ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ag:openssl-1.1.0f
Branches Tags
ag:master ag:tcl ag:tk ag:sqlite ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6
..
compare: ag:openssl-1.1.0j
Branches Tags
ag:tcl ag:tk ag:sqlite ag:master ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6

3 Commits
openssl-1. ... openssl-1.

Author SHA1 Message Date
Steve Dower
697f7e1f24 Import OpenSSL 1.1.0j 2018-12-07 11:30:36 -08:00
Steve Dower
6960e8d7c7 Import OpenSSL 1.1.0i 2018-08-14 08:22:53 -07:00
Steve Dower
807cee26df Import OpenSSL 1.1.0h 2018-04-13 17:45:41 +00:00
708 changed files with 25312 additions and 9303 deletions
Expand all files Collapse all files

10
.gitignore vendored
View File

@@ -27,6 +27,7 @@ Makefile
# Auto generated headers # Auto generated headers
/crypto/buildinf.h /crypto/buildinf.h
/apps/progs.h
/crypto/include/internal/*_conf.h /crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h /openssl/include/opensslconf.h
/util/domd /util/domd
@@ -50,14 +51,11 @@ Makefile
/test/ssltest_old /test/ssltest_old
/test/x509aux /test/x509aux
/test/v3ext /test/v3ext
/test/versions
/test/rsa_complex
# Certain files that get created by tests on the fly # Certain files that get created by tests on the fly
/test/*.ss /test/test-runs
/test/*.srl
/test/.rnd
/test/test*.pem
/test/newkey.pem
/test/*.log
/test/buildtest_* /test/buildtest_*
# Fuzz stuff. # Fuzz stuff.

15
.travis-apt-pin.preferences Normal file
View File

@@ -0,0 +1,15 @@
Package: clang-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang-common-3.9-dev
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang1-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libllvm3.9v4
Pin: release o=Ubuntu
Pin-Priority: -1

94
.travis.yml
View File

@@ -28,70 +28,29 @@ env:
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes" - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes" - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-ec" BUILDONLY="yes" - CONFIG_OPTS="no-ec" BUILDONLY="yes"
- CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
matrix: matrix:
include: include:
- os: linux - os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9 compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes" env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
- os: linux - os: linux
compiler: gcc compiler: gcc
env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes" env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
- os: linux - os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9 compiler: clang-3.9
env: CONFIG_OPTS="enable-asan" env: CONFIG_OPTS="enable-asan"
- os: linux - os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9 compiler: clang-3.9
env: CONFIG_OPTS="enable-msan" env: CONFIG_OPTS="enable-msan"
- os: linux - os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9 compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment" env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
- os: linux - os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9 compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2" env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
- os: linux - os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9 compiler: clang-3.9
env: CONFIG_OPTS="no-stdio" env: CONFIG_OPTS="no-stdio"
- os: linux - os: linux
@@ -102,7 +61,7 @@ matrix:
sources: sources:
- ubuntu-toolchain-r-test - ubuntu-toolchain-r-test
compiler: gcc-5 compiler: gcc-5
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" env: UBUNTU_GCC_HACK="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
- os: linux - os: linux
addons: addons:
apt: apt:
@@ -110,7 +69,7 @@ matrix:
- binutils-mingw-w64 - binutils-mingw-w64
- gcc-mingw-w64 - gcc-mingw-w64
compiler: i686-w64-mingw32-gcc compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz" env: CONFIG_OPTS="no-pic"
- os: linux - os: linux
addons: addons:
apt: apt:
@@ -126,7 +85,7 @@ matrix:
- binutils-mingw-w64 - binutils-mingw-w64
- gcc-mingw-w64 - gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc compiler: x86_64-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz" env: CONFIG_OPTS="no-pic"
- os: linux - os: linux
addons: addons:
apt: apt:
@@ -153,6 +112,10 @@ before_script:
srcdir=.; srcdir=.;
top=.; top=.;
fi fi
- if [ -n "$UBUNTU_GCC_HACK" ]; then
$CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt;
CC="$CC -specs=gcc-specs.txt";
fi
- if [ "$CC" == i686-w64-mingw32-gcc ]; then - if [ "$CC" == i686-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC; export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format; $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
@@ -160,7 +123,14 @@ before_script:
export CROSS_COMPILE=${CC%%gcc}; unset CC; export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format; $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
else else
if which ccache >/dev/null && [ "$CC" != clang-3.9 ]; then if [ "$CC" == clang-3.9 ]; then
sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
sudo -E apt-get -yq update;
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
elif which ccache >/dev/null; then
CC="ccache $CC"; CC="ccache $CC";
fi; fi;
$srcdir/config -v $CONFIG_OPTS; $srcdir/config -v $CONFIG_OPTS;
@@ -187,8 +157,24 @@ script:
else else
top=.; top=.;
fi fi
- $make update - if $make update; then
- $make echo -e '+\057 MAKE UPDATE OK';
else
echo -e '+\057 MAKE UPDATE FAILED'; false;
fi;
git diff --exit-code
- if [ -n "$CHECKDOCS" ]; then
if $make doc-nits; then
echo -e '+\057\057 MAKE DOC-NITS OK';
else
echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
fi;
fi
- if $make ; then
echo -e '+\057\057\057 MAKE OK';
else
echo -e '+\057\057\057 MAKE FAILED'; false;
fi;
- if [ -z "$BUILDONLY" ]; then - if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then if [ -n "$CROSS_COMPILE" ]; then
sudo apt-get -yq install wine; sudo apt-get -yq install wine;
@@ -196,11 +182,19 @@ script:
fi; fi;
HARNESS_VERBOSE=yes make test; HARNESS_VERBOSE=yes make test;
else else
$make build_tests; if $make build_tests; then
echo -e '+\057\057\075 MAKE BUILD_TESTS OK';
else
echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false;
fi;
fi fi
- if [ -n "$DESTDIR" ]; then - if [ -n "$DESTDIR" ]; then
mkdir "../$DESTDIR"; mkdir "../$DESTDIR";
$make install install_docs DESTDIR="../$DESTDIR"; if $make install DESTDIR="../$DESTDIR"; then
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
else
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
fi;
fi fi
- cd $top - cd $top

227
CHANGES
View File

@@ -2,6 +2,226 @@
OpenSSL CHANGES OpenSSL CHANGES
_______________ _______________
This is a high-level summary of the most important changes.
For a full list of changes, see the git commit log; for example,
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.0i and 1.1.0j [20 Nov 2018]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
*) Timing vulnerability in ECDSA signature generation
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
(CVE-2018-0735)
[Paul Dale]
*) Add coordinate blinding for EC_POINT and implement projective
coordinate blinding for generic prime curves as a countermeasure to
chosen point SCA attacks.
[Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]
Changes between 1.1.0h and 1.1.0i [14 Aug 2018]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
*) Fixed a text canonicalisation bug in CMS
Where a CMS detached signature is used with text content the text goes
through a canonicalisation process first prior to signing or verifying a
signature. This process strips trailing space at the end of lines, converts
line terminators to CRLF and removes additional trailing line terminators
at the end of a file. A bug in the canonicalisation process meant that
some characters, such as form-feed, were incorrectly treated as whitespace
and removed. This is contrary to the specification (RFC5485). This fix
could mean that detached text data signed with an earlier version of
OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
signed with a fixed OpenSSL may fail to verify with an earlier version of
OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
and use the "-binary" flag (for the "cms" command line application) or set
the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
[Matt Caswell]
Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
*) Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be found
in PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There
are no such structures used within SSL/TLS that come from untrusted sources
so this is considered safe.
This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
project.
(CVE-2018-0739)
[Matt Caswell]
*) Incorrect CRYPTO_memcmp on HP-UX PA-RISC
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each
byte. This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the
security claims of the scheme. The module can only be compiled by the
HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg
(IBM).
(CVE-2018-0733)
[Andy Polyakov]
*) Add a build target 'build_all_generated', to build all generated files
and only that. This can be used to prepare everything that requires
things like perl for a system that lacks perl and then move everything
to that system and do the rest of the build there.
[Richard Levitte]
*) Backport SSL_OP_NO_RENGOTIATION
OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
(undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
changes this is no longer possible in 1.1.0. Therefore the new
SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
1.1.0 to provide equivalent functionality.
Note that if an application built against 1.1.0h headers (or above) is run
using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
accepted but nothing will happen, i.e. renegotiation will not be prevented.
[Matt Caswell]
*) Removed the OS390-Unix config target. It relied on a script that doesn't
exist.
[Rich Salz]
*) rsaz_1024_mul_avx2 overflow bug on x86_64
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be
significant. However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
This issue was reported to OpenSSL by David Benjamin (Google). The issue
was originally found via the OSS-Fuzz project.
(CVE-2017-3738)
[Andy Polyakov]
Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3736)
[Andy Polyakov]
*) Malformed X.509 IPAddressFamily could cause OOB read
If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3735)
[Rich Salz]
*) Ignore the '-named_curve auto' value for compatibility of applications
with OpenSSL 1.0.2.
[Tomas Mraz <tmraz@fedoraproject.org>]
*) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
[Emilia Käsper]
Changes between 1.1.0e and 1.1.0f [25 May 2017] Changes between 1.1.0e and 1.1.0f [25 May 2017]
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
@@ -2944,8 +3164,11 @@
to work with OPENSSL_NO_SSL_INTERN defined. to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson] [Steve Henson]
*) Add SRP support. *) A long standing patch to add support for SRP from EdelWeb (Peter
[Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] Sylvester and Christophe Renou) was integrated.
[Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
<peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson] [Steve Henson]

67
CONTRIBUTING
View File

@@ -1,26 +1,26 @@
HOW TO CONTRIBUTE PATCHES TO OpenSSL HOW TO CONTRIBUTE TO OpenSSL
------------------------------------ ----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for (Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.) other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the Development is done on GitHub, https://github.com/openssl/openssl.
above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
To submit a patch, make a pull request on GitHub. If you think the patch To request new features or report bugs, please open an issue on GitHub
could use feedback from the community, please start a thread on openssl-dev
to discuss it.
Having addressed the following items before the PR will help make the To submit a patch, please open a pull request on GitHub. If you are thinking
acceptance and review process faster: of making a large contribution, open an issue for it before starting work,
to get comments from the community. Someone may be already working on
the same thing or there may be reasons why that feature isn't implemented.
1. Anything other than trivial contributions will require a contributor To make it easier to review and accept your pull request, please follow these
licensing agreement, giving us permission to use your code. See guidelines:
https://www.openssl.org/policies/cla.html for details.
1. Anything other than a trivial contribution requires a Contributor
License Agreement (CLA), giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details. If your
contribution is too small to require a CLA, put "CLA: trivial" on a
line by itself in your commit message body.
2. All source files should start with the following text (with 2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the appropriate comment characters at the start of each line and the
@@ -34,21 +34,38 @@ acceptance and review process faster:
https://www.openssl.org/source/license.html https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase 3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits; You will be asked to remove often. We do not accept merge commits, you will have to remove them
them before a patch is considered acceptable. (usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see 4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without https://www.openssl.org/policies/codingstyle.html) and compile
warnings. Where gcc or clang is available you should use the without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied --strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features. platforms: try to ensure you only use portable features. Clean builds
Clean builds via Travis and AppVeyor are expected, and done whenever via Travis and AppVeyor are required, and they are started automatically
a PR is created or updated. whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can 5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see either be added to an existing test, or completely new. Please see
test/README for information on the test framework. test/README for information on the test framework.
6. New features or changed functionality must include 6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/apps, doc/crypto documentation. Please look at the "pod" files in doc for
and doc/ssl for examples of our style. examples of our style.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log oneliners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
with a specific release without having to sift through the higher
noise ratio in git-log.
8. For larger or more important user visible changes, as well as
security fixes, please add a line in NEWS. On exception, it might be
worth adding a multi-line entry (such as the entry that announces all
the types that became opaque with OpenSSL 1.1.0).
This file helps users get a very quick summary of what comes with a
specific release, to see if an upgrade is worth the effort.

6
Configurations/00-base-templates.conf
View File

@@ -68,6 +68,8 @@
} }
return (); }, return (); },
shared_extension => ".so",
build_scheme => [ "unified", "unix" ], build_scheme => [ "unified", "unix" ],
build_file => "Makefile", build_file => "Makefile",
}, },
@@ -99,6 +101,8 @@
mtinflag => "-manifest ", mtinflag => "-manifest ",
mtoutflag => "-outputresource:", mtoutflag => "-outputresource:",
shared_extension => ".dll",
build_file => "makefile", build_file => "makefile",
build_scheme => [ "unified", "windows" ], build_scheme => [ "unified", "windows" ],
}, },
@@ -107,6 +111,8 @@
inherit_from => [ "BASE_common" ], inherit_from => [ "BASE_common" ],
template => 1, template => 1,
shared_extension => ".exe",
build_file => "descrip.mms", build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ], build_scheme => [ "unified", "VMS" ],
}, },

97
Configurations/10-main.conf
View File

@@ -14,7 +14,7 @@ sub vc_win64a_info {
asflags => "/c /Cp /Cx /Zi", asflags => "/c /Cp /Cx /Zi",
asoutflag => "/Fo" }; asoutflag => "/Fo" };
} else { } else {
$die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); $die->("NASM not found - make sure it's installed and available on %PATH%\n");
$vc_win64a_info = { as => "{unknown}", $vc_win64a_info = { as => "{unknown}",
asflags => "", asflags => "",
asoutflag => "" }; asoutflag => "" };
@@ -39,7 +39,7 @@ sub vc_win32_info {
asoutflag => "/Fo", asoutflag => "/Fo",
perlasm_scheme => "win32" }; perlasm_scheme => "win32" };
} else { } else {
$die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); $die->("NASM not found - make sure it's installed and available on %PATH%\n");
$vc_win32_info = { as => "{unknown}", $vc_win32_info = { as => "{unknown}",
asflags => "", asflags => "",
asoutflag => "", asoutflag => "",
@@ -204,6 +204,7 @@ sub vms_info {
debug => "-O0 -g", debug => "-O0 -g",
release => "-O3 -fomit-frame-pointer"), release => "-O3 -fomit-frame-pointer"),
threads("-pthread")), threads("-pthread")),
ex_libs => add(threads("-pthread")),
bn_ops => "BN_LLONG", bn_ops => "BN_LLONG",
shared_cflag => "-fPIC", shared_cflag => "-fPIC",
shared_ldflag => "-shared -static-libgcc", shared_ldflag => "-shared -static-libgcc",
@@ -223,6 +224,7 @@ sub vms_info {
debug => "-O0 -g", debug => "-O0 -g",
release => "-O3"), release => "-O3"),
threads("-pthread")), threads("-pthread")),
ex_libs => add(threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG", bn_ops => "SIXTY_FOUR_BIT_LONG",
perlasm_scheme => "elf", perlasm_scheme => "elf",
shared_cflag => "-fPIC", shared_cflag => "-fPIC",
@@ -268,6 +270,7 @@ sub vms_info {
debug => "-O0 -g", debug => "-O0 -g",
release => "-O3"), release => "-O3"),
threads("-pthread")), threads("-pthread")),
ex_libs => add(threads("-pthread")),
bn_ops => "BN_LLONG RC4_CHAR", bn_ops => "BN_LLONG RC4_CHAR",
shared_cflag => "-fPIC", shared_cflag => "-fPIC",
shared_ldflag => "-shared", shared_ldflag => "-shared",
@@ -425,18 +428,25 @@ sub vms_info {
# even PA-RISC 2.0-specific code paths, which are chosen at run-time, # even PA-RISC 2.0-specific code paths, which are chosen at run-time,
# thus adequate performance is provided even with PA-RISC 1.1 build. # thus adequate performance is provided even with PA-RISC 1.1 build.
# <appro@fy.chalmers.se> # <appro@fy.chalmers.se>
"hpux-parisc-gcc" => { "hpux-common" => {
inherit_from => [ "BASE_unix" ], inherit_from => [ "BASE_unix" ],
template => 1,
defines => add("_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED",
"_HPUX_ALT_XOPEN_SOCKET_API"),
thread_scheme => "pthreads",
dso_scheme => "dlfcn", # overridden in 32-bit PA-RISC builds
shared_target => "hpux-shared",
},
"hpux-parisc-gcc" => {
inherit_from => [ "hpux-common" ],
cc => "gcc", cc => "gcc",
cflags => combine(picker(default => "-DB_ENDIAN -DBN_DIV2W", cflags => combine(picker(default => "-DB_ENDIAN -DBN_DIV2W",
debug => "-O0 -g", debug => "-O0 -g",
release => "-O3"), release => "-O3"),
threads("-pthread")), threads("-pthread")),
ex_libs => add("-Wl,+s -ldld"), ex_libs => add("-Wl,+s -ldld", threads("-pthread")),
bn_ops => "BN_LLONG", bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dl", dso_scheme => "dl",
shared_target => "hpux-shared",
shared_cflag => "-fPIC", shared_cflag => "-fPIC",
shared_ldflag => "-shared", shared_ldflag => "-shared",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -446,7 +456,7 @@ sub vms_info {
multilib => "/pa1.1", multilib => "/pa1.1",
}, },
"hpux64-parisc2-gcc" => { "hpux64-parisc2-gcc" => {
inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ], inherit_from => [ "hpux-common", asm("parisc20_64_asm") ],
cc => "gcc", cc => "gcc",
cflags => combine(picker(default => "-DB_ENDIAN", cflags => combine(picker(default => "-DB_ENDIAN",
debug => "-O0 -g", debug => "-O0 -g",
@@ -454,9 +464,6 @@ sub vms_info {
threads("-D_REENTRANT")), threads("-D_REENTRANT")),
ex_libs => add("-ldl"), ex_libs => add("-ldl"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic", shared_cflag => "-fpic",
shared_ldflag => "-shared", shared_ldflag => "-shared",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -468,7 +475,7 @@ sub vms_info {
# Chris Ruemmler <ruemmler@cup.hp.com> # Chris Ruemmler <ruemmler@cup.hp.com>
# Kevin Steves <ks@hp.se> # Kevin Steves <ks@hp.se>
"hpux-parisc-cc" => { "hpux-parisc-cc" => {
inherit_from => [ "BASE_unix" ], inherit_from => [ "hpux-common" ],
cc => "cc", cc => "cc",
cflags => combine(picker(default => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", cflags => combine(picker(default => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY",
debug => "+O0 +d -g", debug => "+O0 +d -g",
@@ -476,9 +483,7 @@ sub vms_info {
threads("-D_REENTRANT")), threads("-D_REENTRANT")),
ex_libs => add("-Wl,+s -ldld",threads("-lpthread")), ex_libs => add("-Wl,+s -ldld",threads("-lpthread")),
bn_ops => "RC4_CHAR", bn_ops => "RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dl", dso_scheme => "dl",
shared_target => "hpux-shared",
shared_cflag => "+Z", shared_cflag => "+Z",
shared_ldflag => "-b", shared_ldflag => "-b",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -489,7 +494,7 @@ sub vms_info {
multilib => "/pa1.1", multilib => "/pa1.1",
}, },
"hpux64-parisc2-cc" => { "hpux64-parisc2-cc" => {
inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ], inherit_from => [ "hpux-common", asm("parisc20_64_asm") ],
cc => "cc", cc => "cc",
cflags => combine(picker(default => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY", cflags => combine(picker(default => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY",
debug => "+O0 +d -g", debug => "+O0 +d -g",
@@ -497,9 +502,6 @@ sub vms_info {
threads("-D_REENTRANT")), threads("-D_REENTRANT")),
ex_libs => add("-ldl",threads("-lpthread")), ex_libs => add("-ldl",threads("-lpthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "+Z", shared_cflag => "+Z",
shared_ldflag => "+DD64 -b", shared_ldflag => "+DD64 -b",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -508,7 +510,7 @@ sub vms_info {
# HP/UX IA-64 targets # HP/UX IA-64 targets
"hpux-ia64-cc" => { "hpux-ia64-cc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ], inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "cc", cc => "cc",
cflags => combine(picker(default => "-Ae +DD32 +Olit=all -z -DB_ENDIAN", cflags => combine(picker(default => "-Ae +DD32 +Olit=all -z -DB_ENDIAN",
debug => "+O0 +d -g", debug => "+O0 +d -g",
@@ -516,9 +518,6 @@ sub vms_info {
threads("-D_REENTRANT")), threads("-D_REENTRANT")),
ex_libs => add("-ldl",threads("-lpthread")), ex_libs => add("-ldl",threads("-lpthread")),
bn_ops => "SIXTY_FOUR_BIT", bn_ops => "SIXTY_FOUR_BIT",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "+Z", shared_cflag => "+Z",
shared_ldflag => "+DD32 -b", shared_ldflag => "+DD32 -b",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -527,7 +526,7 @@ sub vms_info {
# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted
# with debugging of the following config. # with debugging of the following config.
"hpux64-ia64-cc" => { "hpux64-ia64-cc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ], inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "cc", cc => "cc",
cflags => combine(picker(default => "-Ae +DD64 +Olit=all -z -DB_ENDIAN", cflags => combine(picker(default => "-Ae +DD64 +Olit=all -z -DB_ENDIAN",
debug => "+O0 +d -g", debug => "+O0 +d -g",
@@ -535,9 +534,6 @@ sub vms_info {
threads("-D_REENTRANT")), threads("-D_REENTRANT")),
ex_libs => add("-ldl", threads("-lpthread")), ex_libs => add("-ldl", threads("-lpthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG", bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "+Z", shared_cflag => "+Z",
shared_ldflag => "+DD64 -b", shared_ldflag => "+DD64 -b",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -545,34 +541,28 @@ sub vms_info {
}, },
# GCC builds... # GCC builds...
"hpux-ia64-gcc" => { "hpux-ia64-gcc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ], inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "gcc", cc => "gcc",
cflags => combine(picker(default => "-DB_ENDIAN", cflags => combine(picker(default => "-DB_ENDIAN",
debug => "-O0 -g", debug => "-O0 -g",
release => "-O3"), release => "-O3"),
threads("-pthread")), threads("-pthread")),
ex_libs => add("-ldl"), ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT", bn_ops => "SIXTY_FOUR_BIT",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic", shared_cflag => "-fpic",
shared_ldflag => "-shared", shared_ldflag => "-shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "/hpux32", multilib => "/hpux32",
}, },
"hpux64-ia64-gcc" => { "hpux64-ia64-gcc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ], inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "gcc", cc => "gcc",
cflags => combine(picker(default => "-mlp64 -DB_ENDIAN", cflags => combine(picker(default => "-mlp64 -DB_ENDIAN",
debug => "-O0 -g", debug => "-O0 -g",
release => "-O3"), release => "-O3"),
threads("-pthread")), threads("-pthread")),
ex_libs => add("-ldl"), ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG", bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic", shared_cflag => "-fpic",
shared_ldflag => "-mlp64 -shared", shared_ldflag => "-mlp64 -shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -583,7 +573,7 @@ sub vms_info {
"MPE/iX-gcc" => { "MPE/iX-gcc" => {
inherit_from => [ "BASE_unix" ], inherit_from => [ "BASE_unix" ],
cc => "gcc", cc => "gcc",
cflags => "-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB", cflags => "-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB",
sys_id => "MPE", sys_id => "MPE",
ex_libs => add("-L/SYSLOG/PUB -lsyslog -lsocket -lcurses"), ex_libs => add("-L/SYSLOG/PUB -lsyslog -lsocket -lcurses"),
thread_scheme => "(unknown)", thread_scheme => "(unknown)",
@@ -599,7 +589,7 @@ sub vms_info {
cc => "gcc", cc => "gcc",
cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3", cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3",
threads("-pthread")), threads("-pthread")),
ex_libs => "-lrt", # for mlock(2) ex_libs => add("-lrt", threads("-pthread")), # for mlock(2)
bn_ops => "SIXTY_FOUR_BIT_LONG", bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads", thread_scheme => "pthreads",
dso_scheme => "dlfcn", dso_scheme => "dlfcn",
@@ -611,7 +601,7 @@ sub vms_info {
cc => "cc", cc => "cc",
cflags => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings", cflags => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings",
threads("-pthread")), threads("-pthread")),
ex_libs => "-lrt", # for mlock(2) ex_libs => add("-lrt", threads("-pthread")), # for mlock(2)
bn_ops => "SIXTY_FOUR_BIT_LONG", bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads", thread_scheme => "pthreads",
dso_scheme => "dlfcn", dso_scheme => "dlfcn",
@@ -632,7 +622,7 @@ sub vms_info {
debug => "-O0 -g", debug => "-O0 -g",
release => "-O3"), release => "-O3"),
threads("-pthread")), threads("-pthread")),
ex_libs => add("-ldl"), ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "BN_LLONG RC4_CHAR", bn_ops => "BN_LLONG RC4_CHAR",
thread_scheme => "pthreads", thread_scheme => "pthreads",
dso_scheme => "dlfcn", dso_scheme => "dlfcn",
@@ -896,7 +886,7 @@ sub vms_info {
# #
# ANDROID_NDK=/some/where/android-ndk-10d # ANDROID_NDK=/some/where/android-ndk-10d
# CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm # CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm
# CROSS_COMPILE=arm-linux-adroideabi- # CROSS_COMPILE=arm-linux-androideabi-
# PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin # PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin
# #
"android" => { "android" => {
@@ -1177,6 +1167,7 @@ sub vms_info {
debug => "-O0 -g", debug => "-O0 -g",
release => "-O"), release => "-O"),
threads("-pthread")), threads("-pthread")),
ex_libs => add(threads("-pthread")),
sys_id => "AIX", sys_id => "AIX",
bn_ops => "BN_LLONG RC4_CHAR", bn_ops => "BN_LLONG RC4_CHAR",
thread_scheme => "pthreads", thread_scheme => "pthreads",
@@ -1194,6 +1185,7 @@ sub vms_info {
debug => "-O0 -g", debug => "-O0 -g",
release => "-O"), release => "-O"),
threads("-pthread")), threads("-pthread")),
ex_libs => add(threads("-pthread")),
sys_id => "AIX", sys_id => "AIX",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
thread_scheme => "pthreads", thread_scheme => "pthreads",
@@ -1218,6 +1210,7 @@ sub vms_info {
perlasm_scheme => "aix32", perlasm_scheme => "aix32",
dso_scheme => "dlfcn", dso_scheme => "dlfcn",
shared_target => "aix-shared", shared_target => "aix-shared",
shared_cflag => "-qpic",
shared_ldflag => "-q32 -G", shared_ldflag => "-q32 -G",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
arflags => "-X 32", arflags => "-X 32",
@@ -1236,6 +1229,7 @@ sub vms_info {
perlasm_scheme => "aix64", perlasm_scheme => "aix64",
dso_scheme => "dlfcn", dso_scheme => "dlfcn",
shared_target => "aix-shared", shared_target => "aix-shared",
shared_cflag => "-qpic",
shared_ldflag => "-q64 -G", shared_ldflag => "-q64 -G",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
arflags => "-X 64", arflags => "-X 64",
@@ -1251,18 +1245,6 @@ sub vms_info {
thread_scheme => "(unknown)", thread_scheme => "(unknown)",
}, },
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
# You need to compile using the c89.sh wrapper in the tools directory, because the
# IBM compiler does not like the -L switch after any object modules.
#
"OS390-Unix" => {
inherit_from => [ "BASE_unix" ],
cc => "c89.sh",
cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE",
bn_ops => "THIRTY_TWO_BIT RC4_CHAR",
thread_scheme => "(unknown)",
},
#### Visual C targets #### Visual C targets
# #
# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
@@ -1590,6 +1572,7 @@ sub vms_info {
inherit_from => [ "darwin-common", asm("ppc32_asm") ], inherit_from => [ "darwin-common", asm("ppc32_asm") ],
cflags => add("-arch ppc -std=gnu9x -DB_ENDIAN -Wa,-force_cpusubtype_ALL"), cflags => add("-arch ppc -std=gnu9x -DB_ENDIAN -Wa,-force_cpusubtype_ALL"),
perlasm_scheme => "osx32", perlasm_scheme => "osx32",
shared_cflag => add("-fno-common"),
shared_ldflag => "-arch ppc -dynamiclib", shared_ldflag => "-arch ppc -dynamiclib",
}, },
"darwin64-ppc-cc" => { "darwin64-ppc-cc" => {
@@ -1659,7 +1642,7 @@ sub vms_info {
cc => "gcc", cc => "gcc",
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
threads("-pthread")), threads("-pthread")),
ex_libs => add("-ldl"), ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "BN_LLONG", bn_ops => "BN_LLONG",
thread_scheme => "pthreads", thread_scheme => "pthreads",
dso_scheme => "dlfcn", dso_scheme => "dlfcn",
@@ -1735,9 +1718,7 @@ sub vms_info {
"uClinux-dist" => { "uClinux-dist" => {
inherit_from => [ "BASE_unix" ], inherit_from => [ "BASE_unix" ],
cc => "$ENV{'CC'}", cc => "$ENV{'CC'}",
cflags => combine("\$(CFLAGS)", cflags => combine(threads("-D_REENTRANT")),
threads("-D_REENTRANT")),
plib_lflags => "\$(LDFLAGS)",
ex_libs => add("\$(LDLIBS)"), ex_libs => add("\$(LDLIBS)"),
bn_ops => "BN_LLONG", bn_ops => "BN_LLONG",
thread_scheme => "pthreads", thread_scheme => "pthreads",
@@ -1751,9 +1732,7 @@ sub vms_info {
"uClinux-dist64" => { "uClinux-dist64" => {
inherit_from => [ "BASE_unix" ], inherit_from => [ "BASE_unix" ],
cc => "$ENV{'CC'}", cc => "$ENV{'CC'}",
cflags => combine("\$(CFLAGS)", cflags => combine(threads("-D_REENTRANT")),
threads("-D_REENTRANT")),
plib_lflags => "\$(LDFLAGS)",
ex_libs => add("\$(LDLIBS)"), ex_libs => add("\$(LDLIBS)"),
bn_ops => "SIXTY_FOUR_BIT_LONG", bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads", thread_scheme => "pthreads",

112
Configurations/90-team.conf
View File

@@ -1,112 +0,0 @@
## -*- mode: perl; -*-
## Build configuration targets for openssl-team members
%targets = (
"purify" => {
cc => "purify gcc",
cflags => "-g -Wall",
thread_scheme => "(unknown)",
ex_libs => add(" ","-lsocket -lnsl"),
},
"debug" => {
cc => "gcc",
cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
thread_scheme => "(unknown)",
},
"debug-erbridge" => {
inherit_from => [ "x86_64_asm" ],
cc => "gcc",
cflags => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-m64",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "64",
},
"debug-linux-pentium" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ppro" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ia32-aes" => {
cc => "gcc",
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
cpuid_asm_src => "x86cpuid.s",
bn_asm_src => "bn-586.s co-586.s x86-mont.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes_x86core.s aes_cbc.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s",
cast_asm_src => "cast-586.s",
rc4_asm_src => "rc4-586.s",
rmd160_asm_src => "rmd-586.s",
rc5_asm_src => "rc5-586.s",
wp_asm_src => "wp_block.s wp-mmx.s",
modes_asm_src => "ghash-x86.s",
padlock_asm_src => "e_padlock-x86.s",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"dist" => {
cc => "cc",
cflags => "-O",
thread_scheme => "(unknown)",
},
"debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "bsd-gcc-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"darwin64-debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
sys_id => "MACOSX",
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "macosx",
dso_scheme => "dlfcn",
shared_target => "darwin-shared",
shared_cflag => "-fPIC -fno-common",
shared_ldflag => "-arch x86_64 -dynamiclib",
shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
);

27
Configurations/README
View File

@@ -18,10 +18,14 @@ configuration in diverse ways:
Configurations of OpenSSL target platforms Configurations of OpenSSL target platforms
========================================== ==========================================
Target configurations are a collection of facts that we know about Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target. hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant: In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from. inherit_from => Other targets to inherit values from.
@@ -86,6 +90,27 @@ In each table entry, the following keys are significant:
files. On unix, this defaults to "" (NOTE: files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not this is here for future use, it's not
implemented yet) implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to upper case
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the thread_scheme => The type of threads is used on the
configured platform. Currently known configured platform. Currently known

6
Configurations/common.tmpl
View File

@@ -52,8 +52,7 @@
generator_incs => $unified_info{includes}->{$script}, generator_incs => $unified_info{includes}->{$script},
generator_deps => $unified_info{depends}->{$script}, generator_deps => $unified_info{depends}->{$script},
deps => $unified_info{depends}->{$src}, deps => $unified_info{depends}->{$src},
incs => [ @{$unified_info{includes}->{$bin}}, incs => $unified_info{includes}->{$obj},
@{$unified_info{includes}->{$obj}} ],
%opts); %opts);
foreach (@{$unified_info{depends}->{$src}}) { foreach (@{$unified_info{depends}->{$src}}) {
dogenerate($_, $obj, $bin, %opts); dogenerate($_, $obj, $bin, %opts);
@@ -74,8 +73,7 @@
$OUT .= src2obj(obj => $obj_no_o, $OUT .= src2obj(obj => $obj_no_o,
srcs => $unified_info{sources}->{$obj}, srcs => $unified_info{sources}->{$obj},
deps => $unified_info{depends}->{$obj}, deps => $unified_info{depends}->{$obj},
incs => [ @{$unified_info{includes}->{$bin}}, incs => $unified_info{includes}->{$obj},
@{$unified_info{includes}->{$obj}} ],
%opts); %opts);
foreach ((@{$unified_info{sources}->{$obj}}, foreach ((@{$unified_info{sources}->{$obj}},
@{$unified_info{depends}->{$obj}})) { @{$unified_info{depends}->{$obj}})) {

66
Configurations/descrip.mms.tmpl
View File

@@ -89,7 +89,7 @@
sub dependmagic { sub dependmagic {
my $target = shift; my $target = shift;
return "$target : build_generated\n\t\pipe \$(MMS) depend && \$(MMS) _$target\n_$target"; return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target";
} }
#use Data::Dumper; #use Data::Dumper;
#print STDERR "DEBUG: before:\n", Dumper($unified_info{before}); #print STDERR "DEBUG: before:\n", Dumper($unified_info{before});
@@ -144,6 +144,9 @@ BIN_SCRIPTS=[.tools]c_rehash.pl
MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
{- output_on() if $disabled{apps}; "" -} {- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
# DESTDIR is for package builders so that they can configure for, say, # DESTDIR is for package builders so that they can configure for, say,
# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER]. # SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
# In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run # In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run
@@ -261,12 +264,18 @@ build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
# Kept around for backward compatibility # Kept around for backward compatibility
build_apps build_tests : build_programs build_apps build_tests : build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated : $(GENERATED_MANDATORY) $(GENERATED)
test : tests test : tests
{- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep {- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep
@ ! {- output_off() if $disabled{tests}; "" -} @ ! {- output_off() if $disabled{tests}; "" -}
SET DEFAULT [.test]{- move("test") -} SET DEFAULT [.test]{- move("test") -}
CREATE/DIR [.test-runs]
DEFINE SRCTOP {- sourcedir() -} DEFINE SRCTOP {- sourcedir() -}
DEFINE BLDTOP {- builddir() -} DEFINE BLDTOP {- builddir() -}
DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
DEFINE OPENSSL_ENGINES {- builddir("engines") -} DEFINE OPENSSL_ENGINES {- builddir("engines") -}
DEFINE OPENSSL_DEBUG_MEMORY "on" DEFINE OPENSSL_DEBUG_MEMORY "on"
IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)" IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
@@ -359,12 +368,10 @@ descrip.mms : FORCE
# Install helper targets ############################################# # Install helper targets #############################################
install_sw : all install_shared _install_dev_ns - install_sw : install_dev install_engines install_runtime -
install_engines _install_runtime_ns -
install_startup install_ivp install_startup install_ivp
uninstall_sw : uninstall_shared _uninstall_dev_ns - uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime -
uninstall_engines _uninstall_runtime_ns -
uninstall_startup uninstall_ivp uninstall_startup uninstall_ivp
install_docs : install_html_docs install_docs : install_html_docs
@@ -387,17 +394,7 @@ install_ssldirs : check_INSTALLTOP
COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} - COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
ossl_dataroot:[000000]openssl.cnf ossl_dataroot:[000000]openssl.cnf
install_shared : check_INSTALLTOP install_dev : check_INSTALLTOP install_runtime_libs
@ {- output_off() if $disabled{shared}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing shareable images"
@ ! Install shared (runtime) libraries
- CREATE/DIR ossl_installroot:[LIB.'arch']
{- join("\n ",
map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
@install_shlibs) -}
@ {- output_on() if $disabled{shared}; "" -} !
_install_dev_ns : check_INSTALLTOP
@ WRITE SYS$OUTPUT "*** Installing development files" @ WRITE SYS$OUTPUT "*** Installing development files"
@ ! Install header files @ ! Install header files
- CREATE/DIR ossl_installroot:[include.openssl] - CREATE/DIR ossl_installroot:[include.openssl]
@@ -408,20 +405,7 @@ _install_dev_ns : check_INSTALLTOP
map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" } map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
@{$unified_info{install}->{libraries}}) -} @{$unified_info{install}->{libraries}}) -}
install_dev : install_shared _install_dev_ns install_engines : check_INSTALLTOP install_runtime_libs build_engines
_install_runtime_ns : check_INSTALLTOP
@ ! Install the main program
- CREATE/DIR ossl_installroot:[EXE.'arch']
COPY/PROT=W:RE [.APPS]openssl.EXE -
ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
@ ! Install scripts
COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
@ ! {- output_on() if $disabled{apps}; "" -}
install_runtime : install_shared _install_runtime_ns
install_engines : check_INSTALLTOP
@ {- output_off() unless scalar @{$unified_info{engines}}; "" -} ! @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing engines" @ WRITE SYS$OUTPUT "*** Installing engines"
- CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch'] - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
@@ -430,6 +414,28 @@ install_engines : check_INSTALLTOP
@{$unified_info{install}->{engines}}) -} @{$unified_info{install}->{engines}}) -}
@ {- output_on() unless scalar @{$unified_info{engines}}; "" -} ! @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
install_runtime : install_programs
install_runtime_libs : check_INSTALLTOP build_libs
@ {- output_off() if $disabled{shared}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing shareable images"
@ ! Install shared (runtime) libraries
- CREATE/DIR ossl_installroot:[LIB.'arch']
{- join("\n ",
map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
@install_shlibs) -}
@ {- output_on() if $disabled{shared}; "" -} !
install_programs : check_INSTALLTOP install_runtime_libs build_programs
@ {- output_off() if $disabled{apps}; "" -} !
@ ! Install the main program
- CREATE/DIR ossl_installroot:[EXE.'arch']
COPY/PROT=W:RE [.APPS]openssl.EXE -
ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
@ ! Install scripts
COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
@ ! {- output_on() if $disabled{apps}; "" -}
install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com - install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
[.VMS]openssl_utils.com, check_INSTALLTOP [.VMS]openssl_utils.com, check_INSTALLTOP
- CREATE/DIR ossl_installroot:[SYS$STARTUP] - CREATE/DIR ossl_installroot:[SYS$STARTUP]

12
Configurations/dist.conf Normal file
View File

@@ -0,0 +1,12 @@
## -*- mode: perl; -*-
## Build configuration targets for openssl-team members
# This is to support 'make dist'
%targets = (
"dist" => {
inherit_from => [ 'BASE_unix' ],
cc => "cc",
cflags => "-O",
thread_scheme => "(unknown)",
},
);

155
Configurations/unix-Makefile.tmpl
View File

@@ -8,6 +8,7 @@
our $exeext = $target{exe_extension} || ""; our $exeext = $target{exe_extension} || "";
our $libext = $target{lib_extension} || ".a"; our $libext = $target{lib_extension} || ".a";
our $shlibext = $target{shared_extension} || ".so"; our $shlibext = $target{shared_extension} || ".so";
our $shlibvariant = $target{shlib_variant} || "";
our $shlibextsimple = $target{shared_extension_simple} || ".so"; our $shlibextsimple = $target{shared_extension_simple} || ".so";
our $shlibextimport = $target{shared_import_extension} || ""; our $shlibextimport = $target{shared_import_extension} || "";
our $dsoext = $target{dso_extension} || ".so"; our $dsoext = $target{dso_extension} || ".so";
@@ -40,7 +41,7 @@
sub shlib { sub shlib {
return () if $disabled{shared}; return () if $disabled{shared};
my $lib = shift; my $lib = shift;
return $unified_info{sharednames}->{$lib} . $shlibext; return $unified_info{sharednames}->{$lib}. $shlibvariant. $shlibext;
} }
sub shlib_simple { sub shlib_simple {
return () if $disabled{shared}; return () if $disabled{shared};
@@ -97,8 +98,7 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
{- output_on() if $disabled{makedepend}; "" -} {- output_on() if $disabled{makedepend}; "" -}
GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -} GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
GENERATED={- join(" ", GENERATED={- join(" ",
( map { (my $x = $_) =~ s|\.S$|\.s|; $x } ( grep { defined $unified_info{generate}->{$_} }
grep { defined $unified_info{generate}->{$_} }
map { @{$unified_info{sources}->{$_}} } map { @{$unified_info{sources}->{$_}} }
grep { /\.o$/ } keys %{$unified_info{sources}} ), grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} )) -} ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
@@ -113,6 +113,9 @@ BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
{- output_on() if $disabled{apps}; "" -} {- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
# DESTDIR is for package builders so that they can configure for, say, # DESTDIR is for package builders so that they can configure for, say,
# /usr/ and yet have everything installed to /tmp/somedir/usr/. # /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty. # Normally it is left empty.
@@ -204,9 +207,8 @@ TARFILE= ../$(NAME).tar
# order to be excused from maintaining a separate set of architecture # order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus # gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler. # and pass it down to assembler. In any case, we do not define AS or
AS=$(CC) -c # ASFLAGS for this reason.
ASFLAG=$(CFLAGS)
PERLASM_SCHEME= {- $target{perlasm_scheme} -} PERLASM_SCHEME= {- $target{perlasm_scheme} -}
# For x86 assembler: Set PROCESSOR to 386 if you want to support # For x86 assembler: Set PROCESSOR to 386 if you want to support
@@ -237,15 +239,21 @@ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
# Kept around for backward compatibility # Kept around for backward compatibility
build_apps build_tests: build_programs build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
test: tests test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils
@ : {- output_off() if $disabled{tests}; "" -} @ : {- output_off() if $disabled{tests}; "" -}
( cd test; \ ( cd test; \
mkdir -p test-runs; \
SRCTOP=../$(SRCDIR) \ SRCTOP=../$(SRCDIR) \
BLDTOP=../$(BLDDIR) \ BLDTOP=../$(BLDDIR) \
RESULT_D=test-runs \
PERL="$(PERL)" \ PERL="$(PERL)" \
EXE_EXT={- $exeext -} \ EXE_EXT={- $exeext -} \
OPENSSL_ENGINES=../$(BLDDIR)/engines \ OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \
OPENSSL_DEBUG_MEMORY=on \ OPENSSL_DEBUG_MEMORY=on \
$(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@@ -285,7 +293,7 @@ clean: libclean
-$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"` -$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"`
$(RM) core $(RM) core
$(RM) tags TAGS doc-nits $(RM) tags TAGS doc-nits
$(RM) test/.rnd $(RM) -r test/test-runs
$(RM) openssl.pc libcrypto.pc libssl.pc $(RM) openssl.pc libcrypto.pc libssl.pc
-$(RM) `find . -type l -a \! -path "./.git/*"` -$(RM) `find . -type l -a \! -path "./.git/*"`
$(RM) $(TARFILE) $(RM) $(TARFILE)
@@ -315,7 +323,7 @@ depend:
# Install helper targets ############################################# # Install helper targets #############################################
install_sw: all install_dev install_engines install_runtime install_sw: install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@@ -347,7 +355,7 @@ install_ssldirs:
chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
fi fi
install_dev: install_dev: install_runtime_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@echo "*** Installing development files" @echo "*** Installing development files"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
@@ -453,7 +461,7 @@ uninstall_dev:
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
install_engines: install_engines: install_runtime_libs build_engines
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
@echo "*** Installing engines" @echo "*** Installing engines"
@@ -480,9 +488,10 @@ uninstall_engines:
done done
-$(RMDIR) $(DESTDIR)$(ENGINESDIR) -$(RMDIR) $(DESTDIR)$(ENGINESDIR)
install_runtime: install_runtime: install_programs
install_runtime_libs: build_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
@ : {- output_off() if windowsdll(); "" -} @ : {- output_off() if windowsdll(); "" -}
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
@ : {- output_on() if windowsdll(); "" -} @ : {- output_on() if windowsdll(); "" -}
@@ -504,6 +513,11 @@ install_runtime:
$(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \ $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
: {- output_on() if windowsdll(); "" -}; \ : {- output_on() if windowsdll(); "" -}; \
done done
install_programs: install_runtime_libs build_programs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
@echo "*** Installing runtime programs"
@set -e; for x in dummy $(INSTALL_PROGRAMS); do \ @set -e; for x in dummy $(INSTALL_PROGRAMS); do \
if [ "$$x" = "dummy" ]; then continue; fi; \ if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \ fn=`basename $$x`; \
@@ -523,8 +537,10 @@ install_runtime:
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done done
uninstall_runtime: uninstall_runtime: uninstall_programs uninstall_runtime_libs
@echo "*** Uninstalling runtime files"
uninstall_programs:
@echo "*** Uninstalling runtime programs"
@set -e; for x in dummy $(INSTALL_PROGRAMS); \ @set -e; for x in dummy $(INSTALL_PROGRAMS); \
do \ do \
if [ "$$x" = "dummy" ]; then continue; fi; \ if [ "$$x" = "dummy" ]; then continue; fi; \
@@ -539,6 +555,10 @@ uninstall_runtime:
echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done done
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
uninstall_runtime_libs:
@echo "*** Uninstalling runtime libraries"
@ : {- output_off() unless windowsdll(); "" -} @ : {- output_off() unless windowsdll(); "" -}
@set -e; for s in dummy $(INSTALL_SHLIBS); do \ @set -e; for s in dummy $(INSTALL_SHLIBS); do \
if [ "$$s" = "dummy" ]; then continue; fi; \ if [ "$$s" = "dummy" ]; then continue; fi; \
@@ -547,7 +567,6 @@ uninstall_runtime:
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done done
@ : {- output_on() unless windowsdll(); "" -} @ : {- output_on() unless windowsdll(); "" -}
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
install_man_docs: install_man_docs:
@@ -592,19 +611,9 @@ doc-nits:
lint: lint:
lint -DLINT $(INCLUDES) $(SRCS) lint -DLINT $(INCLUDES) $(SRCS)
{- # because the program apps/openssl has object files as sources, and
# they then have the corresponding C files as source, we need to chain
# the lookups in %unified_info
my $apps_openssl = catfile("apps","openssl");
our @openssl_source = map { @{$unified_info{sources}->{$_}} }
@{$unified_info{sources}->{$apps_openssl}};
""; -}
generate_apps: generate_apps:
( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \ ( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \
< apps/openssl.cnf > apps/openssl-vms.cnf ) < apps/openssl.cnf > apps/openssl-vms.cnf )
( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b apps/progs.pl \
{- join(" ", @openssl_source) -} \
> apps/progs.h )
generate_crypto_bn: generate_crypto_bn:
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
@@ -656,25 +665,30 @@ tags TAGS: FORCE
# Release targets (note: only available on Unix) ##################### # Release targets (note: only available on Unix) #####################
# If your tar command doesn't support --owner and --group, make sure to
# use one that does, for example GNU tar
TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf - TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
PREPARE_CMD=: PREPARE_CMD=:
tar: tar:
set -e; \
TMPDIR=/var/tmp/openssl-copy.$$$$; \ TMPDIR=/var/tmp/openssl-copy.$$$$; \
DISTDIR=$(NAME); \ DISTDIR=$(NAME); \
mkdir -p $$TMPDIR/$$DISTDIR; \ mkdir -p $$TMPDIR/$$DISTDIR; \
(cd $(SRCDIR); \ (cd $(SRCDIR); \
excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf)"; \
echo "$$excl_re"; \
git ls-tree -r --name-only --full-tree HEAD \ git ls-tree -r --name-only --full-tree HEAD \
| grep -v '^fuzz/corpora' \ | egrep -v "$$excl_re" \
| while read F; do \ | while read F; do \
mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \ mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
cp $$F $$TMPDIR/$$DISTDIR/$$F; \ cp $$F $$TMPDIR/$$DISTDIR/$$F; \
done); \ done); \
(cd $$TMPDIR; \ (cd $$TMPDIR/$$DISTDIR; \
$(PREPARE_CMD); \ $(PREPARE_CMD); \
find $$TMPDIR/$$DISTDIR -type d -print | xargs chmod 755; \ find . -type d -print | xargs chmod 755; \
find $$TMPDIR/$$DISTDIR -type f -print | xargs chmod a+r; \ find . -type f -print | xargs chmod a+r; \
find $$TMPDIR/$$DISTDIR -type f -perm -0100 -print | xargs chmod a+x; \ find . -type f -perm -0100 -print | xargs chmod a+x); \
$(TAR_COMMAND) $$DISTDIR) \ (cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \
| (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \ | (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \
rm -rf $$TMPDIR rm -rf $$TMPDIR
cd $(SRCDIR); ls -l $(TARFILE).gz cd $(SRCDIR); ls -l $(TARFILE).gz
@@ -722,7 +736,6 @@ libssl.pc:
echo 'Version: '$(VERSION); \ echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \ echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \ echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir}' ) > libssl.pc echo 'Cflags: -I$${includedir}' ) > libssl.pc
openssl.pc: openssl.pc:
@@ -799,20 +812,6 @@ EOF
} }
if (defined($generator)) { if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
(my $target = $args{src}) =~ s|\.S$|.s|;
return <<"EOF";
$target: $args{generator}->[0] $deps
( trap "rm -f \$@.*" INT 0; \\
$generator \$@.S; \\
\$(CC) $incs \$(CFLAGS) -E \$@.S | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.i && \\
mv -f \$@.i \$@ )
EOF
}
# Otherwise....
return <<"EOF"; return <<"EOF";
$args{src}: $args{generator}->[0] $deps $args{src}: $args{generator}->[0] $deps
$generator \$@ $generator \$@
@@ -820,7 +819,7 @@ EOF
} }
return <<"EOF"; return <<"EOF";
$args{src}: $args{generator}->[0] $deps $args{src}: $args{generator}->[0] $deps
\$(CC) $incs \$(CFLAGS) -E \$< | \\ \$(CC) $incs \$(CFLAGS) -E $args{generator}->[0] | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@ \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@
EOF EOF
} }
@@ -832,12 +831,7 @@ EOF
sub src2obj { sub src2obj {
my %args = @_; my %args = @_;
my $obj = $args{obj}; my $obj = $args{obj};
my @srcs = map { if ($unified_info{generate}->{$_}) { my @srcs = @{$args{srcs}};
(my $x = $_) =~ s/\.S$/.s/; $x
} else {
$_
}
} ( @{$args{srcs}} );
my $srcs = join(" ", @srcs); my $srcs = join(" ", @srcs);
my $deps = join(" ", @srcs, @{$args{deps}}); my $deps = join(" ", @srcs, @{$args{deps}});
my $incs = join("", map { " -I".$_ } @{$args{incs}}); my $incs = join("", map { " -I".$_ } @{$args{incs}});
@@ -850,11 +844,30 @@ EOF
dso => '$(DSO_CFLAGS)', dso => '$(DSO_CFLAGS)',
bin => '$(BIN_CFLAGS)' } -> {$args{intent}}; bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
my $makedepprog = $config{makedepprog}; my $makedepprog = $config{makedepprog};
my $recipe = <<"EOF"; my $recipe;
$obj$objext: $deps # extension-specific rules
EOF if (grep /\.s$/, @srcs) {
if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
$recipe .= <<"EOF"; $recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) \$(CFLAGS) $ecflags -c -o \$\@ $srcs
EOF
} elsif (grep /\.S$/, @srcs) {
# In case one wonders why not just $(CC) -c file.S. While it
# does work with contemporary compilers, there are some legacy
# ones that get it wrong. Hence the elaborate scheme... We
# don't care to maintain dependecy lists, because dependency
# is rather weak, at most one header file that lists constants
# which are assigned in ascending order.
$recipe .= <<"EOF";
$obj$objext: $deps
( trap "rm -f \$@.*" INT 0; \\
\$(CC) $incs \$(CFLAGS) $ecflags -E $srcs | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.s && \\
\$(CC) \$(CFLAGS) $ecflags -c -o \$\@ \$@.s )
EOF
} elsif (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
$recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs \$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
\@touch $obj$depext.tmp \@touch $obj$depext.tmp
\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\ \@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
@@ -865,6 +878,7 @@ EOF
EOF EOF
} else { } else {
$recipe .= <<"EOF"; $recipe .= <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs \$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
EOF EOF
if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) { if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
@@ -900,6 +914,7 @@ EOF
my $shlib_target = $target{shared_target}; my $shlib_target = $target{shared_target};
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
my $target = shlib_simple($lib); my $target = shlib_simple($lib);
my $target_full = shlib($lib);
return <<"EOF" return <<"EOF"
# With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact # With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact
# that two files get produced, {shlibname}.dll and {libname}.dll.a. # that two files get produced, {shlibname}.dll and {libname}.dll.a.
@@ -914,27 +929,28 @@ $target: $lib$libext $deps $ordinalsfile
PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\ PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\ INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\ LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
LIBNAME=$libname LIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\ LIBNAME=$libname SHLIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
LIBCOMPATVERSIONS=';\$(SHLIB_VERSION_HISTORY)' \\ STLIBNAME=$lib$libext \\
SHLIBNAME=$target SHLIBNAME_FULL=$target_full \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\ CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\
LDFLAGS='\$(LDFLAGS)' \\ LDFLAGS='\$(LDFLAGS)' SHARED_LDFLAGS='\$(LIB_LDFLAGS)' \\
SHARED_LDFLAGS='\$(LIB_LDFLAGS)' SHLIB_EXT=$shlibext \\
RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\ RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\
link_shlib.$shlib_target link_shlib.$shlib_target
EOF EOF
. (windowsdll() ? <<"EOF" : ""); . (windowsdll() ? <<"EOF" : "");
rm -f apps/$shlib$shlibext rm -f apps/$shlib$shlibext
rm -f test/$shlib$shlibext rm -f test/$shlib$shlibext
rm -f fuzz/$shlib$shlibext
cp -p $shlib$shlibext apps/ cp -p $shlib$shlibext apps/
cp -p $shlib$shlibext test/ cp -p $shlib$shlibext test/
cp -p $shlib$shlibext fuzz/
EOF EOF
} }
sub obj2dso { sub obj2dso {
my %args = @_; my %args = @_;
my $lib = $args{lib}; my $dso = $args{lib};
my $libd = dirname($lib); my $dsod = dirname($dso);
my $libn = basename($lib); my $dson = basename($dso);
(my $libname = $libn) =~ s/^lib//;
my $shlibdeps = join("", map { my $d = dirname($_); my $shlibdeps = join("", map { my $d = dirname($_);
my $f = basename($_); my $f = basename($_);
(my $l = $f) =~ s/^lib//; (my $l = $f) =~ s/^lib//;
@@ -942,17 +958,16 @@ EOF
my $deps = join(" ",compute_lib_depends(@{$args{deps}})); my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
my $shlib_target = $target{shared_target}; my $shlib_target = $target{shared_target};
my $objs = join(" ", map { $_.$objext } @{$args{objs}}); my $objs = join(" ", map { $_.$objext } @{$args{objs}});
my $target = dso($lib); my $target = dso($dso);
return <<"EOF"; return <<"EOF";
$target: $objs $deps $target: $objs $deps
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\ \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\ PLATFORM=\$(PLATFORM) \\
PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\ PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$dsod" \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\ LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\ SHLIBNAME_FULL=$target LDFLAGS='\$(LDFLAGS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\ CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
SHARED_LDFLAGS='\$(DSO_LDFLAGS)' \\ SHARED_LDFLAGS='\$(DSO_LDFLAGS)' \\
SHLIB_EXT=$dsoext \\
LIBEXTRAS="$objs" \\ LIBEXTRAS="$objs" \\
link_dso.$shlib_target link_dso.$shlib_target
EOF EOF

2
Configurations/windows-checker.pm
View File

@@ -6,7 +6,7 @@ use Config;
# we expect for the platform # we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs); use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|\\|) { if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
die <<EOF; die <<EOF;
****************************************************************************** ******************************************************************************

142
Configurations/windows-makefile.tmpl
View File

@@ -72,7 +72,7 @@ SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -} SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -} ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -} ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -} PROGRAMS={- our @PROGRAMS = map { $_.$exeext } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -} PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
SCRIPTS={- join(" ", @{$unified_info{scripts}}) -} SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
{- output_off() if $disabled{makedepend}; "" -} {- output_off() if $disabled{makedepend}; "" -}
@@ -88,28 +88,32 @@ GENERATED={- join(" ",
grep { /\.o$/ } keys %{$unified_info{sources}} ), grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} )) -} ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -} INSTALL_LIBS={- join(" ", map { quotify1($_.$libext) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -} INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -} INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -} INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} INSTALL_PROGRAMPDBS={- join(" ", map { quotify1($_.".pdb") } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
{- output_off() if $disabled{apps}; "" -} {- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl"
MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl"
{- output_on() if $disabled{apps}; "" -} {- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
"\"".catfile("apps","openssl")."\"" -}
# Do not edit these manually. Use Configure with --prefix or --openssldir # Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure # to change this! Short explanation in the top comment in Configure
INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
# #
use File::Spec::Functions qw(:DEFAULT splitpath); use File::Spec::Functions qw(:DEFAULT splitpath);
our $prefix = $config{prefix} || "$win_installroot\\OpenSSL"; our $prefix = canonpath($config{prefix}
|| "$win_installroot\\OpenSSL");
our ($prefix_dev, $prefix_dir, $prefix_file) = our ($prefix_dev, $prefix_dir, $prefix_file) =
splitpath($prefix, 1); splitpath($prefix, 1);
$prefix_dev -} $prefix_dev -}
INSTALLTOP_dir={- $prefix_dir -} INSTALLTOP_dir={- canonpath($prefix_dir) -}
OPENSSLDIR_dev={- # OPENSSLDIR_dev={- #
# The logic here is that if no --openssldir was given, # The logic here is that if no --openssldir was given,
# OPENSSLDIR will get the value from $prefix plus "/ssl". # OPENSSLDIR will get the value from $prefix plus "/ssl".
@@ -123,13 +127,13 @@ OPENSSLDIR_dev={- #
our $openssldir = our $openssldir =
$config{openssldir} ? $config{openssldir} ?
(file_name_is_absolute($config{openssldir}) ? (file_name_is_absolute($config{openssldir}) ?
$config{openssldir} canonpath($config{openssldir})
: catdir($prefix, $config{openssldir})) : catdir($prefix, $config{openssldir}))
: "$win_commonroot\\SSL"; : canonpath("$win_commonroot\\SSL");
our ($openssldir_dev, $openssldir_dir, $openssldir_file) = our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
splitpath($openssldir, 1); splitpath($openssldir, 1);
$openssldir_dev -} $openssldir_dev -}
OPENSSLDIR_dir={- $openssldir_dir -} OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
LIBDIR={- our $libdir = $config{libdir} || "lib"; LIBDIR={- our $libdir = $config{libdir} || "lib";
$libdir -} $libdir -}
ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath); ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
@@ -137,7 +141,7 @@ ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) = our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
splitpath($enginesdir, 1); splitpath($enginesdir, 1);
$enginesdir_dev -} $enginesdir_dev -}
ENGINESDIR_dir={- $enginesdir_dir -} ENGINESDIR_dir={- canonpath($enginesdir_dir) -}
!IF "$(DESTDIR)" != "" !IF "$(DESTDIR)" != ""
INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir) INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir)
OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir) OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir)
@@ -178,6 +182,9 @@ MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY)
AS={- $target{as} -} AS={- $target{as} -}
ASFLAGS={- $target{asflags} -} ASFLAGS={- $target{asflags} -}
ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY) ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl"
PERLASM_SCHEME= {- $target{perlasm_scheme} -} PERLASM_SCHEME= {- $target{perlasm_scheme} -}
PROCESSOR= {- $config{processor} -} PROCESSOR= {- $config{processor} -}
@@ -197,25 +204,32 @@ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
# Kept around for backward compatibility # Kept around for backward compatibility
build_apps build_tests: build_programs build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
test: tests test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
@rem {- output_off() if $disabled{tests}; "" -} @{- output_off() if $disabled{tests}; "" -}
-mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR) set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR) set BLDTOP=$(BLDDIR)
set RESULT_D=$(BLDDIR)\test\test-runs
set PERL=$(PERL) set PERL=$(PERL)
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_DEBUG_MEMORY=on set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options" @$(ECHO) "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -} @{- output_on() if !$disabled{tests}; "" -}
list-tests: list-tests:
@rem {- output_off() if $disabled{tests}; "" -} @{- output_off() if $disabled{tests}; "" -}
@set SRCTOP=$(SRCDIR) @set SRCTOP=$(SRCDIR)
@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list @"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options" @$(ECHO) "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -} @{- output_on() if !$disabled{tests}; "" -}
install: install_sw install_ssldirs install_docs install: install_sw install_ssldirs install_docs
@@ -225,11 +239,14 @@ libclean:
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS) "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS) "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS) "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """fuzz/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS) -del /Q /F $(LIBS)
-del /Q ossl_static.pdb -del /Q ossl_static.pdb
clean: libclean clean: libclean
-del /Q /F $(PROGRAMS) $(ENGINES) $(SCRIPTS) {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
-del /Q /F $(ENGINES)
-del /Q /F $(SCRIPTS)
-del /Q /F $(GENERATED) -del /Q /F $(GENERATED)
-del /Q /S /F *.d -del /Q /S /F *.d
-del /Q /S /F *.obj -del /Q /S /F *.obj
@@ -250,7 +267,7 @@ depend:
# Install helper targets ############################################# # Install helper targets #############################################
install_sw: all install_dev install_engines install_runtime install_sw: install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@@ -270,17 +287,18 @@ install_ssldirs:
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
"$(OPENSSLDIR)\misc" "$(OPENSSLDIR)\misc"
install_dev: install_dev: install_runtime_libs
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@echo *** Installing development files @$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
@rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
"$(INSTALLTOP)\include\openssl" "$(INSTALLTOP)\include\openssl"
@rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
"$(SRCDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl" "$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl" "$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \
@@ -291,9 +309,9 @@ install_dev:
uninstall_dev: uninstall_dev:
install_engines: install_engines: install_runtime_libs build_engines
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@echo *** Installing engines @$(ECHO) "*** Installing engines"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \ @if not "$(ENGINES)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)" "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
@@ -302,15 +320,22 @@ install_engines:
uninstall_engines: uninstall_engines:
install_runtime: install_runtime: install_programs
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing runtime files install_runtime_libs: build_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing runtime libraries"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \ @if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin" "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \ @if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
"$(INSTALLTOP)\bin" "$(INSTALLTOP)\bin"
install_programs: install_runtime_libs build_programs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing runtime programs"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
"$(INSTALLTOP)\bin" "$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
@@ -329,14 +354,14 @@ uninstall_html_docs:
# Building targets ################################################### # Building targets ###################################################
configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@echo "Detected changed: $?" @$(ECHO) "Detected changed: $?"
@echo "Reconfiguring..." @$(ECHO) "Reconfiguring..."
"$(PERL)" "$(SRCDIR)\Configure" reconf "$(PERL)" "$(SRCDIR)\Configure" reconf
@echo "**************************************************" @$(ECHO) "**************************************************"
@echo "*** ***" @$(ECHO) "*** ***"
@echo "*** Please run the same make command again ***" @$(ECHO) "*** Please run the same make command again ***"
@echo "*** ***" @$(ECHO) "*** ***"
@echo "**************************************************" @$(ECHO) "**************************************************"
@exit 1 @exit 1
{- {-
@@ -355,7 +380,8 @@ configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{b
sub generatesrc { sub generatesrc {
my %args = @_; my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/; (my $target = $args{src}) =~ s/\.[sS]$/.asm/;
my $generator = '"'.join('" "', @{$args{generator}}).'"'; my ($gen0, @gens) = @{$args{generator}};
my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens);
my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}}); my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
my $incs = join("", map { " /I \"$_\"" } @{$args{incs}}); my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
my $deps = @{$args{deps}} ? my $deps = @{$args{deps}} ?
@@ -435,24 +461,20 @@ $obj$objext: $deps
\$(AS) \$(ASFLAGS) \$(ASOUTFLAG)\$\@ $srcs \$(AS) \$(ASFLAGS) \$(ASOUTFLAG)\$\@ $srcs
EOF EOF
} }
return <<"EOF" if (!$disabled{makedepend}); my $recipe = <<"EOF";
$obj$depext: $deps $obj$objext: $deps
\$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\ \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
EOF
$recipe .= <<"EOF" unless $disabled{makedepend};
\$(CC) $incs \$(CFLAGS) $ecflags /Zs /showIncludes $srcs 2>&1 | \\
"\$(PERL)" -n << > $obj$depext "\$(PERL)" -n << > $obj$depext
chomp; chomp;
s/^Note: including file: *//; s/^Note: including file: *//;
\$\$collect{\$\$_} = 1; \$\$collect{\$\$_} = 1;
END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" } END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" }
<< <<
$obj$objext: $obj$depext
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ @<<
$srcs
<<
EOF
return <<"EOF" if ($disabled{makedepend});
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
EOF EOF
return $recipe;
} }
# On Unix, we build shlibs from static libs, so we're ignoring the # On Unix, we build shlibs from static libs, so we're ignoring the
@@ -493,8 +515,10 @@ $objs $shlib.res$linklibs \$(EX_LIBS)
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext \$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext
COPY $shlib$shlibext apps COPY $shlib$shlibext apps
COPY $shlib$shlibext test COPY $shlib$shlibext test
COPY $shlib$shlibext fuzz
EOF EOF
} }
sub obj2dso { sub obj2dso {
@@ -589,8 +613,6 @@ EOF
foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) { foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
if (dirname($prod) eq $dir) { if (dirname($prod) eq $dir) {
push @deps, $prod.$extinfo{$type}; push @deps, $prod.$extinfo{$type};
} else {
push @actions, "\t@rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
} }
} }
} }

241
Configure
View File

@@ -1,6 +1,6 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# -*- mode: perl; -*- # -*- mode: perl; -*-
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@@ -11,13 +11,18 @@
use 5.10.0; use 5.10.0;
use strict; use strict;
use FindBin;
use lib "$FindBin::Bin/util/perl";
use File::Basename; use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/; use File::Path qw/mkpath/;
use if $^O ne "VMS", 'File::Glob' => qw/glob/; use OpenSSL::Glob;
# see INSTALL for instructions. # see INSTALL for instructions.
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
# Options: # Options:
@@ -60,8 +65,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# library and will be loaded in run-time by the OpenSSL library. # library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support # sctp include SCTP support
# enable-weak-ssl-ciphers # enable-weak-ssl-ciphers
# Enable weak ciphers that are disabled by default. This currently # Enable weak ciphers that are disabled by default.
# only includes RC4 based ciphers.
# 386 generate 80386 code in assembly modules # 386 generate 80386 code in assembly modules
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above # no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one # mentioned '386' option implies this one
@@ -116,6 +120,9 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# but 'long long' type. # but 'long long' type.
. " -DPEDANTIC -pedantic -Wno-long-long" . " -DPEDANTIC -pedantic -Wno-long-long"
. " -Wall" . " -Wall"
. " -Wextra"
. " -Wno-unused-parameter"
. " -Wno-missing-field-initializers"
. " -Wsign-compare" . " -Wsign-compare"
. " -Wmissing-prototypes" . " -Wmissing-prototypes"
. " -Wshadow" . " -Wshadow"
@@ -136,15 +143,11 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# -Wextended-offsetof -- no, needed in CMS ASN1 code # -Wextended-offsetof -- no, needed in CMS ASN1 code
my $clang_devteam_warn = "" my $clang_devteam_warn = ""
. " -Qunused-arguments" . " -Qunused-arguments"
. " -Wextra"
. " -Wno-unused-parameter"
. " -Wno-missing-field-initializers"
. " -Wno-language-extension-token" . " -Wno-language-extension-token"
. " -Wno-extended-offsetof" . " -Wno-extended-offsetof"
. " -Wconditional-uninitialized" . " -Wconditional-uninitialized"
. " -Wincompatible-pointer-types-discards-qualifiers" . " -Wincompatible-pointer-types-discards-qualifiers"
. " -Wmissing-variable-declarations" . " -Wmissing-variable-declarations"
. " -Wundef"
; ;
# This adds backtrace information to the memory leak info. Is only used # This adds backtrace information to the memory leak info. Is only used
@@ -461,31 +464,10 @@ my @disable_cascades = (
sub { 0 == scalar grep { !$disabled{$_} } @dtls } sub { 0 == scalar grep { !$disabled{$_} } @dtls }
=> [ "dtls" ], => [ "dtls" ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
"sha" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
# Additionally, SSL 3.0 requires either RSA or DSA+DH
sub { $disabled{rsa}
&& ($disabled{dsa} || $disabled{dh}); }
=> [ "ssl" ],
# (D)TLS 1.0 and TLS 1.1 also require either RSA or DSA+DH
# or ECDSA + ECDH. (D)TLS 1.2 has this requirement as well.
# (XXX: We don't support PSK-only builds).
sub { $disabled{rsa}
&& ($disabled{dsa} || $disabled{dh})
&& ($disabled{ecdsa} || $disabled{ecdh}); }
=> [ "tls1", "tls1_1", "tls1_2",
"dtls1", "dtls1_2" ],
"tls" => [ @tls ], "tls" => [ @tls ],
sub { 0 == scalar grep { !$disabled{$_} } @tls } sub { 0 == scalar grep { !$disabled{$_} } @tls }
=> [ "tls" ], => [ "tls" ],
# SRP and HEARTBEATS require TLSEXT
"tlsext" => [ "srp", "heartbeats" ],
"crypto-mdebug" => [ "crypto-mdebug-backtrace" ], "crypto-mdebug" => [ "crypto-mdebug-backtrace" ],
# Without DSO, we can't load dynamic engines, so don't build them dynamic # Without DSO, we can't load dynamic engines, so don't build them dynamic
@@ -499,7 +481,7 @@ my @disable_cascades = (
# no-autoalginit is only useful when building non-shared # no-autoalginit is only useful when building non-shared
"autoalginit" => [ "shared", "apps" ], "autoalginit" => [ "shared", "apps" ],
"stdio" => [ "apps", "capieng" ], "stdio" => [ "apps", "capieng", "egd" ],
"apps" => [ "tests" ], "apps" => [ "tests" ],
"comp" => [ "zlib" ], "comp" => [ "zlib" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ], sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
@@ -529,8 +511,6 @@ while ((my $first, my $second) = (shift @list, shift @list)) {
# To remove something from %disabled, use "enable-foo". # To remove something from %disabled, use "enable-foo".
# For symmetry, "disable-foo" is a synonym for "no-foo". # For symmetry, "disable-foo" is a synonym for "no-foo".
my $no_sse2=0;
&usage if ($#ARGV < 0); &usage if ($#ARGV < 0);
my $user_cflags=""; my $user_cflags="";
@@ -779,21 +759,21 @@ while (@argvcopy)
else else
{ $config{options} .= " ".$_; } { $config{options} .= " ".$_; }
} }
}
if (defined($config{api}) && !exists $apitable->{$config{api}}) { if (defined($config{api}) && !exists $apitable->{$config{api}}) {
die "***** Unsupported api compatibility level: $config{api}\n", die "***** Unsupported api compatibility level: $config{api}\n",
} }
if (keys %deprecated_options) if (keys %deprecated_options)
{ {
warn "***** Deprecated options: ", warn "***** Deprecated options: ",
join(", ", keys %deprecated_options), "\n"; join(", ", keys %deprecated_options), "\n";
} }
if (keys %unsupported_options) if (keys %unsupported_options)
{ {
die "***** Unsupported options: ", die "***** Unsupported options: ",
join(", ", keys %unsupported_options), "\n"; join(", ", keys %unsupported_options), "\n";
}
} }
if ($libs =~ /(^|\s)-Wl,-rpath,/ if ($libs =~ /(^|\s)-Wl,-rpath,/
@@ -880,7 +860,7 @@ foreach (sort (keys %disabled))
elsif (/^zlib-dynamic$/) elsif (/^zlib-dynamic$/)
{ } { }
elsif (/^sse2$/) elsif (/^sse2$/)
{ $no_sse2 = 1; } { }
elsif (/^engine$/) elsif (/^engine$/)
{ {
@{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
@@ -913,8 +893,6 @@ foreach (sort (keys %disabled))
{ {
push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT"; push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT";
print " OPENSSL_NO_$WHAT"; print " OPENSSL_NO_$WHAT";
if (/^err$/) { push @user_defines, "OPENSSL_NO_ERR"; }
} }
} }
@@ -933,11 +911,12 @@ if ($d) {
$target = $t; $target = $t;
} }
} }
&usage if !$table{$target} || $table{$target}->{template};
$config{target} = $target; $config{target} = $target;
my %target = resolve_config($target); my %target = resolve_config($target);
&usage if (!%target || $target{template});
my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
$config{conf_files} = [ sort keys %conf_files ]; $config{conf_files} = [ sort keys %conf_files ];
%target = ( %{$table{DEFAULTS}}, %target ); %target = ( %{$table{DEFAULTS}}, %target );
@@ -1168,7 +1147,7 @@ unless ($disabled{asm}) {
# bn-586 is the only one implementing bn_*_part_words # bn-586 is the only one implementing bn_*_part_words
push @{$config{defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/); push @{$config{defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/);
push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$no_sse2 && $target{bn_asm_src} =~ /86/); push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/);
push @{$config{defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/); push @{$config{defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
@@ -1200,7 +1179,7 @@ unless ($disabled{asm}) {
push @{$config{defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); push @{$config{defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
# aes-xts.fake indicates presence of AES_xts_[en|de]crypt... # aes-xts.fake indicates presence of AES_xts_[en|de]crypt...
push @{$config{defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//); push @{$config{defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//);
$target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($no_sse2); $target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2});
push @{$config{defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/); push @{$config{defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/);
push @{$config{defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/); push @{$config{defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/);
} }
@@ -1225,29 +1204,31 @@ unless ($disabled{asm}) {
} }
} }
my $ecc = $target{cc}; my %predefined;
if ($^O ne "VMS" && !$disabled{makedepend}) {
# Is the compiler gcc or clang? $ecc is used below to see if if ($^O ne "VMS") {
# error-checking can be turned on. my $cc = "$config{cross_compile_prefix}$target{cc}";
my $ccpcc = "$config{cross_compile_prefix}$target{cc}";
open(PIPE, "$ccpcc --version 2>&1 |"); # collect compiler pre-defines from gcc or gcc-alike...
my $lines = 2; open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |");
while ( <PIPE> ) { while (<PIPE>) {
# Find the version number and save the major. m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
m|(?:.*)\b(\d+)\.\d+\.\d+\b(?:.*)|; $predefined{$1} = $2 // "";
my $compiler_major = $1;
# We know that GNU C version 3 and up as well as all clang
# versions support dependency generation
$config{makedepprog} = $ccpcc
if (/clang/ || (/gcc/ && $compiler_major >= 3));
$ecc = "clang" if /clang/;
$ecc = "gcc" if /gcc/;
last if ($config{makedepprog} || !$lines--);
} }
close(PIPE); close(PIPE);
$config{makedepprog} = which('makedepend') unless $config{makedepprog}; if (!$disabled{makedepend}) {
$disabled{makedepend} = "unavailable" unless $config{makedepprog}; # We know that GNU C version 3 and up as well as all clang
# versions support dependency generation, but Xcode did not
# handle $cc -M before clang support (but claims __GNUC__ = 3)
if (($predefined{__GNUC__} // -1) >= 3
&& !($predefined{__APPLE_CC__} && !$predefined{__clang__})) {
$config{makedepprog} = $cc;
} else {
$config{makedepprog} = which('makedepend');
$disabled{makedepend} = "unavailable" unless $config{makedepprog};
}
}
} }
@@ -1292,13 +1273,13 @@ if (defined($config{api})) {
if ($strict_warnings) if ($strict_warnings)
{ {
my $wopt; my $wopt;
die "ERROR --strict-warnings requires gcc or clang" die "ERROR --strict-warnings requires gcc or gcc-alike"
unless $ecc eq 'gcc' || $ecc eq 'clang'; unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn) foreach $wopt (split /\s+/, $gcc_devteam_warn)
{ {
$config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/) $config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/)
} }
if ($ecc eq "clang") if (defined($predefined{__clang__}))
{ {
foreach $wopt (split /\s+/, $clang_devteam_warn) foreach $wopt (split /\s+/, $clang_devteam_warn)
{ {
@@ -1355,7 +1336,6 @@ my %unified_info = ();
my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO}); my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
if ($builder eq "unified") { if ($builder eq "unified") {
use lib catdir(dirname(__FILE__),"util");
use with_fallback qw(Text::Template); use with_fallback qw(Text::Template);
sub cleandir { sub cleandir {
@@ -1478,9 +1458,15 @@ if ($builder eq "unified") {
my %sharednames = (); my %sharednames = ();
my %generate = (); my %generate = ();
# We want to detect configdata.pm in the source tree, so we
# don't use it if the build tree is different.
my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f); push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f);
my $template = Text::Template->new(TYPE => 'FILE', my $template =
SOURCE => catfile($sourced, $f)); Text::Template->new(TYPE => 'FILE',
SOURCE => catfile($sourced, $f),
PREPEND => qq{use lib "$FindBin::Bin/util/perl";});
die "Something went wrong with $sourced/$f: $!\n" unless $template; die "Something went wrong with $sourced/$f: $!\n" unless $template;
my @text = my @text =
split /^/m, split /^/m,
@@ -1781,7 +1767,7 @@ EOF
# If it isn't in the source tree, we assume it's generated # If it isn't in the source tree, we assume it's generated
# in the build tree # in the build tree
if (! -f $s) { if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
$s = cleanfile($buildd, $_, $blddir); $s = cleanfile($buildd, $_, $blddir);
} }
# We recognise C and asm files # We recognise C and asm files
@@ -1807,7 +1793,7 @@ EOF
# If it isn't in the source tree, we assume it's generated # If it isn't in the source tree, we assume it's generated
# in the build tree # in the build tree
if (! -f $s) { if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
$s = cleanfile($buildd, $_, $blddir); $s = cleanfile($buildd, $_, $blddir);
} }
# We recognise C and asm files # We recognise C and asm files
@@ -1842,7 +1828,7 @@ EOF
# If the destination doesn't exist in source, it can only be # If the destination doesn't exist in source, it can only be
# a generated file in the build tree. # a generated file in the build tree.
if ($ddest ne "" && ! -f $ddest) { if ($ddest ne "" && ($ddest eq $src_configdata || ! -f $ddest)) {
$ddest = cleanfile($buildd, $_, $blddir); $ddest = cleanfile($buildd, $_, $blddir);
if ($unified_info{rename}->{$ddest}) { if ($unified_info{rename}->{$ddest}) {
$ddest = $unified_info{rename}->{$ddest}; $ddest = $unified_info{rename}->{$ddest};
@@ -1856,7 +1842,8 @@ EOF
# in the build tree rather than the source tree, and assume # in the build tree rather than the source tree, and assume
# and that there are lines to build it in a BEGINRAW..ENDRAW # and that there are lines to build it in a BEGINRAW..ENDRAW
# section or in the Makefile template. # section or in the Makefile template.
if (! -f $d if ($d eq $src_configdata
|| ! -f $d
|| (grep { $d eq $_ } || (grep { $d eq $_ }
map { cleanfile($srcdir, $_, $blddir) } map { cleanfile($srcdir, $_, $blddir) }
grep { /\.h$/ } keys %{$unified_info{generate}})) { grep { /\.h$/ } keys %{$unified_info{generate}})) {
@@ -1867,13 +1854,6 @@ EOF
$d = $unified_info{rename}->{$d}; $d = $unified_info{rename}->{$d};
} }
$unified_info{depends}->{$ddest}->{$d} = 1; $unified_info{depends}->{$ddest}->{$d} = 1;
# If we depend on a header file or a perl module, let's make
# sure it can get included
if ($dest ne "" && $d =~ /\.(h|pm)$/) {
my $i = dirname($d);
push @{$unified_info{includes}->{$ddest}->{source}}, $i
unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}->{source}};
}
} }
} }
@@ -1883,7 +1863,7 @@ EOF
# If the destination doesn't exist in source, it can only be # If the destination doesn't exist in source, it can only be
# a generated file in the build tree. # a generated file in the build tree.
if (! -f $ddest) { if ($ddest eq $src_configdata || ! -f $ddest) {
$ddest = cleanfile($buildd, $_, $blddir); $ddest = cleanfile($buildd, $_, $blddir);
if ($unified_info{rename}->{$ddest}) { if ($unified_info{rename}->{$ddest}) {
$ddest = $unified_info{rename}->{$ddest}; $ddest = $unified_info{rename}->{$ddest};
@@ -1900,6 +1880,43 @@ EOF
} }
} }
# Massage the result
# If we depend on a header file or a perl module, add an inclusion of
# its directory to allow smoothe inclusion
foreach my $dest (keys %{$unified_info{depends}}) {
next if $dest eq "";
foreach my $d (keys %{$unified_info{depends}->{$dest}}) {
next unless $d =~ /\.(h|pm)$/;
my $i = dirname($d);
my $spot =
$d eq "configdata.pm" || defined($unified_info{generate}->{$d})
? 'build' : 'source';
push @{$unified_info{includes}->{$dest}->{$spot}}, $i
unless grep { $_ eq $i } @{$unified_info{includes}->{$dest}->{$spot}};
}
}
# Trickle down includes placed on libraries, engines and programs to
# their sources (i.e. object files)
foreach my $dest (keys %{$unified_info{engines}},
keys %{$unified_info{libraries}},
keys %{$unified_info{programs}}) {
foreach my $k (("source", "build")) {
next unless defined($unified_info{includes}->{$dest}->{$k});
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
foreach my $obj (grep /\.o$/,
(keys %{$unified_info{sources}->{$dest} // {}},
keys %{$unified_info{shared_sources}->{$dest} // {}})) {
foreach my $inc (@incs) {
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
}
}
}
delete $unified_info{includes}->{$dest};
}
### Make unified_info a bit more efficient ### Make unified_info a bit more efficient
# One level structures # One level structures
foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) { foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
@@ -1915,8 +1932,9 @@ EOF
# Includes # Includes
foreach my $dest (sort keys %{$unified_info{includes}}) { foreach my $dest (sort keys %{$unified_info{includes}}) {
if (defined($unified_info{includes}->{$dest}->{build})) { if (defined($unified_info{includes}->{$dest}->{build})) {
my @source_includes = my @source_includes = ();
( @{$unified_info{includes}->{$dest}->{source}} ); @source_includes = ( @{$unified_info{includes}->{$dest}->{source}} )
if defined($unified_info{includes}->{$dest}->{source});
$unified_info{includes}->{$dest} = $unified_info{includes}->{$dest} =
[ @{$unified_info{includes}->{$dest}->{build}} ]; [ @{$unified_info{includes}->{$dest}->{build}} ];
foreach my $inc (@source_includes) { foreach my $inc (@source_includes) {
@@ -2113,6 +2131,8 @@ my %builders = (
$builders{$builder}->($builder_platform, @builder_opts); $builders{$builder}->($builder_platform, @builder_opts);
$SIG{__DIE__} = $orig_death_handler;
print <<"EOF"; print <<"EOF";
Configured for $target. Configured for $target.
@@ -2134,14 +2154,6 @@ or position independent code, please let us know (but please first make sure
you have tried with a current version of OpenSSL). you have tried with a current version of OpenSSL).
EOF EOF
print <<"EOF" if (-f catfile($srcdir, "configdata.pm") && $srcdir ne $blddir);
WARNING: there are indications that another build was made in the source
directory. This build may have picked up artifacts from that build, the
safest course of action is to clean the source directory and redo this
configuration.
EOF
exit(0); exit(0);
###################################################################### ######################################################################
@@ -2149,6 +2161,24 @@ exit(0);
# Helpers and utility functions # Helpers and utility functions
# #
# Death handler, to print a helpful message in case of failure #######
#
sub death_handler {
die @_ if $^S; # To prevent the added message in eval blocks
my $build_file = $target{build_file} // "build file";
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.
Please read INSTALL and associated NOTES files. You may also have to look over
your available compiler tool chain or change your configuration.
_____
# Dying is terminal, so it's ok to reset the signal handler here.
$SIG{__DIE__} = $orig_death_handler;
die @message;
}
# Configuration file reading ######################################### # Configuration file reading #########################################
# Note: All of the helper functions are for lazy evaluation. They all # Note: All of the helper functions are for lazy evaluation. They all
@@ -2291,6 +2321,17 @@ sub read_config {
eval $content; eval $content;
warn $@ if $@; warn $@ if $@;
} }
my %preexisting = ();
foreach (sort keys %targets) {
$preexisting{$_} = 1 if $table{$_};
}
die <<"EOF",
The following config targets from $fname
shadow pre-existing config targets with the same name:
EOF
map { " $_\n" } sort keys %preexisting
if %preexisting;
# For each target, check that it's configured with a hash table. # For each target, check that it's configured with a hash table.
foreach (keys %targets) { foreach (keys %targets) {

13
INSTALL
View File

@@ -3,7 +3,8 @@
-------------------- --------------------
This document describes installation on all supported operating This document describes installation on all supported operating
systems (the Linux/Unix family, OpenVMS and Windows) systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS,
and Windows).
To install OpenSSL, you will need: To install OpenSSL, you will need:
@@ -76,7 +77,7 @@
If you want to just get on with it, do: If you want to just get on with it, do:
on Unix: on Unix (again, this includes Mac OS/X):
$ ./config $ ./config
$ make $ make
@@ -408,8 +409,9 @@
has an impact when not built "shared". has an impact when not built "shared".
no-stdio no-stdio
Don't use any C "stdio" features. Only libcrypto and libssl Don't use anything from the C header file "stdio.h" that
can be built in this way. Using this option will suppress makes use of the "FILE" type. Only libcrypto and libssl can
be built in this way. Using this option will suppress
building the command line applications. Additionally since building the command line applications. Additionally since
the OpenSSL tests also use the command line applications the the OpenSSL tests also use the command line applications the
tests will also be skipped. tests will also be skipped.
@@ -678,7 +680,8 @@
compiler optimization flags from the CFLAGS line in Makefile and compiler optimization flags from the CFLAGS line in Makefile and
run "make clean; make" or corresponding. run "make clean; make" or corresponding.
Please send bug reports to <rt@openssl.org>. To report a bug please open an issue on GitHub, at
https://github.com/openssl/openssl/issues.
4. If everything tests ok, install OpenSSL with 4. If everything tests ok, install OpenSSL with

2
LICENSE
View File

@@ -10,7 +10,7 @@
--------------- ---------------
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions

257
Makefile.shared
View File

@@ -29,6 +29,37 @@ NM=nm
#LIBNAME=foo #LIBNAME=foo
LIBNAME= LIBNAME=
# STLIBNAME contains the path of the static library to build the shared
# library from, for example:
#STLIBNAME=libfoo.a
STLIBNAME=
# On most Unix platforms, SHLIBNAME contains the path of the short name of
# the shared library to build, for example
#SHLIBNAME=libfoo.so
# On Windows POSIX layers (cygwin and mingw), SHLIBNAME contains the import
# library name for the shared library to be built, for example:
#SHLIBNAME=libfoo.dll.a
# SHLIBNAME_FULL contains the path of the full name of the shared library to
# build, for example:
#SHLIBNAME_FULL=libfoo.so.1.2
# When building DSOs, SHLIBNAME_FULL contains path of the full DSO name, for
# example:
#SHLIBNAME_FULL=dir/dso.so
SHLIBNAME_FULL=
# SHLIBVERSION contains the current version of the shared library (not to
# be confused with the project version)
#SHLIBVERSION=1.2
SHLIBVERSION=
# NOTE: to build shared libraries, LIBNAME, STLIBNAME, SHLIBNAME and
# SHLIBNAME_FULL MUST have values when using this makefile, and in some
# cases, SHLIBVERSION as well. To build DSOs, SHLIBNAME_FULL MUST have
# a value, the rest can be left alone.
# APPNAME contains just the name of the application, without suffix ("" # APPNAME contains just the name of the application, without suffix (""
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using # on Unix, ".exe" on Windows, ...). This one MUST have a value when using
# this makefile to build applications. # this makefile to build applications.
@@ -36,9 +67,6 @@ LIBNAME=
#APPNAME=foo #APPNAME=foo
APPNAME= APPNAME=
# DSTDIR is the directory where the built file should end up in.
DSTDIR=.
# SRCDIR is the top directory of the source tree. # SRCDIR is the top directory of the source tree.
SRCDIR=. SRCDIR=.
@@ -55,24 +83,6 @@ OBJECTS=
# names of all object files that go into the target shared object. # names of all object files that go into the target shared object.
LIBEXTRAS= LIBEXTRAS=
# LIBVERSION contains the current version of the library.
# For example, to build libfoo.so.1.2, you need to do the following:
#LIBVERSION=1.2
LIBVERSION=
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
# the library. They MUST be in decreasing order.
# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
# and libfoo.so.1, you need to do the following:
#LIBCOMPATVERSIONS=1.2 1
# Note that on systems that use sonames, the last number will appear as
# part of it.
# It's also possible, for systems that support it (Tru64, for example),
# to add extra compatibility info with more precision, by adding a second
# list of versions, separated from the first with a semicolon, like this:
#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
LIBCOMPATVERSIONS=
# LIBDEPS contains all the flags necessary to cover all necessary # LIBDEPS contains all the flags necessary to cover all necessary
# dependencies to other libraries. # dependencies to other libraries.
LIBDEPS= LIBDEPS=
@@ -86,20 +96,6 @@ SET_X=:
top: top:
echo "Trying to use this makefile interactively? Don't." echo "Trying to use this makefile interactively? Don't."
CALC_VERSIONS= \
SHLIB_COMPAT=; SHLIB_SOVER=; \
if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
prev=""; \
for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
SHLIB_SOVER_NODOT=$$v; \
SHLIB_SOVER=.$$v; \
if [ -n "$$prev" ]; then \
SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
fi; \
prev=$$v; \
done; \
fi
LINK_APP= \ LINK_APP= \
( $(SET_X); \ ( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
@@ -120,43 +116,37 @@ LINK_SO= \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \ $${SHAREDCMD} $${SHAREDFLAGS} \
-o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \ $${SHAREDCMD} $${SHAREDFLAGS} \
-o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO) ) && $(SYMLINK_SO)
SYMLINK_SO= \ SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \ if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \
if [ -n "$$SHLIB_COMPAT" ]; then \ "$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \
for x in $$SHLIB_COMPAT; do \ ( $(SET_X); \
( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX; \ rm -f $(SHLIBNAME); \
ln -s $$prev $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX ); \ ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \
prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX ); \
fi; \ fi; \
fi fi
LINK_SO_SHLIB= SHOBJECTS="$(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO) LINK_SO_SHLIB= SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO) LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_SHLIB_VIA_O= \ LINK_SO_SHLIB_VIA_O= \
SHOBJECTS=$(DSTDIR)/lib$(LIBNAME).o; \ SHOBJECTS=$(STLIBNAME).o; \
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \ ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL lib$(LIBNAME).a $(LIBEXTRAS); \ ( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS); \
ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS) ); \ ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS) ); \
$(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS ) $(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS )
LINK_SO_SHLIB_UNPACKED= \ LINK_SO_SHLIB_UNPACKED= \
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \ UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
(cd $$UNPACKDIR; ar x ../$(DSTDIR)/lib$(LIBNAME).a) && \ (cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \ ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
SHOBJECTS=$$UNPACKDIR/*.o; \ SHOBJECTS=$$UNPACKDIR/*.o; \
$(LINK_SO) && rm -rf $$UNPACKDIR $(LINK_SO) && rm -rf $$UNPACKDIR
@@ -164,15 +154,10 @@ LINK_SO_SHLIB_UNPACKED= \
DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
DO_GNU_SO_COMMON=\ DO_GNU_SO_COMMON=\
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)"
DO_GNU_DSO=\ DO_GNU_DSO=\
SHLIB=$(LIBNAME).so; \
SHLIB_SOVER=; \
SHLIB_SUFFIX=; \
$(DO_GNU_SO_COMMON) $(DO_GNU_SO_COMMON)
DO_GNU_SO=\ DO_GNU_SO=\
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
$(DO_GNU_SO_COMMON) $(DO_GNU_SO_COMMON)
@@ -201,8 +186,6 @@ link_shlib.linux-shared:
link_dso.bsd: link_dso.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \ @if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \ LIBDEPS=" "; \
ALLSYMSFLAGS=; \ ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=; \ NOALLSYMSFLAGS=; \
@@ -210,9 +193,6 @@ link_dso.bsd:
fi; $(LINK_SO_DSO) fi; $(LINK_SO_DSO)
link_shlib.bsd: link_shlib.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \ @if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \ LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \ ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \ NOALLSYMSFLAGS=; \
@@ -241,50 +221,33 @@ link_app.bsd:
# Alternative to this heuristic approach is to develop specific # Alternative to this heuristic approach is to develop specific
# MacOS X dso module relying on whichever "native" dyld interface. # MacOS X dso module relying on whichever "native" dyld interface.
link_dso.darwin: link_dso.darwin:
@ SHLIB=$(LIBNAME); \ @ ALLSYMSFLAGS=''; \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \ SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
$(LINK_SO_DSO) $(LINK_SO_DSO)
link_shlib.darwin: link_shlib.darwin:
@ $(CALC_VERSIONS); \ @ ALLSYMSFLAGS='-all_load'; \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \
if [ -n "$(LIBVERSION)" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
fi; \
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
$(LINK_SO_SHLIB) $(LINK_SO_SHLIB)
link_app.darwin: # is there run-path on darwin? link_app.darwin: # is there run-path on darwin?
$(LINK_APP) $(LINK_APP)
link_dso.cygwin: link_dso.cygwin:
@SHLIB=$(LIBNAME); \ @ALLSYMSFLAGS=''; \
SHLIB_SUFFIX=.dll; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
base=-Wl,--enable-auto-image-base; \ base=-Wl,--enable-auto-image-base; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \
$(LINK_SO_DSO) $(LINK_SO_DSO)
link_shlib.cygwin: link_shlib.cygwin:
@ $(CALC_VERSIONS); \ @ INHIBIT_SYMLINKS=yes; \
INHIBIT_SYMLINKS=yes; \ echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \ "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \ $(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \ $(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a rc.o"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \ $(LINK_SO_SHLIB) || exit 1; \
rm rc.o rm rc.o
link_app.cygwin: link_app.cygwin:
@@ -293,26 +256,18 @@ link_app.cygwin:
# link_dso.mingw-shared and link_app.mingw-shared are mapped to the # link_dso.mingw-shared and link_app.mingw-shared are mapped to the
# corresponding cygwin targets, as they do the exact same thing. # corresponding cygwin targets, as they do the exact same thing.
link_shlib.mingw: link_shlib.mingw:
@ $(CALC_VERSIONS); \ @ INHIBIT_SYMLINKS=yes; \
INHIBIT_SYMLINKS=yes; \
arch=; \
if expr $(PLATFORM) : mingw64 > /dev/null; then arch=-x64; fi; \
sover=`echo $(LIBVERSION) | sed -e 's/\./_/g'` ; \
SHLIB=lib$(LIBNAME); \
SHLIB_SOVER=-$$sover$$arch; \
SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \ base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
$(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \ $(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1'"$$dll_name"'|' \ | sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \
> $(LIBNAME).def; \ > $(LIBNAME).def; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \ echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \ "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \ $(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \ $(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $(LIBNAME).def rc.o"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \ $(LINK_SO_SHLIB) || exit 1; \
rm $(LIBNAME).def rc.o rm $(LIBNAME).def rc.o
@@ -320,8 +275,6 @@ link_dso.alpha-osf1:
@ if $(DETECT_GNU_LD); then \ @ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \ $(DO_GNU_DSO); \
else \ else \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
@@ -331,21 +284,9 @@ link_shlib.alpha-osf1:
@ if $(DETECT_GNU_LD); then \ @ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \ $(DO_GNU_SO); \
else \ else \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
if [ -n "$$SHLIB_HIST" ]; then \
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
else \
SHLIB_HIST="$(LIBVERSION)"; \
fi; \
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \ ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \ NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
fi; \ fi; \
$(LINK_SO_SHLIB) $(LINK_SO_SHLIB)
link_app.alpha-osf1: link_app.alpha-osf1:
@@ -360,25 +301,19 @@ link_dso.solaris:
@ if $(DETECT_GNU_LD); then \ @ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \ $(DO_GNU_DSO); \
else \ else \
$(CALC_VERSIONS); \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=""; \ ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \ NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \ fi; \
$(LINK_SO_DSO) $(LINK_SO_DSO)
link_shlib.solaris: link_shlib.solaris:
@ if $(DETECT_GNU_LD); then \ @ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \ $(DO_GNU_SO); \
else \ else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=;\
$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \ $(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \ ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \
NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \ NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \ fi; \
$(LINK_SO_SHLIB) $(LINK_SO_SHLIB)
link_app.solaris: link_app.solaris:
@@ -394,24 +329,18 @@ link_dso.svr3:
@ if $(DETECT_GNU_LD); then \ @ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \ $(DO_GNU_DSO); \
else \ else \
$(CALC_VERSIONS); \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SUFFIX"; \ SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \ fi; \
$(LINK_SO_DSO) $(LINK_SO_DSO)
link_shlib.svr3: link_shlib.svr3:
@ if $(DETECT_GNU_LD); then \ @ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \ $(DO_GNU_SO); \
else \ else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \ fi; \
$(LINK_SO_SHLIB_UNPACKED) $(LINK_SO_SHLIB_UNPACKED)
link_app.svr3: link_app.svr3:
@@ -425,25 +354,20 @@ link_dso.svr5:
else \ else \
SHARE_FLAG='-G'; \ SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SUFFIX"; \ SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \ fi; \
$(LINK_SO_DSO) $(LINK_SO_DSO)
link_shlib.svr5: link_shlib.svr5:
@ if $(DETECT_GNU_LD); then \ @ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \ $(DO_GNU_SO); \
else \ else \
$(CALC_VERSIONS); \
SHARE_FLAG='-G'; \ SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \ fi; \
$(LINK_SO_SHLIB_UNPACKED) $(LINK_SO_SHLIB_UNPACKED)
link_app.svr5: link_app.svr5:
@@ -454,25 +378,20 @@ link_dso.irix:
@ if $(DETECT_GNU_LD); then \ @ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \ $(DO_GNU_DSO); \
else \ else \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=""; \ ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \ NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SUFFIX,-B,symbolic"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \ fi; \
$(LINK_SO_DSO) $(LINK_SO_DSO)
link_shlib.irix: link_shlib.irix:
@ if $(DETECT_GNU_LD); then \ @ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \ $(DO_GNU_SO); \
else \ else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
MINUSWL=""; \ MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \ ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \ ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \ NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \ fi; \
$(LINK_SO_SHLIB) $(LINK_SO_SHLIB)
link_app.irix: link_app.irix:
@@ -489,29 +408,22 @@ link_app.irix:
# #
link_dso.hpux: link_dso.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \ @if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
SHLIB=$(LIBNAME).sl; \
expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \ fi; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX || :; \ rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_DSO) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX $(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL)
link_shlib.hpux: link_shlib.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \ @if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \ ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \ fi; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \ rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_SHLIB) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX $(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL)
link_app.hpux: link_app.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \ @if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \ LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
@@ -521,23 +433,18 @@ link_app.hpux:
link_dso.aix: link_dso.aix:
@OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \ @OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \ rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_DSO); $(LINK_SO_DSO);
link_shlib.aix: link_shlib.aix:
@ $(CALC_VERSIONS); \ @ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-bnogc'; \ ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \ rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_SHLIB_VIA_O) $(LINK_SO_SHLIB_VIA_O)
link_app.aix: link_app.aix:
LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \ LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
@@ -547,19 +454,11 @@ link_app.aix:
# Targets to build symbolic links when needed # Targets to build symbolic links when needed
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \ symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
symlink.aix: symlink.aix:
@ $(CALC_VERSIONS); \ @ $(SYMLINK_SO)
SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
symlink.darwin: symlink.darwin:
@ $(CALC_VERSIONS); \ @ $(SYMLINK_SO)
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
$(SYMLINK_SO)
symlink.hpux: symlink.hpux:
@ $(CALC_VERSIONS); \ @ $(SYMLINK_SO)
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
# The following lines means those specific architectures do no symlinks # The following lines means those specific architectures do no symlinks
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath: symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:

22
NEWS
View File

@@ -5,6 +5,28 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018]
o Timing vulnerability in DSA signature generation (CVE-2018-0734)
o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018]
o Client DoS due to large DH parameter (CVE-2018-0732)
o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the
stack (CVE-2018-0739)
o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw o config now recognises 64-bit mingw and chooses mingw64 instead of mingw

4
README
View File

@@ -1,7 +1,7 @@
OpenSSL 1.1.0f 25 May 2017 OpenSSL 1.1.0j 20 Nov 2018
Copyright (c) 1998-2016 The OpenSSL Project Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved. All rights reserved.

6
apps/CA.pl.in
View File

@@ -145,7 +145,7 @@ if ($WHAT eq '-newcert' ) {
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
} }
} elsif ($WHAT eq '-pkcs12' ) { } elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[1]; my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname; $cname = "My Certificate" unless defined $cname;
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY" $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT" . " -certfile ${CATOP}/$CACERT"
@@ -178,12 +178,12 @@ if ($WHAT eq '-newcert' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL"); $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) { } elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[1]; my $cname = $ARGV[0];
if (!defined $cname) { if (!defined $cname) {
print "Certificate filename is required; reason optional.\n"; print "Certificate filename is required; reason optional.\n";
exit 1; exit 1;
} }
my $reason = $ARGV[2]; my $reason = $ARGV[1];
$reason = " -crl_reason $reason" $reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason); if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason); $RET = run("$CA -revoke \"$cname\"" . $reason);

4
apps/app_rand.c
View File

@@ -20,7 +20,7 @@ int app_RAND_load_file(const char *file, int dont_warn)
char buffer[200]; char buffer[200];
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof(buffer));
#ifndef OPENSSL_NO_EGD #ifndef OPENSSL_NO_EGD
else if (RAND_egd(file) > 0) { else if (RAND_egd(file) > 0) {
/* /*
@@ -101,7 +101,7 @@ int app_RAND_write_file(const char *file)
return 0; return 0;
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) { if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_err, "unable to write 'random state'\n"); BIO_printf(bio_err, "unable to write 'random state'\n");
return 0; return 0;

104
apps/apps.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -18,9 +18,7 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#ifndef NO_SYS_TYPES_H #include <sys/types.h>
# include <sys/types.h>
#endif
#ifndef OPENSSL_NO_POSIX_IO #ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h> # include <sys/stat.h>
# include <fcntl.h> # include <fcntl.h>
@@ -1014,7 +1012,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
}; };
if (set_multi_opts(flags, arg, ex_tbl) == 0) if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0; return 0;
if ((*flags & XN_FLAG_SEP_MASK) == 0) if (*flags != XN_FLAG_COMPAT
&& (*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC; *flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1; return 1;
} }
@@ -1390,9 +1389,9 @@ int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial
OPENSSL_strlcpy(buf[0], serialfile, BSIZE); OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
else { else {
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif #endif
} }
out = BIO_new_file(buf[0], "w"); out = BIO_new_file(buf[0], "w");
@@ -1433,11 +1432,11 @@ int rotate_serial(const char *serialfile, const char *new_suffix,
goto err; goto err;
} }
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif #endif
if (rename(serialfile, buf[1]) < 0 && errno != ENOENT if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR #ifdef ENOTDIR
@@ -1506,9 +1505,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
goto err; goto err;
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile); BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
#else #else
BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile); BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
#endif #endif
dbattr_conf = app_load_config(buf); dbattr_conf = app_load_config(buf);
@@ -1569,13 +1568,13 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
goto err; goto err;
} }
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else #else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif #endif
out = BIO_new_file(buf[0], "w"); out = BIO_new_file(buf[0], "w");
if (out == NULL) { if (out == NULL) {
@@ -1618,17 +1617,17 @@ int rotate_index(const char *dbfile, const char *new_suffix,
goto err; goto err;
} }
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else #else
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif #endif
if (rename(dbfile, buf[1]) < 0 && errno != ENOENT if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR #ifdef ENOTDIR
@@ -1708,8 +1707,14 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
char *work; char *work;
X509_NAME *n; X509_NAME *n;
if (*cp++ != '/') if (*cp++ != '/') {
BIO_printf(bio_err,
"name is expected to be in the format "
"/type0=value0/type1=value1/type2=... where characters may "
"be escaped by \\. This name is not in that format: '%s'\n",
--cp);
return NULL; return NULL;
}
n = X509_NAME_new(); n = X509_NAME_new();
if (n == NULL) if (n == NULL)
@@ -1765,6 +1770,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
opt_getprog(), typestr); opt_getprog(), typestr);
continue; continue;
} }
if (*valstr == '\0') {
BIO_printf(bio_err,
"%s: No value provided for Subject Attribute %s, skipped\n",
opt_getprog(), typestr);
continue;
}
if (!X509_NAME_add_entry_by_NID(n, nid, chtype, if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
valstr, strlen((char *)valstr), valstr, strlen((char *)valstr),
-1, ismulti ? -1 : 0)) -1, ismulti ? -1 : 0))
@@ -2255,29 +2266,27 @@ int app_access(const char* name, int flag)
#ifdef _WIN32 #ifdef _WIN32
int app_isdir(const char *name) int app_isdir(const char *name)
{ {
HANDLE hList; DWORD attr;
WIN32_FIND_DATA FileData;
# if defined(UNICODE) || defined(_UNICODE) # if defined(UNICODE) || defined(_UNICODE)
size_t i, len_0 = strlen(name) + 1; size_t i, len_0 = strlen(name) + 1;
WCHAR tempname[MAX_PATH];
if (len_0 > OSSL_NELEM(FileData.cFileName)) if (len_0 > MAX_PATH)
return -1; return -1;
# if !defined(_WIN32_WCE) || _WIN32_WCE>=101 # if !defined(_WIN32_WCE) || _WIN32_WCE>=101
if (!MultiByteToWideChar if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
(CP_ACP, 0, name, len_0, FileData.cFileName, len_0))
# endif # endif
for (i = 0; i < len_0; i++) for (i = 0; i < len_0; i++)
FileData.cFileName[i] = (WCHAR)name[i]; tempname[i] = (WCHAR)name[i];
hList = FindFirstFile(FileData.cFileName, &FileData); attr = GetFileAttributes(tempname);
# else # else
hList = FindFirstFile(name, &FileData); attr = GetFileAttributes(name);
# endif # endif
if (hList == INVALID_HANDLE_VALUE) if (attr == INVALID_FILE_ATTRIBUTES)
return -1; return -1;
FindClose(hList); return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0);
} }
#else #else
# include <sys/stat.h> # include <sys/stat.h>
@@ -2575,6 +2584,7 @@ void wait_for_async(SSL *s)
fd_set asyncfds; fd_set asyncfds;
OSSL_ASYNC_FD *fds; OSSL_ASYNC_FD *fds;
size_t numfds; size_t numfds;
size_t i;
if (!SSL_get_all_async_fds(s, NULL, &numfds)) if (!SSL_get_all_async_fds(s, NULL, &numfds))
return; return;
@@ -2583,17 +2593,17 @@ void wait_for_async(SSL *s)
fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds"); fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
if (!SSL_get_all_async_fds(s, fds, &numfds)) { if (!SSL_get_all_async_fds(s, fds, &numfds)) {
OPENSSL_free(fds); OPENSSL_free(fds);
return;
} }
FD_ZERO(&asyncfds); FD_ZERO(&asyncfds);
while (numfds > 0) { for (i = 0; i < numfds; i++) {
if (width <= (int)*fds) if (width <= (int)fds[i])
width = (int)*fds + 1; width = (int)fds[i] + 1;
openssl_fdset((int)*fds, &asyncfds); openssl_fdset((int)fds[i], &asyncfds);
numfds--;
fds++;
} }
select(width, (void *)&asyncfds, NULL, NULL, NULL); select(width, (void *)&asyncfds, NULL, NULL, NULL);
OPENSSL_free(fds);
#endif #endif
} }

16
apps/apps.h
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -214,8 +214,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
OPT_S_DHPARAM, OPT_S_DEBUGBROKE, OPT_S_COMP, \ OPT_S_DEBUGBROKE, OPT_S_COMP, OPT_S_MINPROTO, OPT_S_MAXPROTO, \
OPT_S__LAST OPT_S_NO_RENEGOTIATION, OPT_S__LAST
# define OPT_S_OPTIONS \ # define OPT_S_OPTIONS \
{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \ {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
@@ -230,6 +230,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
{"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \ {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \ {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
"Enable use of legacy renegotiation (dangerous)"}, \ "Enable use of legacy renegotiation (dangerous)"}, \
{"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
"Disable all renegotiation."}, \
{"legacy_server_connect", OPT_S_LEGACYCONN, '-', \ {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
"Allow initial connection to servers that don't support RI"}, \ "Allow initial connection to servers that don't support RI"}, \
{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \ {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
@@ -248,8 +250,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
{"named_curve", OPT_S_NAMEDCURVE, 's', \ {"named_curve", OPT_S_NAMEDCURVE, 's', \
"Elliptic curve used for ECDHE (server-side only)" }, \ "Elliptic curve used for ECDHE (server-side only)" }, \
{"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \ {"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \
{"dhparam", OPT_S_DHPARAM, '<', \ {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
"DH parameter file to use, in cert file if not specified"}, \ {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
"Perform all sorts of protocol violations for testing purposes"} "Perform all sorts of protocol violations for testing purposes"}
@@ -274,7 +276,9 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
case OPT_S_CURVES: \ case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \ case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \ case OPT_S_CIPHER: \
case OPT_S_DHPARAM: \ case OPT_S_MINPROTO: \
case OPT_S_MAXPROTO: \
case OPT_S_NO_RENEGOTIATION: \
case OPT_S_DEBUGBROKE case OPT_S_DEBUGBROKE
#define IS_NO_PROT_FLAG(o) \ #define IS_NO_PROT_FLAG(o) \

22
apps/asn1pars.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -41,7 +41,7 @@ OPTIONS asn1parse_options[] = {
{"dump", OPT_DUMP, 0, "unknown data in hex form"}, {"dump", OPT_DUMP, 0, "unknown data in hex form"},
{"dlimit", OPT_DLIMIT, 'p', {"dlimit", OPT_DLIMIT, 'p',
"dump the first arg bytes of unknown data in hex form"}, "dump the first arg bytes of unknown data in hex form"},
{"strparse", OPT_STRPARSE, 's', {"strparse", OPT_STRPARSE, 'p',
"offset; a series of these can be used to 'dig'"}, "offset; a series of these can be used to 'dig'"},
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
@@ -113,13 +113,13 @@ int asn1parse_main(int argc, char **argv)
offset = strtol(opt_arg(), NULL, 0); offset = strtol(opt_arg(), NULL, 0);
break; break;
case OPT_LENGTH: case OPT_LENGTH:
length = atoi(opt_arg()); length = strtol(opt_arg(), NULL, 0);
break; break;
case OPT_DUMP: case OPT_DUMP:
dump = -1; dump = -1;
break; break;
case OPT_DLIMIT: case OPT_DLIMIT:
dump = atoi(opt_arg()); dump = strtol(opt_arg(), NULL, 0);
break; break;
case OPT_STRPARSE: case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg()); sk_OPENSSL_STRING_push(osk, opt_arg());
@@ -191,7 +191,7 @@ int asn1parse_main(int argc, char **argv)
num = 0; num = 0;
for (;;) { for (;;) {
if (!BUF_MEM_grow(buf, (int)num + BUFSIZ)) if (!BUF_MEM_grow(buf, num + BUFSIZ))
goto end; goto end;
i = BIO_read(in, &(buf->data[num]), BUFSIZ); i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0) if (i <= 0)
@@ -211,9 +211,9 @@ int asn1parse_main(int argc, char **argv)
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
ASN1_TYPE *atmp; ASN1_TYPE *atmp;
int typ; int typ;
j = atoi(sk_OPENSSL_STRING_value(osk, i)); j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
if (j == 0) { if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is an invalid number\n", BIO_printf(bio_err, "'%s' is out of range\n",
sk_OPENSSL_STRING_value(osk, i)); sk_OPENSSL_STRING_value(osk, i));
continue; continue;
} }
@@ -244,14 +244,14 @@ int asn1parse_main(int argc, char **argv)
num = tmplen; num = tmplen;
} }
if (offset >= num) { if (offset < 0 || offset >= num) {
BIO_printf(bio_err, "Error: offset too large\n"); BIO_printf(bio_err, "Error: offset out of range\n");
goto end; goto end;
} }
num -= offset; num -= offset;
if ((length == 0) || ((long)length > num)) if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num; length = (unsigned int)num;
if (derout) { if (derout) {
if (BIO_write(derout, str + offset, length) != (int)length) { if (BIO_write(derout, str + offset, length) != (int)length) {

28
apps/build.info
View File

@@ -1,21 +1,27 @@
{- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget"; {- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget";
our @apps_openssl_src =
( qw(openssl.c
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
srp.c ts.c verify.c version.c x509.c rehash.c
apps.c opt.c s_cb.c s_socket.c
app_rand.c),
split(/\s+/, $target{apps_aux_src}) );
"" -} "" -}
IF[{- !$disabled{apps} -}] IF[{- !$disabled{apps} -}]
PROGRAMS=openssl PROGRAMS=openssl
SOURCE[openssl]=\ SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
openssl.c \
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
srp.c ts.c verify.c version.c x509.c rehash.c \
apps.c opt.c s_cb.c s_socket.c \
app_rand.c \
{- $target{apps_aux_src} -}
INCLUDE[openssl]=.. ../include INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl DEPEND[openssl]=../libssl
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
@apps_openssl_src) -}
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
DEPEND[progs.h]=../configdata.pm
SCRIPTS=CA.pl {- $tsget_name -} SCRIPTS=CA.pl {- $tsget_name -}
SOURCE[CA.pl]=CA.pl.in SOURCE[CA.pl]=CA.pl.in
SOURCE[{- $tsget_name -}]=tsget.in SOURCE[{- $tsget_name -}]=tsget.in

331
apps/ca.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -440,30 +440,23 @@ end_of_options:
&& (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL) && (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL)
goto end; goto end;
if (conf != NULL) { p = NCONF_get_string(conf, NULL, "oid_file");
p = NCONF_get_string(conf, NULL, "oid_file"); if (p == NULL)
if (p == NULL) ERR_clear_error();
ERR_clear_error(); if (p != NULL) {
if (p != NULL) { BIO *oid_bio = BIO_new_file(p, "r");
BIO *oid_bio;
oid_bio = BIO_new_file(p, "r"); if (oid_bio == NULL) {
if (oid_bio == NULL) { ERR_clear_error();
/*- } else {
BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); OBJ_create_objects(oid_bio);
ERR_print_errors(bio_err); BIO_free(oid_bio);
*/
ERR_clear_error();
} else {
OBJ_create_objects(oid_bio);
BIO_free(oid_bio);
}
}
if (!add_oid_section(conf)) {
ERR_print_errors(bio_err);
goto end;
} }
} }
if (!add_oid_section(conf)) {
ERR_print_errors(bio_err);
goto end;
}
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL) if (randfile == NULL)
@@ -732,10 +725,10 @@ end_of_options:
/*****************************************************************/ /*****************************************************************/
if (req || gencrl) { if (req || gencrl) {
/* FIXME: Is it really always text? */ if (spkac_file != NULL) {
Sout = bio_open_default(outfile, 'w', FORMAT_TEXT); output_der = 1;
if (Sout == NULL) batch = 1;
goto end; }
} }
if (md == NULL if (md == NULL
@@ -879,10 +872,6 @@ end_of_options:
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto end; goto end;
} }
if (outfile) {
output_der = 1;
batch = 1;
}
} }
} }
if (ss_cert_file != NULL) { if (ss_cert_file != NULL) {
@@ -936,10 +925,13 @@ end_of_options:
if (j > 0) { if (j > 0) {
total_done++; total_done++;
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
if (!BN_add_word(serial, 1)) if (!BN_add_word(serial, 1)) {
X509_free(x);
goto end; goto end;
}
if (!sk_X509_push(cert_sk, x)) { if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
X509_free(x);
goto end; goto end;
} }
} }
@@ -1024,6 +1016,11 @@ end_of_options:
if (verbose) if (verbose)
BIO_printf(bio_err, "writing %s\n", buf[2]); BIO_printf(bio_err, "writing %s\n", buf[2]);
Sout = bio_open_default(outfile, 'w',
output_der ? FORMAT_ASN1 : FORMAT_TEXT);
if (Sout == NULL)
goto end;
Cout = BIO_new_file(buf[2], "w"); Cout = BIO_new_file(buf[2], "w");
if (Cout == NULL) { if (Cout == NULL) {
perror(buf[2]); perror(buf[2]);
@@ -1032,6 +1029,8 @@ end_of_options:
write_new_certificate(Cout, xi, 0, notext); write_new_certificate(Cout, xi, 0, notext);
write_new_certificate(Sout, xi, output_der, notext); write_new_certificate(Sout, xi, output_der, notext);
BIO_free_all(Cout); BIO_free_all(Cout);
BIO_free_all(Sout);
Sout = NULL;
} }
if (sk_X509_num(cert_sk)) { if (sk_X509_num(cert_sk)) {
@@ -1098,13 +1097,13 @@ end_of_options:
goto end; goto end;
tmptm = ASN1_TIME_new(); tmptm = ASN1_TIME_new();
if (tmptm == NULL) if (tmptm == NULL
goto end; || X509_gmtime_adj(tmptm, 0) == NULL
X509_gmtime_adj(tmptm, 0); || !X509_CRL_set1_lastUpdate(crl, tmptm)
X509_CRL_set1_lastUpdate(crl, tmptm); || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, NULL) == NULL) {
NULL)) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n"); BIO_puts(bio_err, "error setting CRL nextUpdate\n");
ASN1_TIME_free(tmptm);
goto end; goto end;
} }
X509_CRL_set1_nextUpdate(crl, tmptm); X509_CRL_set1_nextUpdate(crl, tmptm);
@@ -1180,6 +1179,11 @@ end_of_options:
if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts)) if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
goto end; goto end;
Sout = bio_open_default(outfile, 'w',
output_der ? FORMAT_ASN1 : FORMAT_TEXT);
if (Sout == NULL)
goto end;
PEM_write_bio_X509_CRL(Sout, crl); PEM_write_bio_X509_CRL(Sout, crl);
if (crlnumberfile != NULL) /* Rename the crlnumber file */ if (crlnumberfile != NULL) /* Rename the crlnumber file */
@@ -1376,8 +1380,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
CONF *lconf, unsigned long certopt, unsigned long nameopt, CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign) int default_op, int ext_copy, int selfsign)
{ {
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
NULL;
const ASN1_TIME *tm; const ASN1_TIME *tm;
ASN1_STRING *str, *str2; ASN1_STRING *str, *str2;
ASN1_OBJECT *obj; ASN1_OBJECT *obj;
@@ -1559,7 +1562,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) { if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) { if (!X509_NAME_add_entry(subject, push, -1, 0)) {
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto end; goto end;
} }
@@ -1577,104 +1579,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end; goto end;
} }
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
/*
* and add it later on because of the method extensions are added
* (altName)
*/
if (email_dn)
dn_subject = subject;
else {
X509_NAME_ENTRY *tmpne;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if ((dn_subject = X509_NAME_dup(subject)) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
}
if (BN_is_zero(serial))
row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
p = "Expired";
else if (rrow[DB_type][0] == 'R')
p = "Revoked";
else if (rrow[DB_type][0] == 'V')
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == 'R') {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto end;
}
/* We are now totally happy, lets make and sign the certificate */ /* We are now totally happy, lets make and sign the certificate */
if (verbose) if (verbose)
BIO_printf(bio_err, BIO_printf(bio_err,
@@ -1704,7 +1608,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (enddate != NULL) { if (enddate != NULL) {
int tdays; int tdays;
ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
goto end;
days = tdays; days = tdays;
} }
@@ -1719,7 +1625,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */ /* Lets add the extensions, if there are any */
if (ext_sect) { if (ext_sect) {
X509V3_CTX ctx; X509V3_CTX ctx;
X509_set_version(ret, 2);
/* Initialize the context structure */ /* Initialize the context structure */
if (selfsign) if (selfsign)
@@ -1774,10 +1679,132 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end; goto end;
} }
/* Set the right value for the noemailDN option */ {
if (email_dn == 0) { const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(ret);
if (!X509_set_subject_name(ret, dn_subject))
if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
goto end;
}
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject. */
if (!email_dn) {
X509_NAME_ENTRY *tmpne;
X509_NAME *dn_subject;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if ((dn_subject = X509_NAME_dup(subject)) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end; goto end;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
if (!X509_set_subject_name(ret, dn_subject)) {
X509_NAME_free(dn_subject);
goto end;
}
X509_NAME_free(dn_subject);
}
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (BN_is_zero(serial))
row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (row[DB_name][0] == '\0') {
/*
* An empty subject! We'll use the serial number instead. If
* unique_subject is in use then we don't want different entries with
* empty subjects matching each other.
*/
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == DB_TYPE_EXP)
p = "Expired";
else if (rrow[DB_type][0] == DB_TYPE_REV)
p = "Revoked";
else if (rrow[DB_type][0] == DB_TYPE_VAL)
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == DB_TYPE_REV) {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto end;
} }
if (!default_op) { if (!default_op) {
@@ -1829,8 +1856,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
row[DB_exp_date][tm->length] = '\0'; row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date] = NULL; row[DB_rev_date] = NULL;
row[DB_file] = OPENSSL_strdup("unknown"); row[DB_file] = OPENSSL_strdup("unknown");
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) { (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
@@ -1850,16 +1875,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
irow = NULL; irow = NULL;
ok = 1; ok = 1;
end: end:
if (irow != NULL) { if (ok != 1) {
for (i = 0; i < DB_NUMBER; i++) for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]); OPENSSL_free(row[i]);
OPENSSL_free(irow);
} }
OPENSSL_free(irow);
X509_NAME_free(CAname); X509_NAME_free(CAname);
X509_NAME_free(subject); X509_NAME_free(subject);
if (dn_subject != subject)
X509_NAME_free(dn_subject);
if (ok <= 0) if (ok <= 0)
X509_free(ret); X509_free(ret);
else else
@@ -2040,6 +2063,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
else else
row[DB_serial] = BN_bn2hex(bn); row[DB_serial] = BN_bn2hex(bn);
BN_free(bn); BN_free(bn);
if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
/* Entries with empty Subjects actually use the serial number instead */
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
}
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto end; goto end;
@@ -2200,7 +2228,10 @@ static int do_updatedb(CA_DB *db)
return -1; return -1;
/* get actual time and make a string */ /* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0); if (X509_gmtime_adj(a_tm, 0) == NULL) {
ASN1_UTCTIME_free(a_tm);
return -1;
}
a_tm_s = app_malloc(a_tm->length + 1, "time string"); a_tm_s = app_malloc(a_tm->length + 1, "time string");
memcpy(a_tm_s, a_tm->data, a_tm->length); memcpy(a_tm_s, a_tm->data, a_tm->length);

2
apps/ciphers.c
View File

@@ -225,7 +225,7 @@ int ciphers_main(int argc, char **argv)
BIO_printf(bio_out, "%s - ", nm); BIO_printf(bio_out, "%s - ", nm);
} }
#endif #endif
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf)); BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
} }
} }

10
apps/cms.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -931,11 +931,15 @@ int cms_main(int argc, char **argv)
keyfile = sk_OPENSSL_STRING_value(skkeys, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(signerfile, FORMAT_PEM, "signer certificate"); signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
if (!signer) if (!signer) {
ret = 2;
goto end; goto end;
}
key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (!key) if (!key) {
ret = 2;
goto end; goto end;
}
for (kparam = key_first; kparam; kparam = kparam->next) { for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) { if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM; tflags |= CMS_KEY_PARAM;

15
apps/dhparam.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -151,6 +151,11 @@ int dhparam_main(int argc, char **argv)
goto end; goto end;
} }
# endif # endif
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
/* DH parameters */ /* DH parameters */
if (num && !g) if (num && !g)
g = 2; g = 2;
@@ -266,10 +271,6 @@ int dhparam_main(int argc, char **argv)
/* dh != NULL */ /* dh != NULL */
} }
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (text) { if (text) {
DHparams_print(out, dh); DHparams_print(out, dh);
} }
@@ -326,9 +327,9 @@ int dhparam_main(int argc, char **argv)
"\n" "\n"
" if (dh == NULL)\n" " if (dh == NULL)\n"
" return NULL;\n"); " return NULL;\n");
BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof (dhp_%d), NULL);\n", BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
bits, bits); bits, bits);
BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof (dhg_%d), NULL);\n", BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
bits, bits); bits, bits);
BIO_printf(out, " if (dhp_bn == NULL || dhg_bn == NULL\n" BIO_printf(out, " if (dhp_bn == NULL || dhg_bn == NULL\n"
" || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n" " || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n"

3
apps/dsa.c
View File

@@ -217,6 +217,9 @@ int dsa_main(int argc, char **argv)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk; EVP_PKEY *pk;
pk = EVP_PKEY_new(); pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_DSA(pk, dsa); EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK) { if (outformat == FORMAT_PVK) {
if (pubin) { if (pubin) {

34
apps/dsaparam.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -226,28 +226,34 @@ int dsaparam_main(int argc, char **argv)
data = app_malloc(len + 20, "BN space"); data = app_malloc(len + 20, "BN space");
BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p); BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p);
print_bignum_var(bio_out, p, "dsap", len, data); print_bignum_var(bio_out, p, "dsap", bits_p, data);
print_bignum_var(bio_out, q, "dsaq", len, data); print_bignum_var(bio_out, q, "dsaq", bits_p, data);
print_bignum_var(bio_out, g, "dsag", len, data); print_bignum_var(bio_out, g, "dsag", bits_p, data);
BIO_printf(bio_out, " DSA *dsa = DSA_new();\n" BIO_printf(bio_out, " DSA *dsa = DSA_new();\n"
" BIGNUM *p, *q, *g;\n"
"\n"); "\n");
BIO_printf(bio_out, " if (dsa == NULL)\n" BIO_printf(bio_out, " if (dsa == NULL)\n"
" return NULL;\n"); " return NULL;\n");
BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof (dsap_%d), NULL);\n", BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n",
bits_p, bits_p); bits_p, bits_p);
BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof (dsaq_%d), NULL);\n", BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n",
bits_p, bits_p); bits_p, bits_p);
BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof (dsag_%d), NULL);\n", BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n",
bits_p, bits_p); bits_p, bits_p);
BIO_printf(bio_out, " if (!dsa->p || !dsa->q || !dsa->g) {\n" BIO_printf(bio_out, " DSA_free(dsa);\n"
" DSA_free(dsa);\n" " BN_free(p);\n"
" BN_free(q);\n"
" BN_free(g);\n"
" return NULL;\n" " return NULL;\n"
" }\n" " }\n"
" return(dsa);\n}\n"); " return dsa;\n}\n");
OPENSSL_free(data); OPENSSL_free(data);
} }
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) { if (!noout) {
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa); i = i2d_DSAparams_bio(out, dsa);

20
apps/ecparam.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -357,24 +357,24 @@ int ecparam_main(int argc, char **argv)
" BIGNUM *tmp_3 = NULL;\n" " BIGNUM *tmp_3 = NULL;\n"
"\n"); "\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof (ec_p_%d), NULL)) == NULL)\n" BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n"
" goto err;\n", len, len); " goto err;\n", len, len);
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof (ec_a_%d), NULL)) == NULL)\n" BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n"
" goto err;\n", len, len); " goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof (ec_b_%d), NULL)) == NULL)\n" BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n"
" goto err;\n", len, len); " goto err;\n", len, len);
BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n" BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
" goto err;\n" " goto err;\n"
"\n"); "\n");
BIO_printf(out, " /* build generator */\n"); BIO_printf(out, " /* build generator */\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof (ec_gen_%d), tmp_1)) == NULL)\n" BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n"
" goto err;\n", len, len); " goto err;\n", len, len);
BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n"); BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
BIO_printf(out, " if (point == NULL)\n" BIO_printf(out, " if (point == NULL)\n"
" goto err;\n"); " goto err;\n");
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof (ec_order_%d), tmp_2)) == NULL)\n" BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n"
" goto err;\n", len, len); " goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof (ec_cofactor_%d), tmp_3)) == NULL)\n" BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n"
" goto err;\n", len, len); " goto err;\n", len, len);
BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n" BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
" goto err;\n" " goto err;\n"
@@ -393,6 +393,9 @@ int ecparam_main(int argc, char **argv)
"}\n"); "}\n");
} }
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) { if (!noout) {
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group); i = i2d_ECPKParameters_bio(out, group);
@@ -428,6 +431,9 @@ int ecparam_main(int argc, char **argv)
goto end; goto end;
} }
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) { if (!EC_KEY_generate_key(eckey)) {
BIO_printf(bio_err, "unable to generate key\n"); BIO_printf(bio_err, "unable to generate key\n");
EC_KEY_free(eckey); EC_KEY_free(eckey);

28
apps/enc.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -96,7 +96,7 @@ int enc_main(int argc, char **argv)
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p; char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
char *infile = NULL, *outfile = NULL, *prog; char *infile = NULL, *outfile = NULL, *prog;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL; char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
char mbuf[sizeof magic - 1]; char mbuf[sizeof(magic) - 1];
OPTION_CHOICE o; OPTION_CHOICE o;
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0; int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
int enc = 1, printkey = 0, i, k; int enc = 1, printkey = 0, i, k;
@@ -218,7 +218,7 @@ int enc_main(int argc, char **argv)
in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT); in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
if (in == NULL) if (in == NULL)
goto opthelp; goto opthelp;
i = BIO_gets(in, buf, sizeof buf); i = BIO_gets(in, buf, sizeof(buf));
BIO_free(in); BIO_free(in);
in = NULL; in = NULL;
if (i <= 0) { if (i <= 0) {
@@ -257,6 +257,10 @@ int enc_main(int argc, char **argv)
break; break;
} }
} }
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
@@ -311,7 +315,7 @@ int enc_main(int argc, char **argv)
for (;;) { for (;;) {
char prompt[200]; char prompt[200];
BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:", BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)), OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption"); (enc) ? "encryption" : "decryption");
strbuf[0] = '\0'; strbuf[0] = '\0';
@@ -398,31 +402,31 @@ int enc_main(int argc, char **argv)
else { else {
if (enc) { if (enc) {
if (hsalt) { if (hsalt) {
if (!set_hex(hsalt, salt, sizeof salt)) { if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n"); BIO_printf(bio_err, "invalid hex salt value\n");
goto end; goto end;
} }
} else if (RAND_bytes(salt, sizeof salt) <= 0) } else if (RAND_bytes(salt, sizeof(salt)) <= 0)
goto end; goto end;
/* /*
* If -P option then don't bother writing * If -P option then don't bother writing
*/ */
if ((printkey != 2) if ((printkey != 2)
&& (BIO_write(wbio, magic, && (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1 sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio, || BIO_write(wbio,
(char *)salt, (char *)salt,
sizeof salt) != sizeof salt)) { sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n"); BIO_printf(bio_err, "error writing output file\n");
goto end; goto end;
} }
} else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio, || BIO_read(rbio,
(unsigned char *)salt, (unsigned char *)salt,
sizeof salt) != sizeof salt) { sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n"); BIO_printf(bio_err, "error reading input file\n");
goto end; goto end;
} else if (memcmp(mbuf, magic, sizeof magic - 1)) { } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n"); BIO_printf(bio_err, "bad magic number\n");
goto end; goto end;
} }
@@ -449,7 +453,7 @@ int enc_main(int argc, char **argv)
int siz = EVP_CIPHER_iv_length(cipher); int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) { if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n"); BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, sizeof iv)) { } else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "invalid hex iv value\n"); BIO_printf(bio_err, "invalid hex iv value\n");
goto end; goto end;
} }

1
apps/engine.c
View File

@@ -311,6 +311,7 @@ int engine_main(int argc, char **argv)
break; break;
case OPT_TT: case OPT_TT:
test_avail_noise++; test_avail_noise++;
/* fall thru */
case OPT_T: case OPT_T:
test_avail++; test_avail++;
break; break;

2
apps/errstr.c
View File

@@ -58,7 +58,7 @@ int errstr_main(int argc, char **argv)
*/ */
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
ERR_error_string_n(l, buf, sizeof buf); ERR_error_string_n(l, buf, sizeof(buf));
BIO_printf(bio_out, "%s\n", buf); BIO_printf(bio_out, "%s\n", buf);
} }
} }

16
apps/genrsa.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -78,6 +78,7 @@ int genrsa_main(int argc, char **argv)
switch (o) { switch (o) {
case OPT_EOF: case OPT_EOF:
case OPT_ERR: case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end; goto end;
case OPT_HELP: case OPT_HELP:
@@ -110,11 +111,16 @@ int genrsa_main(int argc, char **argv)
} }
argc = opt_num_rest(); argc = opt_num_rest();
argv = opt_rest(); argv = opt_rest();
if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0)
goto end;
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
private = 1; private = 1;
if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
goto end;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) { if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n"); BIO_printf(bio_err, "Error getting password\n");
goto end; goto end;

7
apps/ocsp.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -639,7 +639,6 @@ int ocsp_main(int argc, char **argv)
OCSP_response_status_str(i), i); OCSP_response_status_str(i), i);
if (ignore_err) if (ignore_err)
goto redo_accept; goto redo_accept;
ret = 0;
goto end; goto end;
} }
@@ -1074,7 +1073,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
*pcbio = cbio; *pcbio = cbio;
/* Read the request line. */ /* Read the request line. */
len = BIO_gets(cbio, reqbuf, sizeof reqbuf); len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
if (len <= 0) if (len <= 0)
return 1; return 1;
if (strncmp(reqbuf, "GET ", 4) == 0) { if (strncmp(reqbuf, "GET ", 4) == 0) {
@@ -1116,7 +1115,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
/* Read and skip past the headers. */ /* Read and skip past the headers. */
for (;;) { for (;;) {
len = BIO_gets(cbio, inbuf, sizeof inbuf); len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0) if (len <= 0)
return 1; return 1;
if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))

26
apps/openssl.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -69,8 +69,8 @@ static int apps_startup()
#endif #endif
/* Set non-default library initialisation settings */ /* Set non-default library initialisation settings */
if (!OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
| OPENSSL_INIT_LOAD_CONFIG, NULL)) | OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0; return 0;
#ifndef OPENSSL_NO_UI #ifndef OPENSSL_NO_UI
@@ -154,8 +154,13 @@ int main(int argc, char *argv[])
#endif #endif
} }
if (!apps_startup()) if (!apps_startup()) {
BIO_printf(bio_err,
"FATAL: Startup failure (dev note: apps_startup() failed)\n");
ERR_print_errors(bio_err);
ret = 1;
goto end; goto end;
}
prog = prog_init(); prog = prog_init();
pname = opt_progname(argv[0]); pname = opt_progname(argv[0]);
@@ -183,7 +188,7 @@ int main(int argc, char *argv[])
for (;;) { for (;;) {
ret = 0; ret = 0;
/* Read a line, continue reading if line ends with \ */ /* Read a line, continue reading if line ends with \ */
for (p = buf, n = sizeof buf, i = 0, first = 1; n > 0; first = 0) { for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) {
prompt = first ? "OpenSSL> " : "> "; prompt = first ? "OpenSSL> " : "> ";
p[0] = '\0'; p[0] = '\0';
#ifndef READLINE #ifndef READLINE
@@ -329,6 +334,7 @@ int list_main(int argc, char **argv)
switch (o) { switch (o) {
case OPT_EOF: /* Never hit, but suppresses warning */ case OPT_EOF: /* Never hit, but suppresses warning */
case OPT_ERR: case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1; return 1;
case OPT_HELP: case OPT_HELP:
@@ -358,12 +364,14 @@ int list_main(int argc, char **argv)
} }
done = 1; done = 1;
} }
if (opt_num_rest() != 0) {
if (!done) { BIO_printf(bio_err, "Extra arguments given.\n");
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto opthelp;
return 1;
} }
if (!done)
goto opthelp;
return 0; return 0;
} }

20
apps/opt.c
View File

@@ -60,10 +60,10 @@ char *opt_progname(const char *argv0)
n -= 4; n -= 4;
/* Copy over the name, in lowercase. */ /* Copy over the name, in lowercase. */
if (n > sizeof prog - 1) if (n > sizeof(prog) - 1)
n = sizeof prog - 1; n = sizeof(prog) - 1;
for (q = prog, i = 0; i < n; i++, p++) for (q = prog, i = 0; i < n; i++, p++)
*q++ = isupper(*p) ? tolower(*p) : *p; *q++ = tolower((unsigned char)*p);
*q = '\0'; *q = '\0';
return prog; return prog;
} }
@@ -82,9 +82,9 @@ char *opt_progname(const char *argv0)
} }
q = strrchr(p, '.'); q = strrchr(p, '.');
strncpy(prog, p, sizeof prog - 1); strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof prog - 1] = '\0'; prog[sizeof(prog) - 1] = '\0';
if (q != NULL && q - p < sizeof prog) if (q != NULL && q - p < sizeof(prog))
prog[q - p] = '\0'; prog[q - p] = '\0';
return prog; return prog;
} }
@@ -101,8 +101,8 @@ char *opt_progname(const char *argv0)
p++; p++;
break; break;
} }
strncpy(prog, p, sizeof prog - 1); strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof prog - 1] = '\0'; prog[sizeof(prog) - 1] = '\0';
return prog; return prog;
} }
#endif #endif
@@ -840,7 +840,7 @@ void opt_help(const OPTIONS *list)
i += 1 + strlen(valtype2param(o)); i += 1 + strlen(valtype2param(o));
if (i < MAX_OPT_HELP_WIDTH && i > width) if (i < MAX_OPT_HELP_WIDTH && i > width)
width = i; width = i;
assert(i < (int)sizeof start); assert(i < (int)sizeof(start));
} }
if (standard_prolog) if (standard_prolog)
@@ -857,7 +857,7 @@ void opt_help(const OPTIONS *list)
/* Pad out prefix */ /* Pad out prefix */
memset(start, ' ', sizeof(start) - 1); memset(start, ' ', sizeof(start) - 1);
start[sizeof start - 1] = '\0'; start[sizeof(start) - 1] = '\0';
if (o->name == OPT_MORE_STR) { if (o->name == OPT_MORE_STR) {
/* Continuation of previous line; pad and print. */ /* Continuation of previous line; pad and print. */

60
apps/passwd.c
View File

@@ -79,9 +79,9 @@ int passwd_main(int argc, char **argv)
char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
OPTION_CHOICE o; OPTION_CHOICE o;
int in_stdin = 0, pw_source_defined = 0; int in_stdin = 0, pw_source_defined = 0;
#ifndef OPENSSL_NO_UI # ifndef OPENSSL_NO_UI
int in_noverify = 0; int in_noverify = 0;
#endif # endif
int passed_salt = 0, quiet = 0, table = 0, reverse = 0; int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0; int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0;
size_t passwd_malloc_size = 0, pw_maxlen = 256; size_t passwd_malloc_size = 0, pw_maxlen = 256;
@@ -105,9 +105,9 @@ int passwd_main(int argc, char **argv)
pw_source_defined = 1; pw_source_defined = 1;
break; break;
case OPT_NOVERIFY: case OPT_NOVERIFY:
#ifndef OPENSSL_NO_UI # ifndef OPENSSL_NO_UI
in_noverify = 1; in_noverify = 1;
#endif # endif
break; break;
case OPT_QUIET: case OPT_QUIET:
quiet = 1; quiet = 1;
@@ -198,26 +198,31 @@ int passwd_main(int argc, char **argv)
} }
if ((in == NULL) && (passwds == NULL)) { if ((in == NULL) && (passwds == NULL)) {
/*
* we use the following method to make sure what
* in the 'else' section is always compiled, to
* avoid rot of not-frequently-used code.
*/
if (1) { if (1) {
#ifndef OPENSSL_NO_UI # ifndef OPENSSL_NO_UI
/* build a null-terminated list */ /* build a null-terminated list */
static char *passwds_static[2] = { NULL, NULL }; static char *passwds_static[2] = { NULL, NULL };
passwds = passwds_static; passwds = passwds_static;
if (in == NULL) if (in == NULL) {
if (EVP_read_pw_string if (EVP_read_pw_string
(passwd_malloc, passwd_malloc_size, "Password: ", (passwd_malloc, passwd_malloc_size, "Password: ",
!(passed_salt || in_noverify)) != 0) !(passed_salt || in_noverify)) != 0)
goto end; goto end;
}
passwds[0] = passwd_malloc; passwds[0] = passwd_malloc;
} else { } else {
#endif # endif
BIO_printf(bio_err, "password required\n"); BIO_printf(bio_err, "password required\n");
goto end; goto end;
} }
} }
if (in == NULL) { if (in == NULL) {
assert(passwds != NULL); assert(passwds != NULL);
assert(*passwds != NULL); assert(*passwds != NULL);
@@ -228,11 +233,9 @@ int passwd_main(int argc, char **argv)
quiet, table, reverse, pw_maxlen, usecrypt, use1, quiet, table, reverse, pw_maxlen, usecrypt, use1,
useapr1)) useapr1))
goto end; goto end;
} } while (*passwds != NULL);
while (*passwds != NULL); } else {
} else
/* in != NULL */ /* in != NULL */
{
int done; int done;
assert(passwd != NULL); assert(passwd != NULL);
@@ -240,13 +243,13 @@ int passwd_main(int argc, char **argv)
int r = BIO_gets(in, passwd, pw_maxlen + 1); int r = BIO_gets(in, passwd, pw_maxlen + 1);
if (r > 0) { if (r > 0) {
char *c = (strchr(passwd, '\n')); char *c = (strchr(passwd, '\n'));
if (c != NULL) if (c != NULL) {
*c = 0; /* truncate at newline */ *c = 0; /* truncate at newline */
else { } else {
/* ignore rest of line */ /* ignore rest of line */
char trash[BUFSIZ]; char trash[BUFSIZ];
do do
r = BIO_gets(in, trash, sizeof trash); r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n'))); while ((r > 0) && (!strchr(trash, '\n')));
} }
@@ -256,8 +259,7 @@ int passwd_main(int argc, char **argv)
goto end; goto end;
} }
done = (r <= 0); done = (r <= 0);
} } while (!done);
while (!done);
} }
ret = 0; ret = 0;
@@ -298,9 +300,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
if (magic_len > 4) /* assert it's "1" or "apr1" */ if (magic_len > 4) /* assert it's "1" or "apr1" */
return NULL; return NULL;
OPENSSL_strlcat(out_buf, magic, sizeof out_buf); OPENSSL_strlcat(out_buf, magic, sizeof(out_buf));
OPENSSL_strlcat(out_buf, "$", sizeof out_buf); OPENSSL_strlcat(out_buf, "$", sizeof(out_buf));
OPENSSL_strlcat(out_buf, salt, sizeof out_buf); OPENSSL_strlcat(out_buf, salt, sizeof(out_buf));
if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */ if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
return NULL; return NULL;
@@ -330,8 +332,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|| !EVP_DigestFinal_ex(md2, buf, NULL)) || !EVP_DigestFinal_ex(md2, buf, NULL))
goto err; goto err;
for (i = passwd_len; i > sizeof buf; i -= sizeof buf) { for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) {
if (!EVP_DigestUpdate(md, buf, sizeof buf)) if (!EVP_DigestUpdate(md, buf, sizeof(buf)))
goto err; goto err;
} }
if (!EVP_DigestUpdate(md, buf, i)) if (!EVP_DigestUpdate(md, buf, i))
@@ -351,7 +353,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
goto err; goto err;
if (!EVP_DigestUpdate(md2, if (!EVP_DigestUpdate(md2,
(i & 1) ? (unsigned const char *)passwd : buf, (i & 1) ? (unsigned const char *)passwd : buf,
(i & 1) ? passwd_len : sizeof buf)) (i & 1) ? passwd_len : sizeof(buf)))
goto err; goto err;
if (i % 3) { if (i % 3) {
if (!EVP_DigestUpdate(md2, salt_out, salt_len)) if (!EVP_DigestUpdate(md2, salt_out, salt_len))
@@ -363,7 +365,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
} }
if (!EVP_DigestUpdate(md2, if (!EVP_DigestUpdate(md2,
(i & 1) ? buf : (unsigned const char *)passwd, (i & 1) ? buf : (unsigned const char *)passwd,
(i & 1) ? sizeof buf : passwd_len)) (i & 1) ? sizeof(buf) : passwd_len))
goto err; goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL)) if (!EVP_DigestFinal_ex(md2, buf, NULL))
goto err; goto err;
@@ -375,7 +377,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{ {
/* transform buf into output string */ /* transform buf into output string */
unsigned char buf_perm[sizeof buf]; unsigned char buf_perm[sizeof(buf)];
int dest, source; int dest, source;
char *output; char *output;
@@ -387,7 +389,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
buf_perm[15] = buf[11]; buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no # ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */ * effect" warning */
assert(16 == sizeof buf_perm); assert(16 == sizeof(buf_perm));
# endif # endif
output = salt_out + salt_len; output = salt_out + salt_len;
@@ -433,9 +435,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (!passed_salt) { if (!passed_salt) {
# ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_DES
if (usecrypt) { if (usecrypt) {
if (*salt_malloc_p == NULL) { if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(3, "salt buffer"); *salt_p = *salt_malloc_p = app_malloc(3, "salt buffer");
}
if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0) if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
goto end; goto end;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
@@ -452,9 +453,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (use1 || useapr1) { if (use1 || useapr1) {
int i; int i;
if (*salt_malloc_p == NULL) { if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(9, "salt buffer"); *salt_p = *salt_malloc_p = app_malloc(9, "salt buffer");
}
if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0) if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
goto end; goto end;

10
apps/pkcs12.c
View File

@@ -323,7 +323,7 @@ int pkcs12_main(int argc, char **argv)
if (1) { if (1) {
#ifndef OPENSSL_NO_UI #ifndef OPENSSL_NO_UI
if (EVP_read_pw_string if (EVP_read_pw_string
(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto end; goto end;
} }
@@ -440,7 +440,7 @@ int pkcs12_main(int argc, char **argv)
if (!noprompt) { if (!noprompt) {
if (1) { if (1) {
#ifndef OPENSSL_NO_UI #ifndef OPENSSL_NO_UI
if (EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", if (EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) { 1)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto export_end; goto export_end;
@@ -453,7 +453,7 @@ int pkcs12_main(int argc, char **argv)
} }
if (!twopass) if (!twopass)
OPENSSL_strlcpy(macpass, pass, sizeof macpass); OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
p12 = PKCS12_create(cpass, name, key, ucert, certs, p12 = PKCS12_create(cpass, name, key, ucert, certs,
key_pbe, cert_pbe, iter, -1, keytype); key_pbe, cert_pbe, iter, -1, keytype);
@@ -506,7 +506,7 @@ int pkcs12_main(int argc, char **argv)
if (!noprompt) { if (!noprompt) {
if (1) { if (1) {
#ifndef OPENSSL_NO_UI #ifndef OPENSSL_NO_UI
if (EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) { 0)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto end; goto end;
@@ -519,7 +519,7 @@ int pkcs12_main(int argc, char **argv)
} }
if (!twopass) if (!twopass)
OPENSSL_strlcpy(macpass, pass, sizeof macpass); OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && PKCS12_mac_present(p12)) { if ((options & INFO) && PKCS12_mac_present(p12)) {
const ASN1_INTEGER *tmaciter; const ASN1_INTEGER *tmaciter;

4
apps/pkcs8.c
View File

@@ -238,7 +238,7 @@ int pkcs8_main(int argc, char **argv)
#ifndef OPENSSL_NO_UI #ifndef OPENSSL_NO_UI
p8pass = pass; p8pass = pass;
if (EVP_read_pw_string if (EVP_read_pw_string
(pass, sizeof pass, "Enter Encryption Password:", 1)) { (pass, sizeof(pass), "Enter Encryption Password:", 1)) {
X509_ALGOR_free(pbe); X509_ALGOR_free(pbe);
goto end; goto end;
} }
@@ -300,7 +300,7 @@ int pkcs8_main(int argc, char **argv)
else if (1) { else if (1) {
#ifndef OPENSSL_NO_UI #ifndef OPENSSL_NO_UI
p8pass = pass; p8pass = pass;
if (EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0)) { if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto end; goto end;
} }

48
apps/pkey.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -141,24 +141,30 @@ int pkey_main(int argc, char **argv)
if (!noout) { if (!noout) {
if (outformat == FORMAT_PEM) { if (outformat == FORMAT_PEM) {
if (pubout) if (pubout) {
PEM_write_bio_PUBKEY(out, pkey); if (!PEM_write_bio_PUBKEY(out, pkey))
else { goto end;
} else {
assert(private); assert(private);
if (traditional) if (traditional) {
PEM_write_bio_PrivateKey_traditional(out, pkey, cipher, if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
NULL, 0, NULL, NULL, 0, NULL,
passout); passout))
else goto end;
PEM_write_bio_PrivateKey(out, pkey, cipher, } else {
NULL, 0, NULL, passout); if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
NULL, 0, NULL, passout))
goto end;
}
} }
} else if (outformat == FORMAT_ASN1) { } else if (outformat == FORMAT_ASN1) {
if (pubout) if (pubout) {
i2d_PUBKEY_bio(out, pkey); if (!i2d_PUBKEY_bio(out, pkey))
else { goto end;
} else {
assert(private); assert(private);
i2d_PrivateKey_bio(out, pkey); if (!i2d_PrivateKey_bio(out, pkey))
goto end;
} }
} else { } else {
BIO_printf(bio_err, "Bad format specified for key\n"); BIO_printf(bio_err, "Bad format specified for key\n");
@@ -168,17 +174,21 @@ int pkey_main(int argc, char **argv)
} }
if (text) { if (text) {
if (pubtext) if (pubtext) {
EVP_PKEY_print_public(out, pkey, 0, NULL); if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0)
else { goto end;
} else {
assert(private); assert(private);
EVP_PKEY_print_private(out, pkey, 0, NULL); if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)
goto end;
} }
} }
ret = 0; ret = 0;
end: end:
if (ret != 0)
ERR_print_errors(bio_err);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
release_engine(e); release_engine(e);
BIO_free_all(out); BIO_free_all(out);

43
apps/pkeyutl.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -81,8 +81,7 @@ int pkeyutl_main(int argc, char **argv)
char hexdump = 0, asn1parse = 0, rev = 0, *prog; char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
OPTION_CHOICE o; OPTION_CHOICE o;
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
FORMAT_PEM;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0; int engine_impl = 0;
int ret = 1, rv = -1; int ret = 1, rv = -1;
@@ -193,10 +192,18 @@ int pkeyutl_main(int argc, char **argv)
goto opthelp; goto opthelp;
if (kdfalg != NULL) { if (kdfalg != NULL) {
if (kdflen == 0) if (kdflen == 0) {
BIO_printf(bio_err,
"%s: no KDF length given (-kdflen parameter).\n", prog);
goto opthelp; goto opthelp;
} else if ((inkey == NULL) }
|| (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) { } else if (inkey == NULL) {
BIO_printf(bio_err,
"%s: no private key given (-inkey parameter).\n", prog);
goto opthelp;
} else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_printf(bio_err,
"%s: no peer key given (-peerkey parameter).\n", prog);
goto opthelp; goto opthelp;
} }
ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
@@ -219,7 +226,8 @@ int pkeyutl_main(int argc, char **argv)
const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i); const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(ctx, opt) <= 0) { if (pkey_ctrl_string(ctx, opt) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter:\n", prog); BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
prog, opt);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
@@ -307,7 +315,11 @@ int pkeyutl_main(int argc, char **argv)
buf_in, (size_t)buf_inlen); buf_in, (size_t)buf_inlen);
} }
if (rv <= 0) { if (rv <= 0) {
BIO_puts(bio_err, "Public Key operation error\n"); if (pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_puts(bio_err, "Public Key operation error\n");
} else {
BIO_puts(bio_err, "Key derivation failed\n");
}
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
@@ -383,8 +395,15 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
if (kdfalg) { if (kdfalg) {
int kdfnid = OBJ_sn2nid(kdfalg); int kdfnid = OBJ_sn2nid(kdfalg);
if (kdfnid == NID_undef)
goto end; if (kdfnid == NID_undef) {
kdfnid = OBJ_ln2nid(kdfalg);
if (kdfnid == NID_undef) {
BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
kdfalg);
goto end;
}
}
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
} else { } else {
if (pkey == NULL) if (pkey == NULL)
@@ -435,10 +454,10 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
} }
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE* e) ENGINE *e)
{ {
EVP_PKEY *peer = NULL; EVP_PKEY *peer = NULL;
ENGINE* engine = NULL; ENGINE *engine = NULL;
int ret; int ret;
if (peerform == FORMAT_ENGINE) if (peerform == FORMAT_ENGINE)

12
apps/prime.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -43,6 +43,7 @@ int prime_main(int argc, char **argv)
switch (o) { switch (o) {
case OPT_EOF: case OPT_EOF:
case OPT_ERR: case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end; goto end;
case OPT_HELP: case OPT_HELP:
@@ -69,9 +70,14 @@ int prime_main(int argc, char **argv)
argc = opt_num_rest(); argc = opt_num_rest();
argv = opt_rest(); argv = opt_rest();
if (argc == 0 && !generate) { if (generate) {
if (argc != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
} else if (argc == 0) {
BIO_printf(bio_err, "%s: No prime specified\n", prog); BIO_printf(bio_err, "%s: No prime specified\n", prog);
goto end; goto opthelp;
} }
if (generate) { if (generate) {

418
apps/progs.h
View File

@@ -1,418 +0,0 @@
/*
* WARNING: do not edit!
* Generated by apps/progs.pl
*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
typedef enum FUNC_TYPE {
FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
FT_md_alg, FT_cipher_alg
} FUNC_TYPE;
typedef struct function_st {
FUNC_TYPE type;
const char *name;
int (*func)(int argc, char *argv[]);
const OPTIONS *help;
} FUNCTION;
DEFINE_LHASH_OF(FUNCTION);
extern int asn1parse_main(int argc, char *argv[]);
extern int ca_main(int argc, char *argv[]);
extern int ciphers_main(int argc, char *argv[]);
extern int cms_main(int argc, char *argv[]);
extern int crl_main(int argc, char *argv[]);
extern int crl2pkcs7_main(int argc, char *argv[]);
extern int dgst_main(int argc, char *argv[]);
extern int dhparam_main(int argc, char *argv[]);
extern int dsa_main(int argc, char *argv[]);
extern int dsaparam_main(int argc, char *argv[]);
extern int ec_main(int argc, char *argv[]);
extern int ecparam_main(int argc, char *argv[]);
extern int enc_main(int argc, char *argv[]);
extern int engine_main(int argc, char *argv[]);
extern int errstr_main(int argc, char *argv[]);
extern int exit_main(int argc, char *argv[]);
extern int gendsa_main(int argc, char *argv[]);
extern int genpkey_main(int argc, char *argv[]);
extern int genrsa_main(int argc, char *argv[]);
extern int help_main(int argc, char *argv[]);
extern int list_main(int argc, char *argv[]);
extern int nseq_main(int argc, char *argv[]);
extern int ocsp_main(int argc, char *argv[]);
extern int passwd_main(int argc, char *argv[]);
extern int pkcs12_main(int argc, char *argv[]);
extern int pkcs7_main(int argc, char *argv[]);
extern int pkcs8_main(int argc, char *argv[]);
extern int pkey_main(int argc, char *argv[]);
extern int pkeyparam_main(int argc, char *argv[]);
extern int pkeyutl_main(int argc, char *argv[]);
extern int prime_main(int argc, char *argv[]);
extern int rand_main(int argc, char *argv[]);
extern int rehash_main(int argc, char *argv[]);
extern int req_main(int argc, char *argv[]);
extern int rsa_main(int argc, char *argv[]);
extern int rsautl_main(int argc, char *argv[]);
extern int s_client_main(int argc, char *argv[]);
extern int s_server_main(int argc, char *argv[]);
extern int s_time_main(int argc, char *argv[]);
extern int sess_id_main(int argc, char *argv[]);
extern int smime_main(int argc, char *argv[]);
extern int speed_main(int argc, char *argv[]);
extern int spkac_main(int argc, char *argv[]);
extern int srp_main(int argc, char *argv[]);
extern int ts_main(int argc, char *argv[]);
extern int verify_main(int argc, char *argv[]);
extern int version_main(int argc, char *argv[]);
extern int x509_main(int argc, char *argv[]);
extern OPTIONS asn1parse_options[];
extern OPTIONS ca_options[];
extern OPTIONS ciphers_options[];
extern OPTIONS cms_options[];
extern OPTIONS crl_options[];
extern OPTIONS crl2pkcs7_options[];
extern OPTIONS dgst_options[];
extern OPTIONS dhparam_options[];
extern OPTIONS dsa_options[];
extern OPTIONS dsaparam_options[];
extern OPTIONS ec_options[];
extern OPTIONS ecparam_options[];
extern OPTIONS enc_options[];
extern OPTIONS engine_options[];
extern OPTIONS errstr_options[];
extern OPTIONS exit_options[];
extern OPTIONS gendsa_options[];
extern OPTIONS genpkey_options[];
extern OPTIONS genrsa_options[];
extern OPTIONS help_options[];
extern OPTIONS list_options[];
extern OPTIONS nseq_options[];
extern OPTIONS ocsp_options[];
extern OPTIONS passwd_options[];
extern OPTIONS pkcs12_options[];
extern OPTIONS pkcs7_options[];
extern OPTIONS pkcs8_options[];
extern OPTIONS pkey_options[];
extern OPTIONS pkeyparam_options[];
extern OPTIONS pkeyutl_options[];
extern OPTIONS prime_options[];
extern OPTIONS rand_options[];
extern OPTIONS rehash_options[];
extern OPTIONS req_options[];
extern OPTIONS rsa_options[];
extern OPTIONS rsautl_options[];
extern OPTIONS s_client_options[];
extern OPTIONS s_server_options[];
extern OPTIONS s_time_options[];
extern OPTIONS sess_id_options[];
extern OPTIONS smime_options[];
extern OPTIONS speed_options[];
extern OPTIONS spkac_options[];
extern OPTIONS srp_options[];
extern OPTIONS ts_options[];
extern OPTIONS verify_options[];
extern OPTIONS version_options[];
extern OPTIONS x509_options[];
#ifdef INCLUDE_FUNCTION_TABLE
static FUNCTION functions[] = {
{ FT_general, "asn1parse", asn1parse_main, asn1parse_options },
{ FT_general, "ca", ca_main, ca_options },
#ifndef OPENSSL_NO_SOCK
{ FT_general, "ciphers", ciphers_main, ciphers_options },
#endif
#ifndef OPENSSL_NO_CMS
{ FT_general, "cms", cms_main, cms_options },
#endif
{ FT_general, "crl", crl_main, crl_options },
{ FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options },
{ FT_general, "dgst", dgst_main, dgst_options },
#ifndef OPENSSL_NO_DH
{ FT_general, "dhparam", dhparam_main, dhparam_options },
#endif
#ifndef OPENSSL_NO_DSA
{ FT_general, "dsa", dsa_main, dsa_options },
#endif
#ifndef OPENSSL_NO_DSA
{ FT_general, "dsaparam", dsaparam_main, dsaparam_options },
#endif
#ifndef OPENSSL_NO_EC
{ FT_general, "ec", ec_main, ec_options },
#endif
#ifndef OPENSSL_NO_EC
{ FT_general, "ecparam", ecparam_main, ecparam_options },
#endif
{ FT_general, "enc", enc_main, enc_options },
#ifndef OPENSSL_NO_ENGINE
{ FT_general, "engine", engine_main, engine_options },
#endif
{ FT_general, "errstr", errstr_main, errstr_options },
{ FT_general, "exit", exit_main, exit_options },
#ifndef OPENSSL_NO_DSA
{ FT_general, "gendsa", gendsa_main, gendsa_options },
#endif
{ FT_general, "genpkey", genpkey_main, genpkey_options },
#ifndef OPENSSL_NO_RSA
{ FT_general, "genrsa", genrsa_main, genrsa_options },
#endif
{ FT_general, "help", help_main, help_options },
{ FT_general, "list", list_main, list_options },
{ FT_general, "nseq", nseq_main, nseq_options },
#ifndef OPENSSL_NO_OCSP
{ FT_general, "ocsp", ocsp_main, ocsp_options },
#endif
{ FT_general, "passwd", passwd_main, passwd_options },
#ifndef OPENSSL_NO_DES
{ FT_general, "pkcs12", pkcs12_main, pkcs12_options },
#endif
{ FT_general, "pkcs7", pkcs7_main, pkcs7_options },
{ FT_general, "pkcs8", pkcs8_main, pkcs8_options },
{ FT_general, "pkey", pkey_main, pkey_options },
{ FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options },
{ FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options },
{ FT_general, "prime", prime_main, prime_options },
{ FT_general, "rand", rand_main, rand_options },
{ FT_general, "rehash", rehash_main, rehash_options },
{ FT_general, "req", req_main, req_options },
{ FT_general, "rsa", rsa_main, rsa_options },
#ifndef OPENSSL_NO_RSA
{ FT_general, "rsautl", rsautl_main, rsautl_options },
#endif
#ifndef OPENSSL_NO_SOCK
{ FT_general, "s_client", s_client_main, s_client_options },
#endif
#ifndef OPENSSL_NO_SOCK
{ FT_general, "s_server", s_server_main, s_server_options },
#endif
#ifndef OPENSSL_NO_SOCK
{ FT_general, "s_time", s_time_main, s_time_options },
#endif
{ FT_general, "sess_id", sess_id_main, sess_id_options },
{ FT_general, "smime", smime_main, smime_options },
{ FT_general, "speed", speed_main, speed_options },
{ FT_general, "spkac", spkac_main, spkac_options },
#ifndef OPENSSL_NO_SRP
{ FT_general, "srp", srp_main, srp_options },
#endif
#ifndef OPENSSL_NO_TS
{ FT_general, "ts", ts_main, ts_options },
#endif
{ FT_general, "verify", verify_main, verify_options },
{ FT_general, "version", version_main, version_options },
{ FT_general, "x509", x509_main, x509_options },
#ifndef OPENSSL_NO_MD2
{ FT_md, "md2", dgst_main},
#endif
#ifndef OPENSSL_NO_MD4
{ FT_md, "md4", dgst_main},
#endif
{ FT_md, "md5", dgst_main},
#ifndef OPENSSL_NO_GOST
{ FT_md, "gost", dgst_main},
#endif
{ FT_md, "sha1", dgst_main},
{ FT_md, "sha224", dgst_main},
{ FT_md, "sha256", dgst_main},
{ FT_md, "sha384", dgst_main},
{ FT_md, "sha512", dgst_main},
#ifndef OPENSSL_NO_MDC2
{ FT_md, "mdc2", dgst_main},
#endif
#ifndef OPENSSL_NO_RMD160
{ FT_md, "rmd160", dgst_main},
#endif
#ifndef OPENSSL_NO_BLAKE2
{ FT_md, "blake2b512", dgst_main},
#endif
#ifndef OPENSSL_NO_BLAKE2
{ FT_md, "blake2s256", dgst_main},
#endif
{ FT_cipher, "aes-128-cbc", enc_main, enc_options },
{ FT_cipher, "aes-128-ecb", enc_main, enc_options },
{ FT_cipher, "aes-192-cbc", enc_main, enc_options },
{ FT_cipher, "aes-192-ecb", enc_main, enc_options },
{ FT_cipher, "aes-256-cbc", enc_main, enc_options },
{ FT_cipher, "aes-256-ecb", enc_main, enc_options },
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-128-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-128-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-192-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-192-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-256-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{ FT_cipher, "camellia-256-ecb", enc_main, enc_options },
#endif
{ FT_cipher, "base64", enc_main, enc_options },
#ifdef ZLIB
{ FT_cipher, "zlib", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des3", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "desx", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC4
{ FT_cipher, "rc4", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC4
{ FT_cipher, "rc4-40", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{ FT_cipher, "des-ede3-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{ FT_cipher, "idea-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{ FT_cipher, "seed-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-64-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{ FT_cipher, "rc2-40-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{ FT_cipher, "bf-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast5-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{ FT_cipher, "cast-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{ FT_cipher, "rc5-ofb", enc_main, enc_options },
#endif
{ 0, NULL, NULL}
};
#endif

19
apps/progs.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@@ -11,13 +11,22 @@
use strict; use strict;
use warnings; use warnings;
use configdata qw/@disablables/; use lib '.';
use configdata qw/@disablables %unified_info/;
my %commands = (); my %commands = ();
my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
foreach my $filename (@ARGV) { my $apps_openssl = shift @ARGV;
open F, $filename or die "Coudn't open $_: $!\n"; # because the program apps/openssl has object files as sources, and
# they then have the corresponding C files as source, we need to chain
# the lookups in %unified_info
my @openssl_source =
map { @{$unified_info{sources}->{$_}} }
@{$unified_info{sources}->{$apps_openssl}};
foreach my $filename (@openssl_source) {
open F, $filename or die "Couldn't open $filename: $!\n";
foreach (grep /$cmdre/, <F>) { foreach (grep /$cmdre/, <F>) {
my @foo = /$cmdre/; my @foo = /$cmdre/;
$commands{$1} = 1; $commands{$1} = 1;
@@ -32,7 +41,7 @@ print <<'EOF';
* WARNING: do not edit! * WARNING: do not edit!
* Generated by apps/progs.pl * Generated by apps/progs.pl
* *
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy

12
apps/rand.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -76,9 +76,13 @@ int rand_main(int argc, char **argv)
} }
argc = opt_num_rest(); argc = opt_num_rest();
argv = opt_rest(); argv = opt_rest();
if (argc == 1) {
if (argc != 1 || !opt_int(argv[0], &num) || num < 0) if (!opt_int(argv[0], &num) || num <= 0)
goto end;
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp; goto opthelp;
}
app_RAND_load_file(NULL, (inrand != NULL)); app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL) if (inrand != NULL)
@@ -102,7 +106,7 @@ int rand_main(int argc, char **argv)
chunk = num; chunk = num;
if (chunk > (int)sizeof(buf)) if (chunk > (int)sizeof(buf))
chunk = sizeof buf; chunk = sizeof(buf);
r = RAND_bytes(buf, chunk); r = RAND_bytes(buf, chunk);
if (r <= 0) if (r <= 0)
goto end; goto end;

22
apps/rehash.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -130,9 +130,10 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
for (ep = bp->first_entry; ep; ep = ep->next) { for (ep = bp->first_entry; ep; ep = ep->next) {
if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) { if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
BIO_printf(bio_err, BIO_printf(bio_err,
"%s: skipping duplicate %s in %s\n", opt_getprog(), "%s: warning: skipping duplicate %s in %s\n",
opt_getprog(),
type == TYPE_CERT ? "certificate" : "CRL", filename); type == TYPE_CERT ? "certificate" : "CRL", filename);
return 1; return 0;
} }
if (strcmp(filename, ep->filename) == 0) { if (strcmp(filename, ep->filename) == 0) {
found = ep; found = ep;
@@ -144,7 +145,7 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
if (ep == NULL) { if (ep == NULL) {
if (bp->num_needed >= MAX_COLLISIONS) { if (bp->num_needed >= MAX_COLLISIONS) {
BIO_printf(bio_err, BIO_printf(bio_err,
"%s: hash table overflow for %s\n", "%s: error: hash table overflow for %s\n",
opt_getprog(), filename); opt_getprog(), filename);
return 1; return 1;
} }
@@ -235,7 +236,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
/* Does it have X.509 data in it? */ /* Does it have X.509 data in it? */
if ((b = BIO_new_file(fullpath, "r")) == NULL) { if ((b = BIO_new_file(fullpath, "r")) == NULL) {
BIO_printf(bio_err, "%s: skipping %s, cannot open file\n", BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n",
opt_getprog(), filename); opt_getprog(), filename);
errs++; errs++;
goto end; goto end;
@@ -247,7 +248,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
if (sk_X509_INFO_num(inf) != 1) { if (sk_X509_INFO_num(inf) != 1) {
BIO_printf(bio_err, BIO_printf(bio_err,
"%s: skipping %s," "%s: warning: skipping %s,"
"it does not contain exactly one certificate or CRL\n", "it does not contain exactly one certificate or CRL\n",
opt_getprog(), filename); opt_getprog(), filename);
/* This is not an error. */ /* This is not an error. */
@@ -305,7 +306,7 @@ static int massage_filename(char *name)
if (q != NULL) { if (q != NULL) {
for (q++; *q != '\0'; q++) { for (q++; *q != '\0'; q++) {
if (!isdigit(*q)) if (!isdigit((unsigned char)*q))
return 1; return 1;
} }
} }
@@ -502,13 +503,14 @@ int rehash_main(int argc, char **argv)
if (*argv) { if (*argv) {
while (*argv) while (*argv)
errs += do_dir(*argv++, h); errs += do_dir(*argv++, h);
} else if ((env = getenv("SSL_CERT_DIR")) != NULL) { } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
m = OPENSSL_strdup(env); m = OPENSSL_strdup(env);
for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":")) for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
errs += do_dir(e, h); errs += do_dir(e, h);
OPENSSL_free(m); OPENSSL_free(m);
} else { } else {
errs += do_dir("/etc/ssl/certs", h); errs += do_dir(X509_get_default_cert_dir(), h);
} }
end: end:

41
apps/req.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -509,8 +509,7 @@ int req_main(int argc, char **argv)
if (pkey_type == EVP_PKEY_EC) { if (pkey_type == EVP_PKEY_EC) {
BIO_printf(bio_err, "Generating an EC private key\n"); BIO_printf(bio_err, "Generating an EC private key\n");
} else { } else {
BIO_printf(bio_err, "Generating a %ld bit %s private key\n", BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
newkey, keyalgstr);
} }
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
@@ -973,7 +972,7 @@ static int prompt_info(X509_REQ *req,
/* If OBJ not recognised ignore it */ /* If OBJ not recognised ignore it */
if ((nid = OBJ_txt2nid(type)) == NID_undef) if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start; goto start;
if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name) if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name)
>= (int)sizeof(buf)) { >= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name); BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0; return 0;
@@ -984,19 +983,19 @@ static int prompt_info(X509_REQ *req,
def = ""; def = "";
} }
BIO_snprintf(buf, sizeof buf, "%s_value", v->name); BIO_snprintf(buf, sizeof(buf), "%s_value", v->name);
if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error(); ERR_clear_error();
value = NULL; value = NULL;
} }
BIO_snprintf(buf, sizeof buf, "%s_min", v->name); BIO_snprintf(buf, sizeof(buf), "%s_min", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
ERR_clear_error(); ERR_clear_error();
n_min = -1; n_min = -1;
} }
BIO_snprintf(buf, sizeof buf, "%s_max", v->name); BIO_snprintf(buf, sizeof(buf), "%s_max", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
ERR_clear_error(); ERR_clear_error();
n_max = -1; n_max = -1;
@@ -1032,7 +1031,7 @@ static int prompt_info(X509_REQ *req,
if ((nid = OBJ_txt2nid(type)) == NID_undef) if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start2; goto start2;
if (BIO_snprintf(buf, sizeof buf, "%s_default", type) if (BIO_snprintf(buf, sizeof(buf), "%s_default", type)
>= (int)sizeof(buf)) { >= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name); BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0; return 0;
@@ -1044,20 +1043,20 @@ static int prompt_info(X509_REQ *req,
def = ""; def = "";
} }
BIO_snprintf(buf, sizeof buf, "%s_value", type); BIO_snprintf(buf, sizeof(buf), "%s_value", type);
if ((value = NCONF_get_string(req_conf, attr_sect, buf)) if ((value = NCONF_get_string(req_conf, attr_sect, buf))
== NULL) { == NULL) {
ERR_clear_error(); ERR_clear_error();
value = NULL; value = NULL;
} }
BIO_snprintf(buf, sizeof buf, "%s_min", type); BIO_snprintf(buf, sizeof(buf), "%s_min", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
ERR_clear_error(); ERR_clear_error();
n_min = -1; n_min = -1;
} }
BIO_snprintf(buf, sizeof buf, "%s_max", type); BIO_snprintf(buf, sizeof(buf), "%s_max", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
ERR_clear_error(); ERR_clear_error();
n_max = -1; n_max = -1;
@@ -1155,13 +1154,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def); BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err); (void)BIO_flush(bio_err);
if (value != NULL) { if (value != NULL) {
OPENSSL_strlcpy(buf, value, sizeof buf); OPENSSL_strlcpy(buf, value, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof buf); OPENSSL_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value); BIO_printf(bio_err, "%s\n", value);
} else { } else {
buf[0] = '\0'; buf[0] = '\0';
if (!batch) { if (!batch) {
if (!fgets(buf, sizeof buf, stdin)) if (!fgets(buf, sizeof(buf), stdin))
return 0; return 0;
} else { } else {
buf[0] = '\n'; buf[0] = '\n';
@@ -1174,8 +1173,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
else if (buf[0] == '\n') { else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0')) if ((def == NULL) || (def[0] == '\0'))
return (1); return (1);
OPENSSL_strlcpy(buf, def, sizeof buf); OPENSSL_strlcpy(buf, def, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof buf); OPENSSL_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n')) } else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1); return (1);
@@ -1214,13 +1213,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def); BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err); (void)BIO_flush(bio_err);
if (value != NULL) { if (value != NULL) {
OPENSSL_strlcpy(buf, value, sizeof buf); OPENSSL_strlcpy(buf, value, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof buf); OPENSSL_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value); BIO_printf(bio_err, "%s\n", value);
} else { } else {
buf[0] = '\0'; buf[0] = '\0';
if (!batch) { if (!batch) {
if (!fgets(buf, sizeof buf, stdin)) if (!fgets(buf, sizeof(buf), stdin))
return 0; return 0;
} else { } else {
buf[0] = '\n'; buf[0] = '\n';
@@ -1233,8 +1232,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
else if (buf[0] == '\n') { else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0')) if ((def == NULL) || (def[0] == '\0'))
return (1); return (1);
OPENSSL_strlcpy(buf, def, sizeof buf); OPENSSL_strlcpy(buf, def, sizeof(buf));
OPENSSL_strlcat(buf, "\n", sizeof buf); OPENSSL_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n')) } else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1); return (1);

4
apps/rsa.c
View File

@@ -215,7 +215,7 @@ int rsa_main(int argc, char **argv)
} }
if (check) { if (check) {
int r = RSA_check_key(rsa); int r = RSA_check_key_ex(rsa, NULL);
if (r == 1) if (r == 1)
BIO_printf(out, "RSA key ok\n"); BIO_printf(out, "RSA key ok\n");
@@ -224,7 +224,7 @@ int rsa_main(int argc, char **argv)
while ((err = ERR_peek_error()) != 0 && while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA && ERR_GET_LIB(err) == ERR_LIB_RSA &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX &&
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
BIO_printf(out, "RSA key error: %s\n", BIO_printf(out, "RSA key error: %s\n",
ERR_reason_error_string(err)); ERR_reason_error_string(err));

51
apps/s_client.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -593,7 +593,8 @@ OPTIONS s_client_options[] = {
"Disable name checks when matching DANE-EE(3) TLSA records"}, "Disable name checks when matching DANE-EE(3) TLSA records"},
{"reconnect", OPT_RECONNECT, '-', {"reconnect", OPT_RECONNECT, '-',
"Drop and re-make the connection with the same Session-ID"}, "Drop and re-make the connection with the same Session-ID"},
{"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"}, {"showcerts", OPT_SHOWCERTS, '-',
"Show all certificates sent by the server"},
{"debug", OPT_DEBUG, '-', "Extra output"}, {"debug", OPT_DEBUG, '-', "Extra output"},
{"msg", OPT_MSG, '-', "Show protocol messages"}, {"msg", OPT_MSG, '-', "Show protocol messages"},
{"msgfile", OPT_MSGFILE, '>', {"msgfile", OPT_MSGFILE, '>',
@@ -1370,11 +1371,13 @@ int s_client_main(int argc, char **argv)
} }
} }
#ifdef AF_UNIX
if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
BIO_printf(bio_err, BIO_printf(bio_err,
"Can't use unix sockets and datagrams together\n"); "Can't use unix sockets and datagrams together\n");
goto end; goto end;
} }
#endif
if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
BIO_printf(bio_err, "Bad split send fragment size\n"); BIO_printf(bio_err, "Bad split send fragment size\n");
@@ -1484,6 +1487,9 @@ int s_client_main(int argc, char **argv)
if (sdebug) if (sdebug)
ssl_ctx_security_debug(ctx, sdebug); ssl_ctx_security_debug(ctx, sdebug);
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (ssl_config) { if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) { if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n", BIO_printf(bio_err, "Error using configuration \"%s\"\n",
@@ -1493,9 +1499,11 @@ int s_client_main(int argc, char **argv)
} }
} }
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end; goto end;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) if (max_version != 0
&& SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end; goto end;
if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
@@ -1518,9 +1526,6 @@ int s_client_main(int argc, char **argv)
SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len); SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
} }
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download)) { crls, crl_download)) {
BIO_printf(bio_err, "Error loading store locations\n"); BIO_printf(bio_err, "Error loading store locations\n");
@@ -2110,8 +2115,7 @@ int s_client_main(int argc, char **argv)
FD_ZERO(&readfds); FD_ZERO(&readfds);
FD_ZERO(&writefds); FD_ZERO(&writefds);
if ((SSL_version(con) == DTLS1_VERSION) && if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout; timeoutp = &timeout;
else else
timeoutp = NULL; timeoutp = NULL;
@@ -2231,10 +2235,8 @@ int s_client_main(int argc, char **argv)
} }
} }
if ((SSL_version(con) == DTLS1_VERSION) if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0)
&& DTLSv1_handle_timeout(con) > 0) {
BIO_printf(bio_err, "TIMEOUT occurred\n"); BIO_printf(bio_err, "TIMEOUT occurred\n");
}
if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len);
@@ -2459,7 +2461,7 @@ int s_client_main(int argc, char **argv)
if (in_init) if (in_init)
print_stuff(bio_c_out, con, full_log); print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con); do_ssl_shutdown(con);
#if defined(OPENSSL_SYS_WINDOWS)
/* /*
* Give the socket time to send its last data before we close it. * Give the socket time to send its last data before we close it.
* No amount of setting SO_LINGER etc on the socket seems to persuade * No amount of setting SO_LINGER etc on the socket seems to persuade
@@ -2467,8 +2469,23 @@ int s_client_main(int argc, char **argv)
* for a short time seems to do it (units in ms) * for a short time seems to do it (units in ms)
* TODO: Find a better way to do this * TODO: Find a better way to do this
*/ */
#if defined(OPENSSL_SYS_WINDOWS)
Sleep(50); Sleep(50);
#elif defined(OPENSSL_SYS_CYGWIN)
usleep(50000);
#endif #endif
/*
* If we ended with an alert being sent, but still with data in the
* network buffer to be read, then calling BIO_closesocket() will
* result in a TCP-RST being sent. On some platforms (notably
* Windows) then this will result in the peer immediately abandoning
* the connection including any buffered alert data before it has
* had a chance to be read. Shutting down the sending side first,
* and then closing the socket sends TCP-FIN first followed by
* TCP-RST. This seems to allow the peer to read the alert data.
*/
shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
BIO_closesocket(SSL_get_fd(con)); BIO_closesocket(SSL_get_fd(con));
end: end:
if (con != NULL) { if (con != NULL) {
@@ -2534,10 +2551,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, "---\nCertificate chain\n"); BIO_printf(bio, "---\nCertificate chain\n");
for (i = 0; i < sk_X509_num(sk); i++) { for (i = 0; i < sk_X509_num(sk); i++) {
X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
buf, sizeof buf); buf, sizeof(buf));
BIO_printf(bio, "%2d s:%s\n", i, buf); BIO_printf(bio, "%2d s:%s\n", i, buf);
X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
buf, sizeof buf); buf, sizeof(buf));
BIO_printf(bio, " i:%s\n", buf); BIO_printf(bio, " i:%s\n", buf);
if (c_showcerts) if (c_showcerts)
PEM_write_bio_X509(bio, sk_X509_value(sk, i)); PEM_write_bio_X509(bio, sk_X509_value(sk, i));
@@ -2552,9 +2569,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
/* Redundant if we showed the whole chain */ /* Redundant if we showed the whole chain */
if (!(c_showcerts && got_a_chain)) if (!(c_showcerts && got_a_chain))
PEM_write_bio_X509(bio, peer); PEM_write_bio_X509(bio, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio, "subject=%s\n", buf); BIO_printf(bio, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio, "issuer=%s\n", buf); BIO_printf(bio, "issuer=%s\n", buf);
} else } else
BIO_printf(bio, "no peer certificate available\n"); BIO_printf(bio, "no peer certificate available\n");

60
apps/s_server.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -704,13 +704,14 @@ OPTIONS s_server_options[] = {
"PEM serverinfo file for certificate"}, "PEM serverinfo file for certificate"},
{"certform", OPT_CERTFORM, 'F', {"certform", OPT_CERTFORM, 'F',
"Certificate format (PEM or DER) PEM default"}, "Certificate format (PEM or DER) PEM default"},
{"key", OPT_KEY, '<', {"key", OPT_KEY, 's',
"Private Key if not in -cert; default is " TEST_CERT}, "Private Key if not in -cert; default is " TEST_CERT},
{"keyform", OPT_KEYFORM, 'f', {"keyform", OPT_KEYFORM, 'f',
"Key format (PEM, DER or ENGINE) PEM default"}, "Key format (PEM, DER or ENGINE) PEM default"},
{"pass", OPT_PASS, 's', "Private key file pass phrase source"}, {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
{"dcert", OPT_DCERT, '<', {"dcert", OPT_DCERT, '<',
"Second certificate file to use (usually for DSA)"}, "Second certificate file to use (usually for DSA)"},
{"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
{"dcertform", OPT_DCERTFORM, 'F', {"dcertform", OPT_DCERTFORM, 'F',
"Second certificate format (PEM or DER) PEM default"}, "Second certificate format (PEM or DER) PEM default"},
{"dkey", OPT_DKEY, '<', {"dkey", OPT_DKEY, '<',
@@ -1614,6 +1615,10 @@ int s_server_main(int argc, char *argv[])
} }
if (sdebug) if (sdebug)
ssl_ctx_security_debug(ctx, sdebug); ssl_ctx_security_debug(ctx, sdebug);
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (ssl_config) { if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) { if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n", BIO_printf(bio_err, "Error using configuration \"%s\"\n",
@@ -1622,9 +1627,11 @@ int s_server_main(int argc, char *argv[])
goto end; goto end;
} }
} }
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end; goto end;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) if (max_version != 0
&& SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end; goto end;
if (session_id_prefix) { if (session_id_prefix) {
@@ -1686,8 +1693,6 @@ int s_server_main(int argc, char *argv[])
} }
ssl_ctx_add_crls(ctx, crls, 0); ssl_ctx_add_crls(ctx, crls, 0);
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download)) { crls, crl_download)) {
@@ -1852,7 +1857,7 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx, if (!SSL_CTX_set_session_id_context(ctx,
(void *)&s_server_session_id_context, (void *)&s_server_session_id_context,
sizeof s_server_session_id_context)) { sizeof(s_server_session_id_context))) {
BIO_printf(bio_err, "error setting session id context\n"); BIO_printf(bio_err, "error setting session id context\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -1866,7 +1871,7 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx2, if (!SSL_CTX_set_session_id_context(ctx2,
(void *)&s_server_session_id_context, (void *)&s_server_session_id_context,
sizeof s_server_session_id_context)) { sizeof(s_server_session_id_context))) {
BIO_printf(bio_err, "error setting session id context\n"); BIO_printf(bio_err, "error setting session id context\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -2007,9 +2012,7 @@ static int sv_body(int s, int stype, unsigned char *context)
SSL *con = NULL; SSL *con = NULL;
BIO *sbio; BIO *sbio;
struct timeval timeout; struct timeval timeout;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS))
struct timeval tv;
#else
struct timeval *timeoutp; struct timeval *timeoutp;
#endif #endif
@@ -2144,26 +2147,23 @@ static int sv_body(int s, int stype, unsigned char *context)
* second and check for any keypress. In a proper Windows * second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient. * application we wouldn't do this because it is inefficient.
*/ */
tv.tv_sec = 1; timeout.tv_sec = 1;
tv.tv_usec = 0; timeout.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &tv); i = select(width, (void *)&readfds, NULL, NULL, &timeout);
if (has_stdin_waiting()) if (has_stdin_waiting())
read_from_terminal = 1; read_from_terminal = 1;
if ((i < 0) || (!i && !read_from_terminal)) if ((i < 0) || (!i && !read_from_terminal))
continue; continue;
#else #else
if ((SSL_version(con) == DTLS1_VERSION) && if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout; timeoutp = &timeout;
else else
timeoutp = NULL; timeoutp = NULL;
i = select(width, (void *)&readfds, NULL, NULL, timeoutp); i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
if ((SSL_version(con) == DTLS1_VERSION) if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0)
&& DTLSv1_handle_timeout(con) > 0) {
BIO_printf(bio_err, "TIMEOUT occurred\n"); BIO_printf(bio_err, "TIMEOUT occurred\n");
}
if (i <= 0) if (i <= 0)
continue; continue;
@@ -2534,15 +2534,15 @@ static int init_ssl_connection(SSL *con)
if (peer != NULL) { if (peer != NULL) {
BIO_printf(bio_s_out, "Client certificate\n"); BIO_printf(bio_s_out, "Client certificate\n");
PEM_write_bio_X509(bio_s_out, peer); PEM_write_bio_X509(bio_s_out, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "subject=%s\n", buf); BIO_printf(bio_s_out, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "issuer=%s\n", buf); BIO_printf(bio_s_out, "issuer=%s\n", buf);
X509_free(peer); X509_free(peer);
peer = NULL; peer = NULL;
} }
if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con); ssl_print_sigalgs(bio_s_out, con);
@@ -2574,6 +2574,9 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out, "Reused session-id\n"); BIO_printf(bio_s_out, "Reused session-id\n");
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION))
BIO_printf(bio_s_out, "Renegotiation is DISABLED\n");
if (keymatexportlabel != NULL) { if (keymatexportlabel != NULL) {
BIO_printf(bio_s_out, "Keying material exporter:\n"); BIO_printf(bio_s_out, "Keying material exporter:\n");
BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
@@ -2657,8 +2660,10 @@ static int www_body(int s, int stype, unsigned char *context)
if (context if (context
&& !SSL_set_session_id_context(con, context, && !SSL_set_session_id_context(con, context,
strlen((char *)context))) strlen((char *)context))) {
SSL_free(con);
goto err; goto err;
}
sbio = BIO_new_socket(s, BIO_NOCLOSE); sbio = BIO_new_socket(s, BIO_NOCLOSE);
if (s_nbio_test) { if (s_nbio_test) {
@@ -2670,7 +2675,7 @@ static int www_body(int s, int stype, unsigned char *context)
SSL_set_bio(con, sbio, sbio); SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con); SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */ /* No need to free |con| after this. Done by BIO_free(ssl_bio) */
BIO_set_ssl(ssl_bio, con, BIO_CLOSE); BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio); BIO_push(io, ssl_bio);
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
@@ -2853,9 +2858,10 @@ static int www_body(int s, int stype, unsigned char *context)
PEM_write_bio_X509(io, peer); PEM_write_bio_X509(io, peer);
X509_free(peer); X509_free(peer);
peer = NULL; peer = NULL;
} else } else {
BIO_puts(io, "no client certificate available\n"); BIO_puts(io, "no client certificate available\n");
BIO_puts(io, "</BODY></HTML>\r\n\r\n"); }
BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break; break;
} else if ((www == 2 || www == 3) } else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) { && (strncmp("GET /", buf, 5) == 0)) {
@@ -3026,6 +3032,7 @@ static int rev_body(int s, int stype, unsigned char *context)
if (context if (context
&& !SSL_set_session_id_context(con, context, && !SSL_set_session_id_context(con, context,
strlen((char *)context))) { strlen((char *)context))) {
SSL_free(con);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto err; goto err;
} }
@@ -3034,6 +3041,7 @@ static int rev_body(int s, int stype, unsigned char *context)
SSL_set_bio(con, sbio, sbio); SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con); SSL_set_accept_state(con);
/* No need to free |con| after this. Done by BIO_free(ssl_bio) */
BIO_set_ssl(ssl_bio, con, BIO_CLOSE); BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio); BIO_push(io, ssl_bio);
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC

58
apps/s_socket.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -136,6 +136,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
int sock; int sock;
int i; int i;
BIO_ADDRINFO *res = NULL; BIO_ADDRINFO *res = NULL;
const BIO_ADDRINFO *next;
int sock_family, sock_type, sock_protocol;
const BIO_ADDR *sock_address;
int sock_options = BIO_SOCK_REUSEADDR;
int ret = 0; int ret = 0;
if (!BIO_sock_init()) if (!BIO_sock_init())
@@ -151,10 +155,29 @@ int do_server(int *accept_sock, const char *host, const char *port,
OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res)) OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
&& (type == 0 || type == BIO_ADDRINFO_socktype(res))); && (type == 0 || type == BIO_ADDRINFO_socktype(res)));
asock = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res), sock_family = BIO_ADDRINFO_family(res);
BIO_ADDRINFO_protocol(res), 0); sock_type = BIO_ADDRINFO_socktype(res);
sock_protocol = BIO_ADDRINFO_protocol(res);
sock_address = BIO_ADDRINFO_address(res);
next = BIO_ADDRINFO_next(res);
if (sock_family == AF_INET6)
sock_options |= BIO_SOCK_V6_ONLY;
if (next != NULL
&& BIO_ADDRINFO_socktype(next) == sock_type
&& BIO_ADDRINFO_protocol(next) == sock_protocol) {
if (sock_family == AF_INET
&& BIO_ADDRINFO_family(next) == AF_INET6) {
sock_family = AF_INET6;
sock_address = BIO_ADDRINFO_address(next);
} else if (sock_family == AF_INET6
&& BIO_ADDRINFO_family(next) == AF_INET) {
sock_options &= ~BIO_SOCK_V6_ONLY;
}
}
asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
if (asock == INVALID_SOCKET if (asock == INVALID_SOCKET
|| !BIO_listen(asock, BIO_ADDRINFO_address(res), BIO_SOCK_REUSEADDR)) { || !BIO_listen(asock, sock_address, sock_options)) {
BIO_ADDRINFO_free(res); BIO_ADDRINFO_free(res);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (asock != INVALID_SOCKET) if (asock != INVALID_SOCKET)
@@ -171,13 +194,38 @@ int do_server(int *accept_sock, const char *host, const char *port,
if (type == SOCK_STREAM) { if (type == SOCK_STREAM) {
do { do {
sock = BIO_accept_ex(asock, NULL, 0); sock = BIO_accept_ex(asock, NULL, 0);
} while (sock < 0 && BIO_sock_should_retry(ret)); } while (sock < 0 && BIO_sock_should_retry(sock));
if (sock < 0) { if (sock < 0) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
BIO_closesocket(asock); BIO_closesocket(asock);
break; break;
} }
i = (*cb)(sock, type, context); i = (*cb)(sock, type, context);
/*
* Give the socket time to send its last data before we close it.
* No amount of setting SO_LINGER etc on the socket seems to
* persuade Windows to send the data before closing the socket...
* but sleeping for a short time seems to do it (units in ms)
* TODO: Find a better way to do this
*/
#if defined(OPENSSL_SYS_WINDOWS)
Sleep(50);
#elif defined(OPENSSL_SYS_CYGWIN)
usleep(50000);
#endif
/*
* If we ended with an alert being sent, but still with data in the
* network buffer to be read, then calling BIO_closesocket() will
* result in a TCP-RST being sent. On some platforms (notably
* Windows) then this will result in the peer immediately abandoning
* the connection including any buffered alert data before it has
* had a chance to be read. Shutting down the sending side first,
* and then closing the socket sends TCP-FIN first followed by
* TCP-RST. This seems to allow the peer to read the alert data.
*/
shutdown(sock, 1); /* SHUT_WR */
BIO_closesocket(sock); BIO_closesocket(sock);
} else { } else {
i = (*cb)(asock, type, context); i = (*cb)(asock, type, context);

83
apps/s_time.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -7,8 +7,6 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#define NO_SHUTDOWN
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@@ -28,22 +26,8 @@
# include OPENSSL_UNISTD # include OPENSSL_UNISTD
#endif #endif
#undef ioctl
#define ioctl ioctlsocket
#define SSL_CONNECT_NAME "localhost:4433" #define SSL_CONNECT_NAME "localhost:4433"
/* no default cert. */
/*
* #define TEST_CERT "client.pem"
*/
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
#define max(a,b) (((a) > (b)) ? (a) : (b))
#undef SECONDS
#define SECONDS 30 #define SECONDS 30
#define SECONDSSTR "30" #define SECONDSSTR "30"
@@ -185,21 +169,20 @@ int s_time_main(int argc, char **argv)
if (cipher == NULL) if (cipher == NULL)
cipher = getenv("SSL_CIPHER"); cipher = getenv("SSL_CIPHER");
if (cipher == NULL) { if (cipher == NULL)
BIO_printf(bio_err, "No CIPHER specified\n"); BIO_printf(bio_err, "No CIPHER specified\n");
goto end;
}
if ((ctx = SSL_CTX_new(meth)) == NULL) if ((ctx = SSL_CTX_new(meth)) == NULL)
goto end; goto end;
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_quiet_shutdown(ctx, 1); SSL_CTX_set_quiet_shutdown(ctx, 1);
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end; goto end;
if (st_bugs) if (st_bugs)
SSL_CTX_set_options(ctx, SSL_OP_ALL); SSL_CTX_set_options(ctx, SSL_OP_ALL);
if (!SSL_CTX_set_cipher_list(ctx, cipher)) if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher))
goto end; goto end;
if (!set_cert_stuff(ctx, certfile, keyfile)) if (!set_cert_stuff(ctx, certfile, keyfile))
goto end; goto end;
@@ -225,18 +208,14 @@ int s_time_main(int argc, char **argv)
goto end; goto end;
if (www_path != NULL) { if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof buf, buf_len = BIO_snprintf(buf, sizeof(buf),
fmt_http_get_cmd, www_path); fmt_http_get_cmd, www_path);
if (SSL_write(scon, buf, buf_len) <= 0) if (SSL_write(scon, buf, buf_len) <= 0)
goto end; goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i; bytes_read += i;
} }
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
BIO_closesocket(SSL_get_fd(scon)); BIO_closesocket(SSL_get_fd(scon));
nConn += 1; nConn += 1;
@@ -283,18 +262,14 @@ int s_time_main(int argc, char **argv)
} }
if (www_path != NULL) { if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof buf, buf_len = BIO_snprintf(buf, sizeof(buf),
fmt_http_get_cmd, www_path); fmt_http_get_cmd, www_path);
if (SSL_write(scon, buf, buf_len) <= 0) if (SSL_write(scon, buf, buf_len) <= 0)
goto end; goto end;
while (SSL_read(scon, buf, sizeof(buf)) > 0) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
continue; continue;
} }
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
BIO_closesocket(SSL_get_fd(scon)); BIO_closesocket(SSL_get_fd(scon));
nConn = 0; nConn = 0;
@@ -314,18 +289,14 @@ int s_time_main(int argc, char **argv)
goto end; goto end;
if (www_path) { if (www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
www_path); www_path);
if (SSL_write(scon, buf, strlen(buf)) <= 0) if (SSL_write(scon, buf, strlen(buf)) <= 0)
goto end; goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i; bytes_read += i;
} }
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
BIO_closesocket(SSL_get_fd(scon)); BIO_closesocket(SSL_get_fd(scon));
nConn += 1; nConn += 1;
@@ -367,13 +338,13 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
{ {
BIO *conn; BIO *conn;
SSL *serverCon; SSL *serverCon;
int width, i; int i;
fd_set readfds;
if ((conn = BIO_new(BIO_s_connect())) == NULL) if ((conn = BIO_new(BIO_s_connect())) == NULL)
return (NULL); return NULL;
BIO_set_conn_hostname(conn, host); BIO_set_conn_hostname(conn, host);
BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
if (scon == NULL) if (scon == NULL)
serverCon = SSL_new(ctx); serverCon = SSL_new(ctx);
@@ -385,26 +356,7 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
SSL_set_bio(serverCon, conn, conn); SSL_set_bio(serverCon, conn, conn);
/* ok, lets connect */ /* ok, lets connect */
for (;;) { i = SSL_connect(serverCon);
i = SSL_connect(serverCon);
if (BIO_sock_should_retry(i)) {
BIO_printf(bio_err, "DELAY\n");
i = SSL_get_fd(serverCon);
width = i + 1;
FD_ZERO(&readfds);
openssl_fdset(i, &readfds);
/*
* Note: under VMS with SOCKETSHR the 2nd parameter is currently
* of type (int *) whereas under other systems it is (void *) if
* you don't have a cast it will choke the compiler: if you do
* have a cast then you can either go for (int *) or (void *).
*/
select(width, (void *)&readfds, NULL, NULL, NULL);
continue;
}
break;
}
if (i <= 0) { if (i <= 0) {
BIO_printf(bio_err, "ERROR\n"); BIO_printf(bio_err, "ERROR\n");
if (verify_args.error != X509_V_OK) if (verify_args.error != X509_V_OK)
@@ -417,6 +369,17 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
return NULL; return NULL;
} }
#if defined(SOL_SOCKET) && defined(SO_LINGER)
{
struct linger no_linger;
no_linger.l_onoff = 1;
no_linger.l_linger = 0;
(void) setsockopt(SSL_get_fd(serverCon), SOL_SOCKET, SO_LINGER,
(char*)&no_linger, sizeof(no_linger));
}
#endif
return serverCon; return serverCon;
} }
#endif /* OPENSSL_NO_SOCK */ #endif /* OPENSSL_NO_SOCK */

250
apps/speed.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -129,13 +129,6 @@
#define BUFSIZE (1024*16+1) #define BUFSIZE (1024*16+1)
#define MAX_MISALIGNMENT 63 #define MAX_MISALIGNMENT 63
#define ALGOR_NUM 30
#define SIZE_NUM 6
#define PRIME_NUM 3
#define RSA_NUM 7
#define DSA_NUM 3
#define EC_NUM 17
#define MAX_ECDH_SIZE 256 #define MAX_ECDH_SIZE 256
#define MISALIGN 64 #define MISALIGN 64
@@ -144,37 +137,6 @@ static volatile int run = 0;
static int mr = 0; static int mr = 0;
static int usertime = 1; static int usertime = 1;
typedef void *(*kdf_fn) (
const void *in, size_t inlen, void *out, size_t *xoutlen);
typedef struct loopargs_st {
ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx;
unsigned char *buf;
unsigned char *buf2;
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned int siglen;
#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsa_key[DSA_NUM];
#endif
#ifndef OPENSSL_NO_EC
EC_KEY *ecdsa[EC_NUM];
EC_KEY *ecdh_a[EC_NUM];
EC_KEY *ecdh_b[EC_NUM];
unsigned char *secret_a;
unsigned char *secret_b;
size_t outlen;
kdf_fn kdf;
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
GCM128_CONTEXT *gcm_ctx;
} loopargs_t;
#ifndef OPENSSL_NO_MD2 #ifndef OPENSSL_NO_MD2
static int EVP_Digest_MD2_loop(void *args); static int EVP_Digest_MD2_loop(void *args);
#endif #endif
@@ -227,7 +189,6 @@ static int ECDSA_sign_loop(void *args);
static int ECDSA_verify_loop(void *args); static int ECDSA_verify_loop(void *args);
static int ECDH_compute_key_loop(void *args); static int ECDH_compute_key_loop(void *args);
#endif #endif
static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs);
static double Time_F(int s); static double Time_F(int s);
static void print_message(const char *s, long num, int length); static void print_message(const char *s, long num, int length);
@@ -238,32 +199,10 @@ static void print_result(int alg, int run_no, int count, double time_used);
static int do_multi(int multi); static int do_multi(int multi);
#endif #endif
static const char *names[ALGOR_NUM] = { static const int lengths[] = {
"md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
"des cbc", "des ede3", "idea cbc", "seed cbc",
"rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
"aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
"camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
"evp", "sha256", "sha512", "whirlpool",
"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
};
static double results[ALGOR_NUM][SIZE_NUM];
static const int lengths[SIZE_NUM] = {
16, 64, 256, 1024, 8 * 1024, 16 * 1024 16, 64, 256, 1024, 8 * 1024, 16 * 1024
}; };
#define SIZE_NUM OSSL_NELEM(lengths)
#ifndef OPENSSL_NO_RSA
static double rsa_results[RSA_NUM][2];
#endif
#ifndef OPENSSL_NO_DSA
static double dsa_results[DSA_NUM][2];
#endif
#ifndef OPENSSL_NO_EC
static double ecdsa_results[EC_NUM][2];
static double ecdh_results[EC_NUM][1];
#endif
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
static const char rnd_seed[] = static const char rnd_seed[] =
@@ -293,7 +232,8 @@ static SIGRETTYPE sig_done(int sig)
# if !defined(SIGALRM) # if !defined(SIGALRM)
# define SIGALRM # define SIGALRM
# endif # endif
static unsigned int lapse, schlock; static unsigned int lapse;
static volatile unsigned int schlock;
static void alarm_win32(unsigned int secs) static void alarm_win32(unsigned int secs)
{ {
lapse = secs * 1000; lapse = secs * 1000;
@@ -347,9 +287,14 @@ static double Time_F(int s)
static void multiblock_speed(const EVP_CIPHER *evp_cipher); static void multiblock_speed(const EVP_CIPHER *evp_cipher);
static int found(const char *name, const OPT_PAIR *pairs, int *result) #define found(value, pairs, result)\
opt_found(value, result, pairs, OSSL_NELEM(pairs))
static int opt_found(const char *name, unsigned int *result,
const OPT_PAIR pairs[], unsigned int nbelem)
{ {
for (; pairs->name; pairs++) unsigned int idx;
for (idx = 0; idx < nbelem; ++idx, pairs++)
if (strcmp(name, pairs->name) == 0) { if (strcmp(name, pairs->name) == 0) {
*result = pairs->retval; *result = pairs->retval;
return 1; return 1;
@@ -386,7 +331,7 @@ OPTIONS speed_options[] = {
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif #endif
{NULL}, {NULL}
}; };
#define D_MD2 0 #define D_MD2 0
@@ -419,7 +364,19 @@ OPTIONS speed_options[] = {
#define D_IGE_192_AES 27 #define D_IGE_192_AES 27
#define D_IGE_256_AES 28 #define D_IGE_256_AES 28
#define D_GHASH 29 #define D_GHASH 29
static OPT_PAIR doit_choices[] = { /* name of algorithms to test */
static const char *names[] = {
"md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
"des cbc", "des ede3", "idea cbc", "seed cbc",
"rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
"aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
"camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
"evp", "sha256", "sha512", "whirlpool",
"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
};
#define ALGOR_NUM OSSL_NELEM(names)
/* list of configured algorithm (remaining) */
static const OPT_PAIR doit_choices[] = {
#ifndef OPENSSL_NO_MD2 #ifndef OPENSSL_NO_MD2
{"md2", D_MD2}, {"md2", D_MD2},
#endif #endif
@@ -483,21 +440,24 @@ static OPT_PAIR doit_choices[] = {
{"cast", D_CBC_CAST}, {"cast", D_CBC_CAST},
{"cast5", D_CBC_CAST}, {"cast5", D_CBC_CAST},
#endif #endif
{"ghash", D_GHASH}, {"ghash", D_GHASH}
{NULL}
}; };
static double results[ALGOR_NUM][SIZE_NUM];
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
# define R_DSA_512 0 # define R_DSA_512 0
# define R_DSA_1024 1 # define R_DSA_1024 1
# define R_DSA_2048 2 # define R_DSA_2048 2
static OPT_PAIR dsa_choices[] = { static const OPT_PAIR dsa_choices[] = {
{"dsa512", R_DSA_512}, {"dsa512", R_DSA_512},
{"dsa1024", R_DSA_1024}, {"dsa1024", R_DSA_1024},
{"dsa2048", R_DSA_2048}, {"dsa2048", R_DSA_2048}
{NULL},
}; };
#endif # define DSA_NUM OSSL_NELEM(dsa_choices)
static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
#endif /* OPENSSL_NO_DSA */
#define R_RSA_512 0 #define R_RSA_512 0
#define R_RSA_1024 1 #define R_RSA_1024 1
@@ -506,16 +466,18 @@ static OPT_PAIR dsa_choices[] = {
#define R_RSA_4096 4 #define R_RSA_4096 4
#define R_RSA_7680 5 #define R_RSA_7680 5
#define R_RSA_15360 6 #define R_RSA_15360 6
static OPT_PAIR rsa_choices[] = { static const OPT_PAIR rsa_choices[] = {
{"rsa512", R_RSA_512}, {"rsa512", R_RSA_512},
{"rsa1024", R_RSA_1024}, {"rsa1024", R_RSA_1024},
{"rsa2048", R_RSA_2048}, {"rsa2048", R_RSA_2048},
{"rsa3072", R_RSA_3072}, {"rsa3072", R_RSA_3072},
{"rsa4096", R_RSA_4096}, {"rsa4096", R_RSA_4096},
{"rsa7680", R_RSA_7680}, {"rsa7680", R_RSA_7680},
{"rsa15360", R_RSA_15360}, {"rsa15360", R_RSA_15360}
{NULL}
}; };
# define RSA_NUM OSSL_NELEM(rsa_choices)
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
#define R_EC_P160 0 #define R_EC_P160 0
#define R_EC_P192 1 #define R_EC_P192 1
@@ -535,7 +497,7 @@ static OPT_PAIR rsa_choices[] = {
#define R_EC_B571 15 #define R_EC_B571 15
#define R_EC_X25519 16 #define R_EC_X25519 16
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
static OPT_PAIR ecdsa_choices[] = { static const OPT_PAIR ecdsa_choices[] = {
{"ecdsap160", R_EC_P160}, {"ecdsap160", R_EC_P160},
{"ecdsap192", R_EC_P192}, {"ecdsap192", R_EC_P192},
{"ecdsap224", R_EC_P224}, {"ecdsap224", R_EC_P224},
@@ -551,11 +513,13 @@ static OPT_PAIR ecdsa_choices[] = {
{"ecdsab233", R_EC_B233}, {"ecdsab233", R_EC_B233},
{"ecdsab283", R_EC_B283}, {"ecdsab283", R_EC_B283},
{"ecdsab409", R_EC_B409}, {"ecdsab409", R_EC_B409},
{"ecdsab571", R_EC_B571}, {"ecdsab571", R_EC_B571}
{NULL}
}; };
# define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
static OPT_PAIR ecdh_choices[] = { static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
static const OPT_PAIR ecdh_choices[] = {
{"ecdhp160", R_EC_P160}, {"ecdhp160", R_EC_P160},
{"ecdhp192", R_EC_P192}, {"ecdhp192", R_EC_P192},
{"ecdhp224", R_EC_P224}, {"ecdhp224", R_EC_P224},
@@ -575,7 +539,10 @@ static OPT_PAIR ecdh_choices[] = {
{"ecdhx25519", R_EC_X25519}, {"ecdhx25519", R_EC_X25519},
{NULL} {NULL}
}; };
#endif # define EC_NUM OSSL_NELEM(ecdh_choices)
static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
#endif /* OPENSSL_NO_EC */
#ifndef SIGALRM #ifndef SIGALRM
# define COND(d) (count < (d)) # define COND(d) (count < (d))
@@ -585,7 +552,40 @@ static OPT_PAIR ecdh_choices[] = {
# define COUNT(d) (count) # define COUNT(d) (count)
#endif /* SIGALRM */ #endif /* SIGALRM */
static int testnum; static unsigned int testnum;
typedef void *(*kdf_fn) (const void *in, size_t inlen, void *out,
size_t *xoutlen);
typedef struct loopargs_st {
ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx;
unsigned char *buf;
unsigned char *buf2;
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned int siglen;
#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsa_key[DSA_NUM];
#endif
#ifndef OPENSSL_NO_EC
EC_KEY *ecdsa[ECDSA_NUM];
EC_KEY *ecdh_a[EC_NUM];
EC_KEY *ecdh_b[EC_NUM];
unsigned char *secret_a;
unsigned char *secret_b;
size_t outlen;
kdf_fn kdf;
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
GCM128_CONTEXT *gcm_ctx;
} loopargs_t;
static int run_benchmark(int async_jobs, int (*loop_function) (void *),
loopargs_t * loopargs);
/* Nb of iterations to do per algorithm and key-size */ /* Nb of iterations to do per algorithm and key-size */
static long c[ALGOR_NUM][SIZE_NUM]; static long c[ALGOR_NUM][SIZE_NUM];
@@ -994,7 +994,7 @@ static int DSA_verify_loop(void *args)
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
static long ecdsa_c[EC_NUM][2]; static long ecdsa_c[ECDSA_NUM][2];
static int ECDSA_sign_loop(void *args) static int ECDSA_sign_loop(void *args)
{ {
loopargs_t *tempargs = *(loopargs_t **)args; loopargs_t *tempargs = *(loopargs_t **)args;
@@ -1221,21 +1221,19 @@ int speed_main(int argc, char **argv)
{ {
ENGINE *e = NULL; ENGINE *e = NULL;
loopargs_t *loopargs = NULL; loopargs_t *loopargs = NULL;
int async_init = 0; const char *prog;
int loopargs_len = 0;
char *prog;
const char *engine_id = NULL; const char *engine_id = NULL;
const EVP_CIPHER *evp_cipher = NULL; const EVP_CIPHER *evp_cipher = NULL;
double d = 0.0; double d = 0.0;
OPTION_CHOICE o; OPTION_CHOICE o;
int multiblock = 0, pr_header = 0; int async_init = 0, multiblock = 0, pr_header = 0;
int doit[ALGOR_NUM] = { 0 }; int doit[ALGOR_NUM] = { 0 };
int ret = 1, i, k, misalign = 0; int ret = 1, misalign = 0;
long count = 0; long count = 0;
unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0;
#ifndef NO_FORK #ifndef NO_FORK
int multi = 0; int multi = 0;
#endif #endif
unsigned int async_jobs = 0;
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \ #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_EC)
long rsa_count = 1; long rsa_count = 1;
@@ -1323,7 +1321,7 @@ int speed_main(int argc, char **argv)
/* /*
* We only test over the following curves as they are representative, To * We only test over the following curves as they are representative, To
* add tests over more curves, simply add the curve NID and curve name to * add tests over more curves, simply add the curve NID and curve name to
* the following arrays and increase the EC_NUM value accordingly. * the following arrays and increase the |ecdh_choices| list accordingly.
*/ */
static const unsigned int test_curves[EC_NUM] = { static const unsigned int test_curves[EC_NUM] = {
/* Prime Curves */ /* Prime Curves */
@@ -1358,7 +1356,7 @@ int speed_main(int argc, char **argv)
571, 253 /* X25519 */ 571, 253 /* X25519 */
}; };
int ecdsa_doit[EC_NUM] = { 0 }; int ecdsa_doit[ECDSA_NUM] = { 0 };
int ecdh_doit[EC_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 };
#endif /* ndef OPENSSL_NO_EC */ #endif /* ndef OPENSSL_NO_EC */
@@ -1378,6 +1376,7 @@ int speed_main(int argc, char **argv)
usertime = 0; usertime = 0;
break; break;
case OPT_EVP: case OPT_EVP:
evp_md = NULL;
evp_cipher = EVP_get_cipherbyname(opt_arg()); evp_cipher = EVP_get_cipherbyname(opt_arg());
if (evp_cipher == NULL) if (evp_cipher == NULL)
evp_md = EVP_get_digestbyname(opt_arg()); evp_md = EVP_get_digestbyname(opt_arg());
@@ -1415,9 +1414,7 @@ int speed_main(int argc, char **argv)
goto opterr; goto opterr;
} }
if (async_jobs > 99999) { if (async_jobs > 99999) {
BIO_printf(bio_err, BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
"%s: too many async_jobs\n",
prog);
goto opterr; goto opterr;
} }
#endif #endif
@@ -1465,17 +1462,11 @@ int speed_main(int argc, char **argv)
continue; continue;
} }
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
# ifndef RSA_NULL if (strcmp(*argv, "openssl") == 0)
if (strcmp(*argv, "openssl") == 0) {
RSA_set_default_method(RSA_PKCS1_OpenSSL());
continue; continue;
}
# endif
if (strcmp(*argv, "rsa") == 0) { if (strcmp(*argv, "rsa") == 0) {
rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = rsa_doit[loop] = 1;
rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] =
rsa_doit[R_RSA_15360] = 1;
continue; continue;
} }
if (found(*argv, rsa_choices, &i)) { if (found(*argv, rsa_choices, &i)) {
@@ -1508,8 +1499,8 @@ int speed_main(int argc, char **argv)
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (strcmp(*argv, "ecdsa") == 0) { if (strcmp(*argv, "ecdsa") == 0) {
for (i = 0; i < EC_NUM; i++) for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
ecdsa_doit[i] = 1; ecdsa_doit[loop] = 1;
continue; continue;
} }
if (found(*argv, ecdsa_choices, &i)) { if (found(*argv, ecdsa_choices, &i)) {
@@ -1517,8 +1508,8 @@ int speed_main(int argc, char **argv)
continue; continue;
} }
if (strcmp(*argv, "ecdh") == 0) { if (strcmp(*argv, "ecdh") == 0) {
for (i = 0; i < EC_NUM; i++) for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
ecdh_doit[i] = 1; ecdh_doit[loop] = 1;
continue; continue;
} }
if (found(*argv, ecdh_choices, &i)) { if (found(*argv, ecdh_choices, &i)) {
@@ -1585,10 +1576,10 @@ int speed_main(int argc, char **argv)
dsa_doit[i] = 1; dsa_doit[i] = 1;
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++) for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
ecdsa_doit[i] = 1; ecdsa_doit[loop] = 1;
for (i = 0; i < EC_NUM; i++) for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
ecdh_doit[i] = 1; ecdh_doit[loop] = 1;
#endif #endif
} }
for (i = 0; i < ALGOR_NUM; i++) for (i = 0; i < ALGOR_NUM; i++)
@@ -1851,6 +1842,8 @@ int speed_main(int argc, char **argv)
} }
} }
} }
/* default iteration count for the last EC Curve */
ecdh_c[R_EC_X25519][0] = count / 1800;
# endif # endif
# else # else
@@ -2403,7 +2396,7 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
if (RAND_status() != 1) { if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
} }
for (testnum = 0; testnum < DSA_NUM; testnum++) { for (testnum = 0; testnum < DSA_NUM; testnum++) {
int st = 0; int st = 0;
@@ -2471,9 +2464,9 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (RAND_status() != 1) { if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
} }
for (testnum = 0; testnum < EC_NUM; testnum++) { for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
int st = 1; int st = 1;
if (!ecdsa_doit[testnum]) if (!ecdsa_doit[testnum])
@@ -2548,14 +2541,14 @@ int speed_main(int argc, char **argv)
if (rsa_count <= 1) { if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */ /* if longer than 10s, don't do any more */
for (testnum++; testnum < EC_NUM; testnum++) for (testnum++; testnum < ECDSA_NUM; testnum++)
ecdsa_doit[testnum] = 0; ecdsa_doit[testnum] = 0;
} }
} }
} }
if (RAND_status() != 1) { if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
} }
for (testnum = 0; testnum < EC_NUM; testnum++) { for (testnum = 0; testnum < EC_NUM; testnum++) {
int ecdh_checks = 1; int ecdh_checks = 1;
@@ -2585,7 +2578,7 @@ int speed_main(int argc, char **argv)
ecdh_checks = 0; ecdh_checks = 0;
rsa_count = 1; rsa_count = 1;
} else { } else {
int secret_size_a, secret_size_b; int secret_size_a, secret_size_b, j;
/* /*
* If field size is not more than 24 octets, then use SHA-1 * If field size is not more than 24 octets, then use SHA-1
* hash of result; otherwise, use result (see section 4.8 of * hash of result; otherwise, use result (see section 4.8 of
@@ -2614,8 +2607,8 @@ int speed_main(int argc, char **argv)
else else
ecdh_checks = 1; ecdh_checks = 1;
for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) { for (j = 0; j < secret_size_a && ecdh_checks == 1; j++) {
if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k]) if (loopargs[i].secret_a[j] != loopargs[i].secret_b[j])
ecdh_checks = 0; ecdh_checks = 0;
} }
@@ -2645,7 +2638,7 @@ int speed_main(int argc, char **argv)
if (rsa_count <= 1) { if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */ /* if longer than 10s, don't do any more */
for (testnum++; testnum < EC_NUM; testnum++) for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++)
ecdh_doit[testnum] = 0; ecdh_doit[testnum] = 0;
} }
} }
@@ -2694,7 +2687,7 @@ int speed_main(int argc, char **argv)
if (!doit[k]) if (!doit[k])
continue; continue;
if (mr) if (mr)
printf("+F:%d:%s", k, names[k]); printf("+F:%u:%s", k, names[k]);
else else
printf("%-13s", names[k]); printf("%-13s", names[k]);
for (testnum = 0; testnum < SIZE_NUM; testnum++) { for (testnum = 0; testnum < SIZE_NUM; testnum++) {
@@ -2743,7 +2736,7 @@ int speed_main(int argc, char **argv)
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
testnum = 1; testnum = 1;
for (k = 0; k < EC_NUM; k++) { for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
if (!ecdsa_doit[k]) if (!ecdsa_doit[k])
continue; continue;
if (testnum && !mr) { if (testnum && !mr) {
@@ -2801,8 +2794,9 @@ int speed_main(int argc, char **argv)
DSA_free(loopargs[i].dsa_key[k]); DSA_free(loopargs[i].dsa_key[k]);
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
for (k = 0; k < EC_NUM; k++) { for (k = 0; k < ECDSA_NUM; k++)
EC_KEY_free(loopargs[i].ecdsa[k]); EC_KEY_free(loopargs[i].ecdsa[k]);
for (k = 0; k < EC_NUM; k++) {
EC_KEY_free(loopargs[i].ecdh_a[k]); EC_KEY_free(loopargs[i].ecdh_a[k]);
EC_KEY_free(loopargs[i].ecdh_b[k]); EC_KEY_free(loopargs[i].ecdh_b[k]);
} }
@@ -2878,7 +2872,7 @@ static char *sstrsep(char **string, const char *delim)
if (**string == 0) if (**string == 0)
return NULL; return NULL;
memset(isdelim, 0, sizeof isdelim); memset(isdelim, 0, sizeof(isdelim));
isdelim[0] = 1; isdelim[0] = 1;
while (*delim) { while (*delim) {
@@ -2939,7 +2933,7 @@ static int do_multi(int multi)
char *p; char *p;
f = fdopen(fds[n], "r"); f = fdopen(fds[n], "r");
while (fgets(buf, sizeof buf, f)) { while (fgets(buf, sizeof(buf), f)) {
p = strchr(buf, '\n'); p = strchr(buf, '\n');
if (p) if (p)
*p = '\0'; *p = '\0';
@@ -2951,7 +2945,7 @@ static int do_multi(int multi)
printf("Got: %s from %d\n", buf, n); printf("Got: %s from %d\n", buf, n);
if (strncmp(buf, "+F:", 3) == 0) { if (strncmp(buf, "+F:", 3) == 0) {
int alg; int alg;
int j; unsigned int j;
p = buf + 3; p = buf + 3;
alg = atoi(sstrsep(&p, sep)); alg = atoi(sstrsep(&p, sep));

19
apps/spkac.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -116,19 +116,22 @@ int spkac_main(int argc, char **argv)
goto end; goto end;
} }
if (keyfile) { if (keyfile != NULL) {
pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key"); FORMAT_PEM, 1, passin, e, "private key");
if (!pkey) { if (pkey == NULL)
goto end; goto end;
}
spki = NETSCAPE_SPKI_new(); spki = NETSCAPE_SPKI_new();
if (challenge) if (spki == NULL)
goto end;
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge, ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge)); challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki); spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (spkstr == NULL)
goto end;
out = bio_open_default(outfile, 'w', FORMAT_TEXT); out = bio_open_default(outfile, 'w', FORMAT_TEXT);
if (out == NULL) { if (out == NULL) {
@@ -154,7 +157,7 @@ int spkac_main(int argc, char **argv)
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if (!spki) { if (spki == NULL) {
BIO_printf(bio_err, "Error loading SPKAC\n"); BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -169,9 +172,9 @@ int spkac_main(int argc, char **argv)
pkey = NETSCAPE_SPKI_get_pubkey(spki); pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) { if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey); i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0) if (i > 0) {
BIO_printf(bio_err, "Signature OK\n"); BIO_printf(bio_err, "Signature OK\n");
else { } else {
BIO_printf(bio_err, "Signature Failure\n"); BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;

23
apps/srp.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -293,11 +293,12 @@ int srp_main(int argc, char **argv)
"Exactly one of the options -add, -delete, -modify -list must be specified.\n"); "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
goto opthelp; goto opthelp;
} }
if ((mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) {
&& argc < 1) { if (argc == 0) {
BIO_printf(bio_err, BIO_printf(bio_err, "Need at least one user.\n");
"Need at least one user for options -add, -delete, -modify. \n"); goto opthelp;
goto opthelp; }
user = *argv++;
} }
if ((passinarg || passoutarg) && argc != 1) { if ((passinarg || passoutarg) && argc != 1) {
BIO_printf(bio_err, BIO_printf(bio_err,
@@ -391,10 +392,7 @@ int srp_main(int argc, char **argv)
if (verbose > 1) if (verbose > 1)
BIO_printf(bio_err, "Starting user processing\n"); BIO_printf(bio_err, "Starting user processing\n");
if (argc > 0) while (mode == OPT_LIST || user != NULL) {
user = *(argv++);
while (mode == OPT_LIST || user) {
int userindex = -1; int userindex = -1;
if (user != NULL && verbose > 1) if (user != NULL && verbose > 1)
@@ -557,9 +555,8 @@ int srp_main(int argc, char **argv)
doupdatedb = 1; doupdatedb = 1;
} }
} }
if (--argc > 0) { user = *argv++;
user = *(argv++); if (user == NULL) {
} else {
/* no more processing in any mode if no users left */ /* no more processing in any mode if no users left */
break; break;
} }

1
apps/tsget.in
View File

@@ -198,4 +198,3 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v}; STDERR->printflush(", $output written.\n") if $options{v};
} }
$curl->cleanup(); $curl->cleanup();
WWW::Curl::Easy::global_cleanup();

4
apps/verify.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file,
X509_STORE_set_flags(ctx, vflags); X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
X509_STORE_CTX_free(csc);
printf("error %s: X.509 store context initialization failed\n", printf("error %s: X.509 store context initialization failed\n",
(file == NULL) ? "stdin" : file); (file == NULL) ? "stdin" : file);
goto end; goto end;
@@ -282,6 +283,7 @@ static int cb(int ok, X509_STORE_CTX *ctx)
switch (cert_error) { switch (cert_error) {
case X509_V_ERR_NO_EXPLICIT_POLICY: case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(ctx); policies_print(ctx);
/* fall thru */
case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_CERT_HAS_EXPIRED:
/* /*

9
apps/version.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -61,6 +61,7 @@ int version_main(int argc, char **argv)
switch (o) { switch (o) {
case OPT_EOF: case OPT_EOF:
case OPT_ERR: case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end; goto end;
case OPT_HELP: case OPT_HELP:
@@ -89,10 +90,14 @@ int version_main(int argc, char **argv)
dirty = version = 1; dirty = version = 1;
break; break;
case OPT_A: case OPT_A:
cflags = version = date = platform = dir = engdir = 1; options = cflags = version = date = platform = dir = engdir = 1;
break; break;
} }
} }
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra parameters given.\n");
goto opthelp;
}
if (!dirty) if (!dirty)
version = 1; version = 1;

12
apps/vms_term_sock.c
View File

@@ -143,7 +143,7 @@ int main (int argc, char *argv[], char *envp[])
** Process the terminal input ** Process the terminal input
*/ */
LogMessage ("Waiting on terminal I/O ...\n"); LogMessage ("Waiting on terminal I/O ...\n");
len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ; len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ;
TermBuff[len] = '\0'; TermBuff[len] = '\0';
LogMessage ("Received terminal I/O [%s]", TermBuff); LogMessage ("Received terminal I/O [%s]", TermBuff);
@@ -209,7 +209,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket)
TerminalDeviceAst, TerminalDeviceAst,
0, 0,
TerminalDeviceBuff, TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 2, sizeof(TerminalDeviceBuff) - 2,
0, 0, 0, 0); 0, 0, 0, 0);
if (! (status & 1)) { if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
@@ -317,7 +317,7 @@ static int CreateSocketPair (int SocketFamily,
/* /*
** Initialize the socket information ** Initialize the socket information
*/ */
slen = sizeof (sin); slen = sizeof(sin);
memset ((char *) &sin, 0, slen); memset ((char *) &sin, 0, slen);
sin.sin_family = SocketFamily; sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr); sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
@@ -434,12 +434,12 @@ static int CreateSocketPair (int SocketFamily,
/* /*
** Now issue the connect ** Now issue the connect
*/ */
memset ((char *) &sin, 0, sizeof (sin)) ; memset ((char *) &sin, 0, sizeof(sin)) ;
sin.sin_family = SocketFamily; sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ; sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
sin.sin_port = LocalHostPort ; sin.sin_port = LocalHostPort ;
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin)); status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin));
if (status < 0 ) { if (status < 0 ) {
LogMessage ("CreateSocketPair: connect () - %d", errno); LogMessage ("CreateSocketPair: connect () - %d", errno);
sys$cantim (&sptb, 0); sys$cantim (&sptb, 0);
@@ -528,7 +528,7 @@ static int TerminalDeviceAst (int astparm)
TerminalDeviceAst, TerminalDeviceAst,
0, 0,
TerminalDeviceBuff, TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 1, sizeof(TerminalDeviceBuff) - 1,
0, 0, 0, 0); 0, 0, 0, 0);
/* /*

20
apps/x509.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -123,7 +123,7 @@ OPTIONS x509_options[] = {
{"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"}, {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},
{"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"}, {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
{"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
{"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"}, {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"}, {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
{"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"}, {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
@@ -450,10 +450,6 @@ int x509_main(int argc, char **argv)
if (!nmflag_set) if (!nmflag_set)
nmflag = XN_FLAG_ONELINE; nmflag = XN_FLAG_ONELINE;
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (need_rand) if (need_rand)
app_RAND_load_file(NULL, 0); app_RAND_load_file(NULL, 0);
@@ -579,10 +575,12 @@ int x509_main(int argc, char **argv)
goto end; goto end;
} }
if (!noout || text || next_serial) { out = bio_open_default(outfile, 'w', outformat);
OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); if (out == NULL)
goto end;
} if (!noout || text || next_serial)
OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
if (alias) if (alias)
X509_alias_set1(x, (unsigned char *)alias, -1); X509_alias_set1(x, (unsigned char *)alias, -1);
@@ -726,11 +724,11 @@ int x509_main(int argc, char **argv)
char *m; char *m;
int len; int len;
X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
BIO_printf(out, "/*\n" BIO_printf(out, "/*\n"
" * Subject: %s\n", buf); " * Subject: %s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf); X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof(buf));
BIO_printf(out, " * Issuer: %s\n" BIO_printf(out, " * Issuer: %s\n"
" */\n", buf); " */\n", buf);

2
appveyor.yml
View File

@@ -41,5 +41,5 @@ test_script:
- cd _build - cd _build
- nmake test - nmake test
- mkdir ..\_install - mkdir ..\_install
- nmake install install_docs DESTDIR=..\_install - nmake install DESTDIR=..\_install
- cd .. - cd ..

3
config
View File

@@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@@ -929,5 +929,6 @@ if [ $? = "0" ]; then
fi fi
else else
echo "This system ($OUT) is not supported. See file INSTALL for details." echo "This system ($OUT) is not supported. See file INSTALL for details."
exit 1
fi fi
) )

8
config.com
View File

@@ -1,5 +1,5 @@
$ ! OpenSSL config: determine the architecture and run Configure $ ! OpenSSL config: determine the architecture and run Configure
$ ! Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. $ ! Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
$ ! $ !
$ ! Licensed under the OpenSSL license (the "License"). You may not use $ ! Licensed under the OpenSSL license (the "License"). You may not use
$ ! this file except in compliance with the License. You can obtain a $ ! this file except in compliance with the License. You can obtain a
@@ -73,7 +73,7 @@ $ collected_args = collected_args + " --debug"
$ P = "" $ P = ""
$ ENDIF $ ENDIF
$ IF P .NES. "" THEN - $ IF P .NES. "" THEN -
collected_args = collected_args + " " + P1 collected_args = collected_args + " """ + P1 + """"
$ P1 = P2 $ P1 = P2
$ P2 = P3 $ P2 = P3
$ P3 = P4 $ P3 = P4
@@ -87,7 +87,7 @@ $ ENDLOOP1:
$ $
$ target = "vms-''arch'''pointer_size'" $ target = "vms-''arch'''pointer_size'"
$ IF verbose THEN - $ IF verbose THEN -
WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""''collected_args'" WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""",collected_args
$ IF .not. dryrun THEN - $ IF .not. dryrun THEN -
PERL 'here'Configure "''target'" 'debug' 'collected_args' PERL 'here'Configure "''target'"'collected_args'
$ EXIT $STATUS $ EXIT $STATUS

14
crypto/aes/asm/aes-armv4.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@@ -200,10 +200,10 @@ AES_encrypt:
#ifndef __thumb2__ #ifndef __thumb2__
sub r3,pc,#8 @ AES_encrypt sub r3,pc,#8 @ AES_encrypt
#else #else
adr r3,AES_encrypt adr r3,.
#endif #endif
stmdb sp!,{r1,r4-r12,lr} stmdb sp!,{r1,r4-r12,lr}
#ifdef __APPLE__ #if defined(__thumb2__) || defined(__APPLE__)
adr $tbl,AES_Te adr $tbl,AES_Te
#else #else
sub $tbl,r3,#AES_encrypt-AES_Te @ Te sub $tbl,r3,#AES_encrypt-AES_Te @ Te
@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key:
#ifndef __thumb2__ #ifndef __thumb2__
sub r3,pc,#8 @ AES_set_encrypt_key sub r3,pc,#8 @ AES_set_encrypt_key
#else #else
adr r3,AES_set_encrypt_key adr r3,.
#endif #endif
teq r0,#0 teq r0,#0
#ifdef __thumb2__ #ifdef __thumb2__
@@ -481,7 +481,7 @@ _armv4_AES_set_encrypt_key:
mov lr,r1 @ bits mov lr,r1 @ bits
mov $key,r2 @ key mov $key,r2 @ key
#ifdef __APPLE__ #if defined(__thumb2__) || defined(__APPLE__)
adr $tbl,AES_Te+1024 @ Te4 adr $tbl,AES_Te+1024 @ Te4
#else #else
sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
@@ -976,10 +976,10 @@ AES_decrypt:
#ifndef __thumb2__ #ifndef __thumb2__
sub r3,pc,#8 @ AES_decrypt sub r3,pc,#8 @ AES_decrypt
#else #else
adr r3,AES_decrypt adr r3,.
#endif #endif
stmdb sp!,{r1,r4-r12,lr} stmdb sp!,{r1,r4-r12,lr}
#ifdef __APPLE__ #if defined(__thumb2__) || defined(__APPLE__)
adr $tbl,AES_Td adr $tbl,AES_Td
#else #else
sub $tbl,r3,#AES_decrypt-AES_Td @ Td sub $tbl,r3,#AES_decrypt-AES_Td @ Td

21
crypto/aes/asm/aes-s390x.pl
View File

@@ -813,7 +813,7 @@ _s390x_AES_set_encrypt_key:
.Lproceed: .Lproceed:
___ ___
$code.=<<___ if (!$softonly); $code.=<<___ if (!$softonly);
# convert bits to km code, [128,192,256]->[18,19,20] # convert bits to km(c) code, [128,192,256]->[18,19,20]
lhi %r5,-128 lhi %r5,-128
lhi %r0,18 lhi %r0,18
ar %r5,$bits ar %r5,$bits
@@ -821,13 +821,10 @@ $code.=<<___ if (!$softonly);
ar %r5,%r0 ar %r5,%r0
larl %r1,OPENSSL_s390xcap_P larl %r1,OPENSSL_s390xcap_P
lg %r0,0(%r1)
tmhl %r0,0x4000 # check for message-security assist
jz .Lekey_internal
llihh %r0,0x8000 llihh %r0,0x8000
srlg %r0,%r0,0(%r5) srlg %r0,%r0,0(%r5)
ng %r0,48(%r1) # check kmc capability vector ng %r0,32(%r1) # check availability of both km...
ng %r0,48(%r1) # ...and kmc support for given key length
jz .Lekey_internal jz .Lekey_internal
lmg %r0,%r1,0($inp) # just copy 128 bits... lmg %r0,%r1,0($inp) # just copy 128 bits...
@@ -842,7 +839,7 @@ $code.=<<___ if (!$softonly);
stg %r1,24($key) stg %r1,24($key)
1: st $bits,236($key) # save bits [for debugging purposes] 1: st $bits,236($key) # save bits [for debugging purposes]
lgr $t0,%r5 lgr $t0,%r5
st %r5,240($key) # save km code st %r5,240($key) # save km(c) code
lghi %r2,0 lghi %r2,0
br %r14 br %r14
___ ___
@@ -1439,12 +1436,7 @@ $code.=<<___ if (!$softonly);
.Lctr32_hw_switch: .Lctr32_hw_switch:
___ ___
$code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower $code.=<<___ if (!$softonly && 0);# kmctr code was measured to be ~12% slower
larl $s0,OPENSSL_s390xcap_P
lg $s0,8($s0)
tmhh $s0,0x0004 # check for message_security-assist-4
jz .Lctr32_km_loop
llgfr $s0,%r0 llgfr $s0,%r0
lgr $s1,%r1 lgr $s1,%r1
larl %r1,OPENSSL_s390xcap_P larl %r1,OPENSSL_s390xcap_P
@@ -1488,7 +1480,7 @@ $code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower
br $ra br $ra
.align 16 .align 16
___ ___
$code.=<<___; $code.=<<___ if (!$softonly);
.Lctr32_km_loop: .Lctr32_km_loop:
la $s2,16($sp) la $s2,16($sp)
lgr $s3,$fp lgr $s3,$fp
@@ -2227,7 +2219,6 @@ ___
} }
$code.=<<___; $code.=<<___;
.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>" .string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
.comm OPENSSL_s390xcap_P,80,8
___ ___
$code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\`([^\`]*)\`/eval $1/gem;

7
crypto/aes/asm/aesni-sha1-x86_64.pl
View File

@@ -34,6 +34,8 @@
# Haswell 4.43[+3.6(4.2)] 8.00(8.58) 4.55(5.21) +75%(+65%) # Haswell 4.43[+3.6(4.2)] 8.00(8.58) 4.55(5.21) +75%(+65%)
# Skylake 2.63[+3.5(4.1)] 6.17(6.69) 4.23(4.44) +46%(+51%) # Skylake 2.63[+3.5(4.1)] 6.17(6.69) 4.23(4.44) +46%(+51%)
# Bulldozer 5.77[+6.0] 11.72 6.37 +84% # Bulldozer 5.77[+6.0] 11.72 6.37 +84%
# Ryzen(**) 2.71[+1.93] 4.64 2.74 +69%
# Goldmont(**) 3.82[+1.70] 5.52 4.20 +31%
# #
# AES-192-CBC # AES-192-CBC
# Westmere 4.51 9.81 6.80 +44% # Westmere 4.51 9.81 6.80 +44%
@@ -47,13 +49,16 @@
# Sandy Bridge 7.05 12.06(13.15) 7.12(7.72) +69%(+70%) # Sandy Bridge 7.05 12.06(13.15) 7.12(7.72) +69%(+70%)
# Ivy Bridge 7.05 11.65 7.12 +64% # Ivy Bridge 7.05 11.65 7.12 +64%
# Haswell 6.19 9.76(10.34) 6.21(6.25) +57%(+65%) # Haswell 6.19 9.76(10.34) 6.21(6.25) +57%(+65%)
# Skylake 3.62 7.16(7.68) 4.56(4.76) +57%(+61$) # Skylake 3.62 7.16(7.68) 4.56(4.76) +57%(+61%)
# Bulldozer 8.00 13.95 8.25 +69% # Bulldozer 8.00 13.95 8.25 +69%
# Ryzen(**) 3.71 5.64 3.72 +52%
# Goldmont(**) 5.35 7.05 5.76 +22%
# #
# (*) There are two code paths: SSSE3 and AVX. See sha1-568.pl for # (*) There are two code paths: SSSE3 and AVX. See sha1-568.pl for
# background information. Above numbers in parentheses are SSSE3 # background information. Above numbers in parentheses are SSSE3
# results collected on AVX-capable CPU, i.e. apply on OSes that # results collected on AVX-capable CPU, i.e. apply on OSes that
# don't support AVX. # don't support AVX.
# (**) SHAEXT results.
# #
# Needless to mention that it makes no sense to implement "stitched" # Needless to mention that it makes no sense to implement "stitched"
# *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1 # *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1

15
crypto/aes/asm/aesni-sha256-x86_64.pl
View File

@@ -28,18 +28,21 @@
# for standalone AESNI-CBC encrypt, standalone SHA256, and stitched # for standalone AESNI-CBC encrypt, standalone SHA256, and stitched
# subroutine: # subroutine:
# #
# AES-128/-192/-256+SHA256 this(**)gain # AES-128/-192/-256+SHA256 this(**) gain
# Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43% # Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43%
# Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50% # Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50%
# Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59% # Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59%
# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40% # Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40%
# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58% # Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58%
# Ryzen(***) 2.71/-/3.71+2.05 2.74/-/3.73 +74%/-/54%
# Goldmont(***) 3.82/-/5.35+4.16 4.73/-/5.94 +69%/-/60%
# #
# (*) there are XOP, AVX1 and AVX2 code paths, meaning that # (*) there are XOP, AVX1 and AVX2 code paths, meaning that
# Westmere is omitted from loop, this is because gain was not # Westmere is omitted from loop, this is because gain was not
# estimated high enough to justify the effort; # estimated high enough to justify the effort;
# (**) these are EVP-free results, results obtained with 'speed # (**) these are EVP-free results, results obtained with 'speed
# -evp aes-256-cbc-hmac-sha256' will vary by percent or two; # -evp aes-256-cbc-hmac-sha256' will vary by percent or two;
# (***) these are SHAEXT results;
$flavour = shift; $flavour = shift;
$output = shift; $output = shift;

14
crypto/aes/asm/bsaes-armv7.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@@ -744,9 +744,9 @@ $code.=<<___;
.type _bsaes_decrypt8,%function .type _bsaes_decrypt8,%function
.align 4 .align 4
_bsaes_decrypt8: _bsaes_decrypt8:
adr $const,_bsaes_decrypt8 adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key vldmia $key!, {@XMM[9]} @ round 0 key
#ifdef __APPLE__ #if defined(__thumb2__) || defined(__APPLE__)
adr $const,.LM0ISR adr $const,.LM0ISR
#else #else
add $const,$const,#.LM0ISR-_bsaes_decrypt8 add $const,$const,#.LM0ISR-_bsaes_decrypt8
@@ -843,9 +843,9 @@ _bsaes_const:
.type _bsaes_encrypt8,%function .type _bsaes_encrypt8,%function
.align 4 .align 4
_bsaes_encrypt8: _bsaes_encrypt8:
adr $const,_bsaes_encrypt8 adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key vldmia $key!, {@XMM[9]} @ round 0 key
#ifdef __APPLE__ #if defined(__thumb2__) || defined(__APPLE__)
adr $const,.LM0SR adr $const,.LM0SR
#else #else
sub $const,$const,#_bsaes_encrypt8-.LM0SR sub $const,$const,#_bsaes_encrypt8-.LM0SR
@@ -951,9 +951,9 @@ $code.=<<___;
.type _bsaes_key_convert,%function .type _bsaes_key_convert,%function
.align 4 .align 4
_bsaes_key_convert: _bsaes_key_convert:
adr $const,_bsaes_key_convert adr $const,.
vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key
#ifdef __APPLE__ #if defined(__thumb2__) || defined(__APPLE__)
adr $const,.LM0 adr $const,.LM0
#else #else
sub $const,$const,#_bsaes_key_convert-.LM0 sub $const,$const,#_bsaes_key_convert-.LM0

4
crypto/arm_arch.h
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -69,7 +69,7 @@
# endif # endif
# endif # endif
# if !__ASSEMBLER__ # ifndef __ASSEMBLER__
extern unsigned int OPENSSL_armcap_P; extern unsigned int OPENSSL_armcap_P;
# endif # endif

5
crypto/armcap.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -13,6 +13,7 @@
#include <setjmp.h> #include <setjmp.h>
#include <signal.h> #include <signal.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <internal/cryptlib.h>
#include "arm_arch.h" #include "arm_arch.h"
@@ -69,7 +70,7 @@ static unsigned long (*getauxval) (unsigned long) = NULL;
# endif # endif
/* /*
* ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP. * AArch64 used AT_HWCAP.
*/ */
# if defined(__arm__) || defined (__arm) # if defined(__arm__) || defined (__arm)

4
crypto/armv4cpuid.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@@ -125,7 +125,7 @@ CRYPTO_memcmp:
ldmia sp!,{r4,r5} ldmia sp!,{r4,r5}
.Lno_data: .Lno_data:
neg r0,ip rsb r0,ip,#0
mov r0,r0,lsr#31 mov r0,r0,lsr#31
#if __ARM_ARCH__>=5 #if __ARM_ARCH__>=5
bx lr bx lr

6
crypto/asn1/a_bitstr.c
View File

@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#include <limits.h>
#include <stdio.h> #include <stdio.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
@@ -88,6 +89,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
goto err; goto err;
} }
if (len > INT_MAX) {
i = ASN1_R_STRING_TOO_LONG;
goto err;
}
if ((a == NULL) || ((*a) == NULL)) { if ((a == NULL) || ((*a) == NULL)) {
if ((ret = ASN1_BIT_STRING_new()) == NULL) if ((ret = ASN1_BIT_STRING_new()) == NULL)
return (NULL); return (NULL);

5
crypto/asn1/a_digest.c
View File

@@ -9,13 +9,10 @@
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include <sys/types.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/buffer.h> #include <openssl/buffer.h>

3
crypto/asn1/a_i2d_fp.c
View File

@@ -38,6 +38,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
int i, j = 0, n, ret = 1; int i, j = 0, n, ret = 1;
n = i2d(x, NULL); n = i2d(x, NULL);
if (n <= 0)
return 0;
b = OPENSSL_malloc(n); b = OPENSSL_malloc(n);
if (b == NULL) { if (b == NULL) {
ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);

4
crypto/asn1/a_mbstr.c
View File

@@ -100,14 +100,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if ((minsize > 0) && (nchar < minsize)) { if ((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf); ERR_add_error_data(2, "minsize=", strbuf);
return -1; return -1;
} }
if ((maxsize > 0) && (nchar > maxsize)) { if ((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf); ERR_add_error_data(2, "maxsize=", strbuf);
return -1; return -1;
} }

27
crypto/asn1/a_object.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -19,7 +19,7 @@
int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
{ {
unsigned char *p; unsigned char *p, *allocated = NULL;
int objsize; int objsize;
if ((a == NULL) || (a->data == NULL)) if ((a == NULL) || (a->data == NULL))
@@ -29,20 +29,31 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
if (pp == NULL || objsize == -1) if (pp == NULL || objsize == -1)
return objsize; return objsize;
p = *pp; if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length); memcpy(p, a->data, a->length);
p += a->length;
*pp = p; /*
return (objsize); * If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + a->length;
return objsize;
} }
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
{ {
int i, first, len = 0, c, use_bn; int i, first, len = 0, c, use_bn;
char ftmp[24], *tmp = ftmp; char ftmp[24], *tmp = ftmp;
int tmpsize = sizeof ftmp; int tmpsize = sizeof(ftmp);
const char *p; const char *p;
unsigned long l; unsigned long l;
BIGNUM *bl = NULL; BIGNUM *bl = NULL;
@@ -177,7 +188,7 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
if ((a == NULL) || (a->data == NULL)) if ((a == NULL) || (a->data == NULL))
return (BIO_write(bp, "NULL", 4)); return (BIO_write(bp, "NULL", 4));
i = i2t_ASN1_OBJECT(buf, sizeof buf, a); i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
if (i > (int)(sizeof(buf) - 1)) { if (i > (int)(sizeof(buf) - 1)) {
p = OPENSSL_malloc(i + 1); p = OPENSSL_malloc(i + 1);
if (p == NULL) if (p == NULL)

5
crypto/asn1/a_sign.c
View File

@@ -9,13 +9,10 @@
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include <sys/types.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/x509.h> #include <openssl/x509.h>

100
crypto/asn1/a_strex.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -63,7 +63,7 @@ typedef int char_io (void *arg, const void *buf, int len);
* even 4 byte forms. * even 4 byte forms.
*/ */
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
char_io *io_ch, void *arg) char_io *io_ch, void *arg)
{ {
unsigned short chflgs; unsigned short chflgs;
@@ -73,13 +73,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
if (c > 0xffffffffL) if (c > 0xffffffffL)
return -1; return -1;
if (c > 0xffff) { if (c > 0xffff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
if (!io_ch(arg, tmphex, 10)) if (!io_ch(arg, tmphex, 10))
return -1; return -1;
return 10; return 10;
} }
if (c > 0xff) { if (c > 0xff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
if (!io_ch(arg, tmphex, 6)) if (!io_ch(arg, tmphex, 6))
return -1; return -1;
return 6; return 6;
@@ -116,7 +116,7 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
* If we get this far and do any escaping at all must escape the escape * If we get this far and do any escaping at all must escape the escape
* character itself: backslash. * character itself: backslash.
*/ */
if (chtmp == '\\' && flags & ESC_FLAGS) { if (chtmp == '\\' && (flags & ESC_FLAGS)) {
if (!io_ch(arg, "\\\\", 2)) if (!io_ch(arg, "\\\\", 2))
return -1; return -1;
return 2; return 2;
@@ -139,19 +139,40 @@ static int do_buf(unsigned char *buf, int buflen,
int type, unsigned short flags, char *quotes, char_io *io_ch, int type, unsigned short flags, char *quotes, char_io *io_ch,
void *arg) void *arg)
{ {
int i, outlen, len; int i, outlen, len, charwidth;
unsigned short orflags; unsigned short orflags;
unsigned char *p, *q; unsigned char *p, *q;
unsigned long c; unsigned long c;
p = buf; p = buf;
q = buf + buflen; q = buf + buflen;
outlen = 0; outlen = 0;
charwidth = type & BUF_TYPE_WIDTH_MASK;
switch (charwidth) {
case 4:
if (buflen & 3) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
return -1;
}
break;
case 2:
if (buflen & 1) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
return -1;
}
break;
default:
break;
}
while (p != q) { while (p != q) {
if (p == buf && flags & ASN1_STRFLGS_ESC_2253) if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
orflags = CHARTYPE_FIRST_ESC_2253; orflags = CHARTYPE_FIRST_ESC_2253;
else else
orflags = 0; orflags = 0;
switch (type & BUF_TYPE_WIDTH_MASK) {
switch (charwidth) {
case 4: case 4:
c = ((unsigned long)*p++) << 24; c = ((unsigned long)*p++) << 24;
c |= ((unsigned long)*p++) << 16; c |= ((unsigned long)*p++) << 16;
@@ -172,6 +193,7 @@ static int do_buf(unsigned char *buf, int buflen,
i = UTF8_getc(p, buflen, &c); i = UTF8_getc(p, buflen, &c);
if (i < 0) if (i < 0)
return -1; /* Invalid UTF8String */ return -1; /* Invalid UTF8String */
buflen -= i;
p += i; p += i;
break; break;
default: default:
@@ -182,7 +204,7 @@ static int do_buf(unsigned char *buf, int buflen,
if (type & BUF_TYPE_CONVUTF8) { if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6]; unsigned char utfbuf[6];
int utflen; int utflen;
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
for (i = 0; i < utflen; i++) { for (i = 0; i < utflen; i++) {
/* /*
* We don't need to worry about setting orflags correctly * We don't need to worry about setting orflags correctly
@@ -190,17 +212,15 @@ static int do_buf(unsigned char *buf, int buflen,
* otherwise each character will be > 0x7f and so the * otherwise each character will be > 0x7f and so the
* character will never be escaped on first and last. * character will never be escaped on first and last.
*/ */
len = len = do_esc_char(utfbuf[i], flags | orflags, quotes,
do_esc_char(utfbuf[i], (unsigned short)(flags | orflags), io_ch, arg);
quotes, io_ch, arg);
if (len < 0) if (len < 0)
return -1; return -1;
outlen += len; outlen += len;
} }
} else { } else {
len = len = do_esc_char(c, flags | orflags, quotes,
do_esc_char(c, (unsigned short)(flags | orflags), quotes, io_ch, arg);
io_ch, arg);
if (len < 0) if (len < 0)
return -1; return -1;
outlen += len; outlen += len;
@@ -479,7 +499,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
if (fn_opt != XN_FLAG_FN_NONE) { if (fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len; int objlen, fld_len;
if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
fld_len = 0; /* XXX: what should this be? */ fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp; objbuf = objtmp;
} else { } else {
@@ -593,53 +613,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
*out = stmp.data; *out = stmp.data;
return stmp.length; return stmp.length;
} }
/* Return 1 if host is a valid hostname and 0 otherwise */
int asn1_valid_host(const ASN1_STRING *host)
{
int hostlen = host->length;
const unsigned char *hostptr = host->data;
int type = host->type;
int i;
signed char width = -1;
unsigned short chflags = 0, prevchflags;
if (type > 0 && type < 31)
width = tag2nbyte[type];
if (width == -1 || hostlen == 0)
return 0;
/* Treat UTF8String as width 1 as any MSB set is invalid */
if (width == 0)
width = 1;
for (i = 0 ; i < hostlen; i+= width) {
prevchflags = chflags;
/* Value must be <= 0x7F: check upper bytes are all zeroes */
if (width == 4) {
if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0)
return 0;
} else if (width == 2) {
if (*hostptr++ != 0)
return 0;
}
if (*hostptr > 0x7f)
return 0;
chflags = char_type[*hostptr++];
if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) {
/* Nothing else allowed at start or end of string */
if (i == 0 || i == hostlen - 1)
return 0;
/* Otherwise invalid if not dot or hyphen */
if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)))
return 0;
/*
* If previous is dot or hyphen then illegal unless both
* are hyphens: as .- -. .. are all illegal
*/
if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)
&& ((prevchflags & CHARTYPE_HOST_DOT)
|| (chflags & CHARTYPE_HOST_DOT)))
return 0;
}
}
return 1;
}

3
crypto/asn1/a_strnid.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -214,6 +214,7 @@ static ASN1_STRING_TABLE *stable_get(int nid)
rv->mask = tmp->mask; rv->mask = tmp->mask;
rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
} else { } else {
rv->nid = nid;
rv->minsize = -1; rv->minsize = -1;
rv->maxsize = -1; rv->maxsize = -1;
rv->flags = STABLE_FLAGS_MALLOC; rv->flags = STABLE_FLAGS_MALLOC;

5
crypto/asn1/a_verify.c
View File

@@ -9,13 +9,10 @@
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include <sys/types.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/objects.h> #include <openssl/objects.h>

33
crypto/asn1/ameth_lib.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -143,7 +143,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
const char *str, int len) const char *str, int len)
{ {
int i; int i;
const EVP_PKEY_ASN1_METHOD *ameth; const EVP_PKEY_ASN1_METHOD *ameth = NULL;
if (len == -1) if (len == -1)
len = strlen(str); len = strlen(str);
if (pe) { if (pe) {
@@ -163,12 +164,12 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
#endif #endif
*pe = NULL; *pe = NULL;
} }
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
ameth = EVP_PKEY_asn1_get0(i); ameth = EVP_PKEY_asn1_get0(i);
if (ameth->pkey_flags & ASN1_PKEY_ALIAS) if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
continue; continue;
if (((int)strlen(ameth->pem_str) == len) if ((int)strlen(ameth->pem_str) == len
&& (strncasecmp(ameth->pem_str, str, len) == 0)) && strncasecmp(ameth->pem_str, str, len) == 0)
return ameth; return ameth;
} }
return NULL; return NULL;
@@ -176,11 +177,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
{ {
EVP_PKEY_ASN1_METHOD tmp = { 0, };
if (app_methods == NULL) { if (app_methods == NULL) {
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
if (app_methods == NULL) if (app_methods == NULL)
return 0; return 0;
} }
tmp.pkey_id = ameth->pkey_id;
if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) {
EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0,
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED);
return 0;
}
if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
return 0; return 0;
sk_EVP_PKEY_ASN1_METHOD_sort(app_methods); sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
@@ -244,6 +255,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
goto err; goto err;
} }
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
|| (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
goto err;
if (pem_str) { if (pem_str) {
ameth->pem_str = OPENSSL_strdup(pem_str); ameth->pem_str = OPENSSL_strdup(pem_str);
if (!ameth->pem_str) if (!ameth->pem_str)

5
crypto/asn1/asn1_err.c
View File

@@ -1,6 +1,6 @@
/* /*
* Generated by util/mkerr.pl DO NOT EDIT * Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -92,8 +92,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"},
{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
{ERR_FUNC(ASN1_F_DO_BUF), "do_buf"},
{ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"}, {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
{ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
@@ -203,6 +205,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
{ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},

1
crypto/asn1/asn1_locl.h
View File

@@ -65,6 +65,7 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
const ASN1_ITEM *it); const ASN1_ITEM *it);
void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

8
crypto/asn1/asn1_par.c
View File

@@ -38,13 +38,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p = str; p = str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag); BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
BIO_snprintf(str, sizeof str, "cont [ %d ]", tag); BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
BIO_snprintf(str, sizeof str, "appl [ %d ]", tag); BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
else if (tag > 30) else if (tag > 30)
BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag); BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
else else
p = ASN1_tag2str(tag); p = ASN1_tag2str(tag);

11
crypto/asn1/asn_mime.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -425,6 +425,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
|| hdr->value == NULL) { || hdr->value == NULL) {
sk_MIME_HEADER_pop_free(headers, mime_hdr_free); sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
sk_BIO_pop_free(parts, BIO_vfree);
return NULL; return NULL;
} }
@@ -968,12 +969,14 @@ static int strip_eol(char *linebuf, int *plen, int flags)
p = linebuf + len - 1; p = linebuf + len - 1;
for (p = linebuf + len - 1; len > 0; len--, p--) { for (p = linebuf + len - 1; len > 0; len--, p--) {
c = *p; c = *p;
if (c == '\n') if (c == '\n') {
is_eol = 1; is_eol = 1;
else if (is_eol && flags & SMIME_ASCIICRLF && c < 33) } else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) {
/* Strip trailing space on a line; 32 == ASCII for ' ' */
continue; continue;
else if (c != '\r') } else if (c != '\r') {
break; break;
}
} }
*plen = len; *plen = len;
return is_eol; return is_eol;

4
crypto/asn1/bio_asn1.c
View File

@@ -65,7 +65,7 @@ static int asn1_bio_gets(BIO *h, char *str, int size);
static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2); static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int asn1_bio_new(BIO *h); static int asn1_bio_new(BIO *h);
static int asn1_bio_free(BIO *data); static int asn1_bio_free(BIO *data);
static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size); static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
@@ -301,7 +301,7 @@ static int asn1_bio_gets(BIO *b, char *str, int size)
return BIO_gets(next, str, size); return BIO_gets(next, str, size);
} }
static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) static long asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{ {
BIO *next = BIO_next(b); BIO *next = BIO_next(b);
if (next == NULL) if (next == NULL)

4
crypto/asn1/p5_scrypt.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -91,7 +91,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
if (EVP_CIPHER_iv_length(cipher)) { if (EVP_CIPHER_iv_length(cipher)) {
if (aiv) if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
goto err; goto err;
} }

49
crypto/asn1/tasn_dec.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -17,9 +17,18 @@
#include "internal/numbers.h" #include "internal/numbers.h"
#include "asn1_locl.h" #include "asn1_locl.h"
/*
* Constructed types with a recursive definition (such as can be found in PKCS7)
* could eventually exceed the stack given malicious input with excessive
* recursion. Therefore we limit the stack depth. This is the maximum number of
* recursive invocations of asn1_item_embed_d2i().
*/
#define ASN1_MAX_CONSTRUCTED_NEST 30
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it, long len, const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx); int tag, int aclass, char opt, ASN1_TLC *ctx,
int depth);
static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf); static int asn1_find_end(const unsigned char **in, long len, char inf);
@@ -37,11 +46,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
static int asn1_template_ex_d2i(ASN1_VALUE **pval, static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx); ASN1_TLC *ctx, int depth);
static int asn1_template_noexp_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx); ASN1_TLC *ctx, int depth);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_ITEM *it, const ASN1_ITEM *it,
@@ -111,7 +120,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int tag, int aclass, char opt, ASN1_TLC *ctx) int tag, int aclass, char opt, ASN1_TLC *ctx)
{ {
int rv; int rv;
rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx); rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
if (rv <= 0) if (rv <= 0)
ASN1_item_ex_free(pval, it); ASN1_item_ex_free(pval, it);
return rv; return rv;
@@ -124,7 +133,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it, long len, const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx) int tag, int aclass, char opt, ASN1_TLC *ctx,
int depth)
{ {
const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_EXTERN_FUNCS *ef; const ASN1_EXTERN_FUNCS *ef;
@@ -145,6 +155,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
else else
asn1_cb = 0; asn1_cb = 0;
if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NESTED_TOO_DEEP);
goto err;
}
switch (it->itype) { switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE: case ASN1_ITYPE_PRIMITIVE:
if (it->templates) { if (it->templates) {
@@ -160,7 +175,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
goto err; goto err;
} }
return asn1_template_ex_d2i(pval, in, len, return asn1_template_ex_d2i(pval, in, len,
it->templates, opt, ctx); it->templates, opt, ctx, depth);
} }
return asn1_d2i_ex_primitive(pval, in, len, it, return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx); tag, aclass, opt, ctx);
@@ -221,7 +236,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
/* /*
* We mark field as OPTIONAL so its absence can be recognised. * We mark field as OPTIONAL so its absence can be recognised.
*/ */
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
/* If field not present, try the next one */ /* If field not present, try the next one */
if (ret == -1) if (ret == -1)
continue; continue;
@@ -344,7 +359,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
* attempt to read in field, allowing each to be OPTIONAL * attempt to read in field, allowing each to be OPTIONAL
*/ */
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
depth);
if (!ret) { if (!ret) {
errtt = seqtt; errtt = seqtt;
goto err; goto err;
@@ -420,7 +436,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
static int asn1_template_ex_d2i(ASN1_VALUE **val, static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen, const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx) ASN1_TLC *ctx, int depth)
{ {
int flags, aclass; int flags, aclass;
int ret; int ret;
@@ -455,7 +471,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
return 0; return 0;
} }
/* We've found the field so it can't be OPTIONAL now */ /* We've found the field so it can't be OPTIONAL now */
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
if (!ret) { if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0; return 0;
@@ -479,7 +495,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
} }
} }
} else } else
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
*in = p; *in = p;
return 1; return 1;
@@ -491,7 +507,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
static int asn1_template_noexp_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx) ASN1_TLC *ctx, int depth)
{ {
int flags, aclass; int flags, aclass;
int ret; int ret;
@@ -573,7 +589,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} }
skfield = NULL; skfield = NULL;
if (!asn1_item_embed_d2i(&skfield, &p, len, if (!asn1_item_embed_d2i(&skfield, &p, len,
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx,
depth)) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR); ERR_R_NESTED_ASN1_ERROR);
/* |skfield| may be partially allocated despite failure. */ /* |skfield| may be partially allocated despite failure. */
@@ -595,7 +612,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
/* IMPLICIT tagging */ /* IMPLICIT tagging */
ret = asn1_item_embed_d2i(val, &p, len, ret = asn1_item_embed_d2i(val, &p, len,
ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
ctx); ctx, depth);
if (!ret) { if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;
@@ -604,7 +621,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} else { } else {
/* Nothing special */ /* Nothing special */
ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, 0, opt, ctx); -1, 0, opt, ctx, depth);
if (!ret) { if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;

4
crypto/asn1/tasn_enc.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -528,6 +528,8 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
otmp = (ASN1_OBJECT *)*pval; otmp = (ASN1_OBJECT *)*pval;
cont = otmp->data; cont = otmp->data;
len = otmp->length; len = otmp->length;
if (cont == NULL || len == 0)
return -1;
break; break;
case V_ASN1_NULL: case V_ASN1_NULL:

6
crypto/asn1/tasn_fre.c
View File

@@ -13,9 +13,6 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include "asn1_locl.h" #include "asn1_locl.h"
static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int embed);
/* Free up an ASN1 structure */ /* Free up an ASN1 structure */
void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
@@ -28,8 +25,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_item_embed_free(pval, it, 0); asn1_item_embed_free(pval, it, 0);
} }
static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
int embed)
{ {
const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef; const ASN1_EXTERN_FUNCS *ef;

13
crypto/asn1/tasn_new.c
View File

@@ -124,8 +124,13 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
goto memerr; goto memerr;
} }
/* 0 : init. lock */ /* 0 : init. lock */
if (asn1_do_lock(pval, 0, it) < 0) if (asn1_do_lock(pval, 0, it) < 0) {
goto memerr2; if (!embed) {
OPENSSL_free(*pval);
*pval = NULL;
}
goto memerr;
}
asn1_enc_init(pval, it); asn1_enc_init(pval, it);
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt); pseqval = asn1_get_field_ptr(pval, tt);
@@ -142,7 +147,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
return 1; return 1;
memerr2: memerr2:
ASN1_item_ex_free(pval, it); asn1_item_embed_free(pval, it, embed);
memerr: memerr:
ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG #ifndef OPENSSL_NO_CRYPTO_MDEBUG
@@ -151,7 +156,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
return 0; return 0;
auxerr2: auxerr2:
ASN1_item_ex_free(pval, it); asn1_item_embed_free(pval, it, embed);
auxerr: auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR); ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG #ifndef OPENSSL_NO_CRYPTO_MDEBUG

2
crypto/asn1/tasn_prn.c
View File

@@ -409,7 +409,7 @@ static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
ln = OBJ_nid2ln(OBJ_obj2nid(oid)); ln = OBJ_nid2ln(OBJ_obj2nid(oid));
if (!ln) if (!ln)
ln = ""; ln = "";
OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
return 0; return 0;
return 1; return 1;

4
crypto/asn1/tasn_utl.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -76,7 +76,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
} }
return 1; return 1;
} }
if (CRYPTO_atomic_add(lck, op, &ret, *lock) < 0) if (!CRYPTO_atomic_add(lck, op, &ret, *lock))
return -1; /* failed */ return -1; /* failed */
#ifdef REF_PRINT #ifdef REF_PRINT
fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname); fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname);

7
crypto/async/arch/async_posix.h
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -11,13 +11,14 @@
#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H #define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
#include <openssl/e_os2.h> #include <openssl/e_os2.h>
#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) \ #if defined(OPENSSL_SYS_UNIX) \
&& defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \ && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
&& !defined(__ANDROID__) && !defined(__OpenBSD__) && !defined(__ANDROID__) && !defined(__OpenBSD__)
# include <unistd.h> # include <unistd.h>
# if _POSIX_VERSION >= 200112L # if _POSIX_VERSION >= 200112L \
&& (_POSIX_VERSION < 200809L || defined(__GLIBC__))
# include <pthread.h> # include <pthread.h>

88
crypto/async/async.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -30,13 +30,14 @@
static CRYPTO_THREAD_LOCAL ctxkey; static CRYPTO_THREAD_LOCAL ctxkey;
static CRYPTO_THREAD_LOCAL poolkey; static CRYPTO_THREAD_LOCAL poolkey;
static void async_free_pool_internal(async_pool *pool);
static async_ctx *async_ctx_new(void) static async_ctx *async_ctx_new(void)
{ {
async_ctx *nctx = NULL; async_ctx *nctx;
nctx = OPENSSL_malloc(sizeof (async_ctx)); if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
return NULL;
nctx = OPENSSL_malloc(sizeof(async_ctx));
if (nctx == NULL) { if (nctx == NULL) {
ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE); ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE);
goto err; goto err;
@@ -57,9 +58,6 @@ err:
async_ctx *async_get_ctx(void) async_ctx *async_get_ctx(void)
{ {
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return NULL;
return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey); return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey);
} }
@@ -81,7 +79,7 @@ static ASYNC_JOB *async_job_new(void)
{ {
ASYNC_JOB *job = NULL; ASYNC_JOB *job = NULL;
job = OPENSSL_zalloc(sizeof (ASYNC_JOB)); job = OPENSSL_zalloc(sizeof(ASYNC_JOB));
if (job == NULL) { if (job == NULL) {
ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE); ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
@@ -169,16 +167,19 @@ void async_start_func(void)
int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
int (*func)(void *), void *args, size_t size) int (*func)(void *), void *args, size_t size)
{ {
async_ctx *ctx = async_get_ctx(); async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return ASYNC_ERR;
ctx = async_get_ctx();
if (ctx == NULL) if (ctx == NULL)
ctx = async_ctx_new(); ctx = async_ctx_new();
if (ctx == NULL) { if (ctx == NULL)
return ASYNC_ERR; return ASYNC_ERR;
}
if (*job) { if (*job)
ctx->currjob = *job; ctx->currjob = *job;
}
for (;;) { for (;;) {
if (ctx->currjob != NULL) { if (ctx->currjob != NULL) {
@@ -219,9 +220,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
} }
/* Start a new job */ /* Start a new job */
if ((ctx->currjob = async_get_pool_job()) == NULL) { if ((ctx->currjob = async_get_pool_job()) == NULL)
return ASYNC_NO_JOBS; return ASYNC_NO_JOBS;
}
if (args != NULL) { if (args != NULL) {
ctx->currjob->funcargs = OPENSSL_malloc(size); ctx->currjob->funcargs = OPENSSL_malloc(size);
@@ -323,14 +323,13 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
return 0; return 0;
} }
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) { if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return 0; return 0;
}
if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) {
return 0;
}
pool = OPENSSL_zalloc(sizeof *pool); if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
return 0;
pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) { if (pool == NULL) {
ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE); ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
return 0; return 0;
@@ -369,32 +368,41 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
return 1; return 1;
err: err:
async_free_pool_internal(pool);
return 0;
}
static void async_free_pool_internal(async_pool *pool)
{
if (pool == NULL)
return;
async_empty_pool(pool); async_empty_pool(pool);
sk_ASYNC_JOB_free(pool->jobs); sk_ASYNC_JOB_free(pool->jobs);
OPENSSL_free(pool); OPENSSL_free(pool);
CRYPTO_THREAD_set_local(&poolkey, NULL); return 0;
}
void async_delete_thread_state(void)
{
async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
if (pool != NULL) {
async_empty_pool(pool);
sk_ASYNC_JOB_free(pool->jobs);
OPENSSL_free(pool);
CRYPTO_THREAD_set_local(&poolkey, NULL);
}
async_local_cleanup(); async_local_cleanup();
async_ctx_free(); async_ctx_free();
} }
void ASYNC_cleanup_thread(void) void ASYNC_cleanup_thread(void)
{ {
async_free_pool_internal((async_pool *)CRYPTO_THREAD_get_local(&poolkey)); if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return;
async_delete_thread_state();
} }
ASYNC_JOB *ASYNC_get_current_job(void) ASYNC_JOB *ASYNC_get_current_job(void)
{ {
async_ctx *ctx; async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return NULL;
ctx = async_get_ctx(); ctx = async_get_ctx();
if (ctx == NULL) if (ctx == NULL)
return NULL; return NULL;
@@ -409,7 +417,12 @@ ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job)
void ASYNC_block_pause(void) void ASYNC_block_pause(void)
{ {
async_ctx *ctx = async_get_ctx(); async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return;
ctx = async_get_ctx();
if (ctx == NULL || ctx->currjob == NULL) { if (ctx == NULL || ctx->currjob == NULL) {
/* /*
* We're not in a job anyway so ignore this * We're not in a job anyway so ignore this
@@ -421,7 +434,12 @@ void ASYNC_block_pause(void)
void ASYNC_unblock_pause(void) void ASYNC_unblock_pause(void)
{ {
async_ctx *ctx = async_get_ctx(); async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return;
ctx = async_get_ctx();
if (ctx == NULL || ctx->currjob == NULL) { if (ctx == NULL || ctx->currjob == NULL) {
/* /*
* We're not in a job anyway so ignore this * We're not in a job anyway so ignore this

Some files were not shown because too many files have changed in this diff Show More