a_strnid.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -214,6 +214,7 @@ static ASN1_STRING_TABLE *stable_get(int nid)
rv->mask = tmp->mask;
rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
} else {
rv->nid = nid;
rv->minsize = -1;
rv->maxsize = -1;
rv->flags = STABLE_FLAGS_MALLOC;

5
crypto/asn1/a_verify.c
View File

@@ -9,13 +9,10 @@
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
#include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <openssl/bn.h>
#include <openssl/x509.h>
#include <openssl/objects.h>

33
crypto/asn1/ameth_lib.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -143,7 +143,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
const char *str, int len)
{
int i;
const EVP_PKEY_ASN1_METHOD *ameth;
const EVP_PKEY_ASN1_METHOD *ameth = NULL;
if (len == -1)
len = strlen(str);
if (pe) {
@@ -163,12 +164,12 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
#endif
*pe = NULL;
}
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
ameth = EVP_PKEY_asn1_get0(i);
if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
continue;
if (((int)strlen(ameth->pem_str) == len)
&& (strncasecmp(ameth->pem_str, str, len) == 0))
if ((int)strlen(ameth->pem_str) == len
&& strncasecmp(ameth->pem_str, str, len) == 0)
return ameth;
}
return NULL;
@@ -176,11 +177,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
{
EVP_PKEY_ASN1_METHOD tmp = { 0, };
if (app_methods == NULL) {
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
if (app_methods == NULL)
return 0;
}
tmp.pkey_id = ameth->pkey_id;
if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) {
EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0,
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED);
return 0;
}
if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
return 0;
sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
@@ -244,6 +255,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
goto err;
}
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
|| (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
goto err;
if (pem_str) {
ameth->pem_str = OPENSSL_strdup(pem_str);
if (!ameth->pem_str)

5
crypto/asn1/asn1_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -92,8 +92,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"},
{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
{ERR_FUNC(ASN1_F_DO_BUF), "do_buf"},
{ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
{ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
@@ -203,6 +205,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
{ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},

1
crypto/asn1/asn1_locl.h
View File

@@ -65,6 +65,7 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
const ASN1_ITEM *it);
void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

8
crypto/asn1/asn1_par.c
View File

@@ -38,13 +38,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p = str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag);
BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
BIO_snprintf(str, sizeof str, "cont [ %d ]", tag);
BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
BIO_snprintf(str, sizeof str, "appl [ %d ]", tag);
BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
else if (tag > 30)
BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag);
BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
else
p = ASN1_tag2str(tag);

11
crypto/asn1/asn_mime.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -425,6 +425,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
|| hdr->value == NULL) {
sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
sk_BIO_pop_free(parts, BIO_vfree);
return NULL;
}
@@ -968,12 +969,14 @@ static int strip_eol(char *linebuf, int *plen, int flags)
p = linebuf + len - 1;
for (p = linebuf + len - 1; len > 0; len--, p--) {
c = *p;
if (c == '\n')
if (c == '\n') {
is_eol = 1;
else if (is_eol && flags & SMIME_ASCIICRLF && c < 33)
} else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) {
/* Strip trailing space on a line; 32 == ASCII for ' ' */
continue;
else if (c != '\r')
} else if (c != '\r') {
break;
}
}
*plen = len;
return is_eol;

4
crypto/asn1/bio_asn1.c
View File

@@ -65,7 +65,7 @@ static int asn1_bio_gets(BIO *h, char *str, int size);
static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int asn1_bio_new(BIO *h);
static int asn1_bio_free(BIO *data);
static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
@@ -301,7 +301,7 @@ static int asn1_bio_gets(BIO *b, char *str, int size)
return BIO_gets(next, str, size);
}
static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
static long asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
BIO *next = BIO_next(b);
if (next == NULL)

4
crypto/asn1/p5_scrypt.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -91,7 +91,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
if (EVP_CIPHER_iv_length(cipher)) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
goto err;
}

49
crypto/asn1/tasn_dec.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -17,9 +17,18 @@
#include "internal/numbers.h"
#include "asn1_locl.h"
/*
* Constructed types with a recursive definition (such as can be found in PKCS7)
* could eventually exceed the stack given malicious input with excessive
* recursion. Therefore we limit the stack depth. This is the maximum number of
* recursive invocations of asn1_item_embed_d2i().
*/
#define ASN1_MAX_CONSTRUCTED_NEST 30
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx);
int tag, int aclass, char opt, ASN1_TLC *ctx,
int depth);
static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf);
@@ -37,11 +46,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx);
ASN1_TLC *ctx, int depth);
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx);
ASN1_TLC *ctx, int depth);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@ -111,7 +120,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int tag, int aclass, char opt, ASN1_TLC *ctx)
{
int rv;
rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx);
rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
if (rv <= 0)
ASN1_item_ex_free(pval, it);
return rv;
@@ -124,7 +133,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx)
int tag, int aclass, char opt, ASN1_TLC *ctx,
int depth)
{
const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_EXTERN_FUNCS *ef;
@@ -145,6 +155,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
else
asn1_cb = 0;
if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NESTED_TOO_DEEP);
goto err;
}
switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE:
if (it->templates) {
@@ -160,7 +175,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
goto err;
}
return asn1_template_ex_d2i(pval, in, len,
it->templates, opt, ctx);
it->templates, opt, ctx, depth);
}
return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx);
@@ -221,7 +236,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
/*
* We mark field as OPTIONAL so its absence can be recognised.
*/
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
/* If field not present, try the next one */
if (ret == -1)
continue;
@@ -344,7 +359,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
* attempt to read in field, allowing each to be OPTIONAL
*/
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
depth);
if (!ret) {
errtt = seqtt;
goto err;
@@ -420,7 +436,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx)
ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -455,7 +471,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
return 0;
}
/* We've found the field so it can't be OPTIONAL now */
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
@@ -479,7 +495,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
}
}
} else
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
*in = p;
return 1;
@@ -491,7 +507,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx)
ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -573,7 +589,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
}
skfield = NULL;
if (!asn1_item_embed_d2i(&skfield, &p, len,
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx,
depth)) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
/* |skfield| may be partially allocated despite failure. */
@@ -595,7 +612,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
/* IMPLICIT tagging */
ret = asn1_item_embed_d2i(val, &p, len,
ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
ctx);
ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
@@ -604,7 +621,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} else {
/* Nothing special */
ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, 0, opt, ctx);
-1, 0, opt, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;

4
crypto/asn1/tasn_enc.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -528,6 +528,8 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
otmp = (ASN1_OBJECT *)*pval;
cont = otmp->data;
len = otmp->length;
if (cont == NULL || len == 0)
return -1;
break;
case V_ASN1_NULL:

6
crypto/asn1/tasn_fre.c
View File

@@ -13,9 +13,6 @@
#include <openssl/objects.h>
#include "asn1_locl.h"
static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int embed);
/* Free up an ASN1 structure */
void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
@@ -28,8 +25,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_item_embed_free(pval, it, 0);
}
static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int embed)
void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
{
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;

13
crypto/asn1/tasn_new.c
View File

@@ -124,8 +124,13 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
goto memerr;
}
/* 0 : init. lock */
if (asn1_do_lock(pval, 0, it) < 0)
goto memerr2;
if (asn1_do_lock(pval, 0, it) < 0) {
if (!embed) {
OPENSSL_free(*pval);
*pval = NULL;
}
goto memerr;
}
asn1_enc_init(pval, it);
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt);
@@ -142,7 +147,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
return 1;
memerr2:
ASN1_item_ex_free(pval, it);
asn1_item_embed_free(pval, it, embed);
memerr:
ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
@@ -151,7 +156,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
return 0;
auxerr2:
ASN1_item_ex_free(pval, it);
asn1_item_embed_free(pval, it, embed);
auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG

2
crypto/asn1/tasn_prn.c
View File

@@ -409,7 +409,7 @@ static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
ln = OBJ_nid2ln(OBJ_obj2nid(oid));
if (!ln)
ln = "";
OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
return 0;
return 1;

4
crypto/asn1/tasn_utl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -76,7 +76,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
}
return 1;
}
if (CRYPTO_atomic_add(lck, op, &ret, *lock) < 0)
if (!CRYPTO_atomic_add(lck, op, &ret, *lock))
return -1; /* failed */
#ifdef REF_PRINT
fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname);

4
crypto/async/arch/async_posix.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,7 +11,7 @@
#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
#include <openssl/e_os2.h>
#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) \
#if defined(OPENSSL_SYS_UNIX) \
&& defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
&& !defined(__ANDROID__) && !defined(__OpenBSD__)

88
crypto/async/async.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -30,13 +30,14 @@
static CRYPTO_THREAD_LOCAL ctxkey;
static CRYPTO_THREAD_LOCAL poolkey;
static void async_free_pool_internal(async_pool *pool);
static async_ctx *async_ctx_new(void)
{
async_ctx *nctx = NULL;
async_ctx *nctx;
nctx = OPENSSL_malloc(sizeof (async_ctx));
if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
return NULL;
nctx = OPENSSL_malloc(sizeof(async_ctx));
if (nctx == NULL) {
ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE);
goto err;
@@ -57,9 +58,6 @@ err:
async_ctx *async_get_ctx(void)
{
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return NULL;
return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey);
}
@@ -81,7 +79,7 @@ static ASYNC_JOB *async_job_new(void)
{
ASYNC_JOB *job = NULL;
job = OPENSSL_zalloc(sizeof (ASYNC_JOB));
job = OPENSSL_zalloc(sizeof(ASYNC_JOB));
if (job == NULL) {
ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
@@ -169,16 +167,19 @@ void async_start_func(void)
int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
int (*func)(void *), void *args, size_t size)
{
async_ctx *ctx = async_get_ctx();
async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return ASYNC_ERR;
ctx = async_get_ctx();
if (ctx == NULL)
ctx = async_ctx_new();
if (ctx == NULL) {
if (ctx == NULL)
return ASYNC_ERR;
}
if (*job) {
if (*job)
ctx->currjob = *job;
}
for (;;) {
if (ctx->currjob != NULL) {
@@ -219,9 +220,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
}
/* Start a new job */
if ((ctx->currjob = async_get_pool_job()) == NULL) {
if ((ctx->currjob = async_get_pool_job()) == NULL)
return ASYNC_NO_JOBS;
}
if (args != NULL) {
ctx->currjob->funcargs = OPENSSL_malloc(size);
@@ -323,14 +323,13 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
return 0;
}
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) {
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return 0;
}
if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) {
return 0;
}
pool = OPENSSL_zalloc(sizeof *pool);
if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
return 0;
pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) {
ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
return 0;
@@ -369,32 +368,41 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
return 1;
err:
async_free_pool_internal(pool);
return 0;
}
static void async_free_pool_internal(async_pool *pool)
{
if (pool == NULL)
return;
async_empty_pool(pool);
sk_ASYNC_JOB_free(pool->jobs);
OPENSSL_free(pool);
CRYPTO_THREAD_set_local(&poolkey, NULL);
return 0;
}
void async_delete_thread_state(void)
{
async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
if (pool != NULL) {
async_empty_pool(pool);
sk_ASYNC_JOB_free(pool->jobs);
OPENSSL_free(pool);
CRYPTO_THREAD_set_local(&poolkey, NULL);
}
async_local_cleanup();
async_ctx_free();
}
void ASYNC_cleanup_thread(void)
{
async_free_pool_internal((async_pool *)CRYPTO_THREAD_get_local(&poolkey));
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return;
async_delete_thread_state();
}
ASYNC_JOB *ASYNC_get_current_job(void)
{
async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return NULL;
ctx = async_get_ctx();
if (ctx == NULL)
return NULL;
@@ -409,7 +417,12 @@ ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job)
void ASYNC_block_pause(void)
{
async_ctx *ctx = async_get_ctx();
async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return;
ctx = async_get_ctx();
if (ctx == NULL || ctx->currjob == NULL) {
/*
* We're not in a job anyway so ignore this
@@ -421,7 +434,12 @@ void ASYNC_block_pause(void)
void ASYNC_unblock_pause(void)
{
async_ctx *ctx = async_get_ctx();
async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return;
ctx = async_get_ctx();
if (ctx == NULL || ctx->currjob == NULL) {
/*
* We're not in a job anyway so ignore this

2
crypto/async/async_wait.c
View File

@@ -47,7 +47,7 @@ int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
{
struct fd_lookup_st *fdlookup;
fdlookup = OPENSSL_zalloc(sizeof *fdlookup);
fdlookup = OPENSSL_zalloc(sizeof(*fdlookup));
if (fdlookup == NULL)
return 0;

14
crypto/bf/bf_locl.h
View File

@@ -17,12 +17,19 @@
l1=l2=0; \
switch (n) { \
case 8: l2 =((unsigned long)(*(--(c)))) ; \
/* fall thru */ \
case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
/* fall thru */ \
case 6: l2|=((unsigned long)(*(--(c))))<<16; \
/* fall thru */ \
case 5: l2|=((unsigned long)(*(--(c))))<<24; \
/* fall thru */ \
case 4: l1 =((unsigned long)(*(--(c)))) ; \
/* fall thru */ \
case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
/* fall thru */ \
case 2: l1|=((unsigned long)(*(--(c))))<<16; \
/* fall thru */ \
case 1: l1|=((unsigned long)(*(--(c))))<<24; \
} \
}
@@ -32,12 +39,19 @@
c+=n; \
switch (n) { \
case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
/* fall thru */ \
case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
/* fall thru */ \
case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
/* fall thru */ \
case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
/* fall thru */ \
case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
/* fall thru */ \
case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
/* fall thru */ \
case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
/* fall thru */ \
case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
} \
}

15
crypto/bio/b_addr.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -66,18 +66,18 @@ void BIO_ADDR_clear(BIO_ADDR *ap)
int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
{
if (sa->sa_family == AF_INET) {
ap->s_in = *(const struct sockaddr_in *)sa;
memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in));
return 1;
}
#ifdef AF_INET6
if (sa->sa_family == AF_INET6) {
ap->s_in6 = *(const struct sockaddr_in6 *)sa;
memcpy(&(ap->s_in6), sa, sizeof(struct sockaddr_in6));
return 1;
}
#endif
#ifdef AF_UNIX
if (ap->sa.sa_family == AF_UNIX) {
ap->s_un = *(const struct sockaddr_un *)sa;
if (sa->sa_family == AF_UNIX) {
memcpy(&(ap->s_un), sa, sizeof(struct sockaddr_un));
return 1;
}
#endif
@@ -604,7 +604,8 @@ static int addrinfo_wrap(int family, int socktype,
DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
{
OPENSSL_init_crypto(0, NULL);
if (!OPENSSL_init_crypto(0, NULL))
return 0;
bio_lookup_lock = CRYPTO_THREAD_lock_new();
return bio_lookup_lock != NULL;
}
@@ -668,7 +669,7 @@ int BIO_lookup(const char *host, const char *service,
int gai_ret = 0;
struct addrinfo hints;
memset(&hints, 0, sizeof hints);
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = socktype;

Some files were not shown because too many files have changed in this diff Show More