ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ag:openssl-1.1.0h
Branches Tags
ag:master ag:tcl ag:tk ag:sqlite ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6
...
compare: ag:openssl
Branches Tags
ag:tcl ag:tk ag:sqlite ag:master ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6

3 Commits
openssl-1. ... openssl

Author SHA1 Message Date
Steve Dower
42e1dddc24 Import OpenSSL 1.1.0l 2019-09-16 11:19:00 +01:00
Steve Dower
697f7e1f24 Import OpenSSL 1.1.0j 2018-12-07 11:30:36 -08:00
Steve Dower
6960e8d7c7 Import OpenSSL 1.1.0i 2018-08-14 08:22:53 -07:00
376 changed files with 15923 additions and 6666 deletions
Expand all files Collapse all files

3
.gitattributes vendored
View File

@@ -1,3 +0,0 @@
*.der binary
/fuzz/corpora/** binary
*.pfx binary

174
.gitignore vendored
View File

@@ -1,174 +0,0 @@
# Ignore editor artefacts
/.dir-locals.el
# Top level excludes
/Makefile.orig
/MINFO
/TABLE
/*.a
/*.pc
/rehash.time
/inc.*
/makefile.*
/out.*
/tmp.*
/configdata.pm
# *all* Makefiles
Makefile
# ... except in demos
!/demos/*/Makefile
# Links under apps
/apps/CA.pl
/apps/tsget
/apps/tsget.pl
/apps/md4.c
# Auto generated headers
/crypto/buildinf.h
/apps/progs.h
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd
# Executables
/apps/openssl
/test/sha256t
/test/sha512t
/test/gost2814789t
/test/ssltest_old
/test/*test
/test/fips_aesavs
/test/fips_desmovs
/test/fips_dhvs
/test/fips_drbgvs
/test/fips_dssvs
/test/fips_ecdhvs
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
/test/ssltest_old
/test/x509aux
/test/v3ext
# Certain files that get created by tests on the fly
/test/test-runs
/test/buildtest_*
# Fuzz stuff.
# Anything without an extension is an executable on Unix, so we keep files
# with extensions. And we keep the corpora subddir versioned as well.
# Anything more generic with extensions that should be ignored will be taken
# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
/fuzz/*
!/fuzz/README*
!/fuzz/corpora
!/fuzz/*.*
# Misc auto generated files
/include/openssl/opensslconf.h
/tools/c_rehash
/tools/c_rehash.pl
/util/shlib_wrap.sh
/tags
/TAGS
/crypto.map
/ssl.map
# Windows (legacy)
/tmp32
/tmp32.dbg
/tmp32dll
/tmp32dll.dbg
/out32
/out32.dbg
/out32dll
/out32dll.dbg
/inc32
/MINFO
/ms/.rnd
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
/ms/ntdll.mak
/ms/ssleay32.def
/ms/version32.rc
# Files created on other branches that are not held in git, and are not
# needed on this branch
/include/openssl/asn1_mac.h
/include/openssl/des_old.h
/include/openssl/fips.h
/include/openssl/fips_rand.h
/include/openssl/krb5_asn.h
/include/openssl/kssl.h
/include/openssl/pq_compat.h
/include/openssl/ssl23.h
/include/openssl/tmdiff.h
/include/openssl/ui_compat.h
/test/fips_aesavs.c
/test/fips_desmovs.c
/test/fips_dsatest.c
/test/fips_dssvs.c
/test/fips_hmactest.c
/test/fips_randtest.c
/test/fips_rngvs.c
/test/fips_rsagtest.c
/test/fips_rsastest.c
/test/fips_rsavtest.c
/test/fips_shatest.c
/test/fips_test_suite.c
/test/shatest.c
##### Generic patterns
# Auto generated assembly language source files
*.s
!/crypto/*/asm/*.s
/crypto/arm*.S
/crypto/*/*.S
*.asm
!/crypto/*/asm/*.asm
# Object files
*.o
*.obj
# editor artefacts
*.swp
.#*
\#*#
*~
# Certificate symbolic links
*.0
# All kinds of executables
*.so
*.so.*
*.dylib
*.dylib.*
*.dll
*.dll.*
*.exe
*.pyc
*.exp
*.lib
*.pdb
*.ilk
*.def
*.rc
*.res
# Misc generated stuff
Makefile.save
/crypto/**/lib
/engines/**/lib
/ssl/**/lib
*.bak
cscope.*
*.d
pod2htmd.tmp
# Windows manifest files
*.manifest

15
.travis-apt-pin.preferences
View File

@@ -1,15 +0,0 @@
Package: clang-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang-common-3.9-dev
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang1-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libllvm3.9v4
Pin: release o=Ubuntu
Pin-Priority: -1

11
.travis-create-release.sh
View File

@@ -1,11 +0,0 @@
#! /bin/sh
# $1 is expected to be $TRAVIS_OS_NAME
./Configure dist
if [ "$1" == osx ]; then
make NAME='_srcdist' TARFILE='_srcdist.tar' \
TAR_COMMAND='$(TAR) $(TARFLAGS) -cvf -' tar
else
make TARFILE='_srcdist.tar' NAME='_srcdist' dist
fi

204
.travis.yml
View File

@@ -1,204 +0,0 @@
dist: trusty
sudo: required
language: c
cache: ccache
before_install:
- if [ -n "$COVERALLS" ]; then
pip install --user cpp-coveralls;
fi;
addons:
apt:
packages:
- ccache
os:
- linux
compiler:
- clang
- gcc
env:
- CONFIG_OPTS="" DESTDIR="_install"
- CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2"
- CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-ec" BUILDONLY="yes"
- CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
matrix:
include:
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
- os: linux
compiler: gcc
env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="enable-asan"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="enable-msan"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="no-stdio"
- os: linux
addons:
apt:
packages:
- gcc-5
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc
env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
exclude:
- os: linux
compiler: clang
- os: osx
compiler: gcc
before_script:
- if [ -n "$DESTDIR" ]; then
sh .travis-create-release.sh $TRAVIS_OS_NAME;
tar -xvzf _srcdist.tar.gz;
mkdir _build;
cd _build;
srcdir=../_srcdist;
top=..;
else
srcdir=.;
top=.;
fi
- if [ "$CC" == i686-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
else
if [ "$CC" == clang-3.9 ]; then
sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
sudo -E apt-get -yq update;
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
elif which ccache >/dev/null; then
CC="ccache $CC";
fi;
$srcdir/config -v $CONFIG_OPTS;
fi
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
if [ "$TRAVIS_OS_NAME" == "linux" ]; then
sudo dpkg --add-architecture i386;
sudo apt-get update;
fi;
fi;
fi
- cd $top
script:
- if [ -z "$BUILDONLY" ]; then
make="make -s";
else
make="make";
fi
- if [ -n "$DESTDIR" ]; then
cd _build;
top=..;
else
top=.;
fi
- if $make update; then
echo -e '+\057 MAKE UPDATE OK';
else
echo -e '+\057 MAKE UPDATE FAILED'; false;
fi;
git diff --exit-code
- if [ -n "$CHECKDOCS" ]; then
if $make doc-nits; then
echo -e '+\057\057 MAKE DOC-NITS OK';
else
echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
fi;
fi
- if $make ; then
echo -e '+\057\057\057 MAKE OK';
else
echo -e '+\057\057\057 MAKE FAILED'; false;
fi;
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
sudo apt-get -yq install wine;
export EXE_SHELL="wine" WINEPREFIX=`pwd`;
fi;
HARNESS_VERBOSE=yes make test;
else
if $make build_tests; then
echo -e '+\057\057\075 MAKE BUILD_TESTS OK';
else
echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false;
fi;
fi
- if [ -n "$DESTDIR" ]; then
mkdir "../$DESTDIR";
if $make install install_docs DESTDIR="../$DESTDIR"; then
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
else
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
fi;
fi
- cd $top
after_success:
- if [ -n "$COVERALLS" ]; then
coveralls -b . --gcov-options '\-lp';
fi;
notifications:
email:
secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="

201
CHANGES
View File

@@ -7,6 +7,207 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.0k and 1.1.0l [10 Sep 2019]
*) For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
or calling `EC_GROUP_new_from_ecpkparameters()`/
`EC_GROUP_new_from_ecparameters()`.
This prevents bypass of security hardening and performance gains,
especially for curves with specialized EC_METHODs.
By default, if a key encoded with explicit parameters is loaded and later
serialized, the output is still encoded with explicit parameters, even if
internally a "named" EC_GROUP is used for computation.
[Nicola Tuveri]
*) Compute ECC cofactors if not provided during EC_GROUP construction. Before
this change, EC_GROUP_set_generator would accept order and/or cofactor as
NULL. After this change, only the cofactor parameter can be NULL. It also
does some minimal sanity checks on the passed order.
(CVE-2019-1547)
[Billy Bob Brumley]
*) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
An attack is simple, if the first CMS_recipientInfo is valid but the
second CMS_recipientInfo is chosen ciphertext. If the second
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
encryption key will be replaced by garbage, and the message cannot be
decoded, but if the RSA decryption fails, the correct encryption key is
used and the recipient will not notice the attack.
As a work around for this potential attack the length of the decrypted
key must be equal to the cipher default key length, in case the
certifiate is not given and all recipientInfo are tried out.
The old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag.
(CVE-2019-1563)
[Bernd Edlinger]
*) Use Windows installation paths in the mingw builds
Mingw isn't a POSIX environment per se, which means that Windows
paths should be used for installation.
(CVE-2019-1552)
[Richard Levitte]
Changes between 1.1.0j and 1.1.0k [28 May 2019]
*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
This changes the size when using the genpkey app when no size is given. It
fixes an omission in earlier changes that changed all RSA, DSA and DH
generation apps to use 2048 bits by default.
[Kurt Roeckx]
*) Prevent over long nonces in ChaCha20-Poly1305.
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input
for every encryption operation. RFC 7539 specifies that the nonce value
(IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length
and front pads the nonce with 0 bytes if it is less than 12
bytes. However it also incorrectly allows a nonce to be set of up to 16
bytes. In this case only the last 12 bytes are significant and any
additional leading bytes are ignored.
It is a requirement of using this cipher that nonce values are
unique. Messages encrypted using a reused nonce value are susceptible to
serious confidentiality and integrity attacks. If an application changes
the default nonce length to be longer than 12 bytes and then makes a
change to the leading bytes of the nonce expecting the new value to be a
new unique nonce then such an application could inadvertently encrypt
messages with a reused nonce.
Additionally the ignored bytes in a long nonce are not covered by the
integrity guarantee of this cipher. Any application that relies on the
integrity of these ignored leading bytes of a long nonce may be further
affected. Any OpenSSL internal use of this cipher, including in SSL/TLS,
is safe because no such use sets such a long nonce value. However user
applications that use this cipher directly and set a non-default nonce
length to be longer than 12 bytes may be vulnerable.
This issue was reported to OpenSSL on 16th of March 2019 by Joran Dirk
Greef of Ronomon.
(CVE-2019-1543)
[Matt Caswell]
*) Added SCA hardening for modular field inversion in EC_GROUP through
a new dedicated field_inv() pointer in EC_METHOD.
This also addresses a leakage affecting conversions from projective
to affine coordinates.
[Billy Bob Brumley, Nicola Tuveri]
*) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
re-used X509_PUBKEY object if the second PUBKEY is malformed.
[Bernd Edlinger]
*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
[Richard Levitte]
*) Remove the 'dist' target and add a tarball building script. The
'dist' target has fallen out of use, and it shouldn't be
necessary to configure just to create a source distribution.
[Richard Levitte]
Changes between 1.1.0i and 1.1.0j [20 Nov 2018]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
*) Timing vulnerability in ECDSA signature generation
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
(CVE-2018-0735)
[Paul Dale]
*) Add coordinate blinding for EC_POINT and implement projective
coordinate blinding for generic prime curves as a countermeasure to
chosen point SCA attacks.
[Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]
Changes between 1.1.0h and 1.1.0i [14 Aug 2018]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
*) Fixed a text canonicalisation bug in CMS
Where a CMS detached signature is used with text content the text goes
through a canonicalisation process first prior to signing or verifying a
signature. This process strips trailing space at the end of lines, converts
line terminators to CRLF and removes additional trailing line terminators
at the end of a file. A bug in the canonicalisation process meant that
some characters, such as form-feed, were incorrectly treated as whitespace
and removed. This is contrary to the specification (RFC5485). This fix
could mean that detached text data signed with an earlier version of
OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
signed with a fixed OpenSSL may fail to verify with an earlier version of
OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
and use the "-binary" flag (for the "cms" command line application) or set
the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
[Matt Caswell]
Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
*) Constructed ASN.1 types with a recursive definition could exceed the stack

67
CONTRIBUTING
View File

@@ -1,26 +1,26 @@
HOW TO CONTRIBUTE PATCHES TO OpenSSL
------------------------------------
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the
above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
Development is done on GitHub, https://github.com/openssl/openssl.
To submit a patch, make a pull request on GitHub. If you think the patch
could use feedback from the community, please start a thread on openssl-dev
to discuss it.
To request new features or report bugs, please open an issue on GitHub
Having addressed the following items before the PR will help make the
acceptance and review process faster:
To submit a patch, please open a pull request on GitHub. If you are thinking
of making a large contribution, open an issue for it before starting work,
to get comments from the community. Someone may be already working on
the same thing or there may be reasons why that feature isn't implemented.
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a Contributor
License Agreement (CLA), giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details. If your
contribution is too small to require a CLA, put "CLA: trivial" on a
line by itself in your commit message body.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
@@ -34,21 +34,38 @@ acceptance and review process faster:
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits; You will be asked to remove
them before a patch is considered acceptable.
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
warnings. Where gcc or clang is available you should use the
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via Travis and AppVeyor are expected, and done whenever
a PR is created or updated.
platforms: try to ensure you only use portable features. Clean builds
via Travis and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/apps, doc/crypto
and doc/ssl for examples of our style.
documentation. Please look at the "pod" files in doc for
examples of our style.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log oneliners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
with a specific release without having to sift through the higher
noise ratio in git-log.
8. For larger or more important user visible changes, as well as
security fixes, please add a line in NEWS. On exception, it might be
worth adding a multi-line entry (such as the entry that announces all
the types that became opaque with OpenSSL 1.1.0).
This file helps users get a very quick summary of what comes with a
specific release, to see if an upgrade is worth the effort.

6
Configurations/00-base-templates.conf
View File

@@ -68,6 +68,8 @@
}
return (); },
shared_extension => ".so",
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
},
@@ -99,6 +101,8 @@
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
shared_extension => ".dll",
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
},
@@ -107,6 +111,8 @@
inherit_from => [ "BASE_common" ],
template => 1,
shared_extension => ".exe",
build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
},

55
Configurations/10-main.conf
View File

@@ -14,7 +14,7 @@ sub vc_win64a_info {
asflags => "/c /Cp /Cx /Zi",
asoutflag => "/Fo" };
} else {
$die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n");
$die->("NASM not found - make sure it's installed and available on %PATH%\n");
$vc_win64a_info = { as => "{unknown}",
asflags => "",
asoutflag => "" };
@@ -39,7 +39,7 @@ sub vc_win32_info {
asoutflag => "/Fo",
perlasm_scheme => "win32" };
} else {
$die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n");
$die->("NASM not found - make sure it's installed and available on %PATH%\n");
$vc_win32_info = { as => "{unknown}",
asflags => "",
asoutflag => "",
@@ -428,8 +428,17 @@ sub vms_info {
# even PA-RISC 2.0-specific code paths, which are chosen at run-time,
# thus adequate performance is provided even with PA-RISC 1.1 build.
# <appro@fy.chalmers.se>
"hpux-parisc-gcc" => {
"hpux-common" => {
inherit_from => [ "BASE_unix" ],
template => 1,
defines => add("_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED",
"_HPUX_ALT_XOPEN_SOCKET_API"),
thread_scheme => "pthreads",
dso_scheme => "dlfcn", # overridden in 32-bit PA-RISC builds
shared_target => "hpux-shared",
},
"hpux-parisc-gcc" => {
inherit_from => [ "hpux-common" ],
cc => "gcc",
cflags => combine(picker(default => "-DB_ENDIAN -DBN_DIV2W",
debug => "-O0 -g",
@@ -437,9 +446,7 @@ sub vms_info {
threads("-pthread")),
ex_libs => add("-Wl,+s -ldld", threads("-pthread")),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dl",
shared_target => "hpux-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -449,7 +456,7 @@ sub vms_info {
multilib => "/pa1.1",
},
"hpux64-parisc2-gcc" => {
inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ],
inherit_from => [ "hpux-common", asm("parisc20_64_asm") ],
cc => "gcc",
cflags => combine(picker(default => "-DB_ENDIAN",
debug => "-O0 -g",
@@ -457,9 +464,6 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-ldl"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic",
shared_ldflag => "-shared",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -471,7 +475,7 @@ sub vms_info {
# Chris Ruemmler <ruemmler@cup.hp.com>
# Kevin Steves <ks@hp.se>
"hpux-parisc-cc" => {
inherit_from => [ "BASE_unix" ],
inherit_from => [ "hpux-common" ],
cc => "cc",
cflags => combine(picker(default => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY",
debug => "+O0 +d -g",
@@ -479,9 +483,7 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-Wl,+s -ldld",threads("-lpthread")),
bn_ops => "RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dl",
shared_target => "hpux-shared",
shared_cflag => "+Z",
shared_ldflag => "-b",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -492,7 +494,7 @@ sub vms_info {
multilib => "/pa1.1",
},
"hpux64-parisc2-cc" => {
inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ],
inherit_from => [ "hpux-common", asm("parisc20_64_asm") ],
cc => "cc",
cflags => combine(picker(default => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY",
debug => "+O0 +d -g",
@@ -500,9 +502,6 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-ldl",threads("-lpthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "+Z",
shared_ldflag => "+DD64 -b",
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -511,7 +510,7 @@ sub vms_info {
# HP/UX IA-64 targets
"hpux-ia64-cc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ],
inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "cc",
cflags => combine(picker(default => "-Ae +DD32 +Olit=all -z -DB_ENDIAN",
debug => "+O0 +d -g",
@@ -519,9 +518,6 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-ldl",threads("-lpthread")),
bn_ops => "SIXTY_FOUR_BIT",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "+Z",
shared_ldflag => "+DD32 -b",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -530,7 +526,7 @@ sub vms_info {
# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted
# with debugging of the following config.
"hpux64-ia64-cc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ],
inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "cc",
cflags => combine(picker(default => "-Ae +DD64 +Olit=all -z -DB_ENDIAN",
debug => "+O0 +d -g",
@@ -538,9 +534,6 @@ sub vms_info {
threads("-D_REENTRANT")),
ex_libs => add("-ldl", threads("-lpthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "+Z",
shared_ldflag => "+DD64 -b",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -548,7 +541,7 @@ sub vms_info {
},
# GCC builds...
"hpux-ia64-gcc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ],
inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "gcc",
cflags => combine(picker(default => "-DB_ENDIAN",
debug => "-O0 -g",
@@ -556,16 +549,13 @@ sub vms_info {
threads("-pthread")),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic",
shared_ldflag => "-shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "/hpux32",
},
"hpux64-ia64-gcc" => {
inherit_from => [ "BASE_unix", asm("ia64_asm") ],
inherit_from => [ "hpux-common", asm("ia64_asm") ],
cc => "gcc",
cflags => combine(picker(default => "-mlp64 -DB_ENDIAN",
debug => "-O0 -g",
@@ -573,9 +563,6 @@ sub vms_info {
threads("-pthread")),
ex_libs => add("-ldl", threads("-pthread")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic",
shared_ldflag => "-mlp64 -shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -1223,6 +1210,7 @@ sub vms_info {
perlasm_scheme => "aix32",
dso_scheme => "dlfcn",
shared_target => "aix-shared",
shared_cflag => "-qpic",
shared_ldflag => "-q32 -G",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
arflags => "-X 32",
@@ -1241,6 +1229,7 @@ sub vms_info {
perlasm_scheme => "aix64",
dso_scheme => "dlfcn",
shared_target => "aix-shared",
shared_cflag => "-qpic",
shared_ldflag => "-q64 -G",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
arflags => "-X 64",
@@ -1455,6 +1444,7 @@ sub vms_info {
shared_extension => ".dll",
multilib => "",
apps_aux_src => add("win32_init.c"),
build_scheme => add("mingw", { separator => undef }),
},
"mingw64" => {
# As for OPENSSL_USE_APPLINK. Applink makes it possible to use
@@ -1484,6 +1474,7 @@ sub vms_info {
shared_extension => ".dll",
multilib => "64",
apps_aux_src => add("win32_init.c"),
build_scheme => add("mingw64", { separator => undef }),
},
#### UEFI

112
Configurations/90-team.conf
View File

@@ -1,112 +0,0 @@
## -*- mode: perl; -*-
## Build configuration targets for openssl-team members
%targets = (
"purify" => {
cc => "purify gcc",
cflags => "-g -Wall",
thread_scheme => "(unknown)",
ex_libs => add(" ","-lsocket -lnsl"),
},
"debug" => {
cc => "gcc",
cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
thread_scheme => "(unknown)",
},
"debug-erbridge" => {
inherit_from => [ "x86_64_asm" ],
cc => "gcc",
cflags => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-m64",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "64",
},
"debug-linux-pentium" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ppro" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ia32-aes" => {
cc => "gcc",
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
cpuid_asm_src => "x86cpuid.s",
bn_asm_src => "bn-586.s co-586.s x86-mont.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes_x86core.s aes_cbc.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s",
cast_asm_src => "cast-586.s",
rc4_asm_src => "rc4-586.s",
rmd160_asm_src => "rmd-586.s",
rc5_asm_src => "rc5-586.s",
wp_asm_src => "wp_block.s wp-mmx.s",
modes_asm_src => "ghash-x86.s",
padlock_asm_src => "e_padlock-x86.s",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"dist" => {
cc => "cc",
cflags => "-O",
thread_scheme => "(unknown)",
},
"debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "bsd-gcc-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"darwin64-debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
sys_id => "MACOSX",
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "macosx",
dso_scheme => "dlfcn",
shared_target => "darwin-shared",
shared_cflag => "-fPIC -fno-common",
shared_ldflag => "-arch x86_64 -dynamiclib",
shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
);

55
Configurations/descrip.mms.tmpl
View File

@@ -368,12 +368,10 @@ descrip.mms : FORCE
# Install helper targets #############################################
install_sw : all install_shared _install_dev_ns -
install_engines _install_runtime_ns -
install_sw : install_dev install_engines install_runtime -
install_startup install_ivp
uninstall_sw : uninstall_shared _uninstall_dev_ns -
uninstall_engines _uninstall_runtime_ns -
uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime -
uninstall_startup uninstall_ivp
install_docs : install_html_docs
@@ -396,17 +394,7 @@ install_ssldirs : check_INSTALLTOP
COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
ossl_dataroot:[000000]openssl.cnf
install_shared : check_INSTALLTOP
@ {- output_off() if $disabled{shared}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing shareable images"
@ ! Install shared (runtime) libraries
- CREATE/DIR ossl_installroot:[LIB.'arch']
{- join("\n ",
map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
@install_shlibs) -}
@ {- output_on() if $disabled{shared}; "" -} !
_install_dev_ns : check_INSTALLTOP
install_dev : check_INSTALLTOP install_runtime_libs
@ WRITE SYS$OUTPUT "*** Installing development files"
@ ! Install header files
- CREATE/DIR ossl_installroot:[include.openssl]
@@ -417,20 +405,7 @@ _install_dev_ns : check_INSTALLTOP
map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
@{$unified_info{install}->{libraries}}) -}
install_dev : install_shared _install_dev_ns
_install_runtime_ns : check_INSTALLTOP
@ ! Install the main program
- CREATE/DIR ossl_installroot:[EXE.'arch']
COPY/PROT=W:RE [.APPS]openssl.EXE -
ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
@ ! Install scripts
COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
@ ! {- output_on() if $disabled{apps}; "" -}
install_runtime : install_shared _install_runtime_ns
install_engines : check_INSTALLTOP
install_engines : check_INSTALLTOP install_runtime_libs build_engines
@ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing engines"
- CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
@@ -439,6 +414,28 @@ install_engines : check_INSTALLTOP
@{$unified_info{install}->{engines}}) -}
@ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
install_runtime : install_programs
install_runtime_libs : check_INSTALLTOP build_libs
@ {- output_off() if $disabled{shared}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing shareable images"
@ ! Install shared (runtime) libraries
- CREATE/DIR ossl_installroot:[LIB.'arch']
{- join("\n ",
map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
@install_shlibs) -}
@ {- output_on() if $disabled{shared}; "" -} !
install_programs : check_INSTALLTOP install_runtime_libs build_programs
@ {- output_off() if $disabled{apps}; "" -} !
@ ! Install the main program
- CREATE/DIR ossl_installroot:[EXE.'arch']
COPY/PROT=W:RE [.APPS]openssl.EXE -
ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
@ ! Install scripts
COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
@ ! {- output_on() if $disabled{apps}; "" -}
install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
[.VMS]openssl_utils.com, check_INSTALLTOP
- CREATE/DIR ossl_installroot:[SYS$STARTUP]

154
Configurations/unix-Makefile.tmpl
View File

@@ -13,6 +13,28 @@
our $shlibextimport = $target{shared_import_extension} || "";
our $dsoext = $target{dso_extension} || ".so";
# $mingw_installroot and $mingw_commonroot is relevant for mingw only.
my $mingw_installenv =
$target{build_scheme}->[2] eq "mingw"
? "ProgramFiles(x86)" : "ProgramW6432";
my $mingw_commonenv =
$target{build_scheme}->[2] eq "mingw"
? "CommonProgramFiles(x86)" : "CommonProgramW6432";
our $mingw_installroot =
defined($ENV{$mingw_installenv})
? $mingw_installenv : 'ProgramFiles';
our $mingw_commonroot =
defined($ENV{$mingw_commonenv})
? $mingw_commonenv : 'CommonProgramFiles';
my $mingw_installdflt =
defined($ENV{$mingw_installenv})
? "C:/Program Files (x86)" : "C:/Program Files";
my $mingw_commondflt = "$mingw_installdflt/Common Files";
# expand variables early
$mingw_installroot = $ENV{$mingw_installroot} // $mingw_installdflt;
$mingw_commonroot = $ENV{$mingw_commonroot} // $mingw_commondflt;
sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ }
our $sover = $config{target} =~ /^mingw/
@@ -121,6 +143,7 @@ APPS_OPENSSL={- use File::Spec::Functions;
# Normally it is left empty.
DESTDIR=
{- output_off() if $config{target} =~ /^mingw/; "" -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet
@@ -159,6 +182,79 @@ ENGINESDIR={- use File::Spec::Functions;
# Convenience variable for those who want to set the rpath in shared
# libraries and applications
LIBRPATH=$(INSTALLTOP)/$(LIBDIR)
{- output_on() if $config{target} =~ /^mingw/;
output_off() if $config{target} !~ /^mingw/;
"" -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
#
use File::Spec::Win32;
my $prefix_default = "$mingw_installroot/OpenSSL";
our $prefix =
File::Spec::Win32->canonpath($config{prefix}
|| $prefix_default);
our ($prefix_dev, $prefix_dir, $prefix_file) =
File::Spec::Win32->splitpath($prefix, 1);
$prefix =~ s|\\|/|g;
$prefix_dir =~ s|\\|/|g;
$prefix_dev -}
INSTALLTOP_dir={- my $x = File::Spec::Win32->canonpath($prefix_dir);
$x =~ s|\\|/|g;
$x -}
OPENSSLDIR_dev={- #
# The logic here is that if no --openssldir was given,
# OPENSSLDIR will get the value "$mingw_commonroot/SSL".
# If --openssldir was given and the value is an absolute
# path, OPENSSLDIR will get its value without change.
# If the value from --openssldir is a relative path,
# OPENSSLDIR will get $prefix with the --openssldir
# value appended as a subdirectory.
#
use File::Spec::Win32;
our $openssldir =
$config{openssldir} ?
(File::Spec::Win32->file_name_is_absolute($config{openssldir}) ?
File::Spec::Win32->canonpath($config{openssldir})
: File::Spec::Win32->catdir($prefix, $config{openssldir}))
: File::Spec::Win32->canonpath("$mingw_commonroot/SSL");
our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
File::Spec::Win32->splitpath($openssldir, 1);
$openssldir =~ s|\\|/|g;
$openssldir_dir =~ s|\\|/|g;
$openssldir_dev -}
OPENSSLDIR_dir={- my $x = File::Spec::Win32->canonpath($openssldir_dir);
$x =~ s|\\|/|g;
$x -}
LIBDIR={- our $libdir = $config{libdir} || "lib";
$libdir -}
ENGINESDIR_dev={- use File::Spec::Win32;
our $enginesdir =
File::Spec::Win32->catdir($prefix,$libdir,
"engines-$sover_dirname");
our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
File::Spec::Win32->splitpath($enginesdir, 1);
$enginesdir =~ s|\\|/|g;
$enginesdir_dir =~ s|\\|/|g;
$enginesdir_dev -}
ENGINESDIR_dir={- my $x = File::Spec::Win32->canonpath($enginesdir_dir);
$x =~ s|\\|/|g;
$x -}
# In a Windows environment, $(DESTDIR) is harder to contatenate with other
# directory variables, because both may contain devices. What we do here is
# to adapt INSTALLTOP, OPENSSLDIR and ENGINESDIR depending on if $(DESTDIR)
# has a value or not, to ensure that concatenation will always work further
# down.
ifneq "$(DESTDIR)" ""
INSTALLTOP=$(INSTALLTOP_dir)
OPENSSLDIR=$(OPENSSLDIR_dir)
ENGINESDIR=$(ENGINESDIR_dir)
else
INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir)
OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)
endif
{- output_on() if $config{target} !~ /^mingw/; "" -}
MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
@@ -201,6 +297,7 @@ MAKEDEPEND={- $config{makedepprog} -}
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
# Relative to $(SRCDIR)
TARFILE= ../$(NAME).tar
# We let the C compiler driver to take care of .s files. This is done in
@@ -323,7 +420,7 @@ depend:
# Install helper targets #############################################
install_sw: all install_dev install_engines install_runtime
install_sw: install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@@ -355,7 +452,7 @@ install_ssldirs:
chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
fi
install_dev:
install_dev: install_runtime_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@echo "*** Installing development files"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
@@ -461,7 +558,7 @@ uninstall_dev:
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
install_engines:
install_engines: install_runtime_libs build_engines
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
@echo "*** Installing engines"
@@ -488,9 +585,10 @@ uninstall_engines:
done
-$(RMDIR) $(DESTDIR)$(ENGINESDIR)
install_runtime:
install_runtime: install_programs
install_runtime_libs: build_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
@ : {- output_off() if windowsdll(); "" -}
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
@ : {- output_on() if windowsdll(); "" -}
@@ -512,6 +610,11 @@ install_runtime:
$(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
: {- output_on() if windowsdll(); "" -}; \
done
install_programs: install_runtime_libs build_programs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
@echo "*** Installing runtime programs"
@set -e; for x in dummy $(INSTALL_PROGRAMS); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
@@ -531,8 +634,10 @@ install_runtime:
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done
uninstall_runtime:
@echo "*** Uninstalling runtime files"
uninstall_runtime: uninstall_programs uninstall_runtime_libs
uninstall_programs:
@echo "*** Uninstalling runtime programs"
@set -e; for x in dummy $(INSTALL_PROGRAMS); \
do \
if [ "$$x" = "dummy" ]; then continue; fi; \
@@ -547,6 +652,10 @@ uninstall_runtime:
echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
uninstall_runtime_libs:
@echo "*** Uninstalling runtime libraries"
@ : {- output_off() unless windowsdll(); "" -}
@set -e; for s in dummy $(INSTALL_SHLIBS); do \
if [ "$$s" = "dummy" ]; then continue; fi; \
@@ -555,7 +664,6 @@ uninstall_runtime:
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done
@ : {- output_on() unless windowsdll(); "" -}
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
install_man_docs:
@@ -654,34 +762,8 @@ tags TAGS: FORCE
# Release targets (note: only available on Unix) #####################
# If your tar command doesn't support --owner and --group, make sure to
# use one that does, for example GNU tar
TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
PREPARE_CMD=:
tar:
set -e; \
TMPDIR=/var/tmp/openssl-copy.$$$$; \
DISTDIR=$(NAME); \
mkdir -p $$TMPDIR/$$DISTDIR; \
(cd $(SRCDIR); \
git ls-tree -r --name-only --full-tree HEAD \
| grep -v '^fuzz/corpora' \
| while read F; do \
mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
cp $$F $$TMPDIR/$$DISTDIR/$$F; \
done); \
(cd $$TMPDIR/$$DISTDIR; \
$(PREPARE_CMD); \
find . -type d -print | xargs chmod 755; \
find . -type f -print | xargs chmod a+r; \
find . -type f -perm -0100 -print | xargs chmod a+x); \
(cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \
| (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \
rm -rf $$TMPDIR
cd $(SRCDIR); ls -l $(TARFILE).gz
dist:
@$(MAKE) PREPARE_CMD='$(PERL) ./Configure dist' tar
(cd $(SRCDIR); ./util/mktar.sh --name='$(NAME)' --tarfile='$(TARFILE)')
# Helper targets #####################################################
@@ -848,7 +930,7 @@ EOF
$recipe .= <<"EOF";
$obj$objext: $deps
( trap "rm -f \$@.*" INT 0; \\
\$(CPP) $incs \$(CFLAGS) $ecflags $srcs | \\
\$(CC) $incs \$(CFLAGS) $ecflags -E $srcs | \\
\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.s && \\
\$(CC) \$(CFLAGS) $ecflags -c -o \$\@ \$@.s )
EOF

2
Configurations/windows-checker.pm
View File

@@ -6,7 +6,7 @@ use Config;
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|\\|) {
if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
die <<EOF;
******************************************************************************

107
Configurations/windows-makefile.tmpl
View File

@@ -88,20 +88,20 @@ GENERATED={- join(" ",
grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_LIBS={- join(" ", map { quotify1($_.$libext) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_PROGRAMPDBS={- join(" ", map { quotify1($_.".pdb") } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl
MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl
BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl"
MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl"
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
"\"".catfile("apps","openssl")."\"" -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
@@ -182,6 +182,9 @@ MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY)
AS={- $target{as} -}
ASFLAGS={- $target{asflags} -}
ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl"
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
PROCESSOR= {- $config{processor} -}
@@ -207,7 +210,7 @@ build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
@rem {- output_off() if $disabled{tests}; "" -}
@{- output_off() if $disabled{tests}; "" -}
-mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
@@ -216,17 +219,17 @@ test: tests
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -}
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
list-tests:
@rem {- output_off() if $disabled{tests}; "" -}
@{- output_off() if $disabled{tests}; "" -}
@set SRCTOP=$(SRCDIR)
@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -}
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
install: install_sw install_ssldirs install_docs
@@ -264,7 +267,7 @@ depend:
# Install helper targets #############################################
install_sw: all install_dev install_engines install_runtime
install_sw: install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@@ -284,17 +287,18 @@ install_ssldirs:
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
"$(OPENSSLDIR)\misc"
install_dev:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing development files
install_dev: install_runtime_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
@rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
"$(INSTALLTOP)\include\openssl"
@rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \
@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
"$(SRCDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \
@@ -305,9 +309,9 @@ install_dev:
uninstall_dev:
install_engines:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing engines
install_engines: install_runtime_libs build_engines
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing engines"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
@@ -316,15 +320,22 @@ install_engines:
uninstall_engines:
install_runtime:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing runtime files
install_runtime: install_programs
install_runtime_libs: build_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing runtime libraries"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
"$(INSTALLTOP)\bin"
install_programs: install_runtime_libs build_programs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing runtime programs"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
"$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
@@ -343,14 +354,14 @@ uninstall_html_docs:
# Building targets ###################################################
configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@echo "Detected changed: $?"
@echo "Reconfiguring..."
@$(ECHO) "Detected changed: $?"
@$(ECHO) "Reconfiguring..."
"$(PERL)" "$(SRCDIR)\Configure" reconf
@echo "**************************************************"
@echo "*** ***"
@echo "*** Please run the same make command again ***"
@echo "*** ***"
@echo "**************************************************"
@$(ECHO) "**************************************************"
@$(ECHO) "*** ***"
@$(ECHO) "*** Please run the same make command again ***"
@$(ECHO) "*** ***"
@$(ECHO) "**************************************************"
@exit 1
{-
@@ -450,22 +461,20 @@ $obj$objext: $deps
\$(AS) \$(ASFLAGS) \$(ASOUTFLAG)\$\@ $srcs
EOF
}
return <<"EOF" if (!$disabled{makedepend});
$obj$depext: $deps
\$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\
my $recipe = <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
EOF
$recipe .= <<"EOF" unless $disabled{makedepend};
\$(CC) $incs \$(CFLAGS) $ecflags /Zs /showIncludes $srcs 2>&1 | \\
"\$(PERL)" -n << > $obj$depext
chomp;
s/^Note: including file: *//;
\$\$collect{\$\$_} = 1;
END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" }
<<
$obj$objext: $obj$depext
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
EOF
return <<"EOF" if ($disabled{makedepend});
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
EOF
return $recipe;
}
# On Unix, we build shlibs from static libs, so we're ignoring the
@@ -604,8 +613,6 @@ EOF
foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
if (dirname($prod) eq $dir) {
push @deps, $prod.$extinfo{$type};
} else {
push @actions, "\t@rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
}
}
}

67
Configure
View File

@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -20,6 +20,9 @@ use OpenSSL::Glob;
# see INSTALL for instructions.
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
# Options:
@@ -139,6 +142,7 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
# -Wextended-offsetof -- no, needed in CMS ASN1 code
my $clang_devteam_warn = ""
. " -Wno-unknown-warning-option"
. " -Qunused-arguments"
. " -Wno-language-extension-token"
. " -Wno-extended-offsetof"
@@ -756,21 +760,21 @@ while (@argvcopy)
else
{ $config{options} .= " ".$_; }
}
}
if (defined($config{api}) && !exists $apitable->{$config{api}}) {
die "***** Unsupported api compatibility level: $config{api}\n",
}
if (defined($config{api}) && !exists $apitable->{$config{api}}) {
die "***** Unsupported api compatibility level: $config{api}\n",
}
if (keys %deprecated_options)
{
warn "***** Deprecated options: ",
join(", ", keys %deprecated_options), "\n";
}
if (keys %unsupported_options)
{
die "***** Unsupported options: ",
join(", ", keys %unsupported_options), "\n";
}
if (keys %deprecated_options)
{
warn "***** Deprecated options: ",
join(", ", keys %deprecated_options), "\n";
}
if (keys %unsupported_options)
{
die "***** Unsupported options: ",
join(", ", keys %unsupported_options), "\n";
}
if ($libs =~ /(^|\s)-Wl,-rpath,/
@@ -908,11 +912,12 @@ if ($d) {
$target = $t;
}
}
&usage if !$table{$target} || $table{$target}->{template};
$config{target} = $target;
my %target = resolve_config($target);
&usage if (!%target || $target{template});
my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
$config{conf_files} = [ sort keys %conf_files ];
%target = ( %{$table{DEFAULTS}}, %target );
@@ -1215,8 +1220,10 @@ if ($^O ne "VMS") {
if (!$disabled{makedepend}) {
# We know that GNU C version 3 and up as well as all clang
# versions support dependency generation
if ($predefined{__GNUC__} >= 3) {
# versions support dependency generation, but Xcode did not
# handle $cc -M before clang support (but claims __GNUC__ = 3)
if (($predefined{__GNUC__} // -1) >= 3
&& !($predefined{__APPLE_CC__} && !$predefined{__clang__})) {
$config{makedepprog} = $cc;
} else {
$config{makedepprog} = which('makedepend');
@@ -1900,8 +1907,8 @@ EOF
next unless defined($unified_info{includes}->{$dest}->{$k});
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
foreach my $obj (grep /\.o$/,
(keys %{$unified_info{sources}->{$dest}},
keys %{$unified_info{shared_sources}->{$dest}})) {
(keys %{$unified_info{sources}->{$dest} // {}},
keys %{$unified_info{shared_sources}->{$dest} // {}})) {
foreach my $inc (@incs) {
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
@@ -2125,6 +2132,8 @@ my %builders = (
$builders{$builder}->($builder_platform, @builder_opts);
$SIG{__DIE__} = $orig_death_handler;
print <<"EOF";
Configured for $target.
@@ -2153,6 +2162,24 @@ exit(0);
# Helpers and utility functions
#
# Death handler, to print a helpful message in case of failure #######
#
sub death_handler {
die @_ if $^S; # To prevent the added message in eval blocks
my $build_file = $target{build_file} // "build file";
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.
Please read INSTALL and associated NOTES files. You may also have to look over
your available compiler tool chain or change your configuration.
_____
# Dying is terminal, so it's ok to reset the signal handler here.
$SIG{__DIE__} = $orig_death_handler;
die @message;
}
# Configuration file reading #########################################
# Note: All of the helper functions are for lazy evaluation. They all

5
INSTALL
View File

@@ -3,7 +3,8 @@
--------------------
This document describes installation on all supported operating
systems (the Linux/Unix family, OpenVMS and Windows)
systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS,
and Windows).
To install OpenSSL, you will need:
@@ -76,7 +77,7 @@
If you want to just get on with it, do:
on Unix:
on Unix (again, this includes Mac OS/X):
$ ./config
$ make

116
Makefile.shared
View File

@@ -98,20 +98,20 @@ top:
LINK_APP= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS) $(LDFLAGS)}"; \
LIBDEPS=$${LIBDEPS:-'$(LIBDEPS)'}; \
LDCMD=$${LDCMD:-'$(CC)'}; LDFLAGS=$${LDFLAGS:-'$(CFLAGS) $(LDFLAGS)'}; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS}; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
eval "$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS}" )
LINK_SO= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBDEPS=$${LIBDEPS:-'$(LIBDEPS)'}; \
SHAREDCMD=$${SHAREDCMD:-'$(CC)'}; \
SHAREDFLAGS=$${SHAREDFLAGS:-'$(CFLAGS) $(SHARED_LDFLAGS)'}; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
@@ -119,23 +119,23 @@ LINK_SO= \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
eval "$${SHAREDCMD} $${SHAREDFLAGS} \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS" \
) && $(SYMLINK_SO)
SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \
"$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \
if [ -n '$(SHLIBNAME_FULL)' -a -n '$(SHLIBNAME)' -a \
'$(SHLIBNAME_FULL)' != '$(SHLIBNAME)' ]; then \
( $(SET_X); \
rm -f $(SHLIBNAME); \
ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \
fi; \
fi
LINK_SO_SHLIB= SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_SHLIB= SHOBJECTS='$(STLIBNAME) $(LIBEXTRAS)'; $(LINK_SO)
LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS='$(LIBEXTRAS)'; $(LINK_SO)
LINK_SO_SHLIB_VIA_O= \
SHOBJECTS=$(STLIBNAME).o; \
@@ -147,21 +147,21 @@ LINK_SO_SHLIB_VIA_O= \
LINK_SO_SHLIB_UNPACKED= \
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
(cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
([ -z '$(LIBEXTRAS)' ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
SHOBJECTS=$$UNPACKDIR/*.o; \
$(LINK_SO) && rm -rf $$UNPACKDIR
DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
DO_GNU_SO_COMMON=\
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)"
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)'
DO_GNU_DSO=\
$(DO_GNU_SO_COMMON)
DO_GNU_SO=\
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
$(DO_GNU_SO_COMMON)
DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)"
DO_GNU_APP=LDFLAGS='$(CFLAGS) $(LDFLAGS)'
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to
@@ -186,21 +186,21 @@ link_shlib.linux-shared:
link_dso.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
LIBDEPS=" "; \
LIBDEPS=' '; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib'; \
fi; $(LINK_SO_DSO)
link_shlib.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
LIBDEPS=' '; \
ALLSYMSFLAGS='-Wl,-Bforcearchive'; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib'; \
fi; $(LINK_SO_SHLIB)
link_app.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
LDFLAGS='$(CFLAGS) $(LDFLAGS)'; \
fi; $(LINK_APP)
# For Darwin AKA Mac OS/X (dyld)
@@ -223,12 +223,12 @@ link_app.bsd:
link_dso.darwin:
@ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
SHAREDFLAGS='$(CFLAGS) '"`echo '$(SHARED_LDFLAGS)' | sed s/dynamiclib/bundle/`"; \
$(LINK_SO_DSO)
link_shlib.darwin:
@ ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)'; \
$(LINK_SO_SHLIB)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
@@ -237,17 +237,17 @@ link_dso.cygwin:
@ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
base=-Wl,--enable-auto-image-base; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS)'" -shared $$base -Wl,-Bsymbolic"; \
$(LINK_SO_DSO)
link_shlib.cygwin:
@ INHIBIT_SYMLINKS=yes; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
echo '$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |' \
'$(RC) $(SHARED_RCFLAGS) -o rc.o'; \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o'; \
$(LINK_SO_SHLIB) || exit 1; \
rm rc.o
link_app.cygwin:
@@ -257,17 +257,17 @@ link_app.cygwin:
# corresponding cygwin targets, as they do the exact same thing.
link_shlib.mingw:
@ INHIBIT_SYMLINKS=yes; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
base=; [ '$(LIBNAME)' = 'crypto' -a -n '$(FIPSCANLIB)' ] && base=-Wl,--image-base,0x63000000; \
$(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \
> $(LIBNAME).def; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
echo '$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |' \
'$(RC) $(SHARED_RCFLAGS) -o rc.o'; \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared '"$$base"' -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o'; \
$(LINK_SO_SHLIB) || exit 1; \
rm $(LIBNAME).def rc.o
@@ -277,7 +277,7 @@ link_dso.alpha-osf1:
else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic'; \
fi; \
$(LINK_SO_DSO)
link_shlib.alpha-osf1:
@@ -286,14 +286,14 @@ link_shlib.alpha-osf1:
else \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)'; \
fi; \
$(LINK_SO_SHLIB)
link_app.alpha-osf1:
@if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
LDFLAGS='$(CFLAGS) $(LDFLAGS)'; \
fi; \
$(LINK_APP)
@@ -301,9 +301,9 @@ link_dso.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic'; \
fi; \
$(LINK_SO_DSO)
link_shlib.solaris:
@@ -311,16 +311,16 @@ link_shlib.solaris:
$(DO_GNU_SO); \
else \
$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \
NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
ALLSYMSFLAGS='-Wl,-z,allextract,-M,$(LIBNAME).map'; \
NOALLSYMSFLAGS='-Wl,-z,defaultextract'; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic'; \
fi; \
$(LINK_SO_SHLIB)
link_app.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
LDFLAGS='$(CFLAGS) $(LDFLAGS)'; \
fi; \
$(LINK_APP)
@@ -331,7 +331,7 @@ link_dso.svr3:
else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
SHAREDFLAGS='$(CFLAGS) -G -h $(SHLIBNAME_FULL)'; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr3:
@@ -340,7 +340,7 @@ link_shlib.svr3:
else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
SHAREDFLAGS='$(CFLAGS) -G -h $(SHLIBNAME_FULL)'; \
fi; \
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr3:
@@ -356,7 +356,7 @@ link_dso.svr5:
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
SHAREDFLAGS='$(CFLAGS) '"$${SHARE_FLAG}"' -h $(SHLIBNAME_FULL)'; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr5:
@@ -367,7 +367,7 @@ link_shlib.svr5:
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
SHAREDFLAGS='$(CFLAGS) '"$${SHARE_FLAG}"' -h $(SHLIBNAME_FULL)'; \
fi; \
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr5:
@@ -378,24 +378,24 @@ link_dso.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic'; \
fi; \
$(LINK_SO_DSO)
link_shlib.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
MINUSWL=''; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL='-Wl,'; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic'; \
fi; \
$(LINK_SO_SHLIB)
link_app.irix:
@LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
@LDFLAGS='$(CFLAGS) $(LDFLAGS)'; \
$(LINK_APP)
# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
@@ -411,7 +411,7 @@ link_dso.hpux:
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:'; \
fi; \
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL)
@@ -420,18 +420,18 @@ link_shlib.hpux:
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:'; \
fi; \
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL)
link_app.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
LDFLAGS='$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:'; \
fi; \
$(LINK_APP)
link_dso.aix:
@OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
@OBJECT_MODE=`expr 'x$(SHARED_LDFLAGS)' : 'x\-[a-z]*\(64\)'` || :; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
@@ -439,7 +439,7 @@ link_dso.aix:
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_DSO);
link_shlib.aix:
@ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
@ OBJECT_MODE=`expr 'x$(SHARED_LDFLAGS)' : 'x\-[a-z]*\(64\)'` || : ; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
@@ -447,7 +447,7 @@ link_shlib.aix:
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_SHLIB_VIA_O)
link_app.aix:
LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
LDFLAGS='$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)'; \
$(LINK_APP)

24
NEWS
View File

@@ -5,6 +5,30 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019]
o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
(CVE-2019-1563)
o For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
o Compute ECC cofactors if not provided during EC_GROUP construction
(CVE-2019-1547)
o Use Windows installation paths in the mingw builds (CVE-2019-1552)
Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019]
o Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018]
o Timing vulnerability in DSA signature generation (CVE-2018-0734)
o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018]
o Client DoS due to large DH parameter (CVE-2018-0732)
o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the

15
NOTES.WIN
View File

@@ -107,6 +107,21 @@
and i686-w64-mingw32-.
Independently of the method chosen to build for mingw, the installation
paths are similar to those used when building with VC-* targets, except
that in case the fallbacks mentioned there aren't possible (typically
when cross compiling on Linux), the paths will be the following:
For mingw:
PREFIX: C:/Program Files (x86)/OpenSSL
OPENSSLDIR C:/Program Files (x86)/Common Files/SSL
For mingw64:
PREFIX: C:/Program Files/OpenSSL
OPENSSLDIR C:/Program Files/Common Files/SSL
Linking your application
------------------------

4
README
View File

@@ -1,7 +1,7 @@
OpenSSL 1.1.0h 27 Mar 2018
OpenSSL 1.1.0l 10 Sep 2019
Copyright (c) 1998-2016 The OpenSSL Project
Copyright (c) 1998-2019 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

19
apps/apps.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1012,7 +1012,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
};
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
if ((*flags & XN_FLAG_SEP_MASK) == 0)
if (*flags != XN_FLAG_COMPAT
&& (*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}
@@ -1706,8 +1707,14 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
char *work;
X509_NAME *n;
if (*cp++ != '/')
if (*cp++ != '/') {
BIO_printf(bio_err,
"name is expected to be in the format "
"/type0=value0/type1=value1/type2=... where characters may "
"be escaped by \\. This name is not in that format: '%s'\n",
--cp);
return NULL;
}
n = X509_NAME_new();
if (n == NULL)
@@ -1763,6 +1770,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
opt_getprog(), typestr);
continue;
}
if (*valstr == '\0') {
BIO_printf(bio_err,
"%s: No value provided for Subject Attribute %s, skipped\n",
opt_getprog(), typestr);
continue;
}
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
valstr, strlen((char *)valstr),
-1, ismulti ? -1 : 0))

22
apps/asn1pars.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -41,7 +41,7 @@ OPTIONS asn1parse_options[] = {
{"dump", OPT_DUMP, 0, "unknown data in hex form"},
{"dlimit", OPT_DLIMIT, 'p',
"dump the first arg bytes of unknown data in hex form"},
{"strparse", OPT_STRPARSE, 's',
{"strparse", OPT_STRPARSE, 'p',
"offset; a series of these can be used to 'dig'"},
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
@@ -113,13 +113,13 @@ int asn1parse_main(int argc, char **argv)
offset = strtol(opt_arg(), NULL, 0);
break;
case OPT_LENGTH:
length = atoi(opt_arg());
length = strtol(opt_arg(), NULL, 0);
break;
case OPT_DUMP:
dump = -1;
break;
case OPT_DLIMIT:
dump = atoi(opt_arg());
dump = strtol(opt_arg(), NULL, 0);
break;
case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg());
@@ -191,7 +191,7 @@ int asn1parse_main(int argc, char **argv)
num = 0;
for (;;) {
if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
if (!BUF_MEM_grow(buf, num + BUFSIZ))
goto end;
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0)
@@ -211,9 +211,9 @@ int asn1parse_main(int argc, char **argv)
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
ASN1_TYPE *atmp;
int typ;
j = atoi(sk_OPENSSL_STRING_value(osk, i));
if (j == 0) {
BIO_printf(bio_err, "'%s' is an invalid number\n",
j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is out of range\n",
sk_OPENSSL_STRING_value(osk, i));
continue;
}
@@ -244,14 +244,14 @@ int asn1parse_main(int argc, char **argv)
num = tmplen;
}
if (offset >= num) {
BIO_printf(bio_err, "Error: offset too large\n");
if (offset < 0 || offset >= num) {
BIO_printf(bio_err, "Error: offset out of range\n");
goto end;
}
num -= offset;
if ((length == 0) || ((long)length > num))
if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout) {
if (BIO_write(derout, str + offset, length) != (int)length) {

29
apps/ca.c
View File

@@ -725,10 +725,10 @@ end_of_options:
/*****************************************************************/
if (req || gencrl) {
/* FIXME: Is it really always text? */
Sout = bio_open_default(outfile, 'w', FORMAT_TEXT);
if (Sout == NULL)
goto end;
if (spkac_file != NULL) {
output_der = 1;
batch = 1;
}
}
if (md == NULL
@@ -872,10 +872,6 @@ end_of_options:
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
if (outfile) {
output_der = 1;
batch = 1;
}
}
}
if (ss_cert_file != NULL) {
@@ -929,10 +925,13 @@ end_of_options:
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
if (!BN_add_word(serial, 1))
if (!BN_add_word(serial, 1)) {
X509_free(x);
goto end;
}
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
X509_free(x);
goto end;
}
}
@@ -1017,6 +1016,11 @@ end_of_options:
if (verbose)
BIO_printf(bio_err, "writing %s\n", buf[2]);
Sout = bio_open_default(outfile, 'w',
output_der ? FORMAT_ASN1 : FORMAT_TEXT);
if (Sout == NULL)
goto end;
Cout = BIO_new_file(buf[2], "w");
if (Cout == NULL) {
perror(buf[2]);
@@ -1025,6 +1029,8 @@ end_of_options:
write_new_certificate(Cout, xi, 0, notext);
write_new_certificate(Sout, xi, output_der, notext);
BIO_free_all(Cout);
BIO_free_all(Sout);
Sout = NULL;
}
if (sk_X509_num(cert_sk)) {
@@ -1173,6 +1179,11 @@ end_of_options:
if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
goto end;
Sout = bio_open_default(outfile, 'w',
output_der ? FORMAT_ASN1 : FORMAT_TEXT);
if (Sout == NULL)
goto end;
PEM_write_bio_X509_CRL(Sout, crl);
if (crlnumberfile != NULL) /* Rename the crlnumber file */

11
apps/dhparam.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -151,6 +151,11 @@ int dhparam_main(int argc, char **argv)
goto end;
}
# endif
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
/* DH parameters */
if (num && !g)
g = 2;
@@ -266,10 +271,6 @@ int dhparam_main(int argc, char **argv)
/* dh != NULL */
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (text) {
DHparams_print(out, dh);
}

29
apps/dsaparam.c
View File

@@ -226,25 +226,28 @@ int dsaparam_main(int argc, char **argv)
data = app_malloc(len + 20, "BN space");
BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p);
print_bignum_var(bio_out, p, "dsap", len, data);
print_bignum_var(bio_out, q, "dsaq", len, data);
print_bignum_var(bio_out, g, "dsag", len, data);
BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p);
print_bignum_var(bio_out, p, "dsap", bits_p, data);
print_bignum_var(bio_out, q, "dsaq", bits_p, data);
print_bignum_var(bio_out, g, "dsag", bits_p, data);
BIO_printf(bio_out, " DSA *dsa = DSA_new();\n"
" BIGNUM *p, *q, *g;\n"
"\n");
BIO_printf(bio_out, " if (dsa == NULL)\n"
" return NULL;\n");
BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL);\n",
bits_p, bits_p);
BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL);\n",
bits_p, bits_p);
BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL);\n",
bits_p, bits_p);
BIO_printf(bio_out, " if (!dsa->p || !dsa->q || !dsa->g) {\n"
" DSA_free(dsa);\n"
BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n",
bits_p, bits_p);
BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n",
bits_p, bits_p);
BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n",
bits_p, bits_p);
BIO_printf(bio_out, " DSA_free(dsa);\n"
" BN_free(p);\n"
" BN_free(q);\n"
" BN_free(g);\n"
" return NULL;\n"
" }\n"
" return(dsa);\n}\n");
" return dsa;\n}\n");
OPENSSL_free(data);
}

3
apps/ocsp.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -639,7 +639,6 @@ int ocsp_main(int argc, char **argv)
OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
ret = 0;
goto end;
}

48
apps/pkey.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -141,24 +141,30 @@ int pkey_main(int argc, char **argv)
if (!noout) {
if (outformat == FORMAT_PEM) {
if (pubout)
PEM_write_bio_PUBKEY(out, pkey);
else {
if (pubout) {
if (!PEM_write_bio_PUBKEY(out, pkey))
goto end;
} else {
assert(private);
if (traditional)
PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
NULL, 0, NULL,
passout);
else
PEM_write_bio_PrivateKey(out, pkey, cipher,
NULL, 0, NULL, passout);
if (traditional) {
if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
NULL, 0, NULL,
passout))
goto end;
} else {
if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
NULL, 0, NULL, passout))
goto end;
}
}
} else if (outformat == FORMAT_ASN1) {
if (pubout)
i2d_PUBKEY_bio(out, pkey);
else {
if (pubout) {
if (!i2d_PUBKEY_bio(out, pkey))
goto end;
} else {
assert(private);
i2d_PrivateKey_bio(out, pkey);
if (!i2d_PrivateKey_bio(out, pkey))
goto end;
}
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
@@ -168,17 +174,21 @@ int pkey_main(int argc, char **argv)
}
if (text) {
if (pubtext)
EVP_PKEY_print_public(out, pkey, 0, NULL);
else {
if (pubtext) {
if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0)
goto end;
} else {
assert(private);
EVP_PKEY_print_private(out, pkey, 0, NULL);
if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)
goto end;
}
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free_all(out);

20
apps/rehash.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -130,9 +130,10 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
for (ep = bp->first_entry; ep; ep = ep->next) {
if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
BIO_printf(bio_err,
"%s: skipping duplicate %s in %s\n", opt_getprog(),
"%s: warning: skipping duplicate %s in %s\n",
opt_getprog(),
type == TYPE_CERT ? "certificate" : "CRL", filename);
return 1;
return 0;
}
if (strcmp(filename, ep->filename) == 0) {
found = ep;
@@ -144,7 +145,7 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
if (ep == NULL) {
if (bp->num_needed >= MAX_COLLISIONS) {
BIO_printf(bio_err,
"%s: hash table overflow for %s\n",
"%s: error: hash table overflow for %s\n",
opt_getprog(), filename);
return 1;
}
@@ -235,7 +236,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
/* Does it have X.509 data in it? */
if ((b = BIO_new_file(fullpath, "r")) == NULL) {
BIO_printf(bio_err, "%s: skipping %s, cannot open file\n",
BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n",
opt_getprog(), filename);
errs++;
goto end;
@@ -247,7 +248,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
if (sk_X509_INFO_num(inf) != 1) {
BIO_printf(bio_err,
"%s: skipping %s,"
"%s: warning: skipping %s,"
"it does not contain exactly one certificate or CRL\n",
opt_getprog(), filename);
/* This is not an error. */
@@ -502,13 +503,14 @@ int rehash_main(int argc, char **argv)
if (*argv) {
while (*argv)
errs += do_dir(*argv++, h);
} else if ((env = getenv("SSL_CERT_DIR")) != NULL) {
} else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
m = OPENSSL_strdup(env);
for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":"))
for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
errs += do_dir(e, h);
OPENSSL_free(m);
} else {
errs += do_dir("/etc/ssl/certs", h);
errs += do_dir(X509_get_default_cert_dir(), h);
}
end:

19
apps/req.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -509,8 +509,7 @@ int req_main(int argc, char **argv)
if (pkey_type == EVP_PKEY_EC) {
BIO_printf(bio_err, "Generating an EC private key\n");
} else {
BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
newkey, keyalgstr);
BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
}
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
@@ -744,9 +743,19 @@ int req_main(int argc, char **argv)
if (text) {
if (x509)
X509_print_ex(out, x509ss, nmflag, reqflag);
ret = X509_print_ex(out, x509ss, nmflag, reqflag);
else
X509_REQ_print_ex(out, req, nmflag, reqflag);
ret = X509_REQ_print_ex(out, req, nmflag, reqflag);
if (ret == 0) {
if (x509)
BIO_printf(bio_err, "Error printing certificate\n");
else
BIO_printf(bio_err, "Error printing certificate request\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (subject) {

10
apps/s_client.c
View File

@@ -593,7 +593,8 @@ OPTIONS s_client_options[] = {
"Disable name checks when matching DANE-EE(3) TLSA records"},
{"reconnect", OPT_RECONNECT, '-',
"Drop and re-make the connection with the same Session-ID"},
{"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"},
{"showcerts", OPT_SHOWCERTS, '-',
"Show all certificates sent by the server"},
{"debug", OPT_DEBUG, '-', "Extra output"},
{"msg", OPT_MSG, '-', "Show protocol messages"},
{"msgfile", OPT_MSGFILE, '>',
@@ -2114,8 +2115,7 @@ int s_client_main(int argc, char **argv)
FD_ZERO(&readfds);
FD_ZERO(&writefds);
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
@@ -2235,10 +2235,8 @@ int s_client_main(int argc, char **argv)
}
}
if ((SSL_version(con) == DTLS1_VERSION)
&& DTLSv1_handle_timeout(con) > 0) {
if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0)
BIO_printf(bio_err, "TIMEOUT occurred\n");
}
if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len);

25
apps/s_server.c
View File

@@ -2012,9 +2012,7 @@ static int sv_body(int s, int stype, unsigned char *context)
SSL *con = NULL;
BIO *sbio;
struct timeval timeout;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#else
#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS))
struct timeval *timeoutp;
#endif
@@ -2149,26 +2147,23 @@ static int sv_body(int s, int stype, unsigned char *context)
* second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient.
*/
tv.tv_sec = 1;
tv.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &tv);
timeout.tv_sec = 1;
timeout.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &timeout);
if (has_stdin_waiting())
read_from_terminal = 1;
if ((i < 0) || (!i && !read_from_terminal))
continue;
#else
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
if ((SSL_version(con) == DTLS1_VERSION)
&& DTLSv1_handle_timeout(con) > 0) {
if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0)
BIO_printf(bio_err, "TIMEOUT occurred\n");
}
if (i <= 0)
continue;
@@ -2665,8 +2660,10 @@ static int www_body(int s, int stype, unsigned char *context)
if (context
&& !SSL_set_session_id_context(con, context,
strlen((char *)context)))
strlen((char *)context))) {
SSL_free(con);
goto err;
}
sbio = BIO_new_socket(s, BIO_NOCLOSE);
if (s_nbio_test) {
@@ -2678,7 +2675,7 @@ static int www_body(int s, int stype, unsigned char *context)
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */
/* No need to free |con| after this. Done by BIO_free(ssl_bio) */
BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio);
#ifdef CHARSET_EBCDIC
@@ -3035,6 +3032,7 @@ static int rev_body(int s, int stype, unsigned char *context)
if (context
&& !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
SSL_free(con);
ERR_print_errors(bio_err);
goto err;
}
@@ -3043,6 +3041,7 @@ static int rev_body(int s, int stype, unsigned char *context)
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
/* No need to free |con| after this. Done by BIO_free(ssl_bio) */
BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio);
#ifdef CHARSET_EBCDIC

232
apps/speed.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -129,13 +129,6 @@
#define BUFSIZE (1024*16+1)
#define MAX_MISALIGNMENT 63
#define ALGOR_NUM 30
#define SIZE_NUM 6
#define PRIME_NUM 3
#define RSA_NUM 7
#define DSA_NUM 3
#define EC_NUM 17
#define MAX_ECDH_SIZE 256
#define MISALIGN 64
@@ -144,37 +137,6 @@ static volatile int run = 0;
static int mr = 0;
static int usertime = 1;
typedef void *(*kdf_fn) (
const void *in, size_t inlen, void *out, size_t *xoutlen);
typedef struct loopargs_st {
ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx;
unsigned char *buf;
unsigned char *buf2;
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned int siglen;
#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsa_key[DSA_NUM];
#endif
#ifndef OPENSSL_NO_EC
EC_KEY *ecdsa[EC_NUM];
EC_KEY *ecdh_a[EC_NUM];
EC_KEY *ecdh_b[EC_NUM];
unsigned char *secret_a;
unsigned char *secret_b;
size_t outlen;
kdf_fn kdf;
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
GCM128_CONTEXT *gcm_ctx;
} loopargs_t;
#ifndef OPENSSL_NO_MD2
static int EVP_Digest_MD2_loop(void *args);
#endif
@@ -227,7 +189,6 @@ static int ECDSA_sign_loop(void *args);
static int ECDSA_verify_loop(void *args);
static int ECDH_compute_key_loop(void *args);
#endif
static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs);
static double Time_F(int s);
static void print_message(const char *s, long num, int length);
@@ -238,32 +199,10 @@ static void print_result(int alg, int run_no, int count, double time_used);
static int do_multi(int multi);
#endif
static const char *names[ALGOR_NUM] = {
"md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
"des cbc", "des ede3", "idea cbc", "seed cbc",
"rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
"aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
"camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
"evp", "sha256", "sha512", "whirlpool",
"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
};
static double results[ALGOR_NUM][SIZE_NUM];
static const int lengths[SIZE_NUM] = {
static const int lengths[] = {
16, 64, 256, 1024, 8 * 1024, 16 * 1024
};
#ifndef OPENSSL_NO_RSA
static double rsa_results[RSA_NUM][2];
#endif
#ifndef OPENSSL_NO_DSA
static double dsa_results[DSA_NUM][2];
#endif
#ifndef OPENSSL_NO_EC
static double ecdsa_results[EC_NUM][2];
static double ecdh_results[EC_NUM][1];
#endif
#define SIZE_NUM OSSL_NELEM(lengths)
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
static const char rnd_seed[] =
@@ -348,9 +287,14 @@ static double Time_F(int s)
static void multiblock_speed(const EVP_CIPHER *evp_cipher);
static int found(const char *name, const OPT_PAIR *pairs, int *result)
#define found(value, pairs, result)\
opt_found(value, result, pairs, OSSL_NELEM(pairs))
static int opt_found(const char *name, unsigned int *result,
const OPT_PAIR pairs[], unsigned int nbelem)
{
for (; pairs->name; pairs++)
unsigned int idx;
for (idx = 0; idx < nbelem; ++idx, pairs++)
if (strcmp(name, pairs->name) == 0) {
*result = pairs->retval;
return 1;
@@ -387,7 +331,7 @@ OPTIONS speed_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL},
{NULL}
};
#define D_MD2 0
@@ -420,7 +364,19 @@ OPTIONS speed_options[] = {
#define D_IGE_192_AES 27
#define D_IGE_256_AES 28
#define D_GHASH 29
static OPT_PAIR doit_choices[] = {
/* name of algorithms to test */
static const char *names[] = {
"md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
"des cbc", "des ede3", "idea cbc", "seed cbc",
"rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
"aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
"camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
"evp", "sha256", "sha512", "whirlpool",
"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
};
#define ALGOR_NUM OSSL_NELEM(names)
/* list of configured algorithm (remaining) */
static const OPT_PAIR doit_choices[] = {
#ifndef OPENSSL_NO_MD2
{"md2", D_MD2},
#endif
@@ -484,21 +440,24 @@ static OPT_PAIR doit_choices[] = {
{"cast", D_CBC_CAST},
{"cast5", D_CBC_CAST},
#endif
{"ghash", D_GHASH},
{NULL}
{"ghash", D_GHASH}
};
static double results[ALGOR_NUM][SIZE_NUM];
#ifndef OPENSSL_NO_DSA
# define R_DSA_512 0
# define R_DSA_1024 1
# define R_DSA_2048 2
static OPT_PAIR dsa_choices[] = {
static const OPT_PAIR dsa_choices[] = {
{"dsa512", R_DSA_512},
{"dsa1024", R_DSA_1024},
{"dsa2048", R_DSA_2048},
{NULL},
{"dsa2048", R_DSA_2048}
};
#endif
# define DSA_NUM OSSL_NELEM(dsa_choices)
static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
#endif /* OPENSSL_NO_DSA */
#define R_RSA_512 0
#define R_RSA_1024 1
@@ -507,16 +466,18 @@ static OPT_PAIR dsa_choices[] = {
#define R_RSA_4096 4
#define R_RSA_7680 5
#define R_RSA_15360 6
static OPT_PAIR rsa_choices[] = {
static const OPT_PAIR rsa_choices[] = {
{"rsa512", R_RSA_512},
{"rsa1024", R_RSA_1024},
{"rsa2048", R_RSA_2048},
{"rsa3072", R_RSA_3072},
{"rsa4096", R_RSA_4096},
{"rsa7680", R_RSA_7680},
{"rsa15360", R_RSA_15360},
{NULL}
{"rsa15360", R_RSA_15360}
};
# define RSA_NUM OSSL_NELEM(rsa_choices)
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
#define R_EC_P160 0
#define R_EC_P192 1
@@ -536,7 +497,7 @@ static OPT_PAIR rsa_choices[] = {
#define R_EC_B571 15
#define R_EC_X25519 16
#ifndef OPENSSL_NO_EC
static OPT_PAIR ecdsa_choices[] = {
static const OPT_PAIR ecdsa_choices[] = {
{"ecdsap160", R_EC_P160},
{"ecdsap192", R_EC_P192},
{"ecdsap224", R_EC_P224},
@@ -552,11 +513,13 @@ static OPT_PAIR ecdsa_choices[] = {
{"ecdsab233", R_EC_B233},
{"ecdsab283", R_EC_B283},
{"ecdsab409", R_EC_B409},
{"ecdsab571", R_EC_B571},
{NULL}
{"ecdsab571", R_EC_B571}
};
# define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
static OPT_PAIR ecdh_choices[] = {
static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
static const OPT_PAIR ecdh_choices[] = {
{"ecdhp160", R_EC_P160},
{"ecdhp192", R_EC_P192},
{"ecdhp224", R_EC_P224},
@@ -574,9 +537,11 @@ static OPT_PAIR ecdh_choices[] = {
{"ecdhb409", R_EC_B409},
{"ecdhb571", R_EC_B571},
{"ecdhx25519", R_EC_X25519},
{NULL}
};
#endif
# define EC_NUM OSSL_NELEM(ecdh_choices)
static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
#endif /* OPENSSL_NO_EC */
#ifndef SIGALRM
# define COND(d) (count < (d))
@@ -586,7 +551,40 @@ static OPT_PAIR ecdh_choices[] = {
# define COUNT(d) (count)
#endif /* SIGALRM */
static int testnum;
static unsigned int testnum;
typedef void *(*kdf_fn) (const void *in, size_t inlen, void *out,
size_t *xoutlen);
typedef struct loopargs_st {
ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx;
unsigned char *buf;
unsigned char *buf2;
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned int siglen;
#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsa_key[DSA_NUM];
#endif
#ifndef OPENSSL_NO_EC
EC_KEY *ecdsa[ECDSA_NUM];
EC_KEY *ecdh_a[EC_NUM];
EC_KEY *ecdh_b[EC_NUM];
unsigned char *secret_a;
unsigned char *secret_b;
size_t outlen;
kdf_fn kdf;
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
GCM128_CONTEXT *gcm_ctx;
} loopargs_t;
static int run_benchmark(int async_jobs, int (*loop_function) (void *),
loopargs_t * loopargs);
/* Nb of iterations to do per algorithm and key-size */
static long c[ALGOR_NUM][SIZE_NUM];
@@ -995,7 +993,7 @@ static int DSA_verify_loop(void *args)
#endif
#ifndef OPENSSL_NO_EC
static long ecdsa_c[EC_NUM][2];
static long ecdsa_c[ECDSA_NUM][2];
static int ECDSA_sign_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
@@ -1222,26 +1220,23 @@ int speed_main(int argc, char **argv)
{
ENGINE *e = NULL;
loopargs_t *loopargs = NULL;
int async_init = 0;
int loopargs_len = 0;
char *prog;
const char *prog;
const char *engine_id = NULL;
const EVP_CIPHER *evp_cipher = NULL;
double d = 0.0;
OPTION_CHOICE o;
int multiblock = 0, pr_header = 0;
int async_init = 0, multiblock = 0, pr_header = 0;
int doit[ALGOR_NUM] = { 0 };
int ret = 1, i, k, misalign = 0;
int ret = 1, misalign = 0;
long count = 0;
unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0;
#ifndef NO_FORK
int multi = 0;
#endif
unsigned int async_jobs = 0;
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_EC)
long rsa_count = 1;
#endif
size_t loop;
/* What follows are the buffers and key material. */
#ifndef OPENSSL_NO_RC5
@@ -1325,7 +1320,7 @@ int speed_main(int argc, char **argv)
/*
* We only test over the following curves as they are representative, To
* add tests over more curves, simply add the curve NID and curve name to
* the following arrays and increase the EC_NUM value accordingly.
* the following arrays and increase the |ecdh_choices| list accordingly.
*/
static const unsigned int test_curves[EC_NUM] = {
/* Prime Curves */
@@ -1360,7 +1355,7 @@ int speed_main(int argc, char **argv)
571, 253 /* X25519 */
};
int ecdsa_doit[EC_NUM] = { 0 };
int ecdsa_doit[ECDSA_NUM] = { 0 };
int ecdh_doit[EC_NUM] = { 0 };
#endif /* ndef OPENSSL_NO_EC */
@@ -1418,9 +1413,7 @@ int speed_main(int argc, char **argv)
goto opterr;
}
if (async_jobs > 99999) {
BIO_printf(bio_err,
"%s: too many async_jobs\n",
prog);
BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
goto opterr;
}
#endif
@@ -1471,10 +1464,8 @@ int speed_main(int argc, char **argv)
if (strcmp(*argv, "openssl") == 0)
continue;
if (strcmp(*argv, "rsa") == 0) {
rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] =
rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] =
rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] =
rsa_doit[R_RSA_15360] = 1;
for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
rsa_doit[loop] = 1;
continue;
}
if (found(*argv, rsa_choices, &i)) {
@@ -1507,8 +1498,8 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_EC
if (strcmp(*argv, "ecdsa") == 0) {
for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++)
ecdsa_doit[ecdsa_choices[loop].retval] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
ecdsa_doit[loop] = 1;
continue;
}
if (found(*argv, ecdsa_choices, &i)) {
@@ -1516,8 +1507,8 @@ int speed_main(int argc, char **argv)
continue;
}
if (strcmp(*argv, "ecdh") == 0) {
for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++)
ecdh_doit[ecdh_choices[loop].retval] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
ecdh_doit[loop] = 1;
continue;
}
if (found(*argv, ecdh_choices, &i)) {
@@ -1584,10 +1575,10 @@ int speed_main(int argc, char **argv)
dsa_doit[i] = 1;
#endif
#ifndef OPENSSL_NO_EC
for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++)
ecdsa_doit[ecdsa_choices[loop].retval] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++)
ecdh_doit[ecdh_choices[loop].retval] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
ecdsa_doit[loop] = 1;
for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
ecdh_doit[loop] = 1;
#endif
}
for (i = 0; i < ALGOR_NUM; i++)
@@ -1850,6 +1841,8 @@ int speed_main(int argc, char **argv)
}
}
}
/* default iteration count for the last EC Curve */
ecdh_c[R_EC_X25519][0] = count / 1800;
# endif
# else
@@ -2472,7 +2465,7 @@ int speed_main(int argc, char **argv)
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof(rnd_seed));
}
for (testnum = 0; testnum < EC_NUM; testnum++) {
for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
int st = 1;
if (!ecdsa_doit[testnum])
@@ -2547,7 +2540,7 @@ int speed_main(int argc, char **argv)
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
for (testnum++; testnum < EC_NUM; testnum++)
for (testnum++; testnum < ECDSA_NUM; testnum++)
ecdsa_doit[testnum] = 0;
}
}
@@ -2584,7 +2577,7 @@ int speed_main(int argc, char **argv)
ecdh_checks = 0;
rsa_count = 1;
} else {
int secret_size_a, secret_size_b;
int secret_size_a, secret_size_b, j;
/*
* If field size is not more than 24 octets, then use SHA-1
* hash of result; otherwise, use result (see section 4.8 of
@@ -2613,8 +2606,8 @@ int speed_main(int argc, char **argv)
else
ecdh_checks = 1;
for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) {
if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k])
for (j = 0; j < secret_size_a && ecdh_checks == 1; j++) {
if (loopargs[i].secret_a[j] != loopargs[i].secret_b[j])
ecdh_checks = 0;
}
@@ -2644,7 +2637,7 @@ int speed_main(int argc, char **argv)
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
for (testnum++; testnum < EC_NUM; testnum++)
for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++)
ecdh_doit[testnum] = 0;
}
}
@@ -2693,7 +2686,7 @@ int speed_main(int argc, char **argv)
if (!doit[k])
continue;
if (mr)
printf("+F:%d:%s", k, names[k]);
printf("+F:%u:%s", k, names[k]);
else
printf("%-13s", names[k]);
for (testnum = 0; testnum < SIZE_NUM; testnum++) {
@@ -2742,7 +2735,7 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_EC
testnum = 1;
for (k = 0; k < EC_NUM; k++) {
for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
if (!ecdsa_doit[k])
continue;
if (testnum && !mr) {
@@ -2800,8 +2793,9 @@ int speed_main(int argc, char **argv)
DSA_free(loopargs[i].dsa_key[k]);
#endif
#ifndef OPENSSL_NO_EC
for (k = 0; k < EC_NUM; k++) {
for (k = 0; k < ECDSA_NUM; k++)
EC_KEY_free(loopargs[i].ecdsa[k]);
for (k = 0; k < EC_NUM; k++) {
EC_KEY_free(loopargs[i].ecdh_a[k]);
EC_KEY_free(loopargs[i].ecdh_b[k]);
}
@@ -2950,7 +2944,7 @@ static int do_multi(int multi)
printf("Got: %s from %d\n", buf, n);
if (strncmp(buf, "+F:", 3) == 0) {
int alg;
int j;
unsigned int j;
p = buf + 3;
alg = atoi(sstrsep(&p, sep));

3
apps/verify.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file,
X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
X509_STORE_CTX_free(csc);
printf("error %s: X.509 store context initialization failed\n",
(file == NULL) ? "stdin" : file);
goto end;

2
appveyor.yml
View File

@@ -41,5 +41,5 @@ test_script:
- cd _build
- nmake test
- mkdir ..\_install
- nmake install install_docs DESTDIR=..\_install
- nmake install DESTDIR=..\_install
- cd ..

3
config
View File

@@ -1,5 +1,5 @@
#!/bin/sh
# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -929,5 +929,6 @@ if [ $? = "0" ]; then
fi
else
echo "This system ($OUT) is not supported. See file INSTALL for details."
exit 1
fi
)

4
crypto/arm_arch.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,7 +69,7 @@
# endif
# endif
# if !__ASSEMBLER__
# ifndef __ASSEMBLER__
extern unsigned int OPENSSL_armcap_P;
# endif

3
crypto/armcap.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,6 +13,7 @@
#include <setjmp.h>
#include <signal.h>
#include <openssl/crypto.h>
#include <internal/cryptlib.h>
#include "arm_arch.h"

4
crypto/armv4cpuid.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -125,7 +125,7 @@ CRYPTO_memcmp:
ldmia sp!,{r4,r5}
.Lno_data:
neg r0,ip
rsb r0,ip,#0
mov r0,r0,lsr#31
#if __ARM_ARCH__>=5
bx lr

23
crypto/asn1/a_object.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -19,7 +19,7 @@
int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
{
unsigned char *p;
unsigned char *p, *allocated = NULL;
int objsize;
if ((a == NULL) || (a->data == NULL))
@@ -29,13 +29,24 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
if (pp == NULL || objsize == -1)
return objsize;
p = *pp;
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length);
p += a->length;
*pp = p;
return (objsize);
/*
* If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + a->length;
return objsize;
}
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)

77
crypto/asn1/a_strex.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -139,7 +139,7 @@ static int do_buf(unsigned char *buf, int buflen,
int type, unsigned short flags, char *quotes, char_io *io_ch,
void *arg)
{
int i, outlen, len;
int i, outlen, len, charwidth;
unsigned short orflags;
unsigned char *p, *q;
unsigned long c;
@@ -147,12 +147,32 @@ static int do_buf(unsigned char *buf, int buflen,
p = buf;
q = buf + buflen;
outlen = 0;
charwidth = type & BUF_TYPE_WIDTH_MASK;
switch (charwidth) {
case 4:
if (buflen & 3) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
return -1;
}
break;
case 2:
if (buflen & 1) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
return -1;
}
break;
default:
break;
}
while (p != q) {
if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
orflags = CHARTYPE_FIRST_ESC_2253;
else
orflags = 0;
switch (type & BUF_TYPE_WIDTH_MASK) {
switch (charwidth) {
case 4:
c = ((unsigned long)*p++) << 24;
c |= ((unsigned long)*p++) << 16;
@@ -173,6 +193,7 @@ static int do_buf(unsigned char *buf, int buflen,
i = UTF8_getc(p, buflen, &c);
if (i < 0)
return -1; /* Invalid UTF8String */
buflen -= i;
p += i;
break;
default:
@@ -592,53 +613,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
*out = stmp.data;
return stmp.length;
}
/* Return 1 if host is a valid hostname and 0 otherwise */
int asn1_valid_host(const ASN1_STRING *host)
{
int hostlen = host->length;
const unsigned char *hostptr = host->data;
int type = host->type;
int i;
signed char width = -1;
unsigned short chflags = 0, prevchflags;
if (type > 0 && type < 31)
width = tag2nbyte[type];
if (width == -1 || hostlen == 0)
return 0;
/* Treat UTF8String as width 1 as any MSB set is invalid */
if (width == 0)
width = 1;
for (i = 0 ; i < hostlen; i+= width) {
prevchflags = chflags;
/* Value must be <= 0x7F: check upper bytes are all zeroes */
if (width == 4) {
if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0)
return 0;
} else if (width == 2) {
if (*hostptr++ != 0)
return 0;
}
if (*hostptr > 0x7f)
return 0;
chflags = char_type[*hostptr++];
if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) {
/* Nothing else allowed at start or end of string */
if (i == 0 || i == hostlen - 1)
return 0;
/* Otherwise invalid if not dot or hyphen */
if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)))
return 0;
/*
* If previous is dot or hyphen then illegal unless both
* are hyphens: as .- -. .. are all illegal
*/
if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)
&& ((prevchflags & CHARTYPE_HOST_DOT)
|| (chflags & CHARTYPE_HOST_DOT)))
return 0;
}
}
return 1;
}

16
crypto/asn1/ameth_lib.c
View File

@@ -179,6 +179,22 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
{
EVP_PKEY_ASN1_METHOD tmp = { 0, };
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!((ameth->pem_str == NULL
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
|| (ameth->pem_str != NULL
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
if (app_methods == NULL) {
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
if (app_methods == NULL)

2
crypto/asn1/asn1_err.c
View File

@@ -92,8 +92,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"},
{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
{ERR_FUNC(ASN1_F_DO_BUF), "do_buf"},
{ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
{ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},

8
crypto/asn1/asn_mime.c
View File

@@ -969,12 +969,14 @@ static int strip_eol(char *linebuf, int *plen, int flags)
p = linebuf + len - 1;
for (p = linebuf + len - 1; len > 0; len--, p--) {
c = *p;
if (c == '\n')
if (c == '\n') {
is_eol = 1;
else if (is_eol && flags & SMIME_ASCIICRLF && c < 33)
} else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) {
/* Strip trailing space on a line; 32 == ASCII for ' ' */
continue;
else if (c != '\r')
} else if (c != '\r') {
break;
}
}
*plen = len;
return is_eol;

4
crypto/asn1/p5_scrypt.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -91,7 +91,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
if (EVP_CIPHER_iv_length(cipher)) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
goto err;
}

4
crypto/asn1/tasn_enc.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -528,6 +528,8 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
otmp = (ASN1_OBJECT *)*pval;
cont = otmp->data;
len = otmp->length;
if (cont == NULL || len == 0)
return -1;
break;
case V_ASN1_NULL:

4
crypto/asn1/tasn_utl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -76,7 +76,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
}
return 1;
}
if (CRYPTO_atomic_add(lck, op, &ret, *lock) < 0)
if (!CRYPTO_atomic_add(lck, op, &ret, *lock))
return -1; /* failed */
#ifdef REF_PRINT
fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname);

19
crypto/asn1/x_bignum.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -130,9 +130,20 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it)
{
if (!*pval)
bn_secure_new(pval, it);
return bn_c2i(pval, cont, len, utype, free_cont, it);
int ret;
BIGNUM *bn;
if (!*pval && !bn_secure_new(pval, it))
return 0;
ret = bn_c2i(pval, cont, len, utype, free_cont, it);
if (!ret)
return 0;
/* Set constant-time flag for all secure BIGNUMS */
bn = (BIGNUM *)*pval;
BN_set_flags(bn, BN_FLG_CONSTTIME);
return ret;
}
static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,

3
crypto/async/arch/async_posix.h
View File

@@ -17,7 +17,8 @@
# include <unistd.h>
# if _POSIX_VERSION >= 200112L
# if _POSIX_VERSION >= 200112L \
&& (_POSIX_VERSION < 200809L || defined(__GLIBC__))
# include <pthread.h>

80
crypto/async/async.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -30,11 +30,12 @@
static CRYPTO_THREAD_LOCAL ctxkey;
static CRYPTO_THREAD_LOCAL poolkey;
static void async_free_pool_internal(async_pool *pool);
static async_ctx *async_ctx_new(void)
{
async_ctx *nctx = NULL;
async_ctx *nctx;
if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
return NULL;
nctx = OPENSSL_malloc(sizeof(async_ctx));
if (nctx == NULL) {
@@ -57,9 +58,6 @@ err:
async_ctx *async_get_ctx(void)
{
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return NULL;
return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey);
}
@@ -169,16 +167,19 @@ void async_start_func(void)
int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
int (*func)(void *), void *args, size_t size)
{
async_ctx *ctx = async_get_ctx();
async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return ASYNC_ERR;
ctx = async_get_ctx();
if (ctx == NULL)
ctx = async_ctx_new();
if (ctx == NULL) {
if (ctx == NULL)
return ASYNC_ERR;
}
if (*job) {
if (*job)
ctx->currjob = *job;
}
for (;;) {
if (ctx->currjob != NULL) {
@@ -219,9 +220,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
}
/* Start a new job */
if ((ctx->currjob = async_get_pool_job()) == NULL) {
if ((ctx->currjob = async_get_pool_job()) == NULL)
return ASYNC_NO_JOBS;
}
if (args != NULL) {
ctx->currjob->funcargs = OPENSSL_malloc(size);
@@ -323,12 +323,11 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
return 0;
}
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) {
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return 0;
}
if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) {
if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
return 0;
}
pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) {
@@ -369,32 +368,41 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
return 1;
err:
async_free_pool_internal(pool);
return 0;
}
static void async_free_pool_internal(async_pool *pool)
{
if (pool == NULL)
return;
async_empty_pool(pool);
sk_ASYNC_JOB_free(pool->jobs);
OPENSSL_free(pool);
CRYPTO_THREAD_set_local(&poolkey, NULL);
return 0;
}
void async_delete_thread_state(void)
{
async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
if (pool != NULL) {
async_empty_pool(pool);
sk_ASYNC_JOB_free(pool->jobs);
OPENSSL_free(pool);
CRYPTO_THREAD_set_local(&poolkey, NULL);
}
async_local_cleanup();
async_ctx_free();
}
void ASYNC_cleanup_thread(void)
{
async_free_pool_internal((async_pool *)CRYPTO_THREAD_get_local(&poolkey));
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return;
async_delete_thread_state();
}
ASYNC_JOB *ASYNC_get_current_job(void)
{
async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return NULL;
ctx = async_get_ctx();
if (ctx == NULL)
return NULL;
@@ -409,7 +417,12 @@ ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job)
void ASYNC_block_pause(void)
{
async_ctx *ctx = async_get_ctx();
async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return;
ctx = async_get_ctx();
if (ctx == NULL || ctx->currjob == NULL) {
/*
* We're not in a job anyway so ignore this
@@ -421,7 +434,12 @@ void ASYNC_block_pause(void)
void ASYNC_unblock_pause(void)
{
async_ctx *ctx = async_get_ctx();
async_ctx *ctx;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
return;
ctx = async_get_ctx();
if (ctx == NULL || ctx->currjob == NULL) {
/*
* We're not in a job anyway so ignore this

11
crypto/bio/b_addr.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -66,18 +66,18 @@ void BIO_ADDR_clear(BIO_ADDR *ap)
int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
{
if (sa->sa_family == AF_INET) {
ap->s_in = *(const struct sockaddr_in *)sa;
memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in));
return 1;
}
#ifdef AF_INET6
if (sa->sa_family == AF_INET6) {
ap->s_in6 = *(const struct sockaddr_in6 *)sa;
memcpy(&(ap->s_in6), sa, sizeof(struct sockaddr_in6));
return 1;
}
#endif
#ifdef AF_UNIX
if (sa->sa_family == AF_UNIX) {
ap->s_un = *(const struct sockaddr_un *)sa;
memcpy(&(ap->s_un), sa, sizeof(struct sockaddr_un));
return 1;
}
#endif
@@ -604,7 +604,8 @@ static int addrinfo_wrap(int family, int socktype,
DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
{
OPENSSL_init_crypto(0, NULL);
if (!OPENSSL_init_crypto(0, NULL))
return 0;
bio_lookup_lock = CRYPTO_THREAD_lock_new();
return bio_lookup_lock != NULL;
}

6
crypto/bio/b_print.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,9 +10,9 @@
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include "internal/numbers.h"
#include "internal/cryptlib.h"
#include <openssl/bio.h>
#include "internal/cryptlib.h"
#include "internal/numbers.h"
/*
* Copyright Patrick Powell 1995

6
crypto/bio/b_sock.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -317,7 +317,7 @@ int BIO_socket_nbio(int s, int mode)
l = fcntl(s, F_GETFL, 0);
if (l == -1) {
SYSerr(SYS_F_FCNTL, get_last_rtl_error());
SYSerr(SYS_F_FCNTL, get_last_sys_error());
ret = -1;
} else {
# if defined(O_NONBLOCK)
@@ -335,7 +335,7 @@ int BIO_socket_nbio(int s, int mode)
ret = fcntl(s, F_SETFL, l);
if (ret < 0) {
SYSerr(SYS_F_FCNTL, get_last_rtl_error());
SYSerr(SYS_F_FCNTL, get_last_sys_error());
}
}
# else

17
crypto/bio/bio_meth.c
View File

@@ -43,6 +43,7 @@ BIO_METHOD *BIO_meth_new(int type, const char *name)
BIOerr(BIO_F_BIO_METH_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
biom->type = type;
return biom;
}
@@ -54,7 +55,7 @@ void BIO_meth_free(BIO_METHOD *biom)
}
}
int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int)
int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int)
{
return biom->bwrite;
}
@@ -66,7 +67,7 @@ int BIO_meth_set_write(BIO_METHOD *biom,
return 1;
}
int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int)
int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int)
{
return biom->bread;
}
@@ -78,7 +79,7 @@ int BIO_meth_set_read(BIO_METHOD *biom,
return 1;
}
int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *)
int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *)
{
return biom->bputs;
}
@@ -90,7 +91,7 @@ int BIO_meth_set_puts(BIO_METHOD *biom,
return 1;
}
int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int)
int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int)
{
return biom->bgets;
}
@@ -102,7 +103,7 @@ int BIO_meth_set_gets(BIO_METHOD *biom,
return 1;
}
long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *)
long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *)
{
return biom->ctrl;
}
@@ -114,7 +115,7 @@ int BIO_meth_set_ctrl(BIO_METHOD *biom,
return 1;
}
int (*BIO_meth_get_create(BIO_METHOD *biom)) (BIO *)
int (*BIO_meth_get_create(const BIO_METHOD *biom)) (BIO *)
{
return biom->create;
}
@@ -125,7 +126,7 @@ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
return 1;
}
int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *)
int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *)
{
return biom->destroy;
}
@@ -136,7 +137,7 @@ int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
return 1;
}
long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *)
long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *)
{
return biom->callback_ctrl;
}

11
crypto/bio/bss_file.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -255,9 +255,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
}
# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
int fd = fileno((FILE *)ptr);
if (num & BIO_FP_TEXT)
setmode(fd, O_TEXT);
else
if (!(num & BIO_FP_TEXT))
setmode(fd, O_BINARY);
# endif
}
@@ -281,11 +279,14 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = 0;
break;
}
# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN)
# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
if (!(num & BIO_FP_TEXT))
strcat(p, "b");
else
strcat(p, "t");
# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
if (!(num & BIO_FP_TEXT))
strcat(p, "b");
# endif
fp = openssl_fopen(ptr, p);
if (fp == NULL) {

9
crypto/bio/bss_log.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -196,7 +196,7 @@ static int slg_write(BIO *b, const char *in, int inl)
if ((buf = OPENSSL_malloc(inl + 1)) == NULL) {
return (0);
}
strncpy(buf, in, inl);
memcpy(buf, in, inl);
buf[inl] = '\0';
i = 0;
@@ -404,4 +404,9 @@ static void xcloselog(BIO *bp)
# endif /* Unix */
#else /* NO_SYSLOG */
const BIO_METHOD *BIO_s_log(void)
{
return NULL;
}
#endif /* NO_SYSLOG */

4
crypto/bio/bss_mem.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -212,6 +212,8 @@ static int mem_write(BIO *b, const char *in, int inl)
goto end;
}
BIO_clear_retry_flags(b);
if (inl == 0)
return 0;
blen = bbm->readp->length;
mem_buf_sync(b);
if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0)

11
crypto/bn/asm/alpha-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -297,15 +297,12 @@ bn_mul_mont:
mov sp,$tp
mov $bp,$rp # restore rp
and sp,$hi0,$ap
bic $bp,$hi0,$bp
bis $bp,$ap,$ap # ap=borrow?tp:rp
.align 4
.Lcopy: ldq $aj,0($ap) # copy or in-place refresh
.Lcopy: ldq $aj,0($tp) # conditional copy
ldq $nj,0($rp)
lda $tp,8($tp)
lda $rp,8($rp)
lda $ap,8($ap)
cmoveq $hi0,$nj,$aj
stq zero,-8($tp) # zap tp
cmpult $tp,$tj,AT
stq $aj,-8($rp)

17
crypto/bn/asm/armv4-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -262,14 +262,15 @@ bn_mul_mont:
mov $tp,sp @ "rewind" $tp
sub $rp,$rp,$aj @ "rewind" $rp
and $ap,$tp,$nhi
bic $np,$rp,$nhi
orr $ap,$ap,$np @ ap=borrow?tp:rp
.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh
.Lcopy: ldr $tj,[$tp] @ conditional copy
ldr $aj,[$rp]
str sp,[$tp],#4 @ zap tp
str $tj,[$rp],#4
cmp $tp,$num
#ifdef __thumb2__
it cc
#endif
movcc $aj,$tj
str $aj,[$rp],#4
teq $tp,$num @ preserve carry
bne .Lcopy
mov sp,$num

20
crypto/bn/asm/ia64-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -341,19 +341,19 @@ bn_mul_mont_general:
{ .mmb; sub rptr=rptr,len // rewind
sub tptr=tptr,len
clrrrb.pr };;
{ .mmi; and aptr=tptr,topbit
andcm bptr=rptr,topbit
{ .mmi; mov aptr=rptr
mov bptr=tptr
mov pr.rot=1<<16 };;
{ .mii; or nptr=aptr,bptr
{ .mii; cmp.eq p0,p6=topbit,r0
mov ar.lc=lc
mov ar.ec=3 };;
mov ar.ec=2 };;
.Lcopy_ctop:
{ .mmb; (p16) ld8 n[0]=[nptr],8
(p18) st8 [tptr]=r0,8
(p16) nop.b 0 }
{ .mmb; (p16) nop.m 0
(p18) st8 [rptr]=n[2],8
{ .mmi; (p16) ld8 a[0]=[aptr],8
(p16) ld8 t[0]=[bptr],8
(p6) mov a[1]=t[1] };; // (p17)
{ .mmb; (p17) st8 [rptr]=a[1],8
(p17) st8 [tptr]=r0,8
br.ctop.sptk .Lcopy_ctop };;
.Lcopy_cend:

14
crypto/bn/asm/mips-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -384,15 +384,13 @@ $code.=<<___;
$PTR_SUB $rp,$num # restore rp
not $hi1,$hi0
and $ap,$hi0,$sp
and $bp,$hi1,$rp
or $ap,$ap,$bp # ap=borrow?tp:rp
.align 4
.Lcopy: $LD $aj,($ap)
$PTR_ADD $ap,$BNSZ
.Lcopy: $LD $nj,($tp) # conditional move
$LD $aj,($rp)
$ST $zero,($tp)
$PTR_ADD $tp,$BNSZ
and $nj,$hi0
and $aj,$hi1
or $aj,$nj
sltu $at,$tp,$tj
$ST $aj,($rp)
bnez $at,.Lcopy

30
crypto/bn/asm/parisc-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -517,7 +517,6 @@ L\$sub
stws,ma $hi1,4($rp)
subb $ti0,%r0,$hi1
ldo -4($tp),$tp
___
$code.=<<___ if ($BN_SZ==8);
ldd,ma 8($tp),$ti0
@@ -532,21 +531,19 @@ L\$sub
extrd,u $ti0,31,32,$ti0 ; carry in flipped word order
sub,db $ti0,%r0,$hi1
ldo -8($tp),$tp
___
$code.=<<___;
and $tp,$hi1,$ap
andcm $rp,$hi1,$bp
or $ap,$bp,$np
ldo `$LOCALS+32`($fp),$tp
sub $rp,$arrsz,$rp ; rewind rp
subi 0,$arrsz,$idx
ldo `$LOCALS+32`($fp),$tp
L\$copy
ldd $idx($np),$hi0
ldd 0($tp),$ti0
ldd 0($rp),$hi0
std,ma %r0,8($tp)
addib,<> 8,$idx,.-8 ; L\$copy
std,ma $hi0,8($rp)
comiclr,= 0,$hi1,%r0
copy $ti0,$hi0
addib,<> 8,$idx,L\$copy
std,ma $hi0,8($rp)
___
if ($BN_SZ==4) { # PA-RISC 1.1 code-path
@@ -856,17 +853,16 @@ L\$sub_pa11
stws,ma $hi1,4($rp)
subb $ti0,%r0,$hi1
ldo -4($tp),$tp
and $tp,$hi1,$ap
andcm $rp,$hi1,$bp
or $ap,$bp,$np
ldo `$LOCALS+32`($fp),$tp
sub $rp,$arrsz,$rp ; rewind rp
subi 0,$arrsz,$idx
ldo `$LOCALS+32`($fp),$tp
L\$copy_pa11
ldwx $idx($np),$hi0
ldw 0($tp),$ti0
ldw 0($rp),$hi0
stws,ma %r0,4($tp)
comiclr,= 0,$hi1,%r0
copy $ti0,$hi0
addib,<> 4,$idx,L\$copy_pa11
stws,ma $hi0,4($rp)

15
crypto/bn/asm/ppc-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -301,15 +301,16 @@ Lsub: $LDX $tj,$tp,$j
li $j,0
mtctr $num
subfe $ovf,$j,$ovf ; handle upmost overflow bit
and $ap,$tp,$ovf
andc $np,$rp,$ovf
or $ap,$ap,$np ; ap=borrow?tp:rp
.align 4
Lcopy: ; copy or in-place refresh
$LDX $tj,$ap,$j
$STX $tj,$rp,$j
Lcopy: ; conditional copy
$LDX $tj,$tp,$j
$LDX $aj,$rp,$j
and $tj,$tj,$ovf
andc $aj,$aj,$ovf
$STX $j,$tp,$j ; zap at once
or $aj,$aj,$tj
$STX $aj,$rp,$j
addi $j,$j,$BNSZ
bdnz Lcopy

43
crypto/bn/asm/ppc64-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -1501,16 +1501,14 @@ Lsub: ldx $t0,$tp,$i
li $i,0
subfe $ovf,$i,$ovf ; handle upmost overflow bit
and $ap,$tp,$ovf
andc $np,$rp,$ovf
or $ap,$ap,$np ; ap=borrow?tp:rp
addi $t7,$ap,8
mtctr $j
.align 4
Lcopy: ; copy or in-place refresh
ldx $t0,$ap,$i
ldx $t1,$t7,$i
Lcopy: ; conditional copy
ldx $t0,$tp,$i
ldx $t1,$t4,$i
ldx $t2,$rp,$i
ldx $t3,$t6,$i
std $i,8($nap_d) ; zap nap_d
std $i,16($nap_d)
std $i,24($nap_d)
@@ -1519,6 +1517,12 @@ Lcopy: ; copy or in-place refresh
std $i,48($nap_d)
std $i,56($nap_d)
stdu $i,64($nap_d)
and $t0,$t0,$ovf
and $t1,$t1,$ovf
andc $t2,$t2,$ovf
andc $t3,$t3,$ovf
or $t0,$t0,$t2
or $t1,$t1,$t3
stdx $t0,$rp,$i
stdx $t1,$t6,$i
stdx $i,$tp,$i ; zap tp at once
@@ -1561,20 +1565,21 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order
li $i,0
subfe $ovf,$i,$ovf ; handle upmost overflow bit
addi $tp,$sp,`$FRAME+$TRANSFER+4`
addi $ap,$sp,`$FRAME+$TRANSFER+4`
subf $rp,$num,$rp ; rewind rp
and $ap,$tp,$ovf
andc $np,$rp,$ovf
or $ap,$ap,$np ; ap=borrow?tp:rp
addi $tp,$sp,`$FRAME+$TRANSFER`
mtctr $j
.align 4
Lcopy: ; copy or in-place refresh
Lcopy: ; conditional copy
lwz $t0,4($ap)
lwz $t1,8($ap)
lwz $t2,12($ap)
lwzu $t3,16($ap)
lwz $t4,4($rp)
lwz $t5,8($rp)
lwz $t6,12($rp)
lwz $t7,16($rp)
std $i,8($nap_d) ; zap nap_d
std $i,16($nap_d)
std $i,24($nap_d)
@@ -1583,6 +1588,18 @@ Lcopy: ; copy or in-place refresh
std $i,48($nap_d)
std $i,56($nap_d)
stdu $i,64($nap_d)
and $t0,$t0,$ovf
and $t1,$t1,$ovf
and $t2,$t2,$ovf
and $t3,$t3,$ovf
andc $t4,$t4,$ovf
andc $t5,$t5,$ovf
andc $t6,$t6,$ovf
andc $t7,$t7,$ovf
or $t0,$t0,$t4
or $t1,$t1,$t5
or $t2,$t2,$t6
or $t3,$t3,$t7
stw $t0,4($rp)
stw $t1,8($rp)
stw $t2,12($rp)

4
crypto/bn/asm/rsaz-avx2.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -104,7 +104,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=11);
}
if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$avx = ($ver>=3.0) + ($ver>=3.01);
$addx = ($ver>=3.03);

16
crypto/bn/asm/s390x-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -252,16 +252,16 @@ $code.=<<___;
brct $count,.Lsub
lghi $ahi,0
slbgr $AHI,$ahi # handle upmost carry
ngr $ap,$AHI
lghi $np,-1
xgr $np,$AHI
ngr $np,$rp
ogr $ap,$np # ap=borrow?tp:rp
lghi $NHI,-1
xgr $NHI,$AHI
la $j,0(%r0)
lgr $count,$num
.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh
.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy
lg $alo,0($j,$rp)
ngr $ahi,$AHI
ngr $alo,$NHI
ogr $alo,$ahi
_dswap $alo
stg $j,$stdframe($j,$sp) # zap tp
stg $alo,0($j,$rp)

26
crypto/bn/asm/sparct4-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -888,19 +888,17 @@ $code.=<<___;
sub $tp, $num, $tp
sub $rp, $num, $rp
subc $ovf, %g0, $ovf ! handle upmost overflow bit
and $tp, $ovf, $ap
andn $rp, $ovf, $np
or $np, $ap, $ap ! ap=borrow?tp:rp
subccc $ovf, %g0, $ovf ! handle upmost overflow bit
ba .Lcopy
sub $num, 8, $cnt
.align 16
.Lcopy: ! copy or in-place refresh
ldx [$ap+0], $t2
add $ap, 8, $ap
.Lcopy: ! conditional copy
ldx [$tp], $tj
ldx [$rp+0], $t2
stx %g0, [$tp] ! zap
add $tp, 8, $tp
movcs %icc, $tj, $t2
stx $t2, [$rp+0]
add $rp, 8, $rp
brnz $cnt, .Lcopy
@@ -1136,19 +1134,17 @@ $code.=<<___;
sub $tp, $num, $tp
sub $rp, $num, $rp
subc $ovf, %g0, $ovf ! handle upmost overflow bit
and $tp, $ovf, $ap
andn $rp, $ovf, $np
or $np, $ap, $ap ! ap=borrow?tp:rp
subccc $ovf, %g0, $ovf ! handle upmost overflow bit
ba .Lcopy_g5
sub $num, 8, $cnt
.align 16
.Lcopy_g5: ! copy or in-place refresh
ldx [$ap+0], $t2
add $ap, 8, $ap
.Lcopy_g5: ! conditional copy
ldx [$tp], $tj
ldx [$rp+0], $t2
stx %g0, [$tp] ! zap
add $tp, 8, $tp
movcs %icc, $tj, $t2
stx $t2, [$rp+0]
add $rp, 8, $rp
brnz $cnt, .Lcopy_g5

15
crypto/bn/asm/sparcv9-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -265,7 +265,6 @@ $fname:
.Ltail:
add $np,$num,$np
add $rp,$num,$rp
mov $tp,$ap
sub %g0,$num,%o7 ! k=-num
ba .Lsub
subcc %g0,%g0,%g0 ! clear %icc.c
@@ -278,15 +277,14 @@ $fname:
add %o7,4,%o7
brnz %o7,.Lsub
st %o1,[$i]
subc $car2,0,$car2 ! handle upmost overflow bit
and $tp,$car2,$ap
andn $rp,$car2,$np
or $ap,$np,$ap
subccc $car2,0,$car2 ! handle upmost overflow bit
sub %g0,$num,%o7
.Lcopy:
ld [$ap+%o7],%o0 ! copy or in-place refresh
ld [$tp+%o7],%o1 ! conditional copy
ld [$rp+%o7],%o0
st %g0,[$tp+%o7] ! zap tp
movcs %icc,%o1,%o0
st %o0,[$rp+%o7]
add %o7,4,%o7
brnz %o7,.Lcopy
@@ -495,6 +493,9 @@ $code.=<<___;
mulx $npj,$mul1,$acc1
add $tpj,$car1,$car1
ld [$np+$j],$npj ! np[j]
srlx $car1,32,$tmp0
and $car1,$mask,$car1
add $tmp0,$sbit,$sbit
add $acc0,$car1,$car1
ld [$tp+8],$tpj ! tp[j]
add $acc1,$car1,$car1

15
crypto/bn/asm/via-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -213,18 +213,15 @@ $sp=&DWP(28,"esp");
&mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit
&sbb ("eax",0);
&and ("esi","eax");
&not ("eax");
&mov ("ebp","edi");
&and ("ebp","eax");
&or ("esi","ebp"); # tp=carry?tp:rp
&mov ("ecx","edx"); # num
&xor ("edx","edx"); # i=0
&mov ("edx",0); # i=0
&set_label("copy",8);
&mov ("eax",&DWP(0,"esi","edx",4));
&mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp
&mov ("ebx",&DWP(0,"esi","edx",4));
&mov ("eax",&DWP(0,"edi","edx",4));
&mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp
&cmovc ("eax","ebx");
&mov (&DWP(0,"edi","edx",4),"eax");
&lea ("edx",&DWP(1,"edx")); # i++
&loop (&label("copy"));

18
crypto/bn/asm/vis3-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -310,23 +310,23 @@ $code.=<<___;
sub $anp, $num, $anp
sub $rp, $num, $rp
subc $ovf, %g0, $ovf ! handle upmost overflow bit
and $tp, $ovf, $ap
andn $rp, $ovf, $np
or $np, $ap, $ap ! ap=borrow?tp:rp
subccc $ovf, %g0, $ovf ! handle upmost overflow bit
ba .Lcopy
sub $num, 8, $cnt
.align 16
.Lcopy: ! copy or in-place refresh
ld [$ap+0], $t2
ld [$ap+4], $t3
add $ap, 8, $ap
.Lcopy: ! conditional copy
ld [$tp+0], $t0
ld [$tp+4], $t1
ld [$rp+0], $t2
ld [$rp+4], $t3
stx %g0, [$tp] ! zap
add $tp, 8, $tp
stx %g0, [$anp] ! zap
stx %g0, [$anp+8]
add $anp, 16, $anp
movcs %icc, $t0, $t2
movcs %icc, $t1, $t3
st $t3, [$rp+0] ! flip order
st $t2, [$rp+4]
add $rp, 8, $rp

20
crypto/bn/asm/x86-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -604,16 +604,18 @@ $sbit=$num;
&jge (&label("sub"));
&sbb ("eax",0); # handle upmost overflow bit
&and ($tp,"eax");
&not ("eax");
&mov ($np,$rp);
&and ($np,"eax");
&or ($tp,$np); # tp=carry?tp:rp
&mov ("edx",-1);
&xor ("edx","eax");
&jmp (&label("copy"));
&set_label("copy",16); # copy or in-place refresh
&mov ("eax",&DWP(0,$tp,$num,4));
&mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i]
&set_label("copy",16); # conditional copy
&mov ($tp,&DWP($frame,"esp",$num,4));
&mov ($np,&DWP(0,$rp,$num,4));
&mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector
&and ($tp,"eax");
&and ($np,"edx");
&or ($np,$tp);
&mov (&DWP(0,$rp,$num,4),$np);
&dec ($num);
&jge (&label("copy"));

8
crypto/bn/asm/x86_64-gcc.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -64,12 +64,6 @@
* machine.
*/
# if defined(_WIN64) || !defined(__LP64__)
# define BN_ULONG unsigned long long
# else
# define BN_ULONG unsigned long
# endif
# undef mul
# undef mul_add

83
crypto/bn/asm/x86_64-mont.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -302,30 +302,30 @@ $code.=<<___;
xor $i,$i # i=0 and clear CF!
mov (%rsp),%rax # tp[0]
lea (%rsp),$ap # borrow ap for tp
mov $num,$j # j=num
jmp .Lsub
.align 16
.Lsub: sbb ($np,$i,8),%rax
mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i]
mov 8($ap,$i,8),%rax # tp[i+1]
mov 8(%rsp,$i,8),%rax # tp[i+1]
lea 1($i),$i # i++
dec $j # doesnn't affect CF!
jnz .Lsub
sbb \$0,%rax # handle upmost overflow bit
mov \$-1,%rbx
xor %rax,%rbx # not %rax
xor $i,$i
and %rax,$ap
not %rax
mov $rp,$np
and %rax,$np
mov $num,$j # j=num
or $np,$ap # ap=borrow?tp:rp
.align 16
.Lcopy: # copy or in-place refresh
mov ($ap,$i,8),%rax
mov $i,(%rsp,$i,8) # zap temporary vector
mov %rax,($rp,$i,8) # rp[i]=tp[i]
.Lcopy: # conditional copy
mov ($rp,$i,8),%rcx
mov (%rsp,$i,8),%rdx
and %rbx,%rcx
and %rax,%rdx
mov $num,(%rsp,$i,8) # zap temporary vector
or %rcx,%rdx
mov %rdx,($rp,$i,8) # rp[i]=tp[i]
lea 1($i),$i
sub \$1,$j
jnz .Lcopy
@@ -695,10 +695,10 @@ ___
my @ri=("%rax","%rdx",$m0,$m1);
$code.=<<___;
mov 16(%rsp,$num,8),$rp # restore $rp
lea -4($num),$j
mov 0(%rsp),@ri[0] # tp[0]
pxor %xmm0,%xmm0
mov 8(%rsp),@ri[1] # tp[1]
shr \$2,$num # num/=4
shr \$2,$j # j=num/4-1
lea (%rsp),$ap # borrow ap for tp
xor $i,$i # i=0 and clear CF!
@@ -706,9 +706,7 @@ $code.=<<___;
mov 16($ap),@ri[2] # tp[2]
mov 24($ap),@ri[3] # tp[3]
sbb 8($np),@ri[1]
lea -1($num),$j # j=num/4-1
jmp .Lsub4x
.align 16
.Lsub4x:
mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i]
mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i]
@@ -735,34 +733,35 @@ $code.=<<___;
sbb \$0,@ri[0] # handle upmost overflow bit
mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i]
xor $i,$i # i=0
and @ri[0],$ap
not @ri[0]
mov $rp,$np
and @ri[0],$np
lea -1($num),$j
or $np,$ap # ap=borrow?tp:rp
pxor %xmm0,%xmm0
movq @ri[0],%xmm4
pcmpeqd %xmm5,%xmm5
pshufd \$0,%xmm4,%xmm4
mov $num,$j
pxor %xmm4,%xmm5
shr \$2,$j # j=num/4
xor %eax,%eax # i=0
movdqu ($ap),%xmm1
movdqa %xmm0,(%rsp)
movdqu %xmm1,($rp)
jmp .Lcopy4x
.align 16
.Lcopy4x: # copy or in-place refresh
movdqu 16($ap,$i),%xmm2
movdqu 32($ap,$i),%xmm1
movdqa %xmm0,16(%rsp,$i)
movdqu %xmm2,16($rp,$i)
movdqa %xmm0,32(%rsp,$i)
movdqu %xmm1,32($rp,$i)
lea 32($i),$i
.Lcopy4x: # conditional copy
movdqa (%rsp,%rax),%xmm1
movdqu ($rp,%rax),%xmm2
pand %xmm4,%xmm1
pand %xmm5,%xmm2
movdqa 16(%rsp,%rax),%xmm3
movdqa %xmm0,(%rsp,%rax)
por %xmm2,%xmm1
movdqu 16($rp,%rax),%xmm2
movdqu %xmm1,($rp,%rax)
pand %xmm4,%xmm3
pand %xmm5,%xmm2
movdqa %xmm0,16(%rsp,%rax)
por %xmm2,%xmm3
movdqu %xmm3,16($rp,%rax)
lea 32(%rax),%rax
dec $j
jnz .Lcopy4x
shl \$2,$num
movdqu 16($ap,$i),%xmm2
movdqa %xmm0,16(%rsp,$i)
movdqu %xmm2,16($rp,$i)
___
}
$code.=<<___;

21
crypto/bn/asm/x86_64-mont5.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -414,18 +414,19 @@ $code.=<<___;
jnz .Lsub
sbb \$0,%rax # handle upmost overflow bit
mov \$-1,%rbx
xor %rax,%rbx
xor $i,$i
and %rax,$ap
not %rax
mov $rp,$np
and %rax,$np
mov $num,$j # j=num
or $np,$ap # ap=borrow?tp:rp
.align 16
.Lcopy: # copy or in-place refresh
mov ($ap,$i,8),%rax
.Lcopy: # conditional copy
mov ($rp,$i,8),%rcx
mov (%rsp,$i,8),%rdx
and %rbx,%rcx
and %rax,%rdx
mov $i,(%rsp,$i,8) # zap temporary vector
mov %rax,($rp,$i,8) # rp[i]=tp[i]
or %rcx,%rdx
mov %rdx,($rp,$i,8) # rp[i]=tp[i]
lea 1($i),$i
sub \$1,$j
jnz .Lcopy

90
crypto/bn/bn_blind.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -109,10 +109,15 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
goto err;
} else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
goto err;
if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx))
goto err;
if (b->m_ctx != NULL) {
if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx)
|| !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx))
goto err;
} else {
if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)
|| !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
goto err;
}
}
ret = 1;
@@ -144,13 +149,13 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
else if (!BN_BLINDING_update(b, ctx))
return (0);
if (r != NULL) {
if (!BN_copy(r, b->Ai))
ret = 0;
}
if (r != NULL && (BN_copy(r, b->Ai) == NULL))
return 0;
if (!BN_mod_mul(n, n, b->A, b->mod, ctx))
ret = 0;
if (b->m_ctx != NULL)
ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx);
else
ret = BN_mod_mul(n, n, b->A, b->mod, ctx);
return ret;
}
@@ -167,14 +172,29 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
bn_check_top(n);
if (r != NULL)
ret = BN_mod_mul(n, n, r, b->mod, ctx);
else {
if (b->Ai == NULL) {
BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
return (0);
if (r == NULL && (r = b->Ai) == NULL) {
BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
return 0;
}
if (b->m_ctx != NULL) {
/* ensure that BN_mod_mul_montgomery takes pre-defined path */
if (n->dmax >= r->top) {
size_t i, rtop = r->top, ntop = n->top;
BN_ULONG mask;
for (i = 0; i < rtop; i++) {
mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1));
n->d[i] &= mask;
}
mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1));
/* always true, if (rtop >= ntop) n->top = r->top; */
n->top = (int)(rtop & ~mask) | (ntop & mask);
n->flags |= (BN_FLG_FIXED_TOP & ~mask);
}
ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx);
} else {
ret = BN_mod_mul(n, n, r, b->mod, ctx);
}
bn_check_top(n);
@@ -253,31 +273,35 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
int rv;
if (!BN_rand_range(ret->A, ret->mod))
goto err;
if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) {
/*
* this should almost never happen for good RSA keys
*/
if (rv) {
if (retry_counter-- == 0) {
BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
BN_R_TOO_MANY_ITERATIONS);
goto err;
}
} else
goto err;
} else
if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
break;
/*
* this should almost never happen for good RSA keys
*/
if (!rv)
goto err;
if (retry_counter-- == 0) {
BNerr(BN_F_BN_BLINDING_CREATE_PARAM, BN_R_TOO_MANY_ITERATIONS);
goto err;
}
} while (1);
if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
if (!ret->bn_mod_exp
(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
goto err;
} else {
if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
goto err;
}
if (ret->m_ctx != NULL) {
if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx)
|| !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx))
goto err;
}
return ret;
err:
if (b == NULL) {

4
crypto/bn/bn_ctx.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -227,6 +227,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
}
/* OK, make sure the returned bignum is "zero" */
BN_zero(ret);
/* clear BN_FLG_CONSTTIME if leaked from previous frames */
ret->flags &= (~BN_FLG_CONSTTIME);
ctx->used++;
CTXDBG_RET(ctx, ret);
return ret;

3
crypto/bn/bn_div.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -240,6 +240,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
wnum.neg = 0;
wnum.d = &(snum->d[loop]);
wnum.top = div_n;
wnum.flags = BN_FLG_STATIC_DATA;
/*
* only needed when BN_ucmp messes up the values between top and max
*/

69
crypto/bn/bn_exp.c
View File

@@ -188,8 +188,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(r);
} else {
@@ -330,8 +330,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(rr);
} else {
@@ -371,17 +371,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
ret = 1;
goto err;
}
if (!BN_to_montgomery(val[0], aa, mont, ctx))
if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
goto err; /* 1 */
window = BN_window_bits_for_exponent_size(bits);
if (window > 1) {
if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx))
goto err; /* 2 */
j = 1 << (window - 1);
for (i = 1; i < j; i++) {
if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
!BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
!bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx))
goto err;
}
}
@@ -403,19 +403,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
for (i = 1; i < j; i++)
r->d[i] = (~m->d[i]) & BN_MASK2;
r->top = j;
/*
* Upper words will be zero if the corresponding words of 'm' were
* 0xfff[...], so decrement r->top accordingly.
*/
bn_correct_top(r);
r->flags |= BN_FLG_FIXED_TOP;
} else
#endif
if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx))
goto err;
for (;;) {
if (BN_is_bit_set(p, wstart) == 0) {
if (!start) {
if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
goto err;
}
if (wstart == 0)
@@ -446,12 +442,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* add the 'bytes above' */
if (!start)
for (i = 0; i < j; i++) {
if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
goto err;
}
/* wvalue will be an odd number < 2^window */
if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx))
goto err;
/* move the 'window' down further */
@@ -461,6 +457,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
if (wstart < 0)
break;
}
/*
* Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
* removes padding [if any] and makes return value suitable for public
* API consumer.
*/
#if defined(SPARC_T4_MONT)
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
j = mont->N.top; /* borrow j */
@@ -587,7 +588,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
}
b->top = top;
bn_correct_top(b);
b->flags |= BN_FLG_FIXED_TOP;
return 1;
}
@@ -639,8 +640,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
*/
bits = p->top * BN_BITS2;
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(rr);
} else {
@@ -757,16 +758,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
tmp.top = top;
} else
#endif
if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx))
goto err;
/* prepare a^1 in Montgomery domain */
if (a->neg || BN_ucmp(a, m) >= 0) {
if (!BN_mod(&am, a, m, ctx))
goto err;
if (!BN_to_montgomery(&am, &am, mont, ctx))
if (!bn_to_mont_fixed_top(&am, &am, mont, ctx))
goto err;
} else if (!BN_to_montgomery(&am, a, mont, ctx))
} else if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
goto err;
#if defined(SPARC_T4_MONT)
@@ -1033,14 +1034,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
* performance advantage of sqr over mul).
*/
if (window > 1) {
if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
window))
goto err;
for (i = 3; i < numPowers; i++) {
/* Calculate a^i = a^(i-1) * a */
if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
window))
@@ -1064,7 +1065,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* Scan the window, squaring the result as we go */
for (i = 0; i < window; i++, bits--) {
if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx))
goto err;
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
}
@@ -1077,12 +1078,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
goto err;
/* Multiply the result into the intermediate result */
if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx))
goto err;
}
}
/* Convert the final result from montgomery to standard format */
/*
* Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
* removes padding [if any] and makes return value suitable for public
* API consumer.
*/
#if defined(SPARC_T4_MONT)
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
am.d[0] = 1; /* borrow am */
@@ -1151,8 +1156,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(rr);
} else {
@@ -1273,9 +1278,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
if (bits == 0) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(r);
} else {

11
crypto/bn/bn_gcd.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -140,7 +140,14 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
BIGNUM *ret = NULL;
int sign;
if (pnoinv)
/* This is invalid input so we don't worry about constant time here */
if (BN_abs_is_word(n, 1) || BN_is_zero(n)) {
if (pnoinv != NULL)
*pnoinv = 1;
return NULL;
}
if (pnoinv != NULL)
*pnoinv = 0;
if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)

34
crypto/bn/bn_gf2m.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -32,30 +32,32 @@
*/
# define MAX_ITERATIONS 50
static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21,
64, 65, 68, 69, 80, 81, 84, 85
};
# define SQR_nibble(w) ((((w) & 8) << 3) \
| (((w) & 4) << 2) \
| (((w) & 2) << 1) \
| ((w) & 1))
/* Platform-specific macros to accelerate squaring. */
# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
# define SQR1(w) \
SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF]
SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \
SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \
SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \
SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32)
# define SQR0(w) \
SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \
SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \
SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \
SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) )
# endif
# ifdef THIRTY_TWO_BIT
# define SQR1(w) \
SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF]
SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \
SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16)
# define SQR0(w) \
SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \
SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) )
# endif
# if !defined(OPENSSL_BN_ASM_GF2m)

12
crypto/bn/bn_intern.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -177,16 +177,20 @@ BN_ULONG *bn_get_words(const BIGNUM *a)
return a->d;
}
void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size)
void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size)
{
a->d = words;
/*
* |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
* flag, which effectively means "read-only data".
*/
a->d = (BN_ULONG *)words;
a->dmax = a->top = size;
a->neg = 0;
a->flags |= BN_FLG_STATIC_DATA;
bn_correct_top(a);
}
int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words)
int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words)
{
if (bn_wexpand(a, num_words) == NULL) {
BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE);

23
crypto/bn/bn_lcl.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -145,7 +145,16 @@ extern "C" {
*/
# ifdef BN_DEBUG
/*
* The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
* bn_correct_top, in other words such vectors are permitted to have zeros
* in most significant limbs. Such vectors are used internally to achieve
* execution time invariance for critical operations with private keys.
* It's BN_DEBUG-only flag, because user application is not supposed to
* observe it anyway. Moreover, optimizing compiler would actually remove
* all operations manipulating the bit in question in non-BN_DEBUG build.
*/
# define BN_FLG_FIXED_TOP 0x10000
# ifdef BN_DEBUG_RAND
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
# ifndef RAND_bytes
@@ -177,8 +186,10 @@ int RAND_bytes(unsigned char *buf, int num);
do { \
const BIGNUM *_bnum2 = (a); \
if (_bnum2 != NULL) { \
OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \
(_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \
int _top = _bnum2->top; \
OPENSSL_assert((_top == 0 && !_bnum2->neg) || \
(_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \
|| _bnum2->d[_top - 1] != 0))); \
bn_pollute(_bnum2); \
} \
} while(0)
@@ -197,6 +208,7 @@ int RAND_bytes(unsigned char *buf, int num);
# else /* !BN_DEBUG */
# define BN_FLG_FIXED_TOP 0
# define bn_pollute(a)
# define bn_check_top(a)
# define bn_fix_top(a) bn_correct_top(a)
@@ -228,7 +240,8 @@ struct bignum_st {
/* Used for montgomery multiplication */
struct bn_mont_ctx_st {
int ri; /* number of bits in R */
BIGNUM RR; /* used to convert to montgomery form */
BIGNUM RR; /* used to convert to montgomery form,
possibly zero-padded */
BIGNUM N; /* The modulus */
BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only
* stored for bignum algorithm) */

189
crypto/bn/bn_lib.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -12,6 +12,7 @@
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include <openssl/opensslconf.h>
#include "internal/constant_time_locl.h"
/* This stuff appears to be completely unused, so is deprecated */
#if OPENSSL_API_COMPAT < 0x00908000L
@@ -131,13 +132,57 @@ int BN_num_bits_word(BN_ULONG l)
return bits;
}
/*
* This function still leaks `a->dmax`: it's caller's responsibility to
* expand the input `a` in advance to a public length.
*/
static ossl_inline
int bn_num_bits_consttime(const BIGNUM *a)
{
int j, ret;
unsigned int mask, past_i;
int i = a->top - 1;
bn_check_top(a);
for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) {
mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */
ret += BN_BITS2 & (~mask & ~past_i);
ret += BN_num_bits_word(a->d[j]) & mask;
past_i |= mask; /* past_i will become 0xff..ff after i==j */
}
/*
* if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the
* final result.
*/
mask = ~(constant_time_eq_int(i, ((int)-1)));
return ret & mask;
}
int BN_num_bits(const BIGNUM *a)
{
int i = a->top - 1;
bn_check_top(a);
if (a->flags & BN_FLG_CONSTTIME) {
/*
* We assume that BIGNUMs flagged as CONSTTIME have also been expanded
* so that a->dmax is not leaking secret information.
*
* In other words, it's the caller's responsibility to ensure `a` has
* been preallocated in advance to a public length if we hit this
* branch.
*
*/
return bn_num_bits_consttime(a);
}
if (BN_is_zero(a))
return 0;
return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
}
@@ -222,8 +267,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
const BN_ULONG *B;
int i;
bn_check_top(b);
if (words > (INT_MAX / (4 * BN_BITS2))) {
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
return NULL;
@@ -298,8 +341,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
BIGNUM *bn_expand2(BIGNUM *b, int words)
{
bn_check_top(b);
if (words > b->dmax) {
BN_ULONG *a = bn_expand_internal(b, words);
if (!a)
@@ -312,7 +353,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
b->dmax = words;
}
bn_check_top(b);
return b;
}
@@ -379,12 +419,19 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
a->top = b->top;
a->neg = b->neg;
a->top = b->top;
a->flags |= b->flags & BN_FLG_FIXED_TOP;
bn_check_top(a);
return (a);
}
#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \
| BN_FLG_CONSTTIME \
| BN_FLG_SECURE \
| BN_FLG_FIXED_TOP))
#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED))
void BN_swap(BIGNUM *a, BIGNUM *b)
{
int flags_old_a, flags_old_b;
@@ -412,10 +459,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
b->dmax = tmp_dmax;
b->neg = tmp_neg;
a->flags =
(flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
b->flags =
(flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b);
b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a);
bn_check_top(a);
bn_check_top(b);
}
@@ -425,8 +470,9 @@ void BN_clear(BIGNUM *a)
bn_check_top(a);
if (a->d != NULL)
OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
a->top = 0;
a->neg = 0;
a->top = 0;
a->flags &= ~BN_FLG_FIXED_TOP;
}
BN_ULONG BN_get_word(const BIGNUM *a)
@@ -447,6 +493,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
a->neg = 0;
a->d[0] = w;
a->top = (w ? 1 : 0);
a->flags &= ~BN_FLG_FIXED_TOP;
bn_check_top(a);
return (1);
}
@@ -496,27 +543,56 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
return (ret);
}
typedef enum {big, little} endianess_t;
/* ignore negative */
static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
static
int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess)
{
int i;
int n;
size_t i, lasti, j, atop, mask;
BN_ULONG l;
bn_check_top(a);
i = BN_num_bytes(a);
if (tolen == -1)
tolen = i;
else if (tolen < i)
return -1;
/* Add leading zeroes if necessary */
if (tolen > i) {
memset(to, 0, tolen - i);
to += tolen - i;
/*
* In case |a| is fixed-top, BN_num_bytes can return bogus length,
* but it's assumed that fixed-top inputs ought to be "nominated"
* even for padded output, so it works out...
*/
n = BN_num_bytes(a);
if (tolen == -1) {
tolen = n;
} else if (tolen < n) { /* uncommon/unlike case */
BIGNUM temp = *a;
bn_correct_top(&temp);
n = BN_num_bytes(&temp);
if (tolen < n)
return -1;
}
while (i--) {
/* Swipe through whole available data and don't give away padded zero. */
atop = a->dmax * BN_BYTES;
if (atop == 0) {
OPENSSL_cleanse(to, tolen);
return tolen;
}
lasti = atop - 1;
atop = a->top * BN_BYTES;
if (endianess == big)
to += tolen; /* start from the end of the buffer */
for (i = 0, j = 0; j < (size_t)tolen; j++) {
unsigned char val;
l = a->d[i / BN_BYTES];
*(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1));
val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
if (endianess == big)
*--to = val;
else
*to++ = val;
i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */
}
return tolen;
}
@@ -524,12 +600,12 @@ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
{
if (tolen < 0)
return -1;
return bn2binpad(a, to, tolen);
return bn2binpad(a, to, tolen, big);
}
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
{
return bn2binpad(a, to, -1);
return bn2binpad(a, to, -1, big);
}
BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
@@ -581,22 +657,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
{
int i;
BN_ULONG l;
bn_check_top(a);
i = BN_num_bytes(a);
if (tolen < i)
if (tolen < 0)
return -1;
/* Add trailing zeroes if necessary */
if (tolen > i)
memset(to + i, 0, tolen - i);
to += i;
while (i--) {
l = a->d[i / BN_BYTES];
to--;
*to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
}
return tolen;
return bn2binpad(a, to, tolen, little);
}
int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
@@ -683,6 +746,7 @@ int BN_set_bit(BIGNUM *a, int n)
for (k = a->top; k < i + 1; k++)
a->d[k] = 0;
a->top = i + 1;
a->flags &= ~BN_FLG_FIXED_TOP;
}
a->d[i] |= (((BN_ULONG)1) << j);
@@ -757,6 +821,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
int i;
BN_ULONG aa, bb;
if (n == 0)
return 0;
aa = a[n - 1];
bb = b[n - 1];
if (aa != bb)
@@ -824,6 +891,38 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
a->top ^= t;
b->top ^= t;
t = (a->neg ^ b->neg) & condition;
a->neg ^= t;
b->neg ^= t;
/*-
* BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
* is actually to treat it as it's read-only data, and some (if not most)
* of it does reside in read-only segment. In other words observation of
* BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
* condition. It would either cause SEGV or effectively cause data
* corruption.
*
* BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
* preserved.
*
* BN_FLG_SECURE: must be preserved, because it determines how x->d was
* allocated and hence how to free it.
*
* BN_FLG_CONSTTIME: sufficient to mask and swap
*
* BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
* the data, so the d array may be padded with additional 0 values (i.e.
* top could be greater than the minimal value that it could be). We should
* be swapping it
*/
#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
a->flags ^= t;
b->flags ^= t;
#define BN_CONSTTIME_SWAP(ind) \
do { \
t = (a->d[ind] ^ b->d[ind]) & condition; \
@@ -887,8 +986,9 @@ int BN_security_bits(int L, int N)
void BN_zero_ex(BIGNUM *a)
{
a->top = 0;
a->neg = 0;
a->top = 0;
a->flags &= ~BN_FLG_FIXED_TOP;
}
int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w)
@@ -1012,5 +1112,6 @@ void bn_correct_top(BIGNUM *a)
}
if (a->top == 0)
a->neg = 0;
a->flags &= ~BN_FLG_FIXED_TOP;
bn_pollute(a);
}

134
crypto/bn/bn_mod.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -35,16 +35,72 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
/*
* BN_mod_add variant that may be used if both a and b are non-negative and
* less than m
* less than m. The original algorithm was
*
* if (!BN_uadd(r, a, b))
* return 0;
* if (BN_ucmp(r, m) >= 0)
* return BN_usub(r, r, m);
*
* which is replaced with addition, subtracting modulus, and conditional
* move depending on whether or not subtraction borrowed.
*/
int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m)
{
size_t i, ai, bi, mtop = m->top;
BN_ULONG storage[1024 / BN_BITS2];
BN_ULONG carry, temp, mask, *rp, *tp = storage;
const BN_ULONG *ap, *bp;
if (bn_wexpand(r, mtop) == NULL)
return 0;
if (mtop > sizeof(storage) / sizeof(storage[0])
&& (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL)
return 0;
ap = a->d != NULL ? a->d : tp;
bp = b->d != NULL ? b->d : tp;
for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) {
mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
temp = ((ap[ai] & mask) + carry) & BN_MASK2;
carry = (temp < carry);
mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2;
carry += (tp[i] < temp);
i++;
ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
}
rp = r->d;
carry -= bn_sub_words(rp, tp, m->d, mtop);
for (i = 0; i < mtop; i++) {
rp[i] = (carry & tp[i]) | (~carry & rp[i]);
((volatile BN_ULONG *)tp)[i] = 0;
}
r->top = mtop;
r->flags |= BN_FLG_FIXED_TOP;
r->neg = 0;
if (tp != storage)
OPENSSL_free(tp);
return 1;
}
int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m)
{
if (!BN_uadd(r, a, b))
return 0;
if (BN_ucmp(r, m) >= 0)
return BN_usub(r, r, m);
return 1;
int ret = bn_mod_add_fixed_top(r, a, b, m);
if (ret)
bn_correct_top(r);
return ret;
}
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
@@ -55,6 +111,70 @@ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
return BN_nnmod(r, r, m, ctx);
}
/*
* BN_mod_sub variant that may be used if both a and b are non-negative,
* a is less than m, while b is of same bit width as m. It's implemented
* as subtraction followed by two conditional additions.
*
* 0 <= a < m
* 0 <= b < 2^w < 2*m
*
* after subtraction
*
* -2*m < r = a - b < m
*
* Thus it takes up to two conditional additions to make |r| positive.
*/
int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m)
{
size_t i, ai, bi, mtop = m->top;
BN_ULONG borrow, carry, ta, tb, mask, *rp;
const BN_ULONG *ap, *bp;
if (bn_wexpand(r, mtop) == NULL)
return 0;
rp = r->d;
ap = a->d != NULL ? a->d : rp;
bp = b->d != NULL ? b->d : rp;
for (i = 0, ai = 0, bi = 0, borrow = 0; i < mtop;) {
mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
ta = ap[ai] & mask;
mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
tb = bp[bi] & mask;
rp[i] = ta - tb - borrow;
if (ta != tb)
borrow = (ta < tb);
i++;
ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
}
ap = m->d;
for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) {
ta = ((ap[i] & mask) + carry) & BN_MASK2;
carry = (ta < carry);
rp[i] = (rp[i] + ta) & BN_MASK2;
carry += (rp[i] < ta);
}
borrow -= carry;
for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) {
ta = ((ap[i] & mask) + carry) & BN_MASK2;
carry = (ta < carry);
rp[i] = (rp[i] + ta) & BN_MASK2;
carry += (rp[i] < ta);
}
r->top = mtop;
r->flags |= BN_FLG_FIXED_TOP;
r->neg = 0;
return 1;
}
/*
* BN_mod_sub variant that may be used if both a and b are non-negative and
* less than m

92
crypto/bn/bn_mont.c
View File

@@ -20,29 +20,43 @@
#define MONT_WORD /* use the faster word-based algorithm */
#ifdef MONT_WORD
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
#endif
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_MONT_CTX *mont, BN_CTX *ctx)
{
int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx);
bn_correct_top(r);
bn_check_top(r);
return ret;
}
int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_MONT_CTX *mont, BN_CTX *ctx)
{
BIGNUM *tmp;
int ret = 0;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
int num = mont->N.top;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
if (num > 1 && a->top == num && b->top == num) {
if (bn_wexpand(r, num) == NULL)
return (0);
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
r->neg = a->neg ^ b->neg;
r->top = num;
bn_correct_top(r);
r->flags |= BN_FLG_FIXED_TOP;
return (1);
}
}
#endif
if ((a->top + b->top) > 2 * num)
return 0;
BN_CTX_start(ctx);
tmp = BN_CTX_get(ctx);
if (tmp == NULL)
@@ -50,21 +64,20 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
bn_check_top(tmp);
if (a == b) {
if (!BN_sqr(tmp, a, ctx))
if (!bn_sqr_fixed_top(tmp, a, ctx))
goto err;
} else {
if (!BN_mul(tmp, a, b, ctx))
if (!bn_mul_fixed_top(tmp, a, b, ctx))
goto err;
}
/* reduce from aRR to aR */
#ifdef MONT_WORD
if (!BN_from_montgomery_word(r, tmp, mont))
if (!bn_from_montgomery_word(r, tmp, mont))
goto err;
#else
if (!BN_from_montgomery(r, tmp, mont, ctx))
goto err;
#endif
bn_check_top(r);
ret = 1;
err:
BN_CTX_end(ctx);
@@ -72,11 +85,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
}
#ifdef MONT_WORD
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
{
BIGNUM *n;
BN_ULONG *ap, *np, *rp, n0, v, carry;
int nl, max, i;
unsigned int rtop;
n = &(mont->N);
nl = n->top;
@@ -93,12 +107,13 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
np = n->d;
rp = r->d;
/* clear the top words of T */
i = max - r->top;
if (i)
memset(&rp[r->top], 0, sizeof(*rp) * i);
for (rtop = r->top, i = 0; i < max; i++) {
v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1));
rp[i] &= v;
}
r->top = max;
r->flags |= BN_FLG_FIXED_TOP;
n0 = mont->n0[0];
/*
@@ -117,6 +132,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
if (bn_wexpand(ret, nl) == NULL)
return (0);
ret->top = nl;
ret->flags |= BN_FLG_FIXED_TOP;
ret->neg = r->neg;
rp = ret->d;
@@ -127,20 +143,16 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
*/
ap = &(r->d[nl]);
carry -= bn_sub_words(rp, ap, np, nl);
/*
* |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
* cannot be -1. That would imply the subtraction did not fit in |nl| words,
* and we know at most one subtraction is needed.
* |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
* |carry| cannot be 1. That would imply the subtraction did not fit in
* |nl| words, and we know at most one subtraction is needed.
*/
v = bn_sub_words(rp, ap, np, nl) - carry;
v = 0 - v;
for (i = 0; i < nl; i++) {
rp[i] = (v & ap[i]) | (~v & rp[i]);
rp[i] = (carry & ap[i]) | (~carry & rp[i]);
ap[i] = 0;
}
bn_correct_top(r);
bn_correct_top(ret);
bn_check_top(ret);
return (1);
}
@@ -148,14 +160,27 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
BN_CTX *ctx)
{
int retn;
retn = bn_from_mont_fixed_top(ret, a, mont, ctx);
bn_correct_top(ret);
bn_check_top(ret);
return retn;
}
int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
BN_CTX *ctx)
{
int retn = 0;
#ifdef MONT_WORD
BIGNUM *t;
BN_CTX_start(ctx);
if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
retn = BN_from_montgomery_word(ret, t, mont);
if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) {
retn = bn_from_montgomery_word(ret, t, mont);
}
BN_CTX_end(ctx);
#else /* !MONT_WORD */
BIGNUM *t1, *t2;
@@ -193,6 +218,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
return (retn);
}
int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
BN_CTX *ctx)
{
return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx);
}
BN_MONT_CTX *BN_MONT_CTX_new(void)
{
BN_MONT_CTX *ret;
@@ -229,7 +260,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
{
int ret = 0;
int i, ret = 0;
BIGNUM *Ri, *R;
if (BN_is_zero(mod))
@@ -278,7 +309,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
tmod.top = 2;
if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
if (BN_is_one(&tmod))
BN_zero(Ri);
else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
goto err;
if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
goto err; /* R*Ri */
@@ -311,7 +344,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
buf[1] = 0;
tmod.top = buf[0] != 0 ? 1 : 0;
/* Ri = R^-1 mod N */
if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
if (BN_is_one(&tmod))
BN_zero(Ri);
else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
goto err;
if (!BN_lshift(Ri, Ri, BN_BITS2))
goto err; /* R*Ri */
@@ -360,6 +395,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
goto err;
for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
mont->RR.d[i] = 0;
mont->RR.top = ret;
mont->RR.flags |= BN_FLG_FIXED_TOP;
ret = 1;
err:
BN_CTX_end(ctx);

14
crypto/bn/bn_mul.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -832,6 +832,16 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
#endif /* BN_RECURSION */
int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
int ret = bn_mul_fixed_top(r, a, b, ctx);
bn_correct_top(r);
bn_check_top(r);
return ret;
}
int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
int ret = 0;
int top, al, bl;
@@ -935,7 +945,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
end:
#endif
rr->neg = a->neg ^ b->neg;
bn_correct_top(rr);
rr->flags |= BN_FLG_FIXED_TOP;
if (r != rr && BN_copy(r, rr) == NULL)
goto err;

7
crypto/bn/bn_rand.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -215,8 +215,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
goto err;
/* We copy |priv| into a local buffer to avoid exposing its length. */
todo = sizeof(priv->d[0]) * priv->top;
if (todo > sizeof(private_bytes)) {
if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) {
/*
* No reasonable DSA or ECDSA key should have a private key this
* large and we don't handle this case in order to avoid leaking the
@@ -225,8 +224,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
goto err;
}
memcpy(private_bytes, priv->d, todo);
memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
for (done = 0; done < num_k_bytes;) {
if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)

22
crypto/bn/bn_sqr.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -15,6 +15,16 @@
* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96
*/
int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
{
int ret = bn_sqr_fixed_top(r, a, ctx);
bn_correct_top(r);
bn_check_top(r);
return ret;
}
int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
{
int max, al;
int ret = 0;
@@ -82,14 +92,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
}
rr->neg = 0;
/*
* If the most-significant half of the top word of 'a' is zero, then the
* square of 'a' will max-1 words.
*/
if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
rr->top = max - 1;
else
rr->top = max;
rr->top = max;
rr->flags |= BN_FLG_FIXED_TOP;
if (r != rr && BN_copy(r, rr) == NULL)
goto err;

6
crypto/bn/bn_x931p.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -184,8 +184,10 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
for (i = 0; i < 1000; i++) {
if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
goto err;
/* Check that |Xp - Xq| > 2^(nbits - 100) */
BN_sub(t, Xp, Xq);
if (!BN_sub(t, Xp, Xq))
goto err;
if (BN_num_bits(t) > (nbits - 100))
break;
}

3
crypto/build.info
View File

@@ -1,9 +1,8 @@
{- use File::Spec::Functions qw/catdir catfile/; -}
LIBS=../libcrypto
SOURCE[../libcrypto]=\
cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c \
threads_pthread.c threads_win.c threads_none.c \
threads_pthread.c threads_win.c threads_none.c getenv.c \
o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
{- $target{uplink_aux_src} -}
EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \

4
crypto/chacha/asm/chacha-x86.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -61,7 +61,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
$1>=10); # first version supporting AVX
$ymm=1 if ($xmm && !$ymm &&
`$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ &&
`$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ &&
$2>=3.0); # first version supporting AVX
$a="eax";

21
crypto/cms/cms_env.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
return 0;
}
EVP_PKEY_free(ri->d.ktri->pkey);
ri->d.ktri->pkey = pkey;
return 1;
}
@@ -362,6 +363,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
unsigned char *ek = NULL;
size_t eklen;
int ret = 0;
size_t fixlen = 0;
CMS_EncryptedContentInfo *ec;
ec = cms->d.envelopedData->encryptedContentInfo;
@@ -370,6 +372,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
return 0;
}
if (cms->d.envelopedData->encryptedContentInfo->havenocert
&& !cms->d.envelopedData->encryptedContentInfo->debug) {
X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm);
if (ciph == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER);
return 0;
}
fixlen = EVP_CIPHER_key_length(ciph);
}
ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (ktri->pctx == NULL)
return 0;
@@ -400,7 +415,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
ktri->encryptedKey->data,
ktri->encryptedKey->length) <= 0) {
ktri->encryptedKey->length) <= 0
|| eklen == 0
|| (fixlen != 0 && eklen != fixlen)) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
goto err;
}

4
crypto/cms/cms_lcl.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -129,6 +129,8 @@ struct CMS_EncryptedContentInfo_st {
size_t keylen;
/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
int debug;
/* Set to 1 if we have no cert and need extra safety measures for MMA */
int havenocert;
};
struct CMS_RecipientInfo_st {

7
crypto/cms/cms_smime.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
* all.
*/
else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
EVP_PKEY_up_ref(pk);
CMS_RecipientInfo_set0_pkey(ri, pk);
r = CMS_RecipientInfo_decrypt(cms, ri);
CMS_RecipientInfo_set0_pkey(ri, NULL);
@@ -742,6 +743,10 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
cms->d.envelopedData->encryptedContentInfo->debug = 1;
else
cms->d.envelopedData->encryptedContentInfo->debug = 0;
if (!cert)
cms->d.envelopedData->encryptedContentInfo->havenocert = 1;
else
cms->d.envelopedData->encryptedContentInfo->havenocert = 0;
if (!pk && !cert && !dcont && !out)
return 1;
if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))

2
crypto/conf/build.info
View File

@@ -1,4 +1,4 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]= \
conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
conf_mall.c conf_sap.c
conf_mall.c conf_sap.c conf_ssl.c

13
crypto/conf/conf_api.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -9,11 +9,12 @@
/* Part of the code in here was originally in conf.c, which is now removed */
#include "e_os.h"
#include "internal/cryptlib.h"
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
#include <openssl/conf_api.h>
#include "e_os.h"
static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
static void value_free_stack_doall(CONF_VALUE *a);
@@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
if (v != NULL)
return (v->value);
if (strcmp(section, "ENV") == 0) {
p = getenv(name);
p = ossl_safe_getenv(name);
if (p != NULL)
return (p);
}
@@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
else
return (NULL);
} else
return (getenv(name));
return ossl_safe_getenv(name);
}
static unsigned long conf_value_hash(const CONF_VALUE *v)
@@ -205,10 +206,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
vv = lh_CONF_VALUE_insert(conf->data, v);
OPENSSL_assert(vv == NULL);
if (lh_CONF_VALUE_error(conf->data) > 0)
goto err;
return v;
err:
sk_CONF_VALUE_free(sk);
if (v != NULL)
OPENSSL_free(v->section);
OPENSSL_free(v);
return NULL;
}

9
crypto/conf/conf_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,6 +37,7 @@ static ERR_STRING_DATA CONF_str_functs[] = {
{ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
{ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
{ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
{ERR_FUNC(CONF_F_SSL_MODULE_INIT), "ssl_module_init"},
{ERR_FUNC(CONF_F_STR_COPY), "str_copy"},
{0, NULL}
};
@@ -57,6 +58,12 @@ static ERR_STRING_DATA CONF_str_reasons[] = {
{ERR_REASON(CONF_R_NO_SECTION), "no section"},
{ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"},
{ERR_REASON(CONF_R_NO_VALUE), "no value"},
{ERR_REASON(CONF_R_SSL_COMMAND_SECTION_EMPTY),
"ssl command section empty"},
{ERR_REASON(CONF_R_SSL_COMMAND_SECTION_NOT_FOUND),
"ssl command section not found"},
{ERR_REASON(CONF_R_SSL_SECTION_EMPTY), "ssl section empty"},
{ERR_REASON(CONF_R_SSL_SECTION_NOT_FOUND), "ssl section not found"},
{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
"unable to create new section"},
{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"},

11
crypto/conf/conf_lcl.h Normal file
View File

@@ -0,0 +1,11 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
void conf_add_ssl_module(void);

4
crypto/conf/conf_mall.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -14,6 +14,7 @@
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/engine.h>
#include "conf_lcl.h"
/* Load all OpenSSL builtin modules */
@@ -26,4 +27,5 @@ void OPENSSL_load_builtin_modules(void)
ENGINE_add_conf_module();
#endif
EVP_add_alg_module();
conf_add_ssl_module();
}

5
crypto/conf/conf_mod.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -478,8 +478,7 @@ char *CONF_get1_default_config_file(void)
char *file;
int len;
file = getenv("OPENSSL_CONF");
if (file)
if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
return OPENSSL_strdup(file);
len = strlen(X509_get_default_cert_area());

178
crypto/conf/conf_ssl.c Normal file
View File

@@ -0,0 +1,178 @@
/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include "internal/sslconf.h"
#include "conf_lcl.h"
/*
* SSL library configuration module placeholder. We load it here but defer
* all decisions about its contents to libssl.
*/
struct ssl_conf_name_st {
/* Name of this set of commands */
char *name;
/* List of commands */
SSL_CONF_CMD *cmds;
/* Number of commands */
size_t cmd_count;
};
struct ssl_conf_cmd_st {
/* Command */
char *cmd;
/* Argument */
char *arg;
};
static struct ssl_conf_name_st *ssl_names;
static size_t ssl_names_count;
static void ssl_module_free(CONF_IMODULE *md)
{
size_t i, j;
if (ssl_names == NULL)
return;
for (i = 0; i < ssl_names_count; i++) {
struct ssl_conf_name_st *tname = ssl_names + i;
OPENSSL_free(tname->name);
for (j = 0; j < tname->cmd_count; j++) {
OPENSSL_free(tname->cmds[j].cmd);
OPENSSL_free(tname->cmds[j].arg);
}
OPENSSL_free(tname->cmds);
}
OPENSSL_free(ssl_names);
ssl_names = NULL;
ssl_names_count = 0;
}
static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
{
size_t i, j, cnt;
int rv = 0;
const char *ssl_conf_section;
STACK_OF(CONF_VALUE) *cmd_lists;
ssl_conf_section = CONF_imodule_get_value(md);
cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
if (sk_CONF_VALUE_num(cmd_lists) <= 0) {
if (cmd_lists == NULL)
CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND);
else
CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY);
ERR_add_error_data(2, "section=", ssl_conf_section);
goto err;
}
cnt = sk_CONF_VALUE_num(cmd_lists);
ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
ssl_names_count = cnt;
for (i = 0; i < ssl_names_count; i++) {
struct ssl_conf_name_st *ssl_name = ssl_names + i;
CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i);
STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
if (sk_CONF_VALUE_num(cmds) <= 0) {
if (cmds == NULL)
CONFerr(CONF_F_SSL_MODULE_INIT,
CONF_R_SSL_COMMAND_SECTION_NOT_FOUND);
else
CONFerr(CONF_F_SSL_MODULE_INIT,
CONF_R_SSL_COMMAND_SECTION_EMPTY);
ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
goto err;
}
ssl_name->name = OPENSSL_strdup(sect->name);
if (ssl_name->name == NULL)
goto err;
cnt = sk_CONF_VALUE_num(cmds);
ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st));
if (ssl_name->cmds == NULL)
goto err;
ssl_name->cmd_count = cnt;
for (j = 0; j < cnt; j++) {
const char *name;
CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j);
struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j;
/* Skip any initial dot in name */
name = strchr(cmd_conf->name, '.');
if (name != NULL)
name++;
else
name = cmd_conf->name;
cmd->cmd = OPENSSL_strdup(name);
cmd->arg = OPENSSL_strdup(cmd_conf->value);
if (cmd->cmd == NULL || cmd->arg == NULL)
goto err;
}
}
rv = 1;
err:
if (rv == 0)
ssl_module_free(md);
return rv;
}
/*
* Returns the set of commands with index |idx| previously searched for via
* conf_ssl_name_find. Also stores the name of the set of commands in |*name|
* and the number of commands in the set in |*cnt|.
*/
const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt)
{
*name = ssl_names[idx].name;
*cnt = ssl_names[idx].cmd_count;
return ssl_names[idx].cmds;
}
/*
* Search for the named set of commands given in |name|. On success return the
* index for the command set in |*idx|.
* Returns 1 on success or 0 on failure.
*/
int conf_ssl_name_find(const char *name, size_t *idx)
{
size_t i;
const struct ssl_conf_name_st *nm;
if (name == NULL)
return 0;
for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
if (strcmp(nm->name, name) == 0) {
*idx = i;
return 1;
}
}
return 0;
}
/*
* Given a command set |cmd|, return details on the command at index |idx| which
* must be less than the number of commands in the set (as returned by
* conf_ssl_get). The name of the command will be returned in |*cmdstr| and the
* argument is returned in |*arg|.
*/
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
char **arg)
{
*cmdstr = cmd[idx].cmd;
*arg = cmd[idx].arg;
}
void conf_add_ssl_module(void)
{
CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free);
}

Some files were not shown because too many files have changed in this diff Show More