Compare commits

...

445 Commits

Author SHA1 Message Date
Dr. Stephen Henson
bc0ecd202a make update 2010-01-20 15:05:52 +00:00
Dr. Stephen Henson
b307daa23f Prepare for beta5 release 2010-01-20 15:00:49 +00:00
Dr. Stephen Henson
4c95b1bfda Update demo 2010-01-20 14:05:56 +00:00
Dr. Stephen Henson
9359fc5ff2 Support -L options in VC++ link. 2010-01-20 14:04:55 +00:00
Andy Polyakov
a238d7d1eb rand_win.c: handel GetTickCount wrap-around [from HEAD]. 2010-01-19 21:44:07 +00:00
Andy Polyakov
0e92313331 x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD].
PR: 2094,2095
2010-01-19 21:43:05 +00:00
Andy Polyakov
3e719c99f5 s390x assembler update: add support for run-time facility detection [from HEAD]. 2010-01-19 21:40:58 +00:00
Dr. Stephen Henson
2a4d0dcb89 The use of NIDs in the password based encryption table can result in
algorithms not found when an application uses PKCS#12 and only calls
SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple
work around is to add the missing algorithm (40 bit RC2) in
SSL_library_init().
2010-01-19 19:55:47 +00:00
Dr. Stephen Henson
2e155fde39 PR: 2141
Submitted by: "NARUSE, Yui" <naruse@airemix.jp>

Remove non-ASCII comment which causes compilation errors on some versions
of VC++.
2010-01-19 19:28:03 +00:00
Dr. Stephen Henson
9a8c8cb22e stop asn1test compilation producing link errors 2010-01-19 19:25:16 +00:00
Dr. Stephen Henson
04aa7441ab PR: 2144
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
2010-01-19 19:11:21 +00:00
Dr. Stephen Henson
28dc54f6d9 Reverted patch for PR#2095. Addressed by Andy now in x86_64-xlate.pl 2010-01-17 16:58:56 +00:00
Dr. Stephen Henson
a1e1165200 PR: 2135
Submitted by: Mike Frysinger <vapier@gentoo.org>

Change missed references to lib to $(LIBDIR)
2010-01-16 20:06:10 +00:00
Dr. Stephen Henson
ddba003d5e PR: 2144
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
2010-01-16 19:45:59 +00:00
Dr. Stephen Henson
e59d9a34c9 PR: 2133
Submitted by: steve@openssl.org

Add missing DTLS state strings.
2010-01-16 19:20:38 +00:00
Ben Laurie
9e198c4bd0 Fix type-checking/casting issue. 2010-01-16 13:32:14 +00:00
Dr. Stephen Henson
7eceffbfef convert to Unix EOL form 2010-01-15 15:26:32 +00:00
Dr. Stephen Henson
8043f01b13 PR: 2125
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>

Fix gcc-aix compilation issue.
2010-01-14 17:51:52 +00:00
Dr. Stephen Henson
41c0f68630 Fix version handling so it can cope with a major version >3.
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:29 +00:00
Dr. Stephen Henson
2c627637c5 Modify compression code so it avoids using ex_data free functions. This
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:46:01 +00:00
Dr. Stephen Henson
58f4b3511e update ordinals 2010-01-12 17:33:59 +00:00
Dr. Stephen Henson
93fac08ec3 PR: 2136
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
23c3bee970 make update 2010-01-12 01:59:11 +00:00
Dr. Stephen Henson
73ff97ad76 Simplify RI+SCSV logic:
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
2010-01-07 19:05:03 +00:00
Andy Polyakov
0d8ffc2007 b_sock.c: bind/connect are picky about socket address length [from HEAD]. 2010-01-07 13:15:39 +00:00
Andy Polyakov
a32f7fb832 sendto is reportedly picky about destination socket address length [from HEAD].
PR: 2114
Submitted by: Robin Seggelmann
2010-01-07 10:44:21 +00:00
Andy Polyakov
496cf69e40 Fix compilation on older Linux [from HEAD]. 2010-01-06 21:25:22 +00:00
Dr. Stephen Henson
eb17330837 Updates to conform with draft-ietf-tls-renegotiation-03.txt:
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:37:38 +00:00
Dr. Stephen Henson
2708603bb4 ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32) 2010-01-06 13:20:52 +00:00
Dr. Stephen Henson
e4f1cda7de PR: 2102
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Remove duplicate definitions.
2010-01-05 17:58:15 +00:00
Dr. Stephen Henson
4359b88bbe Typo 2010-01-05 17:50:01 +00:00
Dr. Stephen Henson
c079fde3f7 PR: 2132
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.
2010-01-05 17:33:09 +00:00
Dr. Stephen Henson
6e94156199 Remove tabs on blank lines: they produce warnings in pod2man 2010-01-05 17:17:20 +00:00
Dr. Stephen Henson
1f67a3a985 compress_meth should be unsigned 2010-01-05 16:46:39 +00:00
Dr. Stephen Henson
4cba294d79 Client side compression algorithm sanity checks: ensure old compression
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
2010-01-01 14:39:51 +00:00
Dr. Stephen Henson
e642fd7a1c Compression handling on session resume was badly broken: it always
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2010-01-01 00:44:36 +00:00
Andy Polyakov
5448e6739c b_sock.c: correct indirect calls on WinSock platforms [from HEAD].
PR: 2130
Submitted by: Eugeny Gostyukhin
2009-12-30 12:56:16 +00:00
Andy Polyakov
f0389d8d37 Adapt mingw config for newer mingw environment [from HEAD].
PR: 2113
2009-12-30 11:57:39 +00:00
Andy Polyakov
a5313cf360 sha512.c update for esoteric PPC platfrom(s) [from HEAD].
PR: 1998
2009-12-30 11:53:33 +00:00
Andy Polyakov
b26c45b033 Deploy multilib config-line parameter [from HEAD]. 2009-12-29 10:46:46 +00:00
Dr. Stephen Henson
986093affa Typo 2009-12-27 23:03:25 +00:00
Dr. Stephen Henson
f88e0acb0e Update RI to match latest spec.
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
2009-12-27 22:59:09 +00:00
Dr. Stephen Henson
aed461b431 Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:12:24 +00:00
Bodo Möller
8bbd0e826c Use properly local variables for thread-safety.
Submitted by: Martin Rex
2009-12-22 11:52:15 +00:00
Bodo Möller
40c45f86d4 Constify crypto/cast. 2009-12-22 11:45:59 +00:00
Bodo Möller
a0b7277724 Constify crypto/cast. 2009-12-22 10:58:01 +00:00
Dr. Stephen Henson
54bc369ad7 Alert to use is now defined in spec: update code 2009-12-17 15:42:43 +00:00
Dr. Stephen Henson
2d3855fc6e PR: 2127
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:28:45 +00:00
Dr. Stephen Henson
1cd47f5f6e Ooops revert stuff which shouldn't have been part of previous commit. 2009-12-16 20:33:11 +00:00
Dr. Stephen Henson
675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
2456cd58c4 Allow initial connection (but no renegoriation) to servers which don't support
RI.

Reorganise RI checking code and handle some missing cases.
2009-12-14 13:55:39 +00:00
Ben Laurie
43a107026d Missing error code. 2009-12-12 15:57:53 +00:00
Ben Laurie
ef0498a00b Use gcc 4.4. 2009-12-12 15:57:19 +00:00
Dr. Stephen Henson
f1784f2fd2 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL 2009-12-11 00:20:58 +00:00
Dr. Stephen Henson
730f5752ff clarify docs 2009-12-09 18:17:09 +00:00
Dr. Stephen Henson
a88c73b43a Document option clearning functions.
Initial secure renegotiation documentation.
2009-12-09 18:00:52 +00:00
Dr. Stephen Henson
a6d204e241 Add patch to crypto/evp which didn't apply from PR#2124 2009-12-09 15:02:14 +00:00
Dr. Stephen Henson
941baf6641 Revert lhash patch for PR#2124 2009-12-09 15:00:20 +00:00
Dr. Stephen Henson
b41a614686 Check s3 is not NULL 2009-12-09 14:53:51 +00:00
Dr. Stephen Henson
aac751832a PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:38:20 +00:00
Dr. Stephen Henson
52a08e90d1 Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
6b5f0458fe Send no_renegotiation alert as required by spec. 2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
10f99d7b77 Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
7b1856e5a1 PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:05 +00:00
Dr. Stephen Henson
3d5d81bf39 Replace the broken SPKAC certification with the correct version. 2009-12-02 14:41:24 +00:00
Dr. Stephen Henson
50f06b46f4 Check it actually compiles this time ;-) 2009-12-02 14:25:55 +00:00
Dr. Stephen Henson
be6076c0ad PR: 2120
Submitted by: steve@openssl.org

Initialize fields correctly if pem_str or info are NULL in  EVP_PKEY_asn1_new().
2009-12-02 13:57:03 +00:00
Dr. Stephen Henson
6125e07d79 check DSA_sign() return value properly 2009-12-01 18:41:50 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
7805e23588 PR: 1432
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:33 +00:00
Dr. Stephen Henson
9117b9d17a PR: 2118
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.
2009-11-30 13:53:42 +00:00
Dr. Stephen Henson
e274c8fb72 typo 2009-11-29 13:45:18 +00:00
Andy Polyakov
e8dbd66e2b cms-test.pl: use EXE_EXT (from HEAD).
PR: 2107
2009-11-26 21:12:12 +00:00
Andy Polyakov
8b9b23603f bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER (from HEAD). 2009-11-26 20:56:05 +00:00
Bodo Möller
aefb9dc5e5 Make CHANGES in the OpenSSL_1_0_0-stable branch consistent with the
one in the OpenSSL_0_9_8-stable branch.
2009-11-26 18:37:11 +00:00
Andy Polyakov
a8c1b19a31 x86_64-xlate.pl: fix typo introduced in last commit.
PR: 2109
2009-11-23 19:51:24 +00:00
Andy Polyakov
29c8d2a54a x86_64-xlate.pl: new gas requires sign extension.
x86masm.pl: fix linker warning.
PR: 2094,2095
2009-11-22 12:52:18 +00:00
Andy Polyakov
87827be0c2 VC-32.pl: bufferoverlowu.lib only when needed and remove duplicate code
(update from HEAD).
PR: 2086
2009-11-22 12:26:15 +00:00
Andy Polyakov
e4572e5210 bio_sock.c and bss_dgram.c: update from HEAD.
PR: 2069
2009-11-22 12:24:43 +00:00
Dr. Stephen Henson
3e8e12a6b6 Servers can't end up talking SSLv2 with legacy renegotiation disabled 2009-11-18 15:09:35 +00:00
Dr. Stephen Henson
5ddbb8f41a Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation 2009-11-18 14:45:32 +00:00
Dr. Stephen Henson
3c44e92bcb Include a more meaningful error message when rejecting legacy renegotiation 2009-11-18 14:19:52 +00:00
Dr. Stephen Henson
5e8d95f590 PR: 2103
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org

Initialise atm.flags to 0.
2009-11-17 13:25:35 +00:00
Dr. Stephen Henson
2156704924 PR: 2101 (additional)
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
Approved by: steve@openssl.org

Another mingw fix.
2009-11-15 19:06:21 +00:00
Dr. Stephen Henson
4e49aa0ca3 PR: 2095
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org

Fix for out range of signed 32bit displacement error on newer binutils
in file sha1-x86_64.pl
2009-11-13 14:23:44 +00:00
Dr. Stephen Henson
d5d1c53735 PR: 2101
Submitted by: Doug Kaufman <dkaufman@rahul.net>
Approved by: steve@openssl.org

Fixes for tests in cms-test.pl
2009-11-13 13:44:14 +00:00
Richard Levitte
1aac5c0ee8 Add test_cms 2009-11-13 08:45:52 +00:00
Dr. Stephen Henson
4434328b0a PR: 2088
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org

Fix memory leak in d2i_PublicKey().
2009-11-12 19:57:39 +00:00
Dr. Stephen Henson
9b2cfb890c set engine to NULL after releasing it 2009-11-12 19:24:34 +00:00
Richard Levitte
b2f364ec62 Compiling vms.mar doesn't work on other than VAX. 2009-11-12 14:05:04 +00:00
Richard Levitte
b7aeb4c9b5 Another symbol longer than 31 characters. 2009-11-12 14:04:26 +00:00
Richard Levitte
370f48da2a Typo 2009-11-12 14:03:57 +00:00
Richard Levitte
32def77ace Everywhere was a little too much. 2009-11-12 14:03:35 +00:00
Dr. Stephen Henson
531c81ece8 PR: 2098
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Approved by: steve@openssl.org

For Cygwin enable zlib and mdc2 by default.
2009-11-11 19:04:56 +00:00
Dr. Stephen Henson
73582b8117 add missing parts of reneg port, fix apps patch 2009-11-11 14:51:29 +00:00
Dr. Stephen Henson
5c33091cfa commit missing apps code for reneg fix 2009-11-11 14:10:09 +00:00
Dr. Stephen Henson
56327ebe6a make update 2009-11-10 13:23:04 +00:00
Dr. Stephen Henson
e0031b1c78 Prepare for beta4 release 2009-11-10 13:15:09 +00:00
Dr. Stephen Henson
b2ac5cb2d0 PR: 1686
Submitted by: Hanno Böck <hanno@hboeck.de>
Approved by: steve@openssl.org

Create engines dir if it doesn't already exist.
2009-11-10 01:52:52 +00:00
Dr. Stephen Henson
6757ef89b3 PR: 2091
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

If an OID has no short name or long name return the numerical representation.
2009-11-10 01:00:23 +00:00
Dr. Stephen Henson
bf6eea6536 PR: 2090
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

Improve error checking in asn1_gen.c
2009-11-10 00:47:37 +00:00
Dr. Stephen Henson
ec4346f6f9 oops, add missing prototypes 2009-11-09 18:58:50 +00:00
Dr. Stephen Henson
e42ff486a8 fix CHANGES 2009-11-09 18:46:59 +00:00
Dr. Stephen Henson
bc9058d041 First cut of renegotiation extension. (port to 1.0.0-stable) 2009-11-09 18:45:42 +00:00
Dr. Stephen Henson
4a276f3039 make update 2009-11-09 14:35:30 +00:00
Dr. Stephen Henson
acf47d8f24 Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range 2009-11-09 14:11:13 +00:00
Dr. Stephen Henson
f62d1ea3d5 Combat gcc 4.4.1 aliasing rules. (from HEAD) 2009-11-09 14:09:53 +00:00
Dr. Stephen Henson
f923bba73c file t1_reneg.c was added on branch OpenSSL_1_0_0-stable on 2009-11-09 18:45:42 +0000 2009-11-08 14:51:55 +00:00
Dr. Stephen Henson
e3738c49b8 If it is a new session don't send the old TLS ticket: send a zero length
ticket to request a new session.
2009-11-08 14:36:32 +00:00
Dr. Stephen Henson
41746da8c2 Update ordinals. 2009-11-04 13:29:58 +00:00
Dr. Stephen Henson
23b97c6bb5 PR: 2089
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.
2009-11-02 13:37:17 +00:00
Dr. Stephen Henson
4a7f7171f5 Add missing functions to allow access to newer X509_STORE_CTX status
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
2009-10-31 19:21:47 +00:00
Dr. Stephen Henson
961092281f Add option to allow in-band CRL loading in verify utility. Add function
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
2009-10-31 13:34:19 +00:00
Dr. Stephen Henson
036b3f331b Generate stateless session ID just after the ticket is received instead
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
2009-10-30 14:06:18 +00:00
Dr. Stephen Henson
9ac5c355a2 Move CHANGES entry to 0.9.8l section 2009-10-30 13:29:08 +00:00
Dr. Stephen Henson
3d0b604c14 Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:44 +00:00
Dr. Stephen Henson
257b2bfb6c Don't attempt session resumption if no ticket is present and session
ID length is zero.
2009-10-28 19:52:35 +00:00
Dr. Stephen Henson
90528846e8 Add -no_cache option to s_server 2009-10-28 17:49:37 +00:00
Dr. Stephen Henson
32509c9731 Don't replace whole AR line 2009-10-28 15:33:20 +00:00
Dr. Stephen Henson
d3f940833d PR: 2081
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org

Respect AR and RANLIB environment variables if set.
2009-10-28 14:00:41 +00:00
Dr. Stephen Henson
b335e351d4 PR: 2080
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org

Respect MAKE environment variable if set.
2009-10-28 13:55:55 +00:00
Dr. Stephen Henson
67bcde9ba8 PR: 2078
Submitted by: Dale Anderson <dra@redevised.net>
Approved by: steve@openssl.org

Corrections to bn_internal documentation.
2009-10-28 13:51:56 +00:00
Dr. Stephen Henson
169bfde4d4 Clarification 2009-10-23 12:47:01 +00:00
Dr. Stephen Henson
0a7f291268 Sync FAQ with HEAD. 2009-10-23 12:24:54 +00:00
Dr. Stephen Henson
0c2c2e71a6 If not checking all certificates don't attempt to find a CRL
for the leaf certificate of a CRL path.
2009-10-23 12:05:54 +00:00
Dr. Stephen Henson
d1d746afb4 Need to check <= 0 here. 2009-10-22 23:14:12 +00:00
Dr. Stephen Henson
db6e41f0ed PR: 2070
Submitted by: Alexander Nikitovskiy <Nikitovski@ya.ru>
Approved by: steve@openssl.org

Fix wrong cast.
2009-10-19 13:13:14 +00:00
Dr. Stephen Henson
5b2b60ae98 Document additions for X509 chain verification from HEAD 2009-10-18 15:28:59 +00:00
Dr. Stephen Henson
c90a1ae0c9 make update 2009-10-18 14:44:51 +00:00
Dr. Stephen Henson
c679fb298e Add new function X509_STORE_set_verify_cb and use it in apps 2009-10-18 14:42:27 +00:00
Dr. Stephen Henson
17c7cad545 take install prefix from the environment 2009-10-18 14:26:46 +00:00
Dr. Stephen Henson
164c263b5c PR: 2074
Submitted by: Bram Neijt <bneijt@gmail.com>
Approved by: steve@openssl.org

Typo: "contet".
2009-10-16 15:29:34 +00:00
Dr. Stephen Henson
a9bb9d0eb4 PR: 2072
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Avoid potential doublefree and reuse of freed handshake_buffer.
2009-10-16 15:24:19 +00:00
Dr. Stephen Henson
cc6688d796 PR: 2073
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Don't access freed SSL_CTX in SSL_free().
2009-10-16 13:41:52 +00:00
Dr. Stephen Henson
9b1f24df3d Fixes to CROSS_COMPILE, don't override command line option from environment 2009-10-15 23:44:11 +00:00
Dr. Stephen Henson
595e804ae3 Fix for WIN32 (and possibly other platforms) which don't define in_port_t. 2009-10-15 18:48:47 +00:00
Dr. Stephen Henson
b381e9b952 Update ordinals. 2009-10-15 18:04:43 +00:00
Dr. Stephen Henson
28418076b2 PR: 2069
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

IPv6 support for DTLS.
2009-10-15 17:41:44 +00:00
Dr. Stephen Henson
abdfdb029e PR: 1847
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Integrated patches to CA.sh to bring it into line with CA.pl functionality.
2009-10-15 17:27:47 +00:00
Dr. Stephen Henson
8465b81d50 PR: 2066
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Add -r option to dgst to produce format compatible with core utilities.
2009-10-15 17:18:03 +00:00
Dr. Stephen Henson
ed65b6e512 Rename CROSS_COMPILE_PREFIX to CROSS_COMPILE 2009-10-15 13:05:41 +00:00
Dr. Stephen Henson
d793544518 Allow uname values to be overridden by the environment 2009-10-07 16:46:51 +00:00
Dr. Stephen Henson
53480a673b Allow cross compilation prefix to come from CROSS_COMPILE environment variable 2009-10-07 16:41:33 +00:00
Dr. Stephen Henson
ad187f8905 Fix unitialized warnings 2009-10-04 16:52:35 +00:00
Dr. Stephen Henson
2280f82fc6 Fix warnings about ignoring fgets return value 2009-10-04 16:43:21 +00:00
Dr. Stephen Henson
e6714faffb Prevent ignored return value warning 2009-10-04 14:04:14 +00:00
Dr. Stephen Henson
af8f2bb174 Prevent aliasing warning 2009-10-04 14:02:03 +00:00
Dr. Stephen Henson
d7501c16bf Yes it is a typo ;-) 2009-10-01 12:17:18 +00:00
Dr. Stephen Henson
804196a418 PR: 2061
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct i2b_PVK_bio error handling in rsa.c, dsa.c
2009-10-01 00:26:07 +00:00
Dr. Stephen Henson
50d70c01d6 PR: 2062
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BN_rand error handling in bntest.c
2009-10-01 00:21:55 +00:00
Dr. Stephen Henson
9fc601cfbb PR: 2059
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct EVP_SealInit error handling in pem_seal.c
2009-10-01 00:17:35 +00:00
Dr. Stephen Henson
fed5333248 PR: 2056
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_wirte error handling in asn1_par.c
2009-10-01 00:11:49 +00:00
Dr. Stephen Henson
3d1dab4404 PR: 2055
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling in s2_srvr.c
2009-10-01 00:07:10 +00:00
Dr. Stephen Henson
29c2fd46d2 PR: 2054
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling
2009-10-01 00:03:50 +00:00
Dr. Stephen Henson
a3d5cdb07c PR: 2063
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write error handling in ocsp_prn.c
2009-09-30 23:59:16 +00:00
Dr. Stephen Henson
d99c0f6b4a PR: 2057
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
2009-09-30 23:55:29 +00:00
Dr. Stephen Henson
43f21e62aa PR: 2058
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct EVP_DigestVerifyFinal error handling.
2009-09-30 23:50:10 +00:00
Dr. Stephen Henson
50425bc137 Change version from 0.9.9 to 1.0.0 in docs 2009-09-30 23:40:52 +00:00
Dr. Stephen Henson
0c690586e0 PR: 2064, 728
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
2009-09-30 21:41:53 +00:00
Dr. Stephen Henson
bc8c5fe58d Free SSL_CTX after BIO 2009-09-30 21:35:26 +00:00
Dr. Stephen Henson
0cc0db32e3 PR: 2050
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

Fix handling of ENOTCONN and EMSGSIZE for dgram BIOs.
2009-09-22 11:34:25 +00:00
Dr. Stephen Henson
d68f7641a3 PR: 2047
Submitted by: David Lee <live4thee@gmail.com>, steve@openssl.org
Approved by: steve@openssl.org

Fix for IPv6 handling in BIO_get_accept_socket().
2009-09-20 16:40:59 +00:00
Dr. Stephen Henson
4fcbaa3dd9 Ooops, missing close quote 2009-09-20 12:47:04 +00:00
Dr. Stephen Henson
5e56584285 Don't use __try+__except unless on VC++ 2009-09-20 12:39:16 +00:00
Dr. Stephen Henson
ca26ccb083 add version info for VC-WIN64I too 2009-09-20 11:39:59 +00:00
Dr. Stephen Henson
3e8b713b06 PR: 2048
Submitted by: john blair <mailtome200420032002@yahoo.com>
Approved by: steve@openssl.org

Add version info in VC-WIN64A too.
2009-09-19 23:01:24 +00:00
Andy Polyakov
13eca7d782 cmll-x86_64.pl: small buglet in CBC subroutine [from HEAD].
PR: 2035
2009-09-17 19:35:49 +00:00
Dr. Stephen Henson
af3d4e1b02 PR: 2039
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen bug fix,
2009-09-15 22:48:30 +00:00
Dr. Stephen Henson
80afb40ae3 Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:27:27 +00:00
Dr. Stephen Henson
3333428b44 PR: 2023
Submitted by: James Beckett <jmb.openssl@nospam.hackery.net>, steve
Approved by: steve@openssl.org

Fix documentation errors in d2i_X509 manual pages.
2009-09-12 23:34:56 +00:00
Dr. Stephen Henson
a131de9bb2 PR: 2025
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
2009-09-12 23:18:09 +00:00
Dr. Stephen Henson
0ddd002f60 PR: 1411
Submitted by: steve@openssl.org

Allow use of trusted certificates in SSL_CTX_use_chain_file()
2009-09-12 23:09:26 +00:00
Dr. Stephen Henson
e7209103e6 PR: 2038
Submitted by: Artem Chuprina <ran@cryptocom.ru>
Approved by: steve@openssl.org

Avoid double call to BIO_free().
2009-09-11 11:03:31 +00:00
Dr. Stephen Henson
53f062d050 PR: 2033
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen support.
2009-09-09 17:05:42 +00:00
Dr. Stephen Henson
b5b65403a4 Add new option --strict-warnings to Configure script. This is used to add
in devteam warnings into other configurations.
2009-09-09 16:32:19 +00:00
Dr. Stephen Henson
1a3914fe0c Seed PRNG with DSA and ECDSA digests for additional protection against
possible PRNG state duplication.
2009-09-09 12:14:36 +00:00
Dr. Stephen Henson
b7e3cb31a5 PR: 2031
Submitted by: steve@openssl.org

Tolerate application/timestamp-response which some servers send out.
2009-09-07 17:57:02 +00:00
Dr. Stephen Henson
9769137a43 Typo presumably... 2009-09-06 17:55:40 +00:00
Dr. Stephen Henson
c0688f1aef Make update, deleting bogus DTLS error code 2009-09-06 15:55:54 +00:00
Dr. Stephen Henson
6c29853bf2 PR: 1644
Submitted by: steve@openssl.org

Fix to make DHparams_dup() et al work in C++.

For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
2009-09-06 15:49:12 +00:00
Dr. Stephen Henson
2e9802b7a7 PR: 2028
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
7483896e15 Correction: salt is now default 2009-09-04 12:27:01 +00:00
Dr. Stephen Henson
4b4f249e0d Oops, s can be NULL 2009-09-04 11:31:19 +00:00
Dr. Stephen Henson
196dcf93bc PR: 2020
Submitted by: Keith Beckman <kbeckman@mcg.edu>,  Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org

Fix improperly capitalized references to WWW::Curl::Easy.
2009-09-02 15:57:12 +00:00
Dr. Stephen Henson
2c11ec308b PR: 2029
Submitted by: Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org

Fix so that the legacy digest EVP_dss1() still works.
2009-09-02 15:51:28 +00:00
Dr. Stephen Henson
e5eb96c83a PR: 2013
Submitted by: steve@openssl.org

Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.

Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:55:22 +00:00
Dr. Stephen Henson
54ed003ace PR: 2009
Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com>
Approved by: steve@openssl.org

Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although
the ticket mentions buffer overruns this isn't a security issue because
the SSL_SESSION structure is generated internally and it should never be
possible to supply its contents from an untrusted application (this would
among other things destroy session cache security).
2009-09-02 13:20:22 +00:00
Dr. Stephen Henson
f18e10253d PR: 2022
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS record header length bug.
2009-09-02 12:53:32 +00:00
Dr. Stephen Henson
c9add317a9 Tidy up and fix verify callbacks to avoid structure dereference, use of
obsolete functions and enhance to handle new conditions such as policy
printing.
2009-09-02 12:45:19 +00:00
Dr. Stephen Henson
6d1741030b Missing break. 2009-08-31 22:21:01 +00:00
Dr. Stephen Henson
b8dc932c05 PR: 2005
Submitted by: steve@openssl.org

Some systems have broken IPv6 headers and/or implementations. If
OPENSSL_USE_IPV6 is set to 0 IPv6 is not used, if it is set to 1 it is used
and if undefined an attempt is made to detect at compile time by checking
if AF_INET6 is set and excluding known problem platforms.
2009-08-26 15:13:43 +00:00
Dr. Stephen Henson
17f8d8db61 PR: 2006
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Do not use multiple DTLS records for a single user message
2009-08-26 11:51:23 +00:00
Dr. Stephen Henson
38437fa135 PR: 2015
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Define LIBDIR properly.
2009-08-26 11:41:32 +00:00
Richard Levitte
82f35daaaf Moving up the inclusion of e_os.h was a bad idea.
Put it back where it was and place an inclusion of e_os2.h to get platform
macros defined...
2009-08-26 11:21:50 +00:00
Richard Levitte
b529bba4bf Make sure ENGINES can be separately compiled as well.
Make sure _XOPEN_SOURCE_EXTENDED is defined in opensslconf.h

Submitted by Zoltan Arpadffy <zoli@polarhome.com>
2009-08-25 07:30:02 +00:00
Richard Levitte
dde33ea9c3 Remove tmdiff.h from EXHEADERS as it doesn't exist.
Don't have separate installation directory variables for VAX and AXP.

Submitted by Zoltan Arpadffy <zoli@polarhome.com>
2009-08-25 07:28:12 +00:00
Richard Levitte
cb0d89705b Define EXE_DIR earlier.
Make sure S_SOCKET also gets compiled with _POSIX_C_SOURCE defined.

Submitted by Zoltan Arpadffy <zoli@polarhome.com>
2009-08-25 07:25:55 +00:00
Richard Levitte
f49353b42f Move up the inclusion of e_os.h so OPENSSL_SYS_VMS_DECC has a chance
to be properly defined.
2009-08-25 07:23:21 +00:00
Richard Levitte
573c61dcde Make it possible to compile non-assembler routines on AXP as well.
Submitted by Zoltan Arpadffy <arpadffy@polarhome.com>
2009-08-25 07:22:08 +00:00
Richard Levitte
51f38e6c2d Make engines compile on VMS for ia64 as well.
Parse file types in a more secure manner.

Submitted by sms@antinode.info (Steven M. Schweda)
2009-08-25 07:19:20 +00:00
Richard Levitte
2de213732a Correct some typos and missing things.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
2009-08-25 07:17:13 +00:00
Richard Levitte
3798c36686 Include proper header files for time functions.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
2009-08-25 07:10:09 +00:00
Dr. Stephen Henson
209abea1db Stop unused variable warning on WIN32 et al. 2009-08-18 11:14:12 +00:00
Dr. Stephen Henson
250705e7b5 Use SHA1 and not deprecated MD5 in demos. 2009-08-15 10:51:37 +00:00
Dr. Stephen Henson
5a96822f2c Update default dependency flags.
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:08:44 +00:00
Dr. Stephen Henson
23b34259e0 Re-enable mdc2 default by default as the patent is now expired. 2009-08-12 16:45:35 +00:00
Dr. Stephen Henson
11b6cb8aae Update README with bug report and contribution details. 2009-08-12 16:41:46 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
e322b5d167 Typo 2009-08-10 15:53:11 +00:00
Dr. Stephen Henson
01af4edcfe PR: 1999
Submitted by: "Bayram Kurumahmut" <kbayram@ubicom.com>
Approved by: steve@openssl.org

Don't use HAVE_FORK in apps/speed.c it can conflict with configured version.
2009-08-10 15:30:29 +00:00
Dr. Stephen Henson
ff0945cbdc PR: 2004
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Approved by: steve@openssl.org

Handle fractional seconds properly in ASN1_GENERALIZEDTIME_print
2009-08-10 14:57:11 +00:00
Dr. Stephen Henson
d5ec7d66a8 PR: 2003
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
2009-08-10 14:42:05 +00:00
Dr. Stephen Henson
dc0aebabe6 Add COMP error strings. 2009-08-09 14:58:05 +00:00
Dr. Stephen Henson
52828ca214 Add missing CHANGES entry. 2009-08-06 16:29:42 +00:00
Dr. Stephen Henson
757e9886a0 Update from HEAD. 2009-08-05 15:52:06 +00:00
Dr. Stephen Henson
f45e8c7bdd PR: 2000
Submitted by: 	Vadim Zeitlin <vz-openssl@zeitlins.org>
Approved by: steve@openssl.org

Make no-comp compile without warnings.
2009-08-05 15:29:14 +00:00
Dr. Stephen Henson
ea904b4074 Update from HEAD. 2009-08-05 15:04:16 +00:00
Dr. Stephen Henson
ec6158d029 PR: 1996
Submitted by: steve@openssl.org

Change conflicting name "BLOCK" to "OPENSSL_BLOCK".
2009-07-27 21:21:25 +00:00
Dr. Stephen Henson
4386445c18 Change STRING to OPENSSL_STRING etc as common words such
as "STRING" cause conflicts with other headers/libraries.
2009-07-27 21:08:53 +00:00
Ben Laurie
a585aa6750 Fix warnings. 2009-07-26 12:26:38 +00:00
Dr. Stephen Henson
2475a52061 Update from 0.9.8-stable. 2009-07-24 13:47:52 +00:00
Dr. Stephen Henson
001dfac061 Remove MD2 test from WIN32 tests. 2009-07-24 13:43:23 +00:00
Dr. Stephen Henson
1b37c55e26 Fix typo. 2009-07-24 13:36:36 +00:00
Dr. Stephen Henson
3442781798 Update TABLE. 2009-07-24 13:29:45 +00:00
Dr. Stephen Henson
c9d3f123a6 Add new debug targets. 2009-07-24 13:29:13 +00:00
Dr. Stephen Henson
d069a4d15d PR: 1990
Update from 0.9.8-stable.
2009-07-24 13:07:08 +00:00
Dr. Stephen Henson
f1ad8fb627 Doc update from HEAD. 2009-07-24 13:02:55 +00:00
Dr. Stephen Henson
d7406b1528 PR: 1993
Fix from 0.9.8-stable.
2009-07-24 11:52:32 +00:00
Dr. Stephen Henson
02ce897e80 Fix from 0.9.8-stable 2009-07-24 11:34:41 +00:00
Dr. Stephen Henson
0bd9d3a60e Update from 0.9.8-stable. 2009-07-24 11:24:45 +00:00
Dr. Stephen Henson
b4c81fb6db Update from 0.9.8-stable 2009-07-24 11:15:55 +00:00
Dr. Stephen Henson
0f566bda2b Update from 0.9.8-stable. 2009-07-24 11:10:57 +00:00
Dr. Stephen Henson
f97a8149cd Update from HEAD. 2009-07-16 09:54:49 +00:00
Dr. Stephen Henson
f4b6a3e9c0 Call CMS tests with "make test" 2009-07-15 17:59:17 +00:00
Dr. Stephen Henson
7dfae89768 Handle OSX ".dynlib" DSO extension. 2009-07-15 17:58:57 +00:00
Dr. Stephen Henson
d41ca3f0e2 Update for next beta. 2009-07-15 12:08:35 +00:00
Dr. Stephen Henson
65fc4c55be Preparation for beta3 release. 2009-07-15 11:37:45 +00:00
Dr. Stephen Henson
5135d6b985 Fix error codes and indentation. 2009-07-15 11:32:58 +00:00
Dr. Stephen Henson
2202edeff0 PR: 1980
Submitted by: Victor Wagner <vitus@wagner.pp.ru>
Approved by: steve@openssl.org

Fix memory leaks.
2009-07-15 11:01:40 +00:00
Dr. Stephen Henson
c8f759ec74 Stop warning of signed/unsigned compare. 2009-07-14 15:28:44 +00:00
Dr. Stephen Henson
5fda10c6f1 Oops, use right function name... 2009-07-14 15:14:39 +00:00
Dr. Stephen Henson
11ba084e1b Document MD2 deprecation. 2009-07-13 11:57:15 +00:00
Dr. Stephen Henson
cddd00166c PR: 1984
Submitted by: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
Approved by: steve@openssl.org

Don't concatenate reads in DTLS.
2009-07-13 11:44:04 +00:00
Dr. Stephen Henson
0190aa7353 Update from HEAD. 2009-07-13 11:40:46 +00:00
Dr. Stephen Henson
1546de87f0 Fix from 0.9.8-stable. 2009-07-11 22:36:27 +00:00
Dr. Stephen Henson
affffaed3d Update from HEAD. 2009-07-11 22:30:02 +00:00
Dr. Stephen Henson
0c644f1462 PR: 1985
Submitted by: Artem Chuprina <ran@cryptocom.ru>
Approved by: steve@openssl.org

Initialise flags.
2009-07-11 21:42:47 +00:00
Dr. Stephen Henson
a2da5c7daa Make update. 2009-07-08 09:13:24 +00:00
Dr. Stephen Henson
c155d83f5b Delete MD2 from algorithm tables and default compilation. 2009-07-08 08:50:53 +00:00
Dr. Stephen Henson
5a03e3ac3f Fix from HEAD. 2009-07-04 12:05:14 +00:00
Dr. Stephen Henson
08b2097967 Update from HEAD. 2009-07-04 11:44:01 +00:00
Dr. Stephen Henson
15401859b5 PR: 1976
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org

Cleanup some compile time warnings/magic numbers.
2009-07-01 15:46:43 +00:00
Dr. Stephen Henson
6f24165170 PR: 1974(partial)
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org

Cryptodev digest support.
2009-07-01 15:42:38 +00:00
Dr. Stephen Henson
a8afd9382c 192, 256 bit AES and RC4 support for cryptodev. 2009-07-01 15:36:55 +00:00
Dr. Stephen Henson
caddf00d78 PR: 1974(partial)
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org

Fix up RSA API compliance for rsa_nocrt_mod_exp method.
2009-07-01 15:25:17 +00:00
Dr. Stephen Henson
e105098b3f PR: 1974 (partial)
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org

If -DHAVE_CRYPTODEV is set enable cryptodev support
2009-07-01 14:55:59 +00:00
Dr. Stephen Henson
9852e7e4d7 PR: 1972
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org

Add support for building with the uClinux-dist.
2009-07-01 11:43:57 +00:00
Dr. Stephen Henson
b855560192 PR: 1970
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Reviewed by: steve@openssl.org

Fix unused variable "words" and uninitialised data "b".
2009-07-01 11:39:59 +00:00
Dr. Stephen Henson
f2f50efea3 PR: 1965
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org

Make sure defines to remove SHA are correct.
2009-07-01 11:35:46 +00:00
Dr. Stephen Henson
2b3cd246e5 PR: 1962
Submitted by: Daniel Mentz <daniel.m@sent.com>
Reviewed by: steve@openssl.org

Fix "for dtls1_get_record() returns a bad record in one edge case" bug.
2009-07-01 11:29:01 +00:00
Dr. Stephen Henson
7171ade2c2 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org

EVP_CTRL_PBE_PRF_NID suppot for Gost engine.
2009-07-01 11:23:07 +00:00
Dr. Stephen Henson
76ec9151d1 Update from 0.9.8-stable. 2009-06-30 22:26:28 +00:00
Dr. Stephen Henson
6c24dd9005 Typo. 2009-06-30 20:55:55 +00:00
Dr. Stephen Henson
e323afb0ce Update from HEAD. 2009-06-30 16:10:24 +00:00
Dr. Stephen Henson
1fd43fd86e PR: 1969
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org

Don't use repeating key when testing algs.
2009-06-30 15:21:48 +00:00
Dr. Stephen Henson
3e70c81ed9 PR: 1967
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org

Don't go past end of params array.
2009-06-30 15:10:54 +00:00
Dr. Stephen Henson
6e07229564 PR: 1966
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Reviewed by: steve@openssl.org

Make no-ocsp work properly.
2009-06-30 15:08:38 +00:00
Dr. Stephen Henson
859d5eb2d7 PR: 1963
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org

Make build fail if makedepend not present.
2009-06-30 14:59:59 +00:00
Dr. Stephen Henson
29b0c4a01c Add "missing" functions for setting all verify parameters for SSL_CTX and SSL
structures.
2009-06-30 11:57:24 +00:00
Dr. Stephen Henson
b824f0f458 Redundant check: s->param is always non-NULL, it is set in SSL_new(). 2009-06-30 11:41:35 +00:00
Dr. Stephen Henson
43ea53a04a Inherit parameters properly in SSL contexts: any parameters set should
replace those in the current list.
2009-06-30 11:21:00 +00:00
Dr. Stephen Henson
fa07f00aaf Update from HEAD. 2009-06-29 16:09:58 +00:00
Dr. Stephen Henson
dbb834ffeb Update from 0.9.8-stable. 2009-06-28 16:24:11 +00:00
Dr. Stephen Henson
8549a8a5dc Fix from 0.9.8-stable 2009-06-26 23:14:11 +00:00
Dr. Stephen Henson
887c250852 Update from 0.9.8-stable. 2009-06-26 15:04:22 +00:00
Dr. Stephen Henson
710c1c34d1 Allow checking of self-signed certifictes if a flag is set. 2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
e16818108f Fix from HEAD. 2009-06-25 17:11:48 +00:00
Dr. Stephen Henson
0cb76e79df PR: 1748
Fix nasty SSL BIO pop bug. Since this changes the behaviour of SSL BIOs and
will break applications that worked around the bug only included in 1.0.0 and
later.
2009-06-25 11:26:45 +00:00
Ben Laurie
6cb419673e DEBUG_BN_CTX doesn't really debug anything (it is essentially verbosity) and
has made make test far too noisy.
2009-06-25 10:15:06 +00:00
Dr. Stephen Henson
72d668c332 Update from HEAD. 2009-06-24 13:30:07 +00:00
Dr. Stephen Henson
5ce4799a38 Update from HEAD. 2009-06-17 12:19:35 +00:00
Dr. Stephen Henson
6178da0142 Update from HEAD. 2009-06-17 12:05:51 +00:00
Dr. Stephen Henson
27713e3fc2 Check t too. 2009-06-17 11:47:54 +00:00
Dr. Stephen Henson
3492c47b18 Update from HEAD. 2009-06-17 11:38:26 +00:00
Dr. Stephen Henson
43dc001b62 Update from HEAD. 2009-06-17 11:33:17 +00:00
Dr. Stephen Henson
8280b43a62 Update from HEAD. 2009-06-17 11:26:09 +00:00
Dr. Stephen Henson
85d9b02d16 Update from HEAD. 2009-06-16 16:55:01 +00:00
Dr. Stephen Henson
bfd502f027 Updates from HEAD. 2009-06-16 16:39:20 +00:00
Dr. Stephen Henson
f1ed5fa827 Update from 0.9.8-stable. 2009-06-15 15:00:19 +00:00
Dr. Stephen Henson
5bb9e1b4d4 Update from HEAD. 2009-06-15 11:23:33 +00:00
Ben Laurie
7de819237d Two digits is not wide enough. 2009-06-14 10:23:29 +00:00
Ben Laurie
6cfab29b71 Make depend. 2009-06-14 02:37:22 +00:00
Dr. Stephen Henson
55708796af Update from HEAD. 2009-06-13 20:47:09 +00:00
Dr. Stephen Henson
7074f1df07 Stop gcc bracket warning. 2009-06-05 14:57:10 +00:00
Dr. Stephen Henson
67d8ab07e6 Stop warning if dtls disabled. 2009-06-05 14:56:48 +00:00
Dr. Stephen Henson
4e63da0669 PR: 1950
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org

DTLS fragment retransmission bug.
2009-06-05 14:46:49 +00:00
Ben Laurie
15b0a5651c Not always used. 2009-06-05 08:35:54 +00:00
Dr. Stephen Henson
4e66723517 Update from HEAD. 2009-06-02 11:23:30 +00:00
Dr. Stephen Henson
3e53c86001 Update from HEAD. 2009-06-02 11:06:28 +00:00
Dr. Stephen Henson
524e5b844b Update from HEAD. 2009-06-01 12:14:15 +00:00
Dr. Stephen Henson
e1f09dfd84 PR: 1921
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve@openssl.org

Add ECDHE and PSK support to DTLS.
2009-05-31 17:11:24 +00:00
Dr. Stephen Henson
f16411ccfd Ensure canonical encodings of X509_NAME structures are valid. 2009-05-30 18:10:59 +00:00
Dr. Stephen Henson
2bbcd45b05 Update from HEAD. 2009-05-29 18:58:59 +00:00
Dr. Stephen Henson
fdc6c6ef08 Update from 0.9.8-stable. 2009-05-29 14:02:30 +00:00
Dr. Stephen Henson
6e87cc8da6 Need definition of struct timeval for dtls1.h which broke WIN32 builds,
so include winsock.h. (might be a cleaner way to do this...)
2009-05-28 20:53:16 +00:00
Dr. Stephen Henson
2d0b6c72b8 Update ordinals and sync with 0.9.8 2009-05-28 20:49:29 +00:00
Dr. Stephen Henson
3e84046f90 make errors 2009-05-28 20:45:26 +00:00
Dr. Stephen Henson
cc1cb996f1 Submitted by: Artem Chuprina <ran@cryptocom.ru>
Reviewed by: steve@openssl.org

Fix to match latest GOST in TLS draft.
2009-05-28 18:10:47 +00:00
Dr. Stephen Henson
32fbeacdfb Add CHANGES entries from 0.9.8-stable. 2009-05-18 17:37:13 +00:00
Dr. Stephen Henson
431aad3c15 Delete line which should have gone with PR#1922. 2009-05-18 16:11:58 +00:00
Dr. Stephen Henson
0454f2c490 PR: 1929
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

Updated DTLS MTU bug fix.
2009-05-17 16:04:21 +00:00
Dr. Stephen Henson
5f911774bf Revert previous MTU patch from PR#1929 2009-05-17 15:57:51 +00:00
Dr. Stephen Henson
66b7e42790 PR: 1599
Reformat PKCS12_parse manual page, document return values.
2009-05-17 14:48:02 +00:00
Richard Levitte
6a419388fc Stupid typo 2009-05-17 07:22:15 +00:00
Dr. Stephen Henson
abda7c1147 PR: 1931
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix fragment handling memory leak.
2009-05-16 16:22:11 +00:00
Dr. Stephen Henson
88b48dc680 PR: 1930
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Limit size of DTLS record buffer queue.
2009-05-16 16:17:46 +00:00
Dr. Stephen Henson
661d35dfb2 Disable ECDHE in DTLS in a cleaner way. 2009-05-16 11:16:15 +00:00
Dr. Stephen Henson
f99c9daa39 Make the stuff compile again, fix missing prototype warnings. 2009-05-16 11:14:55 +00:00
Dr. Stephen Henson
019b3f3e5a Update from HEAD. 2009-05-15 23:07:41 +00:00
Dr. Stephen Henson
d6584eba8c PR: 1922
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer bug fix.
2009-05-15 22:58:13 +00:00
Dr. Stephen Henson
a379c433a3 PR: 1925
Submitted by: "Green, Paul" <Paul.Green@stratus.com>
Approved by: steve@openssl.org

VOS extended name support.
2009-05-15 22:50:12 +00:00
Richard Levitte
006c7c6bb1 Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
2009-05-15 16:37:08 +00:00
Richard Levitte
bd4a902a15 Have mkdef.pl also handle VAX and Non-VAX differences for VMS 2009-05-15 16:01:42 +00:00
Richard Levitte
17ae5e9f13 Add a comment about libeay.num and ssleay.num 2009-05-15 16:00:08 +00:00
Andy Polyakov
baa5f52422 x86[_64]cpuid.pl: update from HEAD. 2009-05-14 18:25:29 +00:00
Dr. Stephen Henson
b3620451b2 PR: 1921
Submitted by: steve@openssl.org

Our DTLS implementation doesn't currently handle ECDHE so don't include
unsupported ciphers in client hello.
2009-05-13 16:25:35 +00:00
Dr. Stephen Henson
d2f17d9615 Print out DTLS versions too. 2009-05-13 16:24:12 +00:00
Dr. Stephen Henson
561cbe5678 PR: 1923
Submitted by: Daniel Mentz <daniel.m@sent.com>, Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Don't access freed data structure.
2009-05-13 11:51:30 +00:00
Dr. Stephen Henson
756d2074b8 PR: 1924
Submitted by: "Green, Paul" <Paul.Green@stratus.com>
Approved by: steve@openssl.org

Fix _POSIX_C_SOURCE usage.
2009-05-13 11:32:24 +00:00
Andy Polyakov
c65db618bb e_padlock.c: update from HEAD. 2009-05-12 20:24:23 +00:00
Dr. Stephen Henson
8355647403 Typo. 2009-05-07 16:26:44 +00:00
Dr. Stephen Henson
b839d73411 Typo. 2009-05-06 16:58:27 +00:00
Dr. Stephen Henson
4563c1e043 Add debug-VC-WIN32 target and let mk1mf.pl auto detect it, update docs. 2009-05-06 16:54:25 +00:00
Richard Levitte
11f35a036d Select updates from HEAD 2009-05-06 14:03:24 +00:00
Dr. Stephen Henson
d8646dab14 Don't use -D_CRT_NONSTDC_NO_DEPRECATE, fix bio_lcl.h instead. 2009-05-06 10:23:39 +00:00
Andy Polyakov
47b3cd98f2 Configure: update from HEAD (Camellia assembler in VC-WIN64A, CAPI engine
in mingw64).
2009-05-05 19:25:53 +00:00
Andy Polyakov
27c7e53882 ec_mult.c: update from HEAD (Win64 compile warnings). 2009-05-05 19:23:45 +00:00
Andy Polyakov
b2b28803fb cryptlib.c: update from HEAD. 2009-05-05 19:23:14 +00:00
Andy Polyakov
8e92b1b9ce perlasm: update from HEAD. 2009-05-05 19:21:12 +00:00
Andy Polyakov
0f41ccf370 e_capi.c: update from HEAD. 2009-05-05 19:17:00 +00:00
Richard Levitte
c44544a1d7 Update from HEAD 2009-05-05 08:46:30 +00:00
Dr. Stephen Henson
4e50f02638 If an SSLv2 method is explicitly asked for use the SSLv2 cipher string:
assume an application *really* wants SSLv2 if they do that.

Otherwise stick with the default which excludes all SSLv2 cipher suites.
2009-04-29 14:12:54 +00:00
Dr. Stephen Henson
174ea15647 Typo. 2009-04-28 22:35:42 +00:00
Dr. Stephen Henson
18f8258a87 PR: 1629
Submitted by: Kaspar Brand <ossl-rt@velox.ch>
Approved by: steve@openssl.org

Don't use extensions if using SSLv3: this chokes some broken servers.
2009-04-28 22:01:53 +00:00
Dr. Stephen Henson
376bbb5887 PR: 1914
Make safestack work with C++.
2009-04-28 21:56:04 +00:00
Richard Levitte
2c8275409e Update from HEAD. 2009-04-28 13:00:50 +00:00
Andy Polyakov
892582b541 v3_alt.c: otherName parsing fix from HEAD.
Submitted by: Love Hoernquist Aastrand
2009-04-27 19:37:23 +00:00
Andy Polyakov
57b53c1b0a VC-32.pl: update from HEAD. 2009-04-27 19:32:13 +00:00
Andy Polyakov
004c3ca521 test_padlock: update from HEAD. 2009-04-27 19:31:52 +00:00
Andy Polyakov
f0f00f9272 sha*-s390x.pl: minor update from HEAD. 2009-04-27 19:31:30 +00:00
Andy Polyakov
a243c68736 rc4-x86_64.pl: Win64 SEH update from HEAD. 2009-04-27 19:31:04 +00:00
Andy Polyakov
467d9f2a34 b_sock.c: readability update from HEAD. 2009-04-27 19:30:36 +00:00
Richard Levitte
226a94963a Updates from HEAD 2009-04-27 00:08:50 +00:00
Dr. Stephen Henson
d7f0d147b1 Update docs: can use backslashes now. 2009-04-26 15:50:55 +00:00
Dr. Stephen Henson
26902b9aad Prevent warning if WINCE not used. 2009-04-26 15:04:06 +00:00
Dr. Stephen Henson
3c69d6bec4 Add extra no deprecate flags in Configure. 2009-04-26 14:54:23 +00:00
Dr. Stephen Henson
4f44677a41 This at least break WIN32 which doesn't have sys/time.h might need to make
this a bit more generous later...
2009-04-26 14:53:58 +00:00
Richard Levitte
88d9f669c5 Add local symbol hacks for OpenVMS 2009-04-26 12:26:04 +00:00
Richard Levitte
22e1421672 Cast to avoid signedness confusion 2009-04-26 12:16:12 +00:00
Richard Levitte
5409414eff Updates from HEAD 2009-04-26 11:35:58 +00:00
Dr. Stephen Henson
7134507de0 Make no-rsa, no-dsa and no-dh compile again. 2009-04-23 17:16:40 +00:00
Dr. Stephen Henson
fe41d9853c Make no-ec work 2009-04-23 16:25:00 +00:00
Dr. Stephen Henson
d07692cd96 Make no-gost work properly. 2009-04-23 16:12:09 +00:00
Dr. Stephen Henson
82ae57136b Some no-ec fixes (not complete yet). 2009-04-23 15:24:27 +00:00
Dr. Stephen Henson
30baeaaeab CryptoAPI engine only exists on WIN32. 2009-04-22 17:36:45 +00:00
Dr. Stephen Henson
87a0f4b92e PR: 1902
Add ecdsa/ecdh algorithms to default for speed utility.
2009-04-22 17:31:04 +00:00
Dr. Stephen Henson
1b08bcbfe3 Find openssl utility if on the PATH. 2009-04-22 16:50:42 +00:00
Dr. Stephen Henson
346b1001eb PR: 1903
Submitted by: "Paul Smedley" <pauldespam@despamsmedley.id.au>
Approved by: steve@openssl.org

OS/2 fixes (excludes Makefile.shared patch for now).
2009-04-22 16:21:20 +00:00
Dr. Stephen Henson
b61a84c8e6 Fix WIN32 warnings. 2009-04-22 15:40:54 +00:00
Dr. Stephen Henson
a543ea44bc Fix WIN32 warning. 2009-04-22 12:17:02 +00:00
Dr. Stephen Henson
b0dd3d1b94 Another kerberos fix. 2009-04-21 22:30:54 +00:00
Dr. Stephen Henson
461be68b75 Change version to beta3-dev 2009-04-21 22:27:41 +00:00
Dr. Stephen Henson
21fb688d26 Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Dr. Stephen Henson
d8faad27b7 Fix RFC num. 2009-04-21 15:42:01 +00:00
Dr. Stephen Henson
dab7075946 Update STATUS. 2009-04-21 15:19:15 +00:00
Dr. Stephen Henson
dfc8e96daa Fix warning. 2009-04-21 15:11:59 +00:00
Dr. Stephen Henson
71d3eaf358 make update. 2009-04-21 15:02:20 +00:00
Dr. Stephen Henson
ef6b25be63 Beta 2 preparation. 2009-04-21 14:58:57 +00:00
Dr. Stephen Henson
b452f43322 PR: 1751
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
52891f832f Fix error header files and error files too. 2009-04-19 17:58:01 +00:00
Dr. Stephen Henson
9990cb75c1 PR: 1894
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Fix various typos and stuff.
2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
a5cc69c7ae PR: 1900
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Remove unnecessary included header file.
2009-04-16 16:42:02 +00:00
Dr. Stephen Henson
0b4b8ba64e PR: 1895
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Updates to mkerr.pl script.
2009-04-15 15:16:29 +00:00
Dr. Stephen Henson
268e78c305 PR: 1899
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Check for <= 0 when verifying CRL issuers.
2009-04-15 15:07:09 +00:00
Dr. Stephen Henson
c900a78c99 PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated DTLS Rentransmission bug patch.
2009-04-15 14:49:36 +00:00
Dr. Stephen Henson
46ffb2dc97 PR #1828 reverted: state save/restore incompatible with 1.0.0-stable. 2009-04-14 15:29:34 +00:00
Dr. Stephen Henson
10acacb3bf Fix typo and stop WIN32 warnings. 2009-04-14 15:13:35 +00:00
Dr. Stephen Henson
aab790a656 PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer Bug fix.
2009-04-14 14:33:12 +00:00
Dr. Stephen Henson
1319aad994 PR: 1647
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Update patch for PR#1647.
2009-04-14 14:22:26 +00:00
Dr. Stephen Henson
3c0ce01cea PR: 1827
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated patch for PR #1827
2009-04-14 14:20:57 +00:00
Dr. Stephen Henson
9fcbefebdb PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Update from 0.9.8-stable.
2009-04-14 14:19:46 +00:00
Dr. Stephen Henson
017d2a887f PR: 1838
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated patch from 0.9.8-stable.
2009-04-14 14:18:16 +00:00
Dr. Stephen Henson
0416482605 Make update. 2009-04-13 11:40:00 +00:00
Dr. Stephen Henson
0f17424918 PR: 1786
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Add missing IMPLEMENT.
2009-04-13 11:36:19 +00:00
Dr. Stephen Henson
55ed10db21 PR: 1785
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Properly handle malloc failure.
2009-04-13 11:31:22 +00:00
Dr. Stephen Henson
3877b6bfe9 PR: 1896
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Remove double sk_*_free() definition and add missing definition to mkstack.pl
2009-04-13 11:26:31 +00:00
Dr. Stephen Henson
a0f32454b6 PR: 1898
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Include correct headers in selftest.pl generated code.
2009-04-13 11:22:55 +00:00
Dr. Stephen Henson
6fda4d7e5d PR: 1887
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve@openssl.org

Document/clarify use of some options and include details of GOST algorihthm
usage.
2009-04-10 16:42:28 +00:00
Dr. Stephen Henson
36a252ea46 Typo. 2009-04-10 11:35:31 +00:00
Dr. Stephen Henson
a31a195246 PR: 1887 (part, modified)
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve@openssl.org

Use correct command names in -engine description and fix typo.
2009-04-10 11:25:54 +00:00
Dr. Stephen Henson
5f590d2218 PR: 1887 (part)
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve@openssl.org

Added error codes for ccgost.
2009-04-10 11:07:35 +00:00
Dr. Stephen Henson
791b7bc715 Fix usage messages and lookup digests later in req command.
(part of PR #1887)
2009-04-10 11:00:12 +00:00
Dr. Stephen Henson
19ae090787 Print out registered digest names in dgst utility instead of hard
coding them. Modify EVP_MD_do_all() to include registered digest name.

This is a modified version of part of PR#1887.
2009-04-10 10:30:27 +00:00
Dr. Stephen Henson
db3076621b PR: 1892
Fix memory leak when email:move option used.
2009-04-08 15:58:07 +00:00
Dr. Stephen Henson
9ae5743515 Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client
hello if no SSLv2 cipher suites are included. This effectively disables
the broken SSLv2 use by default.
2009-04-07 17:01:07 +00:00
Dr. Stephen Henson
c184b140df Update from 0.9.8-stable. 2009-04-07 16:30:32 +00:00
Dr. Stephen Henson
9d80aa7e3f Update from 0.9.8-stable 2009-04-07 12:10:59 +00:00
Dr. Stephen Henson
15671a90a9 PR: 1677
Submitted by: Vennemann <rvennemann@cool.ms>
Approved by: steve@openssl.org

Call RSA_new() after ENGINE has been set up.
2009-04-06 21:42:11 +00:00
Dr. Stephen Henson
0048464449 Use basename of objxref.pl not whole path in generated header. 2009-04-06 16:16:23 +00:00
Dr. Stephen Henson
b422166ce0 Updates from HEAD. 2009-04-06 16:02:51 +00:00
Dr. Stephen Henson
81be661ae2 PR: 1626
Submitted by: Cerutti Pietro <pietro.cerutti@bfh.ch>

Fix manual page.
2009-04-06 15:16:41 +00:00
Dr. Stephen Henson
8681c66eec PR: 1890
Submitted by: "Green, Paul" <Paul.Green@stratus.com>
Approved by: steve@openssl.org

Fixes to --with-zlib-include and --with-zlib-lib and init PRNG for VOS.
2009-04-06 14:31:36 +00:00
Dr. Stephen Henson
69a0034e50 PR: 1899
Submitted by: Doug Kaufman <dkaufman@rahul.net>
Approved by: steve@openssl.org

Mingw fixes.
2009-04-06 14:25:02 +00:00
Dr. Stephen Henson
c9a1778134 Fix error codes. 2009-04-05 11:54:34 +00:00
Dr. Stephen Henson
326794e9c6 Change default openssl.cnf to only use issuer+serial option in AKID if no
SKID.
2009-04-04 18:09:43 +00:00
Dr. Stephen Henson
2dd5ca1fbc Make no-ssl2 work including on Win32 builds. 2009-04-04 17:57:34 +00:00
Ben Laurie
3042945ac8 Fix warning. 2009-04-04 13:39:48 +00:00
Dr. Stephen Henson
da29b0d335 Fix for VC++ 6 which chokes on the empty argument. 2009-04-04 11:44:48 +00:00
Dr. Stephen Henson
6abbc68188 PR: 1870
Submitted by: kilroy <kilroy@mail.zutom.sk>
Approved by: steve@openssl.org

Handle pkcs12 format correctly by not assuming PEM format straight away.
2009-04-03 17:06:35 +00:00
Dr. Stephen Henson
25f6c7fd8b Update from 0.9.8-stable. 2009-04-03 16:54:37 +00:00
Dr. Stephen Henson
1cf3571ea4 PR: 1888
Submitted by: Tim Rice <tim@multitalents.net>
Approved by: steve@openssl.org

Allow SOCKLEN_T type to be overridden at config time e.g.
./config -DSOCKLEN_T=int
2009-04-03 16:44:40 +00:00
Dr. Stephen Henson
d769e7a58c PR: 1613
Submitted by: "Jean Rebiffe" <jrebiffe@gmail.com>
Approved by: steve@openssl.org

Free section.
2009-04-03 16:21:01 +00:00
Dr. Stephen Henson
fa3619f233 Update version info, fix typo. 2009-04-03 11:50:59 +00:00
Dr. Stephen Henson
a414cbcad3 Update from 0.9.8-stable. 2009-04-03 11:37:47 +00:00
Dr. Stephen Henson
c6196da587 Update from 0.9.8-stable. 2009-04-02 22:28:52 +00:00
Dr. Stephen Henson
5d48762647 Make PKCS12_parse() handle some PKCS#12 files which have their own ideas
about settings for local key id...
2009-04-02 17:44:50 +00:00
Dr. Stephen Henson
77e749405d Fix demo program. 2009-04-02 17:39:25 +00:00
Dr. Stephen Henson
9ccd4e224f Add USE_SOCKETS. 2009-04-02 15:19:03 +00:00
Dr. Stephen Henson
1dad4f3672 PR: 1882
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Approved by: steve@openssl.org

Typo.
2009-04-02 15:04:01 +00:00
Dr. Stephen Henson
59745556b4 Add another one... 2009-04-01 15:22:00 +00:00
Dr. Stephen Henson
fab4447179 PR: 1880
Document -ocsp_uri command line switch to x509 utility.
2009-04-01 15:06:28 +00:00
Dr. Stephen Henson
417b8d4705 PR:1880
Load config in ts utility.
2009-04-01 14:59:18 +00:00
Dr. Stephen Henson
e614ec4769 Update README. 2009-04-01 08:57:37 +00:00
Dr. Stephen Henson
a6b03f4138 Make update fixing duplicate ASN1 error codes. 2009-04-01 08:55:54 +00:00
Dr. Stephen Henson
809fa4cc59 Update for first beta. 2009-04-01 08:47:28 +00:00
Dr. Stephen Henson
463f448595 Win32 build fixes. 2009-03-31 22:04:25 +00:00
Dr. Stephen Henson
5cd0cf8cce Fix other read call too. 2009-03-31 21:57:26 +00:00
Dr. Stephen Henson
49cb959494 Use OPENSSL_SYS_WIN32 instead of _WIN32 2009-03-31 21:45:29 +00:00
Dr. Stephen Henson
783a73c47f Oops. 2009-03-31 21:39:54 +00:00
Dr. Stephen Henson
99bf516908 Add update from 0.9.8-stable branch. 2009-03-31 21:35:55 +00:00
Dr. Stephen Henson
a26c372cfc Fix shlib version. 2009-03-31 21:21:42 +00:00
Dr. Stephen Henson
ed5ac22e5b Correct version. 2009-03-31 21:19:17 +00:00
cvs2svn
3d11b8f896 This commit was manufactured by cvs2svn to create branch
'OpenSSL_1_0_0-stable'.
2009-03-31 19:54:52 +00:00
414 changed files with 9971 additions and 3814 deletions

243
CHANGES
View File

@@ -2,7 +2,79 @@
OpenSSL CHANGES
_______________
Changes between 0.9.8k and 1.0 [xx XXX xxxx]
Changes between 0.9.8m (?) and 1.0.0 [xx XXX xxxx]
*) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
output hashes compatible with older versions of OpenSSL.
[Willy Weisz <weisz@vcpc.univie.ac.at>]
*) Fix compression algorithm handling: if resuming a session use the
compression algorithm of the resumed session instead of determining
it from client hello again. Don't allow server to change algorithm.
[Steve Henson]
*) Add load_crls() function to apps tidying load_certs() too. Add option
to verify utility to allow additional CRLs to be included.
[Steve Henson]
*) Update OCSP request code to permit adding custom headers to the request:
some responders need this.
[Steve Henson]
*) The function EVP_PKEY_sign() returns <=0 on error: check return code
correctly.
[Julia Lawall <julia@diku.dk>]
*) Update verify callback code in apps/s_cb.c and apps/verify.c, it
needlessly dereferenced structures, used obsolete functions and
didn't handle all updated verify codes correctly.
[Steve Henson]
*) Disable MD2 in the default configuration.
[Steve Henson]
*) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
indicate the initial BIO being pushed or popped. This makes it possible
to determine whether the BIO is the one explicitly called or as a result
of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so
it handles reference counts correctly and doesn't zero out the I/O bio
when it is not being explicitly popped. WARNING: applications which
included workarounds for the old buggy behaviour will need to be modified
or they could free up already freed BIOs.
[Steve Henson]
*) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
renaming to all platforms (within the 0.9.8 branch, this was
done conditionally on Netware platforms to avoid a name clash).
[Guenter <lists@gknw.net>]
*) Add ECDHE and PSK support to DTLS.
[Michael Tuexen <tuexen@fh-muenster.de>]
*) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't
be used on C++.
[Steve Henson]
*) Add "missing" function EVP_MD_flags() (without this the only way to
retrieve a digest flags is by accessing the structure directly. Update
EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
or cipher is registered as in the "from" argument. Print out all
registered digests in the dgst usage message instead of manually
attempting to work them out.
[Steve Henson]
*) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
this allows the use of compression and extensions. Change default cipher
string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
by default unless an application cipher string requests it.
[Steve Henson]
*) Alter match criteria in PKCS12_parse(). It used to try to use local
key ids to find matching certificates and keys but some PKCS#12 files
don't follow the (somewhat unwritten) rules and this strategy fails.
Now just gather all certificates together and the first private key
then look for the first certificate that matches the key.
[Steve Henson]
*) Support use of registered digest and cipher names for dgst and cipher
commands instead of having to add each one as a special case. So now
@@ -763,11 +835,157 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]
*) Handle TLS versions 2.0 and later properly and correctly use the
highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
off ancient servers have a habit of sticking around for a while...
[Steve Henson]
*) Modify compression code so it frees up structures without using the
ex_data callbacks. This works around a problem where some applications
call CRYPTO_free_all_ex_data() before application exit (e.g. when
restarting) then use compression (e.g. SSL with compression) later.
This results in significant per-connection memory leaks and
has caused some security issues including CVE-2008-1678 and
CVE-2009-4355.
[Steve Henson]
*) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
change when encrypting or decrypting.
[Bodo Moeller]
*) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
connect (but not renegotiate) with servers which do not support RI.
Until RI is more widely deployed this option is enabled by default.
[Steve Henson]
*) Add "missing" ssl ctrls to clear options and mode.
[Steve Henson]
*) If client attempts to renegotiate and doesn't support RI respond with
a no_renegotiation alert as required by draft-ietf-tls-renegotiation.
Some renegotiating TLS clients will continue a connection gracefully
when they receive the alert. Unfortunately OpenSSL mishandled
this alert and would hang waiting for a server hello which it will never
receive. Now we treat a received no_renegotiation alert as a fatal
error. This is because applications requesting a renegotiation might well
expect it to succeed and would have no code in place to handle the server
denying it so the only safe thing to do is to terminate the connection.
[Steve Henson]
*) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
peer supports secure renegotiation and 0 otherwise. Print out peer
renegotiation support in s_client/s_server.
[Steve Henson]
*) Replace the highly broken and deprecated SPKAC certification method with
the updated NID creation version. This should correctly handle UTF8.
[Steve Henson]
*) Implement draft-ietf-tls-renegotiation-03. Re-enable
renegotiation but require the extension as needed. Unfortunately,
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a
bad idea. It has been replaced by
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
SSL_CTX_set_options(). This is really not recommended unless you
know what you are doing.
[Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson]
*) Fixes to stateless session resumption handling. Use initial_ctx when
issuing and attempting to decrypt tickets in case it has changed during
servername handling. Use a non-zero length session ID when attempting
stateless session resumption: this makes it possible to determine if
a resumption has occurred immediately after receiving server hello
(several places in OpenSSL subtly assume this) instead of later in
the handshake.
[Steve Henson]
*) The functions ENGINE_ctrl(), OPENSSL_isservice(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
fixes for a few places where the return code is not checked
correctly.
[Julia Lawall <julia@diku.dk>]
*) Add --strict-warnings option to Configure script to include devteam
warnings in other configurations.
[Steve Henson]
*) Add support for --libdir option and LIBDIR variable in makefiles. This
makes it possible to install openssl libraries in locations which
have names other than "lib", for example "/usr/lib64" which some
systems need.
[Steve Henson, based on patch from Jeremy Utley]
*) Don't allow the use of leading 0x80 in OIDs. This is a violation of
X690 8.9.12 and can produce some misleading textual output of OIDs.
[Steve Henson, reported by Dan Kaminsky]
*) Delete MD2 from algorithm tables. This follows the recommendation in
several standards that it is not used in new applications due to
several cryptographic weaknesses. For binary compatibility reasons
the MD2 API is still compiled in by default.
[Steve Henson]
*) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
and restored.
[Steve Henson]
*) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
clash.
[Guenter <lists@gknw.net>]
*) Fix the server certificate chain building code to use X509_verify_cert(),
it used to have an ad-hoc builder which was unable to cope with anything
other than a simple chain.
[David Woodhouse <dwmw2@infradead.org>, Steve Henson]
*) Don't check self signed certificate signatures in X509_verify_cert()
by default (a flag can override this): it just wastes time without
adding any security. As a useful side effect self signed root CAs
with non-FIPS digests are now usable in FIPS mode.
[Steve Henson]
*) In dtls1_process_out_of_seq_message() the check if the current message
is already buffered was missing. For every new message was memory
allocated, allowing an attacker to perform an denial of service attack
with sending out of seq handshake messages until there is no memory
left. Additionally every future messege was buffered, even if the
sequence number made no sense and would be part of another handshake.
So only messages with sequence numbers less than 10 in advance will be
buffered. (CVE-2009-1378)
[Robin Seggelmann, discovered by Daniel Mentz]
*) Records are buffered if they arrive with a future epoch to be
processed after finishing the corresponding handshake. There is
currently no limitation to this buffer allowing an attacker to perform
a DOS attack with sending records with future epochs until there is no
memory left. This patch adds the pqueue_size() function to detemine
the size of a buffer and limits the record buffer to 100 entries.
(CVE-2009-1377)
[Robin Seggelmann, discovered by Daniel Mentz]
*) Keep a copy of frag->msg_header.frag_len so it can be used after the
parent structure is freed. (CVE-2009-1379)
[Daniel Mentz]
*) Handle non-blocking I/O properly in SSL_shutdown() call.
[Darryl Miles <darryl-mailinglists@netbauds.net>]
*) Add 2.5.4.* OIDs
[Ilya O. <vrghost@gmail.com>]
Changes between 0.9.8k and 0.9.8l [5 Nov 2009]
*) Disable renegotiation completely - this fixes a severe security
problem (CVE-2009-3555) at the cost of breaking all
renegotiation. Renegotiation can be re-enabled by setting
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
run-time. This is really not recommended unless you know what
you're doing.
[Ben Laurie]
Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
*) Don't set val to NULL when freeing up structures, it is freed up by
@@ -806,12 +1024,12 @@
*) Support NumericString type for name components.
[Steve Henson]
*) Allow CC in the environment to override the automatically chosen
compiler. Note that nothing is done to ensure flags work with the
chosen compiler.
[Ben Laurie]
Changes between 0.9.8i and 0.9.8j [07 Jan 2009]
*) Properly check EVP_VerifyFinal() and similar return values
@@ -852,6 +1070,10 @@
Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
*) Fix NULL pointer dereference if a DTLS server received
ChangeCipherSpec as first record (CVE-2009-1386).
[PR #1679]
*) Fix a state transitition in s3_srvr.c and d1_srvr.c
(was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
[Nagendra Modadugu]
@@ -2255,19 +2477,6 @@
differing sizes.
[Richard Levitte]
Changes between 0.9.7m and 0.9.7n [xx XXX xxxx]
*) In the SSL/TLS server implementation, be strict about session ID
context matching (which matters if an application uses a single
external cache for different purposes). Previously,
out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
set. This did ensure strict client verification, but meant that,
with applications using a single external cache for quite
different requirements, clients could circumvent ciphersuite
restrictions for a given session ID context by starting a session
in a different context.
[Bodo Moeller]
Changes between 0.9.7l and 0.9.7m [23 Feb 2007]
*) Cleanse PEM buffers before freeing them since they may contain

View File

@@ -148,7 +148,7 @@ eric (about to go bushwalking for the 4 day easter break :-)
This would tend to cause memory overwrites since SSLv3 has
a maximum packet size of 16k. If your program uses
buffers <= 16k, you would probably never see this problem.
- Fixed a new errors that were cause by malloc() not returning
- Fixed a few errors that were cause by malloc() not returning
0 initialised memory..
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing

122
Configure
View File

@@ -104,6 +104,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
# MD2_CHAR slags pentium pros
@@ -131,7 +133,7 @@ my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-
my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void";
my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::::::::void";
my $mips3_asm=":bn-mips3.o::::::::::::void";
my $s390x_asm="s390xcpuid.o:bn-s390x.o s390x-mont.o::aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::void";
my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o::aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::void";
my $armv4_asm=":bn_asm.o armv4-mont.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::void";
my $ppc32_asm="ppccpuid.o:bn-ppc.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::";
my $ppc64_asm="ppccpuid.o:bn-ppc.o ppc-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::";
@@ -161,18 +163,18 @@ my %table=(
# Our development configs
"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG_UNUSED -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::",
"debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -184,6 +186,9 @@ my %table=(
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-x86_64", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"dist", "cc:-O::(unknown)::::::",
# Basic configs that should work on any (32 and less bit) box
@@ -191,8 +196,8 @@ my %table=(
"cc", "cc:-O::(unknown)::::::",
####VOS Configurations
"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
#### Solaris x86 with GNU C setups
# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
@@ -209,11 +214,11 @@ my %table=(
# actually recommend to consider using gcc shared build even with vendor
# compiler:-)
# <appro@fy.chalmers.se>
"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
#### Solaris x86 with Sun C setups
"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
#### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -346,7 +351,7 @@ my %table=(
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
@@ -400,7 +405,8 @@ my %table=(
# QNX
"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# BeOS
"beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
@@ -485,18 +491,19 @@ my %table=(
#
# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o::ml64:win32",
"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
# Unified CE target
"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
# Borland C++ 4.5
"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
# MinGW
"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::MINGW32:-lws2_32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall:::MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
# compiled with one compiler with application compiled with another
# compiler. It's possible to engage Applink support in mingw64 build,
@@ -504,7 +511,7 @@ my %table=(
# handling, one can't seriously consider its binaries for using with
# non-mingw64 run-time environment. And as mingw64 is always consistent
# with itself, Applink is never engaged and can as well be omitted.
"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE:::MINGW64:-lws2_32 -lgdi32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE:::MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
# UWIN
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
@@ -544,7 +551,7 @@ my %table=(
"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
##### A/UX
@@ -569,11 +576,15 @@ my %table=(
##### Compaq Non-Stop Kernel (Tandem)
"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
# uClinux
"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
);
my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
VC-NT VC-CE VC-WIN32
BC-32 OS2-EMX
VC-NT VC-CE VC-WIN32 debug-VC-WIN32
BC-32
netware-clib netware-clib-bsdsock
netware-libc netware-libc-bsdsock);
@@ -609,9 +620,10 @@ my $idx_arflags = $idx++;
my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
my $exe_ext="";
my $install_prefix="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
my $no_threads=0;
my $threads=0;
@@ -654,7 +666,7 @@ my $perl;
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
"gmp" => "default",
"jpake" => "experimental",
"mdc2" => "default",
"md2" => "default",
"rc5" => "default",
"rfc3779" => "default",
"shared" => "default",
@@ -666,8 +678,7 @@ my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -765,6 +776,10 @@ PROCESS_ARGS:
{
exit(&test_sanity());
}
elsif (/^--strict-warnings/)
{
$strict_warnings = 1;
}
elsif (/^reconfigure/ || /^reconf/)
{
if (open(IN,"<$Makefile"))
@@ -810,6 +825,10 @@ PROCESS_ARGS:
{
$prefix=$1;
}
elsif (/^--libdir=(.*)$/)
{
$libdir=$1;
}
elsif (/^--openssldir=(.*)$/)
{
$openssldir=$1;
@@ -918,6 +937,12 @@ if (defined($disabled{"tls1"}))
$disabled{"tlsext"} = "forced";
}
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
|| defined($disabled{"dh"}))
{
$disabled{"gost"} = "forced";
}
if ($target eq "TABLE") {
foreach $target (sort keys %table) {
print_table_entry($target);
@@ -1019,6 +1044,9 @@ $prefix=$openssldir if $prefix eq "";
$default_ranlib= &which("ranlib") or $default_ranlib="true";
$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
or $perl="perl";
my $make = $ENV{'MAKE'} || "make";
$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
chop $openssldir if $openssldir =~ /\/$/;
chop $prefix if $prefix =~ /.\/$/;
@@ -1060,10 +1088,13 @@ my $shared_target = $fields[$idx_shared_target];
my $shared_cflag = $fields[$idx_shared_cflag];
my $shared_ldflag = $fields[$idx_shared_ldflag];
my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $fields[$idx_ranlib];
my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
my $ar = $ENV{'AR'} || "ar";
my $arflags = $fields[$idx_arflags];
my $multilib = $fields[$idx_multilib];
$libdir="lib$multilib" if $libdir eq "";
$cflags = "$cflags$exp_cflags";
# '%' in $lflags is used to split flags to "pre-" and post-flags
@@ -1218,7 +1249,14 @@ if ($zlib)
$cflags = "-DZLIB $cflags";
if (defined($disabled{"zlib-dynamic"}))
{
$lflags = "$lflags -lz";
if (defined($withargs{"zlib-lib"}))
{
$lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
}
else
{
$lflags = "$lflags -lz";
}
}
else
{
@@ -1407,6 +1445,16 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}
if ($strict_warnings)
{
my $wopt;
die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
}
}
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
@@ -1425,6 +1473,7 @@ while (<IN>)
}
$sdirs = 0 unless /\\$/;
s/engines // if (/^DIRS=/ && $disabled{"engine"});
s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
@@ -1436,20 +1485,22 @@ while (<IN>)
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
s/^MULTILIB=.*$/MULTILIB=$multilib/;
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
s/^LIBDIR=.*$/LIBDIR=$libdir/;
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
s/^PLATFORM=.*$/PLATFORM=$target/;
s/^OPTIONS=.*$/OPTIONS=$options/;
s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
if ($cross_compile_prefix)
{
s/^CC=.*$/CROSS_COMPILE_PREFIX= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE_PREFIX\)$cc/;
s/^AR=\s*/AR= \$\(CROSS_COMPILE_PREFIX\)/;
s/^NM=\s*/NM= \$\(CROSS_COMPILE_PREFIX\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE_PREFIX\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE_PREFIX\)$cc/ if $cc eq "gcc";
s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
}
@@ -1622,10 +1673,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
# $foo is to become "$prefix/lib$multilib/engines";
# as Makefile.org and engines/Makefile are adapted for
# $multilib suffix.
my $foo = "$prefix/lib/engines";
my $foo = "$prefix/$libdir/engines";
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
@@ -1733,7 +1781,7 @@ if($IsMK1MF) {
EOF
close(OUT);
} else {
my $make_command = "make PERL=\'$perl\'";
my $make_command = "$make PERL=\'$perl\'";
my $make_targets = "";
$make_targets .= " links" if $symlink;
$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
@@ -1970,23 +2018,23 @@ sub test_sanity
{
@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
if ($fields[$idx_dso_scheme-1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
{
$errorcnt++;
print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
print STDERR " in the previous field\n";
}
elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
elsif ($fields[$idx_dso_scheme+1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
{
$errorcnt++;
print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
print STDERR " in the following field\n";
}
elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
elsif ($fields[$idx_dso_scheme] !~ /^(beos|dl|dlfcn|win32|vms|)$/)
{
$errorcnt++;
print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
print STDERR " valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
print STDERR " valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n";
}
}
print STDERR "No sanity errors detected!\n" if $errorcnt == 0;

21
FAQ
View File

@@ -70,6 +70,7 @@ OpenSSL - Frequently Asked Questions
* I think I've detected a memory leak, is this a bug?
* Why does Valgrind complain about the use of uninitialized data?
* Why doesn't a memory BIO work when a file does?
* Where are the declarations and implementations of d2i_X509() etc?
===============================================================================
@@ -94,14 +95,17 @@ explains how to install this library.
OpenSSL includes a command line utility that can be used to perform a
variety of cryptographic functions. It is described in the openssl(1)
manpage. Documentation for developers is currently being written. A
few manual pages already are available; overviews over libcrypto and
manpage. Documentation for developers is currently being written. Many
manual pages are available; overviews over libcrypto and
libssl are given in the crypto(3) and ssl(3) manpages.
The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
different directory if you specified one as described in INSTALL).
In addition, you can read the most current versions at
<URL: http://www.openssl.org/docs/>.
<URL: http://www.openssl.org/docs/>. Note that the online documents refer
to the very latest development versions of OpenSSL and may include features
not present in released versions. If in doubt refer to the documentation
that came with the version of OpenSSL you are using.
For information on parts of libcrypto that are not yet documented, you
might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
@@ -964,4 +968,15 @@ is needed. This must be done by calling:
See the manual pages for more details.
* Where are the declarations and implementations of d2i_X509() etc?
These are defined and implemented by macros of the form:
DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
The implementation passes an ASN1 "template" defining the structure into an
ASN1 interpreter using generalised functions such as ASN1_item_d2i().
===============================================================================

View File

@@ -103,6 +103,12 @@
define preprocessor symbols, specify additional libraries,
library directories or other compiler options.
-DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
BSD. Useful if you are running ocf-linux or something
similar. Once enabled you can also enable the use of
cryptodev digests, which is usually slower unless you have
large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force
it.
Installation in Detail
----------------------

View File

@@ -27,7 +27,7 @@
- Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/
is required if you intend to utilize assembler modules. Note that NASM
is the only supported assembler.
is now the only supported assembler.
If you are compiling from a tarball or a CVS snapshot then the Win32 files
may well be not up to date. This may mean that some "tweaking" is required to
@@ -41,9 +41,9 @@
C++, then you will need already mentioned Netwide Assembler binary,
nasmw.exe or nasm.exe, to be available on your %PATH%.
Firstly you should run Configure:
Firstly you should run Configure with platform VC-WIN32:
> perl Configure VC-WIN32 --prefix=c:/some/openssl/dir
> perl Configure VC-WIN32 --prefix=c:\some\openssl\dir
Where the prefix argument specifies where OpenSSL will be installed to.
@@ -56,6 +56,7 @@
- If you don't want to use the assembly language files at all then run:
> perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir
> ms\do_ms
If you get errors about things not having numbers assigned then check the
@@ -80,16 +81,13 @@
There are various changes you can make to the Win32 compile
environment. By default the library is not compiled with debugging
symbols. If you add 'debug' to the mk1mf.pl lines in the do_* batch
file then debugging symbols will be compiled in. Note that mk1mf.pl
expects the platform to be the last argument on the command line, so
'debug' must appear before that, as all other options.
symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32
then debugging symbols will be compiled in.
By default in 0.9.8 OpenSSL will compile builtin ENGINES into the
libeay32.dll shared library. If you specify the "no-static-engine"
By default in 1.0.0 OpenSSL will compile builtin ENGINES into the
separate shared librariesy. If you specify the "enable-static-engine"
option on the command line to Configure the shared library build
(ms\ntdll.mak) will compile the engines as separate DLLs.
(ms\ntdll.mak) will compile the engines into libeay32.dll instead.
The default Win32 environment is to leave out any Windows NT specific
features.
@@ -102,7 +100,6 @@
ms\nt.mak
Borland C++ builder 5
---------------------

View File

@@ -71,6 +71,7 @@ PERL= perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
@@ -109,6 +110,7 @@ ZLIB_INCLUDE=
LIBZLIB=
DIRS= crypto ssl engines apps test tools
ENGDIRS= ccgost
SHLIBDIRS= crypto ssl
# dirs in crypto to build
@@ -178,16 +180,18 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
CROSS_COMPILE_PREFIX='$(CROSS_COMPILE_PREFIX)' \
PERL='$(PERL)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/lib' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
@@ -297,7 +301,7 @@ build-shared: do_$(SHLIB_TARGET) link-shared
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
if [ "$(SHLIBDIRS)" = "ssl" -a -n "$(LIBKRB5)" ]; then \
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
@@ -311,7 +315,7 @@ do_$(SHLIB_TARGET):
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
@@ -324,7 +328,7 @@ libcrypto.pc: Makefile
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
@@ -337,7 +341,7 @@ libssl.pc: Makefile
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
@@ -390,7 +394,7 @@ dclean:
rehash: rehash.time
rehash.time: certs apps
@if [ -z "$(CROSS_COMPILE_PREFIX)" ]; then \
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
@@ -403,8 +407,8 @@ test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on tests );
util/opensslwrap.sh version -a
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
@@ -492,9 +496,9 @@ install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
@@ -509,10 +513,10 @@ install_sw:
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
fi; \
done;
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
@@ -522,17 +526,17 @@ install_sw:
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
@@ -547,7 +551,7 @@ install_sw:
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
@@ -556,12 +560,12 @@ install_sw:
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
install_html_docs:
here="`pwd`"; \
@@ -579,7 +583,7 @@ install_html_docs:
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
while read n; do \
$$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
done); \
done; \
done
@@ -610,7 +614,7 @@ install_docs:
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
@@ -627,7 +631,7 @@ install_docs:
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done

View File

@@ -238,7 +238,7 @@ link_a.darwin:
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/lib/$$SHLIB$(SHLIB_EXT)"; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
$(LINK_SO_A)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
@@ -281,7 +281,7 @@ link_a.cygwin:
fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
$(PERL) util/mkrc.pl $$dll_name | \
$(CROSS_COMPILE_PREFIX)windres -o rc.o; \
$(CROSS_COMPILE)windres -o rc.o; \
extras="$$extras rc.o"; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \

7
NEWS
View File

@@ -5,13 +5,13 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.8k and OpenSSL 1.0:
Major changes between OpenSSL 0.9.8l and OpenSSL 1.0:
o Support for draft-ietf-tls-renegotiation-03.txt
o RFC3280 path validation: sufficient to process PKITS tests.
o Integrated support for PVK files and keyblobs.
o Change default private key format to PKCS#8.
o CMS support: able to process all examples in RFCXXXX
o CMS support: able to process all examples in RFC4134
o Streaming ASN1 encode support for PKCS#7 and CMS.
o Multiple signer and signer add support for PKCS#7 and CMS.
o ASN1 printing support.
@@ -27,6 +27,7 @@
o ecdsa-with-SHA224/256/384/512 signature types.
o dsa-with-SHA224 and dsa-with-SHA256 signature types.
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:

27
README
View File

@@ -1,7 +1,7 @@
OpenSSL 1.0.0-dev XX xxx XXXX
OpenSSL 1.0.0-beta5 20 Jan 2010
Copyright (c) 1998-2008 The OpenSSL Project
Copyright (c) 1998-2009 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@@ -112,8 +112,6 @@
should be contacted if that algorithm is to be used; their web page is
http://www.ascom.ch/.
The MDC2 algorithm is patented by IBM.
NTT and Mitsubishi have patents and pending patents on the Camellia
algorithm, but allow use at no charge without requiring an explicit
licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
@@ -139,6 +137,9 @@
SUPPORT
-------
See the OpenSSL website www.openssl.org for details of how to obtain
commercial technical support.
If you have any problems with OpenSSL then please take the following steps
first:
@@ -165,6 +166,10 @@
openssl-bugs@openssl.org
Note that the request tracker should NOT be used for general assistance
or support queries. Just because something doesn't work the way you expect
does not mean it is necessarily a bug in OpenSSL.
Note that mail to openssl-bugs@openssl.org is recorded in the publicly
readable request tracker database and is forwarded to a public
mailing list. Confidential mail may be sent to openssl-security@openssl.org
@@ -175,10 +180,22 @@
Development is coordinated on the openssl-dev mailing list (see
http://www.openssl.org for information on subscribing). If you
would like to submit a patch, send it to openssl-dev@openssl.org with
would like to submit a patch, send it to openssl-bugs@openssl.org with
the string "[PATCH]" in the subject. Please be sure to include a
textual explanation of what your patch does.
If you are unsure as to whether a feature will be useful for the general
OpenSSL community please discuss it on the openssl-dev mailing list first.
Someone may be already working on the same thing or there may be a good
reason as to why that feature isn't implemented.
Patches should be as up to date as possible, preferably relative to the
current CVS or the last snapshot. They should follow the coding style of
OpenSSL and compile without warnings. Some of the core team developer targets
can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
compiles on many varied platforms: try to ensure you only use portable
features.
Note: For legal reasons, contributions from the US can be accepted only
if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
(formerly BXA) with a copy to the ENC Encryption Request Coordinator;

12
STATUS
View File

@@ -1,10 +1,18 @@
OpenSSL STATUS Last modified at
______________ $Date: 2009/03/30 11:33:03 $
______________ $Date: 2010/01/20 15:00:48 $
DEVELOPMENT STATE
o OpenSSL 1.0: Under development...
o OpenSSL 1.0.0-beta5: Released on January 20th, 2010
o OpenSSL 1.0.0-beta4: Released on November 10th, 2009
o OpenSSL 1.0.0-beta3: Released on July 15th, 2009
o OpenSSL 1.0.0-beta2: Released on April 21st, 2009
o OpenSSL 1.0.0-beta1: Released on April 1st, 2009
o OpenSSL 0.9.8l: Released on November 5th, 2009
o OpenSSL 0.9.8k: Released on March 25th, 2009
o OpenSSL 0.9.8j: Released on January 7th, 2009
o OpenSSL 0.9.8i: Released on September 15th, 2008
o OpenSSL 0.9.8h: Released on May 28th, 2008
o OpenSSL 0.9.8g: Released on October 19th, 2007
o OpenSSL 0.9.8f: Released on October 11th, 2007

313
TABLE
View File

@@ -496,6 +496,68 @@ $ranlib =
$arflags =
$multilib =
*** QNX6
$cc = gcc
$cflags = -DTERMIOS
$unistd =
$thread_cflag =
$sys_id =
$lflags = -lsocket
$bn_ops =
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$perlasm_scheme = void
$dso_scheme = dlfcn
$shared_target= bsd-gcc-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** QNX6-i386
$cc = gcc
$cflags = -DL_ENDIAN -DTERMIOS -O2 -Wall
$unistd =
$thread_cflag =
$sys_id =
$lflags = -lsocket
$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
$cpuid_obj = x86cpuid.o
$bn_obj = bn-586.o co-586.o x86-mont.o
$des_obj = des-586.o crypt586.o
$aes_obj = aes-586.o
$bf_obj = bf-586.o
$md5_obj = md5-586.o
$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
$cast_obj = cast-586.o
$rc4_obj = rc4-586.o
$rmd160_obj = rmd-586.o
$rc5_obj = rc5-586.o
$wp_obj = wp_block.o wp-mmx.o
$cmll_obj = cmll-x86.o
$perlasm_scheme = elf
$dso_scheme = dlfcn
$shared_target= bsd-gcc-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** ReliantUNIX
$cc = cc
$cflags = -KPIC -g -DTERMIOS -DB_ENDIAN
@@ -702,8 +764,8 @@ $rc4_obj = rc4-x86_64.o
$rmd160_obj =
$rc5_obj =
$wp_obj = wp-x86_64.o
$cmll_obj =
$perlasm_scheme = ml64
$cmll_obj = cmll-x86_64.o cmll_misc.o
$perlasm_scheme = auto
$dso_scheme = win32
$shared_target=
$shared_cflag =
@@ -1216,7 +1278,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id = MACOSX
$lflags = -Wl,-search_paths_first%
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@@ -1333,9 +1395,40 @@ $ranlib =
$arflags =
$multilib =
*** debug-VC-WIN32
$cc = cl
$cflags = -W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE
$unistd =
$thread_cflag =
$sys_id = WIN32
$lflags =
$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT
$cpuid_obj = x86cpuid.o
$bn_obj = bn-586.o co-586.o x86-mont.o
$des_obj = des-586.o crypt586.o
$aes_obj = aes-586.o
$bf_obj = bf-586.o
$md5_obj = md5-586.o
$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
$cast_obj = cast-586.o
$rc4_obj = rc4-586.o
$rmd160_obj = rmd-586.o
$rc5_obj = rc5-586.o
$wp_obj = wp_block.o wp-mmx.o
$cmll_obj = cmll-x86.o
$perlasm_scheme = win32n
$dso_scheme = win32
$shared_target=
$shared_cflag =
$shared_ldflag =
$shared_extension =
$ranlib =
$arflags =
$multilib =
*** debug-ben
$cc = gcc
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG_UNUSED -O2 -pedantic -Wall -Wshadow -Werror -pipe
$unistd =
$thread_cflag = (unknown)
$sys_id =
@@ -1365,8 +1458,8 @@ $arflags =
$multilib =
*** debug-ben-debug
$cc = gcc
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
$cc = gcc44
$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe
$unistd =
$thread_cflag = (unknown)
$sys_id =
@@ -1860,6 +1953,68 @@ $ranlib =
$arflags =
$multilib =
*** debug-linux-generic32
$cc = gcc
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$perlasm_scheme = void
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** debug-linux-generic64
$cc = gcc
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$perlasm_scheme = void
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** debug-linux-ia32-aes
$cc = gcc
$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
@@ -1953,6 +2108,37 @@ $ranlib =
$arflags =
$multilib =
*** debug-linux-x86_64
$cc = gcc
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
$aes_obj = aes-x86_64.o
$bf_obj =
$md5_obj = md5-x86_64.o
$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
$cast_obj =
$rc4_obj = rc4-x86_64.o
$rmd160_obj =
$rc5_obj =
$wp_obj = wp-x86_64.o
$cmll_obj = cmll-x86_64.o cmll_misc.o
$perlasm_scheme = elf
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag = -m64
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib = 64
*** debug-rse
$cc = cc
$cflags = -DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall
@@ -2115,7 +2301,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@@ -2177,7 +2363,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@@ -2234,7 +2420,7 @@ $multilib =
*** debug-vos-gcc
$cc = gcc
$cflags = -O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG
$cflags = -O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG
$unistd =
$thread_cflag = (unknown)
$sys_id = VOS
@@ -3542,7 +3728,7 @@ $thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = s390xcpuid.o
$cpuid_obj = s390xcap.o s390xcpuid.o
$bn_obj = bn-s390x.o s390x-mont.o
$des_obj =
$aes_obj = aes-s390x.o
@@ -3634,7 +3820,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@@ -3691,11 +3877,11 @@ $multilib = 64
*** mingw
$cc = gcc
$cflags = -mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall
$cflags = -mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall
$unistd =
$thread_cflag =
$sys_id = MINGW32
$lflags = -lws2_32 -lgdi32
$lflags = -lws2_32 -lgdi32 -lcrypt32
$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT EXPORT_VAR_AS_FN
$cpuid_obj = x86cpuid.o
$bn_obj = bn-586.o co-586.o x86-mont.o
@@ -3726,7 +3912,7 @@ $cflags = -mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE
$unistd =
$thread_cflag =
$sys_id = MINGW64
$lflags = -lws2_32 -lgdi32
$lflags = -lws2_32 -lgdi32 -lcrypt32
$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
@@ -4247,37 +4433,6 @@ $ranlib =
$arflags =
$multilib =
*** qnx6
$cc = cc
$cflags = -DL_ENDIAN -DTERMIOS
$unistd =
$thread_cflag = (unknown)
$sys_id =
$lflags = -lsocket
$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$perlasm_scheme =
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_ldflag =
$shared_extension =
$ranlib =
$arflags =
$multilib =
*** rhapsody-ppc-cc
$cc = cc
$cflags = -O3 -DB_ENDIAN
@@ -4688,7 +4843,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -lsocket -lnsl -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@@ -4719,7 +4874,7 @@ $unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -lsocket -lnsl -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86_64cpuid.o
$bn_obj = x86_64-gcc.o x86_64-mont.o
$des_obj =
@@ -4836,6 +4991,68 @@ $ranlib =
$arflags =
$multilib =
*** uClinux-dist
$cc =
$cflags = $(CFLAGS)
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = $(LDFLAGS) $(LDLIBS)
$bn_ops = BN_LLONG
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$perlasm_scheme =
$dso_scheme =
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag = -shared
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** uClinux-dist64
$cc =
$cflags = $(CFLAGS)
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = $(LDFLAGS) $(LDLIBS)
$bn_ops = SIXTY_FOUR_BIT_LONG
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$perlasm_scheme =
$dso_scheme =
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag = -shared
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** ultrix-cc
$cc = cc
$cflags = -std1 -O -Olimit 2500 -DL_ENDIAN
@@ -5024,7 +5241,7 @@ $multilib =
*** vos-gcc
$cc = gcc
$cflags = -O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN
$cflags = -O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN
$unistd =
$thread_cflag = (unknown)
$sys_id = VOS

View File

@@ -12,6 +12,14 @@ $ WRITE SYS$OUTPUT "Should be the directory where you want things installed.
$ EXIT
$ ENDIF
$
$ IF (F$GETSYI("CPU").LT.128)
$ THEN
$ ARCH := VAX
$ ELSE
$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
$ ENDIF
$
$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
@@ -19,13 +27,7 @@ $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
$ ROOT = ROOT_DEV + "[" + ROOT_DIR
$
$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
$ DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
$ DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
$ DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
$ DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
$ DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
$ DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
$
$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLROOT:[000000]
@@ -39,7 +41,7 @@ $ IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
$
$ OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
$ WRITE SYS$OUTPUT "%OPEN-I-CREATED, ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
$ WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
$ WRITE SF "$! Startup file for Openssl"
$ WRITE SF "$!"
$ WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
$ WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
@@ -47,8 +49,13 @@ $ WRITE SF "$!"
$ WRITE SF "$! P1 a qualifier to DEFINE. For example ""/SYSTEM"" to get the logical names"
$ WRITE SF "$! defined in the system logical name table."
$ WRITE SF "$!"
$ WRITE SF "$ ARCH = ""VAX"""
$ WRITE SF "$ IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
$ WRITE SF "$ IF (F$GETSYI(""CPU"").LT.128)"
$ WRITE SF "$ THEN"
$ WRITE SF "$ ARCH := VAX"
$ WRITE SF "$ ELSE"
$ WRITE SF "$ ARCH = F$EDIT( F$GETSYI( ""ARCH_NAME""), ""UPCASE"")"
$ WRITE SF "$ IF (ARCH .EQS. """") THEN ARCH = ""UNK"""
$ WRITE SF "$ ENDIF"
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLROOT ",ROOT,".] /TRANS=CONC"
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLLIB SSLROOT:['ARCH'_LIB]"
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLINCLUDE SSLROOT:[INCLUDE]"

View File

@@ -3,10 +3,10 @@ $!
$! No command line parameters. This should be run at the start of the source
$! tree (the same directory where one finds INSTALL.VMS).
$!
$! Input: [.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB
$! [.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB
$! Output: [.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
$! [.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
$! Input: [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB
$! [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]LIBSSL.OLB
$! Output: [.xxx.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
$! [.xxx.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
$!
$! So far, tests have only been made on VMS for Alpha. VAX will come in time.
$! ===========================================================================
@@ -19,31 +19,41 @@ $ write sys$error "ERROR: Couldn't find any library version info..."
$ exit
$ endif
$
$ if f$getsyi("CPU") .ge. 128
$ if (f$getsyi("cpu").lt.128)
$ then
$ arch := VAX
$ else
$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if (arch .eqs. "") then arch = "UNK"
$ endif
$
$ if arch .nes. "VAX"
$ then
$ arch_vax = 0
$ libid = "Crypto"
$ libnum = "[.UTIL]LIBEAY.NUM"
$ libdir = "[.AXP.EXE.CRYPTO]"
$ libdir = "[.''ARCH'.EXE.CRYPTO]"
$ libolb = "''libdir'LIBCRYPTO.OLB"
$ libopt = "''libdir'LIBCRYPTO.OPT"
$ libmap = "''libdir'LIBCRYPTO.MAP"
$ libgoal= "''libdir'LIBCRYPTO.EXE"
$ libref = ""
$ gosub create_axp_shr
$ gosub create_nonvax_shr
$ libid = "SSL"
$ libnum = "[.UTIL]SSLEAY.NUM"
$ libdir = "[.AXP.EXE.SSL]"
$ libdir = "[.''ARCH'.EXE.SSL]"
$ libolb = "''libdir'LIBSSL.OLB"
$ libopt = "''libdir'LIBSSL.OPT"
$ libmap = "''libdir'LIBSSL.MAP"
$ libgoal= "''libdir'LIBSSL.EXE"
$ libref = "[.AXP.EXE.CRYPTO]LIBCRYPTO.EXE"
$ gosub create_axp_shr
$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
$ gosub create_nonvax_shr
$ else
$ arch_vax = 1
$ libtit = "CRYPTO_TRANSFER_VECTOR"
$ libid = "Crypto"
$ libnum = "[.UTIL]LIBEAY.NUM"
$ libdir = "[.VAX.EXE.CRYPTO]"
$ libdir = "[.''ARCH'.EXE.CRYPTO]"
$ libmar = "''libdir'LIBCRYPTO.MAR"
$ libolb = "''libdir'LIBCRYPTO.OLB"
$ libopt = "''libdir'LIBCRYPTO.OPT"
@@ -56,22 +66,22 @@ $ gosub create_vax_shr
$ libtit = "SSL_TRANSFER_VECTOR"
$ libid = "SSL"
$ libnum = "[.UTIL]SSLEAY.NUM"
$ libdir = "[.VAX.EXE.SSL]"
$ libdir = "[.''ARCH'.EXE.SSL]"
$ libmar = "''libdir'LIBSSL.MAR"
$ libolb = "''libdir'LIBSSL.OLB"
$ libopt = "''libdir'LIBSSL.OPT"
$ libobj = "''libdir'LIBSSL.OBJ"
$ libmap = "''libdir'LIBSSL.MAP"
$ libgoal= "''libdir'LIBSSL.EXE"
$ libref = "[.VAX.EXE.CRYPTO]LIBCRYPTO.EXE"
$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
$ libvec = "LIBSSL"
$ gosub create_vax_shr
$ endif
$ exit
$
$! ----- Soubroutines to actually build the shareable libraries
$! The way things work, there's a main shareable library creator for each
$! supported architecture, which is called from the main code above.
$! ----- Soubroutines to build the shareable libraries
$! For each supported architecture, there's a main shareable library
$! creator, which is called from the main code above.
$! The creator will define a number of variables to tell the next levels of
$! subroutines what routines to use to write to the option files, call the
$! main processor, read_func_num, and when that is done, it will write version
@@ -97,10 +107,10 @@ $! read_func_num depends on the following variables from the creator:
$! libwriter The name of the writer routine to call for each .num file line
$! -----
$
$! ----- Subroutines for AXP
$! ----- Subroutines for non-VAX
$! -----
$! The creator routine
$ create_axp_shr:
$ create_nonvax_shr:
$ open/write opt 'libopt'
$ write opt "identification=""",libid," ",libverstr,""""
$ write opt libolb,"/lib"
@@ -108,7 +118,7 @@ $ if libref .nes. "" then write opt libref,"/SHARE"
$ write opt "SYMBOL_VECTOR=(-"
$ libfirstentry := true
$ libwrch := opt
$ libwriter := write_axp_transfer_entry
$ libwriter := write_nonvax_transfer_entry
$ textcount = 0
$ gosub read_func_num
$ write opt ")"
@@ -118,7 +128,7 @@ $ link/map='libmap'/full/share='libgoal' 'libopt'/option
$ return
$
$! The record writer routine
$ write_axp_transfer_entry:
$ write_nonvax_transfer_entry:
$ if libentry .eqs. ".dummy" then return
$ if info_kind .eqs. "VARIABLE"
$ then
@@ -144,7 +154,7 @@ $ libfirstentry := false
$ textcount = textcount + textcount_this
$ return
$
$! ----- Subroutines for AXP
$! ----- Subroutines for VAX
$! -----
$! The creator routine
$ create_vax_shr:
@@ -264,8 +274,15 @@ $ truesum = truesum + 1
$ if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
$ falsesum = falsesum + 1
$ endif
$ if plat_entry .eqs. "VMS" then truesum = truesum + 1
$ if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1
$!
$ if ((plat_entry .eqs. "VMS") .or. -
(arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then -
truesum = truesum + 1
$!
$ if ((plat_entry .eqs. "!VMS") .or. -
(arch_vax .and. (plat_entry .eqs. "!VMSVAX"))) then -
falsesum = falsesum + 1
$!
$ goto loop1
$ endif
$ endloop1:

View File

@@ -8,31 +8,39 @@ $!
$!
$! Slightly modified by Richard Levitte <richard@levitte.org>
$!
$!
$! Always define OPENSSL. Others are optional (non-null P1).
$!
$ OPENSSL :== $SSLEXE:OPENSSL
$ VERIFY :== $SSLEXE:OPENSSL VERIFY
$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
$ REQ :== $SSLEXE:OPENSSL REQ
$ DGST :== $SSLEXE:OPENSSL DGST
$ DH :== $SSLEXE:OPENSSL DH
$ ENC :== $SSLEXE:OPENSSL ENC
$ GENDH :== $SSLEXE:OPENSSL GENDH
$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR
$ CA :== $SSLEXE:OPENSSL CA
$ CRL :== $SSLEXE:OPENSSL CRL
$ RSA :== $SSLEXE:OPENSSL RSA
$ DSA :== $SSLEXE:OPENSSL DSA
$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
$ X509 :== $SSLEXE:OPENSSL X509
$ GENRSA :== $SSLEXE:OPENSSL GENRSA
$ GENDSA :== $SSLEXE:OPENSSL GENDSA
$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
$ SPEED :== $SSLEXE:OPENSSL SPEED
$ S_TIME :== $SSLEXE:OPENSSL S_TIME
$ VERSION :== $SSLEXE:OPENSSL VERSION
$ PKCS7 :== $SSLEXE:OPENSSL PKCS7
$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID
$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS
$ NSEQ :== $SSLEXE:OPENSSL NSEQ
$ PKCS12 :== $SSLEXE:OPENSSL PKCS12
$
$ IF (P1 .NES. "")
$ THEN
$ VERIFY :== $SSLEXE:OPENSSL VERIFY
$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
$! REQ could conflict with REQUEST.
$ OREQ :== $SSLEXE:OPENSSL REQ
$ DGST :== $SSLEXE:OPENSSL DGST
$ DH :== $SSLEXE:OPENSSL DH
$ ENC :== $SSLEXE:OPENSSL ENC
$ GENDH :== $SSLEXE:OPENSSL GENDH
$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR
$ CA :== $SSLEXE:OPENSSL CA
$ CRL :== $SSLEXE:OPENSSL CRL
$ RSA :== $SSLEXE:OPENSSL RSA
$ DSA :== $SSLEXE:OPENSSL DSA
$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
$ X509 :== $SSLEXE:OPENSSL X509
$ GENRSA :== $SSLEXE:OPENSSL GENRSA
$ GENDSA :== $SSLEXE:OPENSSL GENDSA
$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
$ SPEED :== $SSLEXE:OPENSSL SPEED
$ S_TIME :== $SSLEXE:OPENSSL S_TIME
$ VERSION :== $SSLEXE:OPENSSL VERSION
$ PKCS7 :== $SSLEXE:OPENSSL PKCS7
$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID
$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS
$ NSEQ :== $SSLEXE:OPENSSL NSEQ
$ PKCS12 :== $SSLEXE:OPENSSL PKCS12
$ ENDIF

View File

@@ -5,10 +5,10 @@
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq ... will generate a certificate request
# CA -sign ... will sign the generated request and output
# CA -newreq ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
@@ -16,8 +16,8 @@
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
@@ -29,52 +29,87 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
cp_pem() {
infile=$1
outfile=$2
bound=$3
flag=0
exec <$infile;
while read line; do
if [ $flag -eq 1 ]; then
echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ] ; then
echo $line >>$outfile
break
else
echo $line >>$outfile
fi
fi
echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ]; then
echo $line >$outfile
flag=1
fi
done
}
usage() {
echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2
}
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
DAYS="-days 365" # 1 year
if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year
CADAYS="-days 1095" # 3 years
REQ="$OPENSSL req $SSLEAY_CONFIG"
CA="$OPENSSL ca $SSLEAY_CONFIG"
VERIFY="$OPENSSL verify"
X509="$OPENSSL x509"
PKCS12="openssl pkcs12"
CATOP=./demoCA
if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
CAKEY=./cakey.pem
CAREQ=./careq.pem
CACERT=./cacert.pem
for i
do
case $i in
RET=0
while [ "$1" != "" ] ; do
case $1 in
-\?|-h|-help)
echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
usage
exit 0
;;
-newcert)
-newcert)
# create a certificate
$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
RET=$?
echo "Certificate is in newcert.pem, private key is in newkey.pem"
;;
-newreq)
-newreq)
# create a certificate request
$REQ -new -keyout newkey.pem -out newreq.pem $DAYS
RET=$?
echo "Request is in newreq.pem, private key is in newkey.pem"
;;
-newca)
-newreq-nodes)
# create a certificate request
$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
RET=$?
echo "Request (and private key) is in newreq.pem"
;;
-newca)
# if explicitly asked for or it doesn't exist then setup the directory
# structure that Eric likes to manage things
# structure that Eric likes to manage things
NEW="1"
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
# create the directory hierarchy
mkdir ${CATOP}
mkdir ${CATOP}/certs
mkdir ${CATOP}/crl
mkdir ${CATOP}/newcerts
mkdir ${CATOP}/private
echo "00" > ${CATOP}/serial
mkdir -p ${CATOP}
mkdir -p ${CATOP}/certs
mkdir -p ${CATOP}/crl
mkdir -p ${CATOP}/newcerts
mkdir -p ${CATOP}/private
touch ${CATOP}/index.txt
fi
if [ ! -f ${CATOP}/private/$CAKEY ]; then
@@ -83,37 +118,60 @@ case $i in
# ask user for existing CA certificate
if [ "$FILE" ]; then
cp $FILE ${CATOP}/private/$CAKEY
cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE
cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE
RET=$?
if [ ! -f "${CATOP}/serial" ]; then
$X509 -in ${CATOP}/$CACERT -noout -next_serial \
-out ${CATOP}/serial
fi
else
echo "Making CA certificate ..."
$REQ -new -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CAREQ
$CA -out ${CATOP}/$CACERT $CADAYS -batch \
$CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
-infiles ${CATOP}/$CAREQ
-extensions v3_ca \
-infiles ${CATOP}/$CAREQ
RET=$?
fi
fi
;;
-xsign)
$CA -policy policy_anything -infiles newreq.pem
$CA -policy policy_anything -infiles newreq.pem
RET=$?
;;
-sign|-signreq)
-pkcs12)
if [ -z "$2" ] ; then
CNAME="My Certificate"
else
CNAME="$2"
fi
$PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \
-out newcert.p12 -export -name "$CNAME"
RET=$?
exit $RET
;;
-sign|-signreq)
$CA -policy policy_anything -out newcert.pem -infiles newreq.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-signcert)
-signCA)
$CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
RET=$?
echo "Signed CA certificate is in newcert.pem"
;;
-signcert)
echo "Cert passphrase will be requested twice - bug?"
$X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
$CA -policy policy_anything -out newcert.pem -infiles tmp.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-verify)
-verify)
shift
if [ -z "$1" ]; then
$VERIFY -CAfile $CATOP/$CACERT newcert.pem
@@ -127,13 +185,14 @@ case $i in
fi
done
fi
exit 0
exit $RET
;;
*)
echo "Unknown arg $i";
echo "Unknown arg $i" >&2
usage
exit 1
;;
esac
shift
done
exit $RET

View File

@@ -789,14 +789,14 @@ s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_cb.o: s_apps.h s_cb.c
s_cb.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c
s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -843,26 +843,27 @@ s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_server.o: s_apps.h s_server.c timeouts.h
s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
s_socket.o: ../include/openssl/evp.h ../include/openssl/hmac.h
s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c
s_socket.o: ../e_os.h ../e_os2.h ../include/openssl/asn1.h
s_socket.o: ../include/openssl/bio.h ../include/openssl/buffer.h
s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_socket.o: s_apps.h s_socket.c
s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -932,8 +933,8 @@ speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
speed.o: ../include/openssl/err.h ../include/openssl/evp.h
speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
speed.o: ../include/openssl/lhash.h ../include/openssl/md4.h
speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
@@ -1005,17 +1006,16 @@ version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
version.o: ../include/openssl/evp.h ../include/openssl/idea.h
version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h
version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
version.o: version.c
version.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
version.o: ../include/openssl/sha.h ../include/openssl/stack.h
version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
version.o: ../include/openssl/x509v3.h apps.h version.c
x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h

View File

@@ -109,14 +109,16 @@
*
*/
#ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get
the declaration of fileno(). The value
2 is to make sure no function defined
in POSIX-2 is left undefined. */
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifndef OPENSSL_SYSNAME_WIN32
#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
#include <strings.h>
#endif
#include <sys/types.h>
@@ -259,13 +261,6 @@ int str2fmt(char *s)
return(FORMAT_ASN1);
else if ((*s == 'T') || (*s == 't'))
return(FORMAT_TEXT);
else if ((*s == 'P') || (*s == 'p'))
{
if (s[1] == 'V' || s[1] == 'v')
return FORMAT_PVK;
else
return(FORMAT_PEM);
}
else if ((*s == 'N') || (*s == 'n'))
return(FORMAT_NETSCAPE);
else if ((*s == 'S') || (*s == 's'))
@@ -278,6 +273,13 @@ int str2fmt(char *s)
return(FORMAT_PKCS12);
else if ((*s == 'E') || (*s == 'e'))
return(FORMAT_ENGINE);
else if ((*s == 'P') || (*s == 'p'))
{
if (s[1] == 'V' || s[1] == 'v')
return FORMAT_PVK;
else
return(FORMAT_PEM);
}
else
return(FORMAT_UNDEF);
}
@@ -921,11 +923,13 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
&pkey, NULL, NULL))
goto end;
}
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PrivateKey_bio(key);
else if (format == FORMAT_PVK)
pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
&cb_data);
#endif
else
{
BIO_printf(err,"bad input format specified for key file\n");
@@ -989,6 +993,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
{
pkey=d2i_PUBKEY_bio(key, NULL);
}
#ifndef OPENSSL_NO_RSA
else if (format == FORMAT_ASN1RSA)
{
RSA *rsa;
@@ -1018,7 +1023,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
else
pkey = NULL;
}
#endif
else if (format == FORMAT_PEM)
{
pkey=PEM_read_bio_PUBKEY(key,NULL,
@@ -1028,8 +1033,10 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
pkey = load_netscape_key(err, key, file, key_descrip, format);
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PublicKey_bio(key);
#endif
else
{
BIO_printf(err,"bad input format specified for key file\n");
@@ -1088,76 +1095,120 @@ error:
}
#endif /* ndef OPENSSL_NO_RC4 */
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip)
static int load_certs_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *desc,
STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
{
BIO *certs;
int i;
STACK_OF(X509) *othercerts = NULL;
STACK_OF(X509_INFO) *allcerts = NULL;
BIO *bio;
STACK_OF(X509_INFO) *xis = NULL;
X509_INFO *xi;
PW_CB_DATA cb_data;
int rv = 0;
cb_data.password = pass;
cb_data.prompt_info = file;
if((certs = BIO_new(BIO_s_file())) == NULL)
if (format != FORMAT_PEM)
{
ERR_print_errors(err);
goto end;
BIO_printf(err,"bad input format specified for %s\n", desc);
return 0;
}
if (file == NULL)
BIO_set_fp(certs,stdin,BIO_NOCLOSE);
bio = BIO_new_fp(stdin,BIO_NOCLOSE);
else
bio = BIO_new_file(file, "r");
if (bio == NULL)
{
if (BIO_read_filename(certs,file) <= 0)
{
BIO_printf(err, "Error opening %s %s\n",
cert_descrip, file);
ERR_print_errors(err);
BIO_printf(err, "Error opening %s %s\n",
desc, file ? file : "stdin");
ERR_print_errors(err);
return 0;
}
xis = PEM_X509_INFO_read_bio(bio, NULL,
(pem_password_cb *)password_callback, &cb_data);
BIO_free(bio);
if (pcerts)
{
*pcerts = sk_X509_new_null();
if (!*pcerts)
goto end;
}
if (pcrls)
{
*pcrls = sk_X509_CRL_new_null();
if (!*pcrls)
goto end;
}
for(i = 0; i < sk_X509_INFO_num(xis); i++)
{
xi = sk_X509_INFO_value (xis, i);
if (xi->x509 && pcerts)
{
if (!sk_X509_push(*pcerts, xi->x509))
goto end;
xi->x509 = NULL;
}
if (xi->crl && pcrls)
{
if (!sk_X509_CRL_push(*pcrls, xi->crl))
goto end;
xi->crl = NULL;
}
}
if (format == FORMAT_PEM)
if (pcerts && sk_X509_num(*pcerts) > 0)
rv = 1;
if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
rv = 1;
end:
if (xis)
sk_X509_INFO_pop_free(xis, X509_INFO_free);
if (rv == 0)
{
othercerts = sk_X509_new_null();
if(!othercerts)
if (pcerts)
{
sk_X509_free(othercerts);
othercerts = NULL;
goto end;
sk_X509_pop_free(*pcerts, X509_free);
*pcerts = NULL;
}
allcerts = PEM_X509_INFO_read_bio(certs, NULL,
(pem_password_cb *)password_callback, &cb_data);
for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
if (pcrls)
{
xi = sk_X509_INFO_value (allcerts, i);
if (xi->x509)
{
sk_X509_push(othercerts, xi->x509);
xi->x509 = NULL;
}
sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
*pcrls = NULL;
}
goto end;
}
else {
BIO_printf(err,"bad input format specified for %s\n",
cert_descrip);
goto end;
}
end:
if (othercerts == NULL)
{
BIO_printf(err,"unable to load certificates\n");
BIO_printf(err,"unable to load %s\n",
pcerts ? "certificates" : "CRLs");
ERR_print_errors(err);
}
if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
if (certs != NULL) BIO_free(certs);
return(othercerts);
return rv;
}
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509) *certs;
load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
return certs;
}
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509_CRL) *crls;
load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
return crls;
}
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
/* Return error for unknown extensions */
@@ -1481,7 +1532,7 @@ char *make_config_name()
return p;
}
static unsigned long index_serial_hash(const CSTRING *a)
static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
{
const char *n;
@@ -1490,7 +1541,7 @@ static unsigned long index_serial_hash(const CSTRING *a)
return(lh_strhash(n));
}
static int index_serial_cmp(const CSTRING *a, const CSTRING *b)
static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
{
const char *aa,*bb;
@@ -1502,16 +1553,16 @@ static int index_serial_cmp(const CSTRING *a, const CSTRING *b)
static int index_name_qual(char **a)
{ return(a[0][0] == 'V'); }
static unsigned long index_name_hash(const CSTRING *a)
static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
{ return(lh_strhash(a[DB_name])); }
int index_name_cmp(const CSTRING *a, const CSTRING *b)
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
{ return(strcmp(a[DB_name], b[DB_name])); }
static IMPLEMENT_LHASH_HASH_FN(index_serial, CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_serial, CSTRING)
static IMPLEMENT_LHASH_HASH_FN(index_name, CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_name, CSTRING)
static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
#undef BSIZE
#define BSIZE 256
@@ -2185,7 +2236,7 @@ int args_verify(char ***pargs, int *pargc,
ASN1_OBJECT *otmp = NULL;
unsigned long flags = 0;
int i;
int purpose = 0;
int purpose = 0, depth = -1;
char **oldargs = *pargs;
char *arg = **pargs, *argn = (*pargs)[1];
if (!strcmp(arg, "-policy"))
@@ -2225,6 +2276,21 @@ int args_verify(char ***pargs, int *pargc,
}
(*pargs)++;
}
else if (strcmp(arg,"-verify_depth") == 0)
{
if (!argn)
*badarg = 1;
else
{
depth = atoi(argn);
if(depth < 0)
{
BIO_printf(err, "invalid depth\n");
*badarg = 1;
}
}
(*pargs)++;
}
else if (!strcmp(arg, "-ignore_critical"))
flags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (!strcmp(arg, "-issuer_checks"))
@@ -2249,6 +2315,8 @@ int args_verify(char ***pargs, int *pargc,
flags |= X509_V_FLAG_USE_DELTAS;
else if (!strcmp(arg, "-policy_print"))
flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig"))
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
else
return 0;
@@ -2274,6 +2342,9 @@ int args_verify(char ***pargs, int *pargc,
if (purpose)
X509_VERIFY_PARAM_set_purpose(*pm, purpose);
if (depth >= 0)
X509_VERIFY_PARAM_set_depth(*pm, depth);
end:
(*pargs)++;

View File

@@ -168,6 +168,12 @@ extern BIO *bio_err;
#define do_pipe_sig()
#endif
#ifdef OPENSSL_NO_COMP
#define zlib_cleanup()
#else
#define zlib_cleanup() COMP_zlib_cleanup()
#endif
#if defined(MONOLITH) && !defined(OPENSSL_C)
# define apps_startup() \
do_pipe_sig()
@@ -182,7 +188,7 @@ extern BIO *bio_err;
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
ERR_free_strings(); COMP_zlib_cleanup();} while(0)
ERR_free_strings(); zlib_cleanup();} while(0)
# else
# define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \
@@ -192,7 +198,7 @@ extern BIO *bio_err;
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
ERR_free_strings(); } while(0)
ERR_free_strings(); zlib_cleanup(); } while(0)
# endif
#endif
@@ -245,6 +251,8 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
#ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
@@ -253,6 +261,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug);
#ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
char *host, char *path, char *port, int use_ssl,
STACK_OF(CONF_VALUE) *headers,
int req_timeout);
#endif
@@ -295,9 +304,9 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
void free_index(CA_DB *db);
#define index_name_cmp_noconst(a, b) \
index_name_cmp((const CSTRING *)CHECKED_PTR_OF(STRING, a), \
(const CSTRING *)CHECKED_PTR_OF(STRING, b))
int index_name_cmp(const CSTRING *a, const CSTRING *b);
index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def);
X509_NAME *parse_name(char *str, long chtype, int multirdn);

View File

@@ -96,7 +96,7 @@ int MAIN(int argc, char **argv)
unsigned char *tmpbuf;
const unsigned char *ctmpbuf;
BUF_MEM *buf=NULL;
STACK_OF(STRING) *osk=NULL;
STACK_OF(OPENSSL_STRING) *osk=NULL;
ASN1_TYPE *at=NULL;
informat=FORMAT_PEM;
@@ -113,7 +113,7 @@ int MAIN(int argc, char **argv)
prog=argv[0];
argc--;
argv++;
if ((osk=sk_STRING_new_null()) == NULL)
if ((osk=sk_OPENSSL_STRING_new_null()) == NULL)
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto end;
@@ -169,7 +169,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-strparse") == 0)
{
if (--argc < 1) goto bad;
sk_STRING_push(osk,*(++argv));
sk_OPENSSL_STRING_push(osk,*(++argv));
}
else if (strcmp(*argv,"-genstr") == 0)
{
@@ -302,18 +302,18 @@ bad:
/* If any structs to parse go through in sequence */
if (sk_STRING_num(osk))
if (sk_OPENSSL_STRING_num(osk))
{
tmpbuf=(unsigned char *)str;
tmplen=num;
for (i=0; i<sk_STRING_num(osk); i++)
for (i=0; i<sk_OPENSSL_STRING_num(osk); i++)
{
ASN1_TYPE *atmp;
int typ;
j=atoi(sk_STRING_value(osk,i));
j=atoi(sk_OPENSSL_STRING_value(osk,i));
if (j == 0)
{
BIO_printf(bio_err,"'%s' is an invalid number\n",sk_STRING_value(osk,i));
BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i));
continue;
}
tmpbuf+=j;
@@ -378,7 +378,7 @@ end:
ERR_print_errors(bio_err);
if (buf != NULL) BUF_MEM_free(buf);
if (at != NULL) ASN1_TYPE_free(at);
if (osk != NULL) sk_STRING_free(osk);
if (osk != NULL) sk_OPENSSL_STRING_free(osk);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);

View File

@@ -215,7 +215,6 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
char *startdate, char *enddate, long days, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
@@ -883,9 +882,9 @@ bad:
if (db == NULL) goto err;
/* Lets check some fields */
for (i=0; i<sk_PSTRING_num(db->db->data); i++)
for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
pp=sk_PSTRING_value(db->db->data,i);
pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
if ((pp[DB_type][0] != DB_TYPE_REV) &&
(pp[DB_rev_date][0] != '\0'))
{
@@ -938,7 +937,7 @@ bad:
#endif
TXT_DB_write(out,db->db);
BIO_printf(bio_err,"%d entries loaded from the database\n",
sk_PSTRING_num(db->db->data));
sk_OPENSSL_PSTRING_num(db->db->data));
BIO_printf(bio_err,"generating index\n");
}
@@ -1263,7 +1262,12 @@ bad:
BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
(void)BIO_flush(bio_err);
buf[0][0]='\0';
fgets(buf[0],10,stdin);
if (!fgets(buf[0],10,stdin))
{
BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n");
ret=0;
goto err;
}
if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
{
BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
@@ -1403,14 +1407,19 @@ bad:
if (!tmptm) goto err;
X509_gmtime_adj(tmptm,0);
X509_CRL_set_lastUpdate(crl, tmptm);
X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, NULL);
if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec,
NULL))
{
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
goto err;
}
X509_CRL_set_nextUpdate(crl, tmptm);
ASN1_TIME_free(tmptm);
for (i=0; i<sk_PSTRING_num(db->db->data); i++)
for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
pp=sk_PSTRING_value(db->db->data,i);
pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
if (pp[DB_type][0] == DB_TYPE_REV)
{
if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1685,9 +1694,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
int ok= -1,i,j,last,nid;
const char *p;
CONF_VALUE *cv;
STRING row[DB_NUMBER];
STRING *irow=NULL;
STRING *rrow=NULL;
OPENSSL_STRING row[DB_NUMBER];
OPENSSL_STRING *irow=NULL;
OPENSSL_STRING *rrow=NULL;
char buf[25];
tmptm=ASN1_UTCTIME_new();
@@ -1929,7 +1938,7 @@ again2:
if (db->attributes.unique_subject)
{
STRING *crow=row;
OPENSSL_STRING *crow=row;
rrow=TXT_DB_get_by_index(db->db,DB_name,crow);
if (rrow != NULL)
@@ -2117,7 +2126,12 @@ again2:
BIO_printf(bio_err,"Sign the certificate? [y/n]:");
(void)BIO_flush(bio_err);
buf[0]='\0';
fgets(buf,sizeof(buf)-1,stdin);
if (!fgets(buf,sizeof(buf)-1,stdin))
{
BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
ok=0;
goto err;
}
if (!((buf[0] == 'y') || (buf[0] == 'Y')))
{
BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
@@ -2319,25 +2333,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
continue;
}
/*
if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
continue;
*/
j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
if (fix_data(nid, &j) == 0)
{
BIO_printf(bio_err,
"invalid characters in string %s\n",buf);
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
(unsigned char *)buf, -1, -1, 0))
goto err;
}
if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
(unsigned char *)buf,
strlen(buf))) == NULL)
goto err;
if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
}
if (spki == NULL)
{
@@ -2380,21 +2378,6 @@ err:
return(ok);
}
static int fix_data(int nid, int *type)
{
if (nid == NID_pkcs9_emailAddress)
*type=V_ASN1_IA5STRING;
if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
*type=V_ASN1_T61STRING;
if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
*type=V_ASN1_T61STRING;
if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
return(0);
if (nid == NID_pkcs9_unstructuredName)
*type=V_ASN1_IA5STRING;
return(1);
}
static int check_time_format(const char *str)
{
return ASN1_TIME_set_string(NULL, str);
@@ -2632,9 +2615,9 @@ static int do_updatedb (CA_DB *db)
else
a_y2k = 0;
for (i = 0; i < sk_PSTRING_num(db->db->data); i++)
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
rrow = sk_PSTRING_value(db->db->data, i);
rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (rrow[DB_type][0] == 'V')
{

View File

@@ -71,9 +71,9 @@
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int cms_cb(int ok, X509_STORE_CTX *ctx);
static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to,
static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
int rr_allorfirst,
STACK_OF(STRING) *rr_from);
STACK_OF(OPENSSL_STRING) *rr_from);
#define SMIME_OP 0x10
#define SMIME_IP 0x20
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL, *rctfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL;
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
char *certsoutfile = NULL;
const EVP_CIPHER *cipher = NULL;
@@ -122,7 +122,7 @@ int MAIN(int argc, char **argv)
int flags = CMS_DETACHED, noout = 0, print = 0;
int verify_retcode = 0;
int rr_print = 0, rr_allorfirst = -1;
STACK_OF(STRING) *rr_to = NULL, *rr_from = NULL;
STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
CMS_ReceiptRequest *rr = NULL;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL;
@@ -281,8 +281,8 @@ int MAIN(int argc, char **argv)
goto argerr;
args++;
if (!rr_from)
rr_from = sk_STRING_new_null();
sk_STRING_push(rr_from, *args);
rr_from = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(rr_from, *args);
}
else if (!strcmp(*args,"-receipt_request_to"))
{
@@ -290,8 +290,8 @@ int MAIN(int argc, char **argv)
goto argerr;
args++;
if (!rr_to)
rr_to = sk_STRING_new_null();
sk_STRING_push(rr_to, *args);
rr_to = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(rr_to, *args);
}
else if (!strcmp (*args, "-print"))
{
@@ -387,13 +387,13 @@ int MAIN(int argc, char **argv)
if (signerfile)
{
if (!sksigners)
sksigners = sk_STRING_new_null();
sk_STRING_push(sksigners, signerfile);
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!keyfile)
keyfile = signerfile;
if (!skkeys)
skkeys = sk_STRING_new_null();
sk_STRING_push(skkeys, keyfile);
skkeys = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(skkeys, keyfile);
keyfile = NULL;
}
signerfile = *++args;
@@ -435,12 +435,12 @@ int MAIN(int argc, char **argv)
goto argerr;
}
if (!sksigners)
sksigners = sk_STRING_new_null();
sk_STRING_push(sksigners, signerfile);
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
signerfile = NULL;
if (!skkeys)
skkeys = sk_STRING_new_null();
sk_STRING_push(skkeys, keyfile);
skkeys = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
keyfile = *++args;
}
@@ -539,13 +539,13 @@ int MAIN(int argc, char **argv)
if (signerfile)
{
if (!sksigners)
sksigners = sk_STRING_new_null();
sk_STRING_push(sksigners, signerfile);
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!skkeys)
skkeys = sk_STRING_new_null();
skkeys = sk_OPENSSL_STRING_new_null();
if (!keyfile)
keyfile = signerfile;
sk_STRING_push(skkeys, keyfile);
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
if (!sksigners)
{
@@ -704,7 +704,7 @@ int MAIN(int argc, char **argv)
if (secret_key && !secret_keyid)
{
BIO_printf(bio_err, "No sectre key id\n");
BIO_printf(bio_err, "No secret key id\n");
goto end;
}
@@ -880,7 +880,7 @@ int MAIN(int argc, char **argv)
{
if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb_func(store, cms_cb);
X509_STORE_set_verify_cb(store, cms_cb);
if (vpm)
X509_STORE_set1_param(store, vpm);
}
@@ -980,11 +980,11 @@ int MAIN(int argc, char **argv)
}
else
flags |= CMS_REUSE_DIGEST;
for (i = 0; i < sk_STRING_num(sksigners); i++)
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
{
CMS_SignerInfo *si;
signerfile = sk_STRING_value(sksigners, i);
keyfile = sk_STRING_value(skkeys, i);
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
@@ -1160,9 +1160,9 @@ end:
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (sksigners)
sk_STRING_free(sksigners);
sk_OPENSSL_STRING_free(sksigners);
if (skkeys)
sk_STRING_free(skkeys);
sk_OPENSSL_STRING_free(skkeys);
if (secret_key)
OPENSSL_free(secret_key);
if (secret_keyid)
@@ -1172,9 +1172,9 @@ end:
if (rr)
CMS_ReceiptRequest_free(rr);
if (rr_to)
sk_STRING_free(rr_to);
sk_OPENSSL_STRING_free(rr_to);
if (rr_from)
sk_STRING_free(rr_from);
sk_OPENSSL_STRING_free(rr_from);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
@@ -1296,7 +1296,7 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
}
}
static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(STRING) *ns)
static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
{
int i;
STACK_OF(GENERAL_NAMES) *ret;
@@ -1305,9 +1305,9 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(STRING) *ns)
ret = sk_GENERAL_NAMES_new_null();
if (!ret)
goto err;
for (i = 0; i < sk_STRING_num(ns); i++)
for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++)
{
char *str = sk_STRING_value(ns, i);
char *str = sk_OPENSSL_STRING_value(ns, i);
gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
if (!gen)
goto err;
@@ -1335,9 +1335,9 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(STRING) *ns)
}
static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to,
static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
int rr_allorfirst,
STACK_OF(STRING) *rr_from)
STACK_OF(OPENSSL_STRING) *rr_from)
{
STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
CMS_ReceiptRequest *rr;

View File

@@ -92,7 +92,7 @@ int MAIN(int argc, char **argv)
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
X509_CRL *crl=NULL;
STACK_OF(STRING) *certflst=NULL;
STACK_OF(OPENSSL_STRING) *certflst=NULL;
STACK_OF(X509_CRL) *crl_stack=NULL;
STACK_OF(X509) *cert_stack=NULL;
int ret=1,nocrl=0;
@@ -140,8 +140,8 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-certfile") == 0)
{
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_STRING_new_null();
sk_STRING_push(certflst,*(++argv));
if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(certflst,*(++argv));
}
else
{
@@ -226,8 +226,8 @@ bad:
if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
p7s->cert=cert_stack;
if(certflst) for(i = 0; i < sk_STRING_num(certflst); i++) {
certfile = sk_STRING_value(certflst, i);
if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack,certfile) < 0)
{
BIO_printf(bio_err, "error loading certificates\n");
@@ -236,7 +236,7 @@ bad:
}
}
sk_STRING_free(certflst);
sk_OPENSSL_STRING_free(certflst);
if (outfile == NULL)
{

View File

@@ -79,6 +79,26 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
const char *sig_name, const char *md_name,
const char *file,BIO *bmd);
static void list_md_fn(const EVP_MD *m,
const char *from, const char *to, void *arg)
{
const char *mname;
/* Skip aliases */
if (!m)
return;
mname = OBJ_nid2ln(EVP_MD_type(m));
/* Skip shortnames */
if (strcmp(from, mname))
return;
/* Skip clones */
if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
return;
if (strchr(mname, ' '))
mname= EVP_MD_name(m);
BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
mname, mname);
}
int MAIN(int, char **);
int MAIN(int argc, char **argv)
@@ -107,7 +127,7 @@ int MAIN(int argc, char **argv)
#endif
char *hmac_key=NULL;
char *mac_name=NULL;
STACK_OF(STRING) *sigopts = NULL, *macopts = NULL;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
apps_startup();
@@ -135,6 +155,8 @@ int MAIN(int argc, char **argv)
if ((*argv)[0] != '-') break;
if (strcmp(*argv,"-c") == 0)
separator=1;
if (strcmp(*argv,"-r") == 0)
separator=2;
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) break;
@@ -210,8 +232,8 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
break;
if (!sigopts)
sigopts = sk_STRING_new_null();
if (!sigopts || !sk_STRING_push(sigopts, *(++argv)))
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
break;
}
else if (strcmp(*argv,"-macopt") == 0)
@@ -219,8 +241,8 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
break;
if (!macopts)
macopts = sk_STRING_new_null();
if (!macopts || !sk_STRING_push(macopts, *(++argv)))
macopts = sk_OPENSSL_STRING_new_null();
if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
break;
}
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
@@ -242,6 +264,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"-c to output the digest with separating colons\n");
BIO_printf(bio_err,"-r to output the digest in coreutils format\n");
BIO_printf(bio_err,"-d to output debug info\n");
BIO_printf(bio_err,"-hex output as hex dump\n");
BIO_printf(bio_err,"-binary output in binary form\n");
@@ -249,43 +272,17 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err,"-out filename output to filename rather than stdout\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-sigopt nm:v signature parameter\n");
BIO_printf(bio_err,"-hmac key create hashed MAC with key\n");
BIO_printf(bio_err,"-mac algorithm create MAC (not neccessarily HMAC)\n");
BIO_printf(bio_err,"-macopt nm:v MAC algorithm parameters or key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_md4,LN_md4);
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_md2,LN_md2);
#ifndef OPENSSL_NO_SHA
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_sha1,LN_sha1);
#ifndef OPENSSL_NO_SHA256
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_sha224,LN_sha224);
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_sha256,LN_sha256);
#endif
#ifndef OPENSSL_NO_SHA512
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_sha384,LN_sha384);
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_sha512,LN_sha512);
#endif
#endif
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_mdc2,LN_mdc2);
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_ripemd160,LN_ripemd160);
#ifndef OPENSSL_NO_WHIRLPOOL
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
SN_whirlpool,SN_whirlpool);
#endif
EVP_MD_do_all_sorted(list_md_fn, bio_err);
goto end;
}
@@ -371,9 +368,9 @@ int MAIN(int argc, char **argv)
if (macopts)
{
char *macopt;
for (i = 0; i < sk_STRING_num(macopts); i++)
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
{
macopt = sk_STRING_value(macopts, i);
macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
{
BIO_printf(bio_err,
@@ -430,9 +427,9 @@ int MAIN(int argc, char **argv)
if (sigopts)
{
char *sigopt;
for (i = 0; i < sk_STRING_num(sigopts); i++)
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
{
sigopt = sk_STRING_value(sigopts, i);
sigopt = sk_OPENSSL_STRING_value(sigopts, i);
if (pkey_ctrl_string(pctx, sigopt) <= 0)
{
BIO_printf(bio_err,
@@ -537,9 +534,9 @@ end:
BIO_free_all(out);
EVP_PKEY_free(sigkey);
if (sigopts)
sk_STRING_free(sigopts);
sk_OPENSSL_STRING_free(sigopts);
if (macopts)
sk_STRING_free(macopts);
sk_OPENSSL_STRING_free(macopts);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
apps_shutdown();
@@ -600,7 +597,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
else
{
len=BIO_gets(bp,(char *)buf,BUFSIZE);
if (len <0)
if ((int)len <0)
{
ERR_print_errors(bio_err);
return 1;
@@ -608,6 +605,12 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
}
if(binout) BIO_write(out, buf, len);
else if (sep == 2)
{
for (i=0; i<(int)len; i++)
BIO_printf(out, "%02x",buf[i]);
BIO_printf(out, " *%s\n", file);
}
else
{
if (sig_name)

View File

@@ -349,4 +349,10 @@ end:
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@@ -554,4 +554,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
return 1;
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@@ -334,6 +334,7 @@ bad:
i=PEM_write_bio_DSA_PUBKEY(out,dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
NULL,0,NULL, passout);
#ifndef OPENSSL_NO_RSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
@@ -345,11 +346,12 @@ bad:
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
#endif
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
if (i <= 0)
{
BIO_printf(bio_err,"unable to write private key\n");
ERR_print_errors(bio_err);
@@ -365,4 +367,10 @@ end:
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_DSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@@ -475,4 +475,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
#endif
return 1;
}
#else /* !OPENSSL_NO_DSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@@ -400,4 +400,10 @@ end:
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_EC */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@@ -725,4 +725,10 @@ static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
BIO_printf(out, "\n\t};\n\n");
return 1;
}
#else /* !OPENSSL_NO_EC */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@@ -243,7 +243,12 @@ int MAIN(int argc, char **argv)
goto bad;
}
buf[0]='\0';
fgets(buf,sizeof buf,infile);
if (!fgets(buf,sizeof buf,infile))
{
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad;
}
fclose(infile);
i=strlen(buf);
if ((i > 0) &&

View File

@@ -200,7 +200,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
char *desc = NULL;
int flags;
int xpos = 0;
STACK_OF(STRING) *cmds = NULL;
STACK_OF(OPENSSL_STRING) *cmds = NULL;
if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
0, NULL, NULL)) <= 0))
@@ -211,7 +211,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
return 1;
}
cmds = sk_STRING_new_null();
cmds = sk_OPENSSL_STRING_new_null();
if(!cmds)
goto err;
@@ -284,16 +284,16 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
BIO_printf(bio_out, "\n");
ret = 1;
err:
if(cmds) sk_STRING_pop_free(cmds, identity);
if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
if(name) OPENSSL_free(name);
if(desc) OPENSSL_free(desc);
return ret;
}
static void util_do_cmds(ENGINE *e, STACK_OF(STRING) *cmds, BIO *bio_out,
const char *indent)
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
BIO *bio_out, const char *indent)
{
int loop, res, num = sk_STRING_num(cmds);
int loop, res, num = sk_OPENSSL_STRING_num(cmds);
if(num < 0)
{
@@ -304,7 +304,7 @@ static void util_do_cmds(ENGINE *e, STACK_OF(STRING) *cmds, BIO *bio_out,
{
char buf[256];
const char *cmd, *arg;
cmd = sk_STRING_value(cmds, loop);
cmd = sk_OPENSSL_STRING_value(cmds, loop);
res = 1; /* assume success */
/* Check if this command has no ":arg" */
if((arg = strstr(cmd, ":")) == NULL)
@@ -344,9 +344,9 @@ int MAIN(int argc, char **argv)
const char **pp;
int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
ENGINE *e;
STACK_OF(STRING) *engines = sk_STRING_new_null();
STACK_OF(STRING) *pre_cmds = sk_STRING_new_null();
STACK_OF(STRING) *post_cmds = sk_STRING_new_null();
STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
int badops=1;
BIO *bio_out=NULL;
const char *indent = " ";
@@ -393,20 +393,20 @@ int MAIN(int argc, char **argv)
argc--; argv++;
if (argc == 0)
goto skip_arg_loop;
sk_STRING_push(pre_cmds,*argv);
sk_OPENSSL_STRING_push(pre_cmds,*argv);
}
else if (strcmp(*argv,"-post") == 0)
{
argc--; argv++;
if (argc == 0)
goto skip_arg_loop;
sk_STRING_push(post_cmds,*argv);
sk_OPENSSL_STRING_push(post_cmds,*argv);
}
else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0))
goto skip_arg_loop;
else
sk_STRING_push(engines,*argv);
sk_OPENSSL_STRING_push(engines,*argv);
argc--;
argv++;
}
@@ -421,17 +421,17 @@ skip_arg_loop:
goto end;
}
if (sk_STRING_num(engines) == 0)
if (sk_OPENSSL_STRING_num(engines) == 0)
{
for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
{
sk_STRING_push(engines,(char *)ENGINE_get_id(e));
sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e));
}
}
for (i=0; i<sk_STRING_num(engines); i++)
for (i=0; i<sk_OPENSSL_STRING_num(engines); i++)
{
const char *id = sk_STRING_value(engines,i);
const char *id = sk_OPENSSL_STRING_value(engines,i);
if ((e = ENGINE_by_id(id)) != NULL)
{
const char *name = ENGINE_get_name(e);
@@ -533,9 +533,9 @@ skip_pmeths:
end:
ERR_print_errors(bio_err);
sk_STRING_pop_free(engines, identity);
sk_STRING_pop_free(pre_cmds, identity);
sk_STRING_pop_free(post_cmds, identity);
sk_OPENSSL_STRING_pop_free(engines, identity);
sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
sk_OPENSSL_STRING_pop_free(post_cmds, identity);
if (bio_out != NULL) BIO_free_all(bio_out);
apps_shutdown();
OPENSSL_EXIT(ret);

View File

@@ -235,4 +235,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
#endif
return 1;
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@@ -279,4 +279,10 @@ end:
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_DSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@@ -105,9 +105,9 @@ int MAIN(int argc, char **argv)
char *inrand=NULL;
BIO *out=NULL;
BIGNUM *bn = BN_new();
RSA *rsa = RSA_new();
RSA *rsa = NULL;
if(!bn || !rsa) goto err;
if(!bn) goto err;
apps_startup();
BN_GENCB_set(&cb, genrsa_cb, bio_err);
@@ -266,6 +266,10 @@ bad:
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num);
rsa = RSA_new();
if (!rsa)
goto err;
if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;

View File

@@ -5,13 +5,23 @@ $! Time of creation: 22-MAY-1998 10:13
$!
$! P1 root of the directory tree
$!
$
$ IF P1 .EQS. ""
$ THEN
$ WRITE SYS$OUTPUT "First argument missing."
$ WRITE SYS$OUTPUT "Should be the directory where you want things installed."
$ WRITE SYS$OUTPUT -
"Should be the directory where you want things installed."
$ EXIT
$ ENDIF
$
$ IF (F$GETSYI("CPU").LT.128)
$ THEN
$ ARCH := VAX
$ ELSE
$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
$ ENDIF
$
$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
@@ -19,23 +29,16 @@ $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
$ ROOT = ROOT_DEV + "[" + ROOT_DIR
$
$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
$ DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
$ DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
$ DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
$ DEFINE/NOLOG WRK_SSLEXE WRK_SSLROOT:['ARCH'_EXE]
$
$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLROOT:[000000]
$ IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLVEXE:
$ IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLAEXE:
$ IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLLIB:
$ IF F$PARSE("WRK_SSLEXE:") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLEXE:
$
$ EXE := openssl
$
$ VEXE_DIR := [-.VAX.EXE.APPS]
$ AEXE_DIR := [-.AXP.EXE.APPS]
$ EXE_DIR := [-.'ARCH'.EXE.APPS]
$
$ I = 0
$ LOOP_EXE:
@@ -43,25 +46,18 @@ $ E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
$ I = I + 1
$ IF E .EQS. "," THEN GOTO LOOP_EXE_END
$ SET NOON
$ IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
$ IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
$ THEN
$ COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
$ SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
$ ENDIF
$ IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
$ THEN
$ COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
$ SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
$ COPY 'EXE_DIR''E'.EXE WRK_SSLEXE:'E'.EXE/log
$ SET FILE/PROT=W:RE WRK_SSLEXE:'E'.EXE
$ ENDIF
$ SET ON
$ GOTO LOOP_EXE
$ LOOP_EXE_END:
$
$ SET NOON
$ COPY CA.COM WRK_SSLAEXE:CA.COM/LOG
$ SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM
$ COPY CA.COM WRK_SSLVEXE:CA.COM/LOG
$ SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
$ COPY CA.COM WRK_SSLEXE:CA.COM/LOG
$ SET FILE/PROT=W:RE WRK_SSLEXE:CA.COM
$ COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
$ SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
$ SET ON

View File

@@ -6,11 +6,12 @@ $! A-Com Computing, Inc.
$! byer@mail.all-net.net
$!
$! Changes by Richard Levitte <richard@levitte.org>
$! Zoltan Arpadffy <zoli@polarhome.com>
$!
$! This command files compiles and creates all the various different
$! "application" programs for the different types of encryption for OpenSSL.
$! The EXE's are placed in the directory [.xxx.EXE.APPS] where "xxx" denotes
$! either AXP or VAX depending on your machine architecture.
$! ALPHA, IA64 or VAX, depending on your machine architecture.
$!
$! It was written so it would try to determine what "C" compiler to
$! use or you can specify which "C" compiler to use.
@@ -46,20 +47,21 @@ $ TCPIP_LIB = ""
$!
$! Check What Architecture We Are Using.
$!
$ IF (F$GETSYI("CPU").GE.128)
$ IF (F$GETSYI("CPU").LT.128)
$ THEN
$!
$! The Architecture Is AXP.
$! The Architecture Is VAX.
$!
$ ARCH := AXP
$ ARCH := VAX
$!
$! Else...
$!
$ ELSE
$!
$! The Architecture Is VAX.
$! The Architecture Is Alpha, IA64 or whatever comes in the future.
$!
$ ARCH := VAX
$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
$!
$! End The Architecture Check.
$!
@@ -69,18 +71,6 @@ $! Define what programs should be compiled
$!
$ PROGRAMS := OPENSSL
$!
$! Check To Make Sure We Have Valid Command Line Parameters.
$!
$ GOSUB CHECK_OPTIONS
$!
$! Initialise logical names and such
$!
$ GOSUB INITIALISE
$!
$! Tell The User What Kind of Machine We Run On.
$!
$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
$!
$! Define The CRYPTO Library.
$!
$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
@@ -93,6 +83,22 @@ $! Define The OBJ Directory.
$!
$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.APPS]
$!
$! Define The EXE Directory.
$!
$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
$!
$! Check To Make Sure We Have Valid Command Line Parameters.
$!
$ GOSUB CHECK_OPTIONS
$!
$! Initialise logical names and such
$!
$ GOSUB INITIALISE
$!
$! Tell The User What Kind of Machine We Run On.
$!
$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
$!
$! Check To See If The OBJ Directory Exists.
$!
$ IF (F$PARSE(OBJ_DIR).EQS."")
@@ -106,10 +112,6 @@ $! End The OBJ Directory Check.
$!
$ ENDIF
$!
$! Define The EXE Directory.
$!
$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
$!
$! Check To See If The EXE Directory Exists.
$!
$ IF (F$PARSE(EXE_DIR).EQS."")
@@ -132,6 +134,9 @@ $!
$ GOSUB CHECK_OPT_FILE
$!
$! Define The Application Files.
$! NOTE: Some might think this list ugly. However, it's made this way to
$! reflect the E_OBJ variable in Makefile as closely as possible, thereby
$! making it fairly easy to verify that the lists are the same.
$!
$ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
"CA,PKCS7,CRL2P7,CRL,"+-
@@ -146,7 +151,7 @@ $ IF COMPILER .EQS. "VAXC" THEN -
$!
$! Setup exceptional compilations
$!
$ COMPILEWITH_CC2 = ",S_SERVER,S_CLIENT,"
$ COMPILEWITH_CC2 = ",S_SOCKET,S_SERVER,S_CLIENT,"
$!
$ PHASE := LIB
$!
@@ -164,6 +169,10 @@ $! Make The Application File Name
$!
$ CURRENT_APP = F$EDIT(F$ELEMENT(APP_COUNTER,",",PROGRAMS),"TRIM")
$!
$! Create The Executable File Name.
$!
$ EXE_FILE = EXE_DIR + CURRENT_APP + ".EXE"
$!
$! Check To See If We Are At The End Of The File List.
$!
$ IF (CURRENT_APP.EQS.",")
@@ -227,10 +236,6 @@ $!
$! Create The Object File Name.
$!
$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
$!
$! Create The Executable File Name.
$!
$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
$ ON WARNING THEN GOTO NEXT_LIB
$!
$! Check To See If The File We Want To Compile Actually Exists.
@@ -420,19 +425,19 @@ $! Else...
$!
$ ELSE
$!
$! Create The AXP Linker Option File.
$! Create The non-VAX Linker Option File.
$!
$ CREATE 'OPT_FILE'
$DECK
!
! Default System Options File For AXP To Link Agianst
! Default System Options File For non-VAX To Link Agianst
! The Sharable C Runtime Library.
!
SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
SYS$SHARE:CMA$OPEN_RTL/SHARE
$EOD
$!
$! End The VAX/AXP DEC C Option File Check.
$! End The DEC C Option File Check.
$!
$ ENDIF
$!
@@ -581,7 +586,7 @@ $ ELSE
$!
$! Check To See If We Have VAXC Or DECC.
$!
$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
$ THEN
$!
$! Looks Like DECC, Set To Use DECC.
@@ -691,7 +696,7 @@ $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
$!
$! Define The Linker Options File Name.
$!
$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
$!
$! End DECC Check.
$!
@@ -712,9 +717,9 @@ $!
$! Compile Using VAXC.
$!
$ CC = "CC"
$ IF ARCH.EQS."AXP"
$ IF ARCH.NES."VAX"
$ THEN
$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
$ EXIT
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
@@ -728,7 +733,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
$!
$! Define The Linker Options File Name.
$!
$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
$!
$! End VAXC Check
$!
@@ -755,7 +760,7 @@ $ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
$!
$! Define The Linker Options File Name.
$!
$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
$!
$! End The GNU C Check.
$!

View File

@@ -62,6 +62,8 @@
on OpenVMS */
#endif
#define USE_SOCKETS
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -73,6 +75,7 @@
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/x509v3.h>
#if defined(NETWARE_CLIB)
# ifdef NETWARE_BSDSOCK
@@ -97,7 +100,7 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_m
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer,
STACK_OF(OCSP_CERTID) *ids);
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
STACK_OF(STRING) *names,
STACK_OF(OPENSSL_STRING) *names,
STACK_OF(OCSP_CERTID) *ids, long nsec,
long maxage);
@@ -111,6 +114,7 @@ static BIO *init_responder(char *port);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout);
#undef PROG
@@ -129,6 +133,7 @@ int MAIN(int argc, char **argv)
char *rsignfile = NULL, *rkeyfile = NULL;
char *outfile = NULL;
int add_nonce = 1, noverify = 0, use_ssl = -1;
STACK_OF(CONF_VALUE) *headers = NULL;
OCSP_REQUEST *req = NULL;
OCSP_RESPONSE *resp = NULL;
OCSP_BASICRESP *bs = NULL;
@@ -151,7 +156,7 @@ int MAIN(int argc, char **argv)
int badarg = 0;
int i;
int ignore_err = 0;
STACK_OF(STRING) *reqnames = NULL;
STACK_OF(OPENSSL_STRING) *reqnames = NULL;
STACK_OF(OCSP_CERTID) *ids = NULL;
X509 *rca_cert = NULL;
@@ -168,7 +173,7 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
args = argv + 1;
reqnames = sk_STRING_new_null();
reqnames = sk_OPENSSL_STRING_new_null();
ids = sk_OCSP_CERTID_new_null();
while (!badarg && *args && *args[0] == '-')
{
@@ -228,6 +233,16 @@ int MAIN(int argc, char **argv)
}
else badarg = 1;
}
else if (!strcmp(*args, "-header"))
{
if (args[1] && args[2])
{
if (!X509V3_add_value(args[1], args[2], &headers))
goto end;
args += 2;
}
else badarg = 1;
}
else if (!strcmp(*args, "-ignore_err"))
ignore_err = 1;
else if (!strcmp(*args, "-noverify"))
@@ -430,7 +445,7 @@ int MAIN(int argc, char **argv)
if (!cert_id_md) cert_id_md = EVP_sha1();
if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
goto end;
if(!sk_STRING_push(reqnames, *args))
if(!sk_OPENSSL_STRING_push(reqnames, *args))
goto end;
}
else badarg = 1;
@@ -443,7 +458,7 @@ int MAIN(int argc, char **argv)
if (!cert_id_md) cert_id_md = EVP_sha1();
if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
goto end;
if(!sk_STRING_push(reqnames, *args))
if(!sk_OPENSSL_STRING_push(reqnames, *args))
goto end;
}
else badarg = 1;
@@ -754,7 +769,7 @@ int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_SOCK
resp = process_responder(bio_err, req, host, path,
port, use_ssl, req_timeout);
port, use_ssl, headers, req_timeout);
if (!resp)
goto end;
#else
@@ -899,10 +914,11 @@ end:
OCSP_REQUEST_free(req);
OCSP_RESPONSE_free(resp);
OCSP_BASICRESP_free(bs);
sk_STRING_free(reqnames);
sk_OPENSSL_STRING_free(reqnames);
sk_OCSP_CERTID_free(ids);
sk_X509_pop_free(sign_other, X509_free);
sk_X509_pop_free(verify_other, X509_free);
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
if (use_ssl != -1)
{
@@ -969,7 +985,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_i
}
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
STACK_OF(STRING) *names,
STACK_OF(OPENSSL_STRING) *names,
STACK_OF(OCSP_CERTID) *ids, long nsec,
long maxage)
{
@@ -981,13 +997,13 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
if (!bs || !req || !sk_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
return 1;
for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
{
id = sk_OCSP_CERTID_value(ids, i);
name = sk_STRING_value(names, i);
name = sk_OPENSSL_STRING_value(names, i);
BIO_printf(out, "%s: ", name);
if(!OCSP_resp_find_status(bs, id, &status, &reason,
@@ -1258,10 +1274,12 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
}
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout)
{
int fd;
int rv;
int i;
OCSP_REQ_CTX *ctx = NULL;
OCSP_RESPONSE *rsp = NULL;
fd_set confds;
@@ -1278,16 +1296,13 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
return NULL;
}
if (req_timeout == -1)
return OCSP_sendreq_bio(cbio, path, req);
if (BIO_get_fd(cbio, &fd) <= 0)
{
BIO_puts(err, "Can't get connection fd\n");
goto err;
}
if (rv <= 0)
if (req_timeout != -1 && rv <= 0)
{
FD_ZERO(&confds);
openssl_fdset(fd, &confds);
@@ -1302,15 +1317,27 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
}
ctx = OCSP_sendreq_new(cbio, path, req, -1);
ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
if (!ctx)
return NULL;
for (i = 0; i < sk_CONF_VALUE_num(headers); i++)
{
CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
goto err;
}
if (!OCSP_REQ_CTX_set1_req(ctx, req))
goto err;
for (;;)
{
rv = OCSP_sendreq_nbio(&rsp, ctx);
if (rv != -1)
break;
if (req_timeout == -1)
continue;
FD_ZERO(&confds);
openssl_fdset(fd, &confds);
tv.tv_usec = 0;
@@ -1334,7 +1361,7 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
BIO_puts(err, "Select error\n");
break;
}
}
err:
if (ctx)
@@ -1345,6 +1372,7 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
char *host, char *path, char *port, int use_ssl,
STACK_OF(CONF_VALUE) *headers,
int req_timeout)
{
BIO *cbio = NULL;
@@ -1379,14 +1407,14 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio);
}
resp = query_responder(err, cbio, path, req, req_timeout);
resp = query_responder(err, cbio, path, headers, req, req_timeout);
if (!resp)
BIO_printf(bio_err, "Error querying OCSP responsder\n");
end:
if (ctx)
SSL_CTX_free(ctx);
if (cbio)
BIO_free_all(cbio);
if (ctx)
SSL_CTX_free(ctx);
return resp;
}

View File

@@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
@@ -264,7 +264,7 @@ basicConstraints = CA:true
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
@@ -297,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.

View File

@@ -330,7 +330,8 @@ int main(int Argc, char *Argv[])
else prompt="OpenSSL> ";
fputs(prompt,stdout);
fflush(stdout);
fgets(p,n,stdin);
if (!fgets(p,n,stdin))
goto end;
if (p[0] == '\0') goto end;
i=strlen(p);
if (i <= 1) break;

View File

@@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
@@ -264,7 +264,7 @@ basicConstraints = CA:true
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
@@ -297,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.

View File

@@ -117,7 +117,7 @@ int MAIN(int argc, char **argv)
int ret = 1;
int macver = 1;
int noprompt = 0;
STACK_OF(STRING) *canames = NULL;
STACK_OF(OPENSSL_STRING) *canames = NULL;
char *cpass = NULL, *mpass = NULL;
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
@@ -222,8 +222,8 @@ int MAIN(int argc, char **argv)
} else if (!strcmp (*args, "-caname")) {
if (args[1]) {
args++;
if (!canames) canames = sk_STRING_new_null();
sk_STRING_push(canames, *args);
if (!canames) canames = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(canames, *args);
} else badarg = 1;
} else if (!strcmp (*args, "-in")) {
if (args[1]) {
@@ -549,9 +549,9 @@ int MAIN(int argc, char **argv)
/* Add any CA names */
for (i = 0; i < sk_STRING_num(canames); i++)
for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++)
{
catmp = (unsigned char *)sk_STRING_value(canames, i);
catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
@@ -687,7 +687,7 @@ int MAIN(int argc, char **argv)
#endif
BIO_free(in);
BIO_free_all(out);
if (canames) sk_STRING_free(canames);
if (canames) sk_OPENSSL_STRING_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
apps_shutdown();
@@ -923,7 +923,7 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
av = sk_ASN1_TYPE_value(attr->value.set, 0);
switch(av->type) {
case V_ASN1_BMPSTRING:
value = uni2asc(av->value.bmpstring->data,
value = OPENSSL_uni2asc(av->value.bmpstring->data,
av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
OPENSSL_free(value);

View File

@@ -275,7 +275,6 @@ int MAIN(int argc, char **argv)
}
if (topk8)
{
BIO_free(in); /* Not needed in this section */
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "key");
if (!pkey)

View File

@@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
pkey = PEM_read_bio_Parameters(in, NULL);
if (!pkey)
{
BIO_printf(bio_err, "Error reading paramters\n");
BIO_printf(bio_err, "Error reading parameters\n");
ERR_print_errors(bio_err);
goto end;
}

View File

@@ -390,7 +390,7 @@ static void usage()
BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-signature file signature file (verify operation only)\n");
BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n");
BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-pubin input is a public key\n");

View File

@@ -142,7 +142,9 @@ FUNCTION functions[] = {
#ifndef OPENSSL_NO_ENGINE
{FUNC_TYPE_GENERAL,"engine",engine_main},
#endif
#ifndef OPENSSL_NO_OCSP
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
#endif
{FUNC_TYPE_GENERAL,"prime",prime_main},
{FUNC_TYPE_GENERAL,"ts",ts_main},
#ifndef OPENSSL_NO_MD2

View File

@@ -22,6 +22,7 @@ typedef struct {
const char *name;
int (*func)(int argc,char *argv[]);
} FUNCTION;
DECLARE_LHASH_OF(FUNCTION);
FUNCTION functions[] = {
EOF
@@ -48,6 +49,8 @@ foreach (@ARGV)
{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
elsif ( ($_ =~ /^cms$/))
{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
elsif ( ($_ =~ /^ocsp$/))
{ print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; }
else
{ print $str; }
}

View File

@@ -165,7 +165,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX *genctx = NULL;
const char *keyalg = NULL;
char *keyalgstr = NULL;
STACK_OF(STRING) *pkeyopts = NULL;
STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
EVP_PKEY *pkey=NULL;
int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
long newkey = -1;
@@ -306,8 +306,8 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
if (!pkeyopts)
pkeyopts = sk_STRING_new_null();
if (!pkeyopts || !sk_STRING_push(pkeyopts, *(++argv)))
pkeyopts = sk_OPENSSL_STRING_new_null();
if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
goto bad;
}
else if (strcmp(*argv,"-batch") == 0)
@@ -365,11 +365,6 @@ int MAIN(int argc, char **argv)
serial = s2i_ASN1_INTEGER(NULL, *(++argv));
if (!serial) goto bad;
}
else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
{
/* ok */
digest=md_alg;
}
else if (strcmp(*argv,"-extensions") == 0)
{
if (--argc < 1) goto bad;
@@ -380,6 +375,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
req_exts = *(++argv);
}
else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
{
/* ok */
digest=md_alg;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -667,9 +667,9 @@ bad:
if (pkeyopts)
{
char *genopt;
for (i = 0; i < sk_STRING_num(pkeyopts); i++)
for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++)
{
genopt = sk_STRING_value(pkeyopts, i);
genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(genctx, genopt) <= 0)
{
BIO_printf(bio_err,
@@ -1083,7 +1083,7 @@ end:
if (genctx)
EVP_PKEY_CTX_free(genctx);
if (pkeyopts)
sk_STRING_free(pkeyopts);
sk_OPENSSL_STRING_free(pkeyopts);
#ifndef OPENSSL_NO_ENGINE
if (gen_eng)
ENGINE_free(gen_eng);
@@ -1441,7 +1441,8 @@ start:
buf[0]='\0';
if (!batch)
{
fgets(buf,sizeof buf,stdin);
if (!fgets(buf,sizeof buf,stdin))
return 0;
}
else
{
@@ -1499,7 +1500,8 @@ start:
buf[0]='\0';
if (!batch)
{
fgets(buf,sizeof buf,stdin);
if (!fgets(buf,sizeof buf,stdin))
return 0;
}
else
{
@@ -1715,7 +1717,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
ERR_print_errors(err);
return NULL;
}
#ifndef OPENSSL_NO_RSA
if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1))
{
if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0)
@@ -1726,6 +1728,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
return NULL;
}
}
#endif
return gctx;
}

View File

@@ -409,6 +409,7 @@ bad:
}
else i=PEM_write_bio_RSAPrivateKey(out,rsa,
enc,NULL,0,NULL,passout);
#ifndef OPENSSL_NO_DSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
@@ -420,11 +421,12 @@ bad:
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
#endif
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
if (i <= 0)
{
BIO_printf(bio_err,"unable to write key\n");
ERR_print_errors(bio_err);

View File

@@ -342,4 +342,10 @@ static void usage()
}
#else /* !OPENSSL_NO_RSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@@ -171,3 +171,6 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
unsigned char *data, int len,
void *arg);
#endif
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);

View File

@@ -117,17 +117,21 @@
#undef NON_MAIN
#undef USE_SOCKETS
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include "s_apps.h"
#define COOKIE_SECRET_LENGTH 16
int verify_depth=0;
int verify_error=X509_V_OK;
int verify_return_error=0;
unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
int cookie_initialized=0;
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
X509 *err_cert;
int err,depth;
@@ -135,8 +139,15 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
BIO_printf(bio_err,"depth=%d ",depth);
if (err_cert)
{
X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
}
else
BIO_puts(bio_err, "<no cert>\n");
if (!ok)
{
BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
@@ -153,25 +164,33 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
switch (ctx->error)
switch (err)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
BIO_printf(bio_err,"issuer= %s\n",buf);
BIO_puts(bio_err,"issuer= ");
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err,"notBefore=");
ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err,"notAfter=");
ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(bio_err, ctx);
break;
}
if (err == X509_V_OK && ok == 2)
policies_print(bio_err, ctx);
BIO_printf(bio_err,"verify return:%d\n",ok);
return(ok);
}
@@ -338,6 +357,12 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
case TLS1_VERSION:
str_version = "TLS 1.0 ";
break;
case DTLS1_VERSION:
str_version = "DTLS 1.0 ";
break;
case DTLS1_BAD_VER:
str_version = "DTLS 1.0 (bad) ";
break;
default:
str_version = "???";
}
@@ -403,7 +428,10 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
}
}
if (version == SSL3_VERSION || version == TLS1_VERSION)
if (version == SSL3_VERSION ||
version == TLS1_VERSION ||
version == DTLS1_VERSION ||
version == DTLS1_BAD_VER)
{
switch (content_type)
{
@@ -542,6 +570,9 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
case 2:
str_details1 = ", ServerHello";
break;
case 3:
str_details1 = ", HelloVerifyRequest";
break;
case 11:
str_details1 = ", Certificate";
break;
@@ -638,6 +669,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
extname = "server ticket";
break;
case TLSEXT_TYPE_renegotiate:
extname = "renegotiate";
break;
#ifdef TLSEXT_TYPE_opaque_prf_input
case TLSEXT_TYPE_opaque_prf_input:
extname = "opaque PRF input";
@@ -656,3 +691,172 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
BIO_dump(bio, (char *)data, len);
(void)BIO_flush(bio);
}
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
{
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
unsigned int length, resultlength;
union {
struct sockaddr sa;
struct sockaddr_in s4;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 s6;
#endif
} peer;
/* Initialize a random secret */
if (!cookie_initialized)
{
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
{
BIO_printf(bio_err,"error setting random cookie secret\n");
return 0;
}
cookie_initialized = 1;
}
/* Read peer information */
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
/* Create buffer with peer's address and port */
length = 0;
switch (peer.sa.sa_family)
{
case AF_INET:
length += sizeof(struct in_addr);
length += sizeof(peer.s4.sin_port);
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
length += sizeof(struct in6_addr);
length += sizeof(peer.s6.sin6_port);
break;
#endif
default:
OPENSSL_assert(0);
break;
}
buffer = OPENSSL_malloc(length);
if (buffer == NULL)
{
BIO_printf(bio_err,"out of memory\n");
return 0;
}
switch (peer.sa.sa_family)
{
case AF_INET:
memcpy(buffer,
&peer.s4.sin_port,
sizeof(peer.s4.sin_port));
memcpy(buffer + sizeof(peer.s4.sin_port),
&peer.s4.sin_addr,
sizeof(struct in_addr));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(buffer,
&peer.s6.sin6_port,
sizeof(peer.s6.sin6_port));
memcpy(buffer + sizeof(peer.s6.sin6_port),
&peer.s6.sin6_addr,
sizeof(struct in6_addr));
break;
#endif
default:
OPENSSL_assert(0);
break;
}
/* Calculate HMAC of buffer using the secret */
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
buffer, length, result, &resultlength);
OPENSSL_free(buffer);
memcpy(cookie, result, resultlength);
*cookie_len = resultlength;
return 1;
}
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
{
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
unsigned int length, resultlength;
union {
struct sockaddr sa;
struct sockaddr_in s4;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 s6;
#endif
} peer;
/* If secret isn't initialized yet, the cookie can't be valid */
if (!cookie_initialized)
return 0;
/* Read peer information */
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
/* Create buffer with peer's address and port */
length = 0;
switch (peer.sa.sa_family)
{
case AF_INET:
length += sizeof(struct in_addr);
length += sizeof(peer.s4.sin_port);
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
length += sizeof(struct in6_addr);
length += sizeof(peer.s6.sin6_port);
break;
#endif
default:
OPENSSL_assert(0);
break;
}
buffer = OPENSSL_malloc(length);
if (buffer == NULL)
{
BIO_printf(bio_err,"out of memory\n");
return 0;
}
switch (peer.sa.sa_family)
{
case AF_INET:
memcpy(buffer,
&peer.s4.sin_port,
sizeof(peer.s4.sin_port));
memcpy(buffer + sizeof(peer.s4.sin_port),
&peer.s4.sin_addr,
sizeof(struct in_addr));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(buffer,
&peer.s6.sin6_port,
sizeof(peer.s6.sin6_port));
memcpy(buffer + sizeof(peer.s6.sin6_port),
&peer.s6.sin6_addr,
sizeof(struct in6_addr));
break;
#endif
default:
OPENSSL_assert(0);
break;
}
/* Calculate HMAC of buffer using the secret */
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
buffer, length, result, &resultlength);
OPENSSL_free(buffer);
if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
return 1;
return 0;
}

View File

@@ -320,7 +320,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
BIO_printf(bio_err," -mtu - set the MTU\n");
BIO_printf(bio_err," -mtu - set the link layer MTU\n");
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
@@ -343,6 +343,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -status - request certificate status from server\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
#endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
}
#ifndef OPENSSL_NO_TLSEXT
@@ -381,9 +382,8 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int off=0;
unsigned int off=0, clr=0;
SSL *con=NULL;
X509_STORE *store = NULL;
int s,k,width,state=0;
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off;
@@ -404,12 +404,15 @@ int MAIN(int argc, char **argv)
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
int starttls_proto = PROTO_OFF;
int prexit = 0, vflags = 0;
int prexit = 0;
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
const SSL_METHOD *meth=NULL;
int socket_type=SOCK_STREAM;
BIO *sbio;
char *inrand=NULL;
int mbuf_len=0;
struct timeval timeout, *timeoutp;
#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
char *ssl_client_engine_id=NULL;
@@ -521,10 +524,12 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
cert_format = str2fmt(*(++argv));
}
else if (strcmp(*argv,"-crl_check") == 0)
vflags |= X509_V_FLAG_CRL_CHECK;
else if (strcmp(*argv,"-crl_check_all") == 0)
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
{
if (badarg)
goto bad;
continue;
}
else if (strcmp(*argv,"-verify_return_error") == 0)
verify_return_error = 1;
else if (strcmp(*argv,"-prexit") == 0)
@@ -654,6 +659,12 @@ int MAIN(int argc, char **argv)
#endif
else if (strcmp(*argv,"-serverpref") == 0)
off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
else if (strcmp(*argv,"-legacy_renegotiation") == 0)
off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
else if (strcmp(*argv,"-legacy_server_connect") == 0)
{ off|=SSL_OP_LEGACY_SERVER_CONNECT; }
else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
{ clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
@@ -831,6 +842,9 @@ bad:
goto end;
}
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
#ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine)
{
@@ -861,6 +875,9 @@ bad:
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
SSL_CTX_set_options(ctx,off);
if (clr)
SSL_CTX_clear_options(ctx, clr);
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
@@ -890,8 +907,6 @@ bad:
/* goto end; */
}
store = SSL_CTX_get_cert_store(ctx);
X509_STORE_set_flags(store, vflags);
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL)
{
@@ -975,7 +990,6 @@ re_start:
if ( SSL_version(con) == DTLS1_VERSION)
{
struct timeval timeout;
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
if (getsockname(s, &peer, (void *)&peerlen) < 0)
@@ -999,10 +1013,10 @@ re_start:
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
if (socket_mtu > 0)
if (socket_mtu > 28)
{
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(con, socket_mtu);
SSL_set_mtu(con, socket_mtu - 28);
}
else
/* want to do MTU discovery */
@@ -1192,6 +1206,12 @@ SSL_set_tlsext_status_ids(con, ids);
FD_ZERO(&readfds);
FD_ZERO(&writefds);
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
if (SSL_in_init(con) && !SSL_total_renegotiations(con))
{
in_init=1;
@@ -1296,7 +1316,7 @@ SSL_set_tlsext_status_ids(con, ids);
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
#endif
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
NULL,timeoutp);
}
#elif defined(OPENSSL_SYS_NETWARE)
if(!write_tty) {
@@ -1306,7 +1326,7 @@ SSL_set_tlsext_status_ids(con, ids);
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
NULL,timeoutp);
}
#elif defined(OPENSSL_SYS_BEOS_R5)
/* Under BeOS-R5 the situation is similar to DOS */
@@ -1324,12 +1344,12 @@ SSL_set_tlsext_status_ids(con, ids);
if (!i && (stdin_set != 1 || !read_tty))
continue;
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
NULL,timeoutp);
}
(void)fcntl(fileno(stdin), F_SETFL, 0);
#else
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
NULL,timeoutp);
#endif
if ( i < 0)
{
@@ -1340,6 +1360,11 @@ SSL_set_tlsext_status_ids(con, ids);
}
}
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
{
BIO_printf(bio_err,"TIMEOUT occured\n");
}
if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
{
k=SSL_write(con,&(cbuf[cbuf_off]),
@@ -1707,6 +1732,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
#ifndef OPENSSL_NO_COMP
comp=SSL_get_current_compression(s);
expansion=SSL_get_current_expansion(s);

View File

@@ -298,7 +298,9 @@ static const char *session_id_prefix=NULL;
static int enable_timeouts = 0;
static long socket_mtu;
#ifndef OPENSSL_NO_DTLS1
static int cert_chain = 0;
#endif
#ifndef OPENSSL_NO_PSK
static char *psk_identity="Client_identity";
@@ -459,7 +461,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
BIO_printf(bio_err," -timeout - Enable timeouts\n");
BIO_printf(bio_err," -mtu - Set MTU\n");
BIO_printf(bio_err," -mtu - Set link layer MTU\n");
BIO_printf(bio_err," -chain - Read a certificate chain\n");
BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
@@ -489,6 +491,7 @@ static void sv_usage(void)
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2);
BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
#endif
}
@@ -671,7 +674,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
return p->extension_error;
if (ctx2)
{
BIO_printf(p->biodebug,"Swiching server context.\n");
BIO_printf(p->biodebug,"Switching server context.\n");
SSL_set_SSL_CTX(s,ctx2);
}
}
@@ -710,7 +713,7 @@ static int cert_status_cb(SSL *s, void *arg)
int use_ssl;
unsigned char *rspder = NULL;
int rspderlen;
STACK_OF(STRING) *aia = NULL;
STACK_OF(OPENSSL_STRING) *aia = NULL;
X509 *x = NULL;
X509_STORE_CTX inctx;
X509_OBJECT obj;
@@ -732,7 +735,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
aia = X509_get1_ocsp(x);
if (aia)
{
if (!OCSP_parse_url(sk_STRING_value(aia, 0),
if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
&host, &port, &path, &use_ssl))
{
BIO_puts(err, "cert_status: can't parse AIA URL\n");
@@ -740,7 +743,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
}
if (srctx->verbose)
BIO_printf(err, "cert_status: AIA URL: %s\n",
sk_STRING_value(aia, 0));
sk_OPENSSL_STRING_value(aia, 0));
}
else
{
@@ -785,7 +788,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
if (!OCSP_REQUEST_add_ext(req, ext, -1))
goto err;
}
resp = process_responder(err, req, host, path, port, use_ssl,
resp = process_responder(err, req, host, path, port, use_ssl, NULL,
srctx->timeout);
if (!resp)
{
@@ -833,8 +836,8 @@ static char *jpake_secret = NULL;
int MAIN(int argc, char *argv[])
{
X509_STORE *store = NULL;
int vflags = 0;
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
short port=PORT;
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
@@ -857,6 +860,7 @@ int MAIN(int argc, char *argv[])
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
X509 *s_cert = NULL, *s_dcert = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0;
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
@@ -999,18 +1003,20 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
CApath= *(++argv);
}
else if (strcmp(*argv,"-crl_check") == 0)
else if (strcmp(*argv,"-no_cache") == 0)
no_cache = 1;
else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
{
vflags |= X509_V_FLAG_CRL_CHECK;
}
else if (strcmp(*argv,"-crl_check_all") == 0)
{
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
if (badarg)
goto bad;
continue;
}
else if (strcmp(*argv,"-verify_return_error") == 0)
verify_return_error = 1;
else if (strcmp(*argv,"-serverpref") == 0)
{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
else if (strcmp(*argv,"-legacy_renegotiation") == 0)
off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
@@ -1388,8 +1394,10 @@ bad:
if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
SSL_CTX_sess_set_cache_size(ctx,128);
if (no_cache)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx,128);
#if 0
if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -1410,8 +1418,8 @@ bad:
ERR_print_errors(bio_err);
/* goto end; */
}
store = SSL_CTX_get_cert_store(ctx);
X509_STORE_set_flags(store, vflags);
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
#ifndef OPENSSL_NO_TLSEXT
if (s_cert2)
@@ -1455,15 +1463,18 @@ bad:
if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
SSL_CTX_sess_set_cache_size(ctx2,128);
if (no_cache)
SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx2,128);
if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx2)))
{
ERR_print_errors(bio_err);
}
store = SSL_CTX_get_cert_store(ctx2);
X509_STORE_set_flags(store, vflags);
if (vpm)
SSL_CTX_set1_param(ctx2, vpm);
}
#endif
@@ -1654,6 +1665,10 @@ bad:
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
sizeof s_server_session_id_context);
/* Set DTLS cookie generation and verification callbacks */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
#ifndef OPENSSL_NO_TLSEXT
if (ctx2)
{
@@ -1750,8 +1765,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
unsigned long l;
SSL *con=NULL;
BIO *sbio;
struct timeval timeout;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
struct timeval tv;
#else
struct timeval *timeoutp;
#endif
if ((buf=OPENSSL_malloc(bufsize)) == NULL)
@@ -1808,7 +1826,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (SSL_version(con) == DTLS1_VERSION)
{
struct timeval timeout;
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
@@ -1823,10 +1840,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
if (socket_mtu > 0)
if (socket_mtu > 28)
{
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(con, socket_mtu);
SSL_set_mtu(con, socket_mtu - 28);
}
else
/* want to do MTU discovery */
@@ -1919,7 +1936,19 @@ static int sv_body(char *hostname, int s, unsigned char *context)
read_from_terminal = 1;
(void)fcntl(fileno(stdin), F_SETFL, 0);
#else
i=select(width,(void *)&readfds,NULL,NULL,NULL);
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
i=select(width,(void *)&readfds,NULL,NULL,timeoutp);
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
{
BIO_printf(bio_err,"TIMEOUT occured\n");
}
if (i <= 0) continue;
if (FD_ISSET(fileno(stdin),&readfds))
read_from_terminal = 1;
@@ -2180,6 +2209,8 @@ static int init_ssl_connection(SSL *con)
con->kssl_ctx->client_princ);
}
#endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
return(1);
}

View File

@@ -62,6 +62,12 @@
#include <errno.h>
#include <signal.h>
#ifdef FLAT_INC
#include "e_os2.h"
#else
#include "../e_os2.h"
#endif
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which

View File

@@ -93,7 +93,7 @@ int MAIN(int argc, char **argv)
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL;
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
const EVP_CIPHER *cipher = NULL;
PKCS7 *p7 = NULL;
@@ -260,13 +260,13 @@ int MAIN(int argc, char **argv)
if (signerfile)
{
if (!sksigners)
sksigners = sk_STRING_new_null();
sk_STRING_push(sksigners, signerfile);
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!keyfile)
keyfile = signerfile;
if (!skkeys)
skkeys = sk_STRING_new_null();
sk_STRING_push(skkeys, keyfile);
skkeys = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(skkeys, keyfile);
keyfile = NULL;
}
signerfile = *++args;
@@ -302,12 +302,12 @@ int MAIN(int argc, char **argv)
goto argerr;
}
if (!sksigners)
sksigners = sk_STRING_new_null();
sk_STRING_push(sksigners, signerfile);
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
signerfile = NULL;
if (!skkeys)
skkeys = sk_STRING_new_null();
sk_STRING_push(skkeys, keyfile);
skkeys = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
keyfile = *++args;
}
@@ -389,13 +389,13 @@ int MAIN(int argc, char **argv)
if (signerfile)
{
if (!sksigners)
sksigners = sk_STRING_new_null();
sk_STRING_push(sksigners, signerfile);
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!skkeys)
skkeys = sk_STRING_new_null();
skkeys = sk_OPENSSL_STRING_new_null();
if (!keyfile)
keyfile = signerfile;
sk_STRING_push(skkeys, keyfile);
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
if (!sksigners)
{
@@ -671,7 +671,7 @@ int MAIN(int argc, char **argv)
{
if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb_func(store, smime_cb);
X509_STORE_set_verify_cb(store, smime_cb);
if (vpm)
X509_STORE_set1_param(store, vpm);
}
@@ -707,10 +707,10 @@ int MAIN(int argc, char **argv)
}
else
flags |= PKCS7_REUSE_DIGEST;
for (i = 0; i < sk_STRING_num(sksigners); i++)
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
{
signerfile = sk_STRING_value(sksigners, i);
keyfile = sk_STRING_value(skkeys, i);
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
@@ -807,9 +807,9 @@ end:
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (sksigners)
sk_STRING_free(sksigners);
sk_OPENSSL_STRING_free(sksigners);
if (skkeys)
sk_STRING_free(skkeys);
sk_OPENSSL_STRING_free(skkeys);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);

View File

@@ -184,8 +184,12 @@
#include <openssl/ecdh.h>
#endif
#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE)
# define HAVE_FORK 1
#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
# define NO_FORK 1
#elif HAVE_FORK
# undef NO_FORK
#else
# define NO_FORK 1
#endif
#undef BUFSIZE
@@ -200,7 +204,7 @@ static void print_message(const char *s,long num,int length);
static void pkey_print_message(const char *str, const char *str2,
long num, int bits, int sec);
static void print_result(int alg,int run_no,int count,double time_used);
#ifdef HAVE_FORK
#ifndef NO_FORK
static int do_multi(int multi);
#endif
@@ -587,7 +591,7 @@ int MAIN(int argc, char **argv)
const EVP_CIPHER *evp_cipher=NULL;
const EVP_MD *evp_md=NULL;
int decrypt=0;
#ifdef HAVE_FORK
#ifndef NO_FORK
int multi=0;
#endif
@@ -715,7 +719,7 @@ int MAIN(int argc, char **argv)
j--;
}
#endif
#ifdef HAVE_FORK
#ifndef NO_FORK
else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
{
argc--;
@@ -1103,7 +1107,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-evp e use EVP e.\n");
BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n");
BIO_printf(bio_err,"-mr produce machine readable output.\n");
#ifdef HAVE_FORK
#ifndef NO_FORK
BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
#endif
goto end;
@@ -1113,7 +1117,7 @@ int MAIN(int argc, char **argv)
j++;
}
#ifdef HAVE_FORK
#ifndef NO_FORK
if(multi && do_multi(multi))
goto show_res;
#endif
@@ -1129,6 +1133,14 @@ int MAIN(int argc, char **argv)
rsa_doit[i]=1;
for (i=0; i<DSA_NUM; i++)
dsa_doit[i]=1;
#ifndef OPENSSL_NO_ECDSA
for (i=0; i<EC_NUM; i++)
ecdsa_doit[i]=1;
#endif
#ifndef OPENSSL_NO_ECDH
for (i=0; i<EC_NUM; i++)
ecdh_doit[i]=1;
#endif
}
for (i=0; i<ALGOR_NUM; i++)
if (doit[i]) pr_header++;
@@ -2324,7 +2336,7 @@ int MAIN(int argc, char **argv)
}
if (rnd_fake) RAND_cleanup();
#endif
#ifdef HAVE_FORK
#ifndef NO_FORK
show_res:
#endif
if(!mr)
@@ -2550,7 +2562,7 @@ static void print_result(int alg,int run_no,int count,double time_used)
results[alg][run_no]=((double)count)/time_used*lengths[run_no];
}
#ifdef HAVE_FORK
#ifndef NO_FORK
static char *sstrsep(char **string, const char *delim)
{
char isdelim[256];

View File

@@ -165,6 +165,9 @@ int MAIN(int argc, char **argv)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
}
if (!load_config(bio_err, NULL))
goto cleanup;
for (argc--, argv++; argc > 0; argc--, argv++)
{
if (strcmp(*argv, "-config") == 0)
@@ -646,7 +649,7 @@ static ASN1_INTEGER *create_nonce(int bits)
/* Generating random byte sequence. */
if (len > (int)sizeof(buf)) goto err;
if (!RAND_bytes(buf, len)) goto err;
if (RAND_bytes(buf, len) <= 0) goto err;
/* Find the first non-zero byte and creating ASN1_INTEGER object. */
for (i = 0; i < len && !buf[i]; ++i);
@@ -1080,7 +1083,7 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
cert_ctx = X509_STORE_new();
/* Setting the callback for certificate chain verification. */
X509_STORE_set_verify_cb_func(cert_ctx, verify_cb);
X509_STORE_set_verify_cb(cert_ctx, verify_cb);
/* Adding a trusted certificate directory source. */
if (ca_path)

View File

@@ -1,13 +1,13 @@
#!/usr/bin/perl -w
# Written by Zoltan Glozik <zglozik@stones.com>.
# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
$::version = '$Id: tsget,v 1.1 2006/02/12 23:11:21 ulf Exp $';
$::version = '$Id: tsget,v 1.1.2.2 2009/09/07 17:57:02 steve Exp $';
use strict;
use IO::Handle;
use Getopt::Std;
use File::Basename;
use WWW::Curl::easy;
use WWW::Curl::Easy;
use vars qw(%options);
@@ -37,7 +37,7 @@ sub create_curl {
my $url = shift;
# Create Curl object.
my $curl = WWW::Curl::easy::new();
my $curl = WWW::Curl::Easy::new();
# Error-handling related options.
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
@@ -49,7 +49,7 @@ sub create_curl {
$curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
$curl->setopt(CURLOPT_HTTPHEADER,
["Content-Type: application/timestamp-query",
"Accept: application/timestamp-reply"]);
"Accept: application/timestamp-reply,application/timestamp-response"]);
$curl->setopt(CURLOPT_READFUNCTION, \&read_body);
$curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
@@ -102,7 +102,8 @@ sub get_timestamp {
$error_string .= " ($::error_buf)" if defined($::error_buf);
} else {
my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
if (lc($ct) ne "application/timestamp-reply") {
if (lc($ct) ne "application/timestamp-reply"
&& lc($ct) ne "application/timestamp-response") {
$error_string = "unexpected content type returned: $ct";
}
}
@@ -192,4 +193,4 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
WWW::Curl::easy::global_cleanup();
WWW::Curl::Easy::global_cleanup();

View File

@@ -70,8 +70,9 @@
#define PROG verify_main
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
static STACK_OF(X509) *load_untrusted(char *file);
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e);
static int v_verbose=0, vflags = 0;
int MAIN(int, char **);
@@ -80,10 +81,10 @@ int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,ret=1, badarg = 0;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
char *untfile = NULL, *trustfile = NULL;
char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
X509_VERIFY_PARAM *vpm = NULL;
@@ -93,7 +94,7 @@ int MAIN(int argc, char **argv)
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
X509_STORE_set_verify_cb_func(cert_ctx,cb);
X509_STORE_set_verify_cb(cert_ctx,cb);
ERR_load_crypto_strings();
@@ -139,6 +140,11 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
else if (strcmp(*argv,"-CRLfile") == 0)
{
if (argc-- < 1) goto end;
crlfile= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
@@ -192,26 +198,34 @@ int MAIN(int argc, char **argv)
ERR_clear_error();
if(untfile) {
if(!(untrusted = load_untrusted(untfile))) {
BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile);
ERR_print_errors(bio_err);
if(untfile)
{
untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
NULL, e, "untrusted certificates");
if(!untrusted)
goto end;
}
}
if(trustfile) {
if(!(trusted = load_untrusted(trustfile))) {
BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
ERR_print_errors(bio_err);
if(trustfile)
{
trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
NULL, e, "trusted certificates");
if(!trusted)
goto end;
}
}
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
if(crlfile)
{
crls = load_crls(bio_err, crlfile, FORMAT_PEM,
NULL, e, "other CRLs");
if(!crls)
goto end;
}
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e);
else
for (i=0; i<argc; i++)
check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
check(cert_ctx,argv[i], untrusted, trusted, crls, e);
ret=0;
end:
if (ret == 1) {
@@ -232,11 +246,14 @@ end:
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e)
{
X509 *x=NULL;
int i=0,ret=0;
@@ -260,7 +277,8 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
goto end;
}
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
if (crls)
X509_STORE_CTX_set0_crls(csc, crls);
i=X509_verify_cert(csc);
X509_STORE_CTX_free(csc);
@@ -278,90 +296,53 @@ end:
return(ret);
}
static STACK_OF(X509) *load_untrusted(char *certfile)
{
STACK_OF(X509_INFO) *sk=NULL;
STACK_OF(X509) *stack=NULL, *ret=NULL;
BIO *in=NULL;
X509_INFO *xi;
if(!(stack = sk_X509_new_null())) {
BIO_printf(bio_err,"memory allocation failure\n");
goto end;
}
if(!(in=BIO_new_file(certfile, "r"))) {
BIO_printf(bio_err,"error opening the file, %s\n",certfile);
goto end;
}
/* This loads from a file, a stack of x509/crl/pkey sets */
if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) {
BIO_printf(bio_err,"error reading the file, %s\n",certfile);
goto end;
}
/* scan over it and pull out the certs */
while (sk_X509_INFO_num(sk))
{
xi=sk_X509_INFO_shift(sk);
if (xi->x509 != NULL)
{
sk_X509_push(stack,xi->x509);
xi->x509=NULL;
}
X509_INFO_free(xi);
}
if(!sk_X509_num(stack)) {
BIO_printf(bio_err,"no certificates in file, %s\n",certfile);
sk_X509_free(stack);
goto end;
}
ret=stack;
end:
BIO_free(in);
sk_X509_INFO_free(sk);
return(ret);
}
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
int cert_error = X509_STORE_CTX_get_error(ctx);
X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
if (!ok)
{
if (ctx->current_cert)
if (current_cert)
{
X509_NAME_oneline(
X509_get_subject_name(ctx->current_cert),buf,
sizeof buf);
printf("%s\n",buf);
X509_NAME_print_ex_fp(stdout,
X509_get_subject_name(current_cert),
0, XN_FLAG_ONELINE);
printf("\n");
}
printf("%serror %d at %d depth lookup:%s\n",
X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
cert_error,
X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(cert_error));
switch(cert_error)
{
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(NULL, ctx);
case X509_V_ERR_CERT_HAS_EXPIRED:
/* since we are just checking the certificates, it is
* ok if they are self signed. But we should still warn
* the user.
*/
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
/* Continue after extension errors too */
case X509_V_ERR_INVALID_CA:
case X509_V_ERR_INVALID_NON_CA:
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
case X509_V_ERR_INVALID_PURPOSE:
case X509_V_ERR_CRL_HAS_EXPIRED:
case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
ok = 1;
}
printf("error %d at %d depth lookup:%s\n",ctx->error,
ctx->error_depth,
X509_verify_cert_error_string(ctx->error));
if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1;
/* since we are just checking the certificates, it is
* ok if they are self signed. But we should still warn
* the user.
*/
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
/* Continue after extension errors too */
if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
policies_print(NULL, ctx);
return ok;
}
if ((ctx->error == X509_V_OK) && (ok == 2))
if (cert_error == X509_V_OK && ok == 2)
policies_print(NULL, ctx);
if (!v_verbose)
ERR_clear_error();

View File

@@ -99,7 +99,13 @@ static const char *x509_usage[]={
" -passin arg - private key password source\n",
" -serial - print serial number value\n",
" -subject_hash - print subject hash value\n",
#ifndef OPENSSL_NO_MD5
" -subject_hash_old - print old-style (MD5) subject hash value\n",
#endif
" -issuer_hash - print issuer hash value\n",
#ifndef OPENSSL_NO_MD5
" -issuer_hash_old - print old-style (MD5) issuer hash value\n",
#endif
" -hash - synonym for -subject_hash\n",
" -subject - print subject DN\n",
" -issuer - print issuer DN\n",
@@ -179,6 +185,9 @@ int MAIN(int argc, char **argv)
int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
int next_serial=0;
int subject_hash=0,issuer_hash=0,ocspid=0;
#ifndef OPENSSL_NO_MD5
int subject_hash_old=0,issuer_hash_old=0;
#endif
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
int ocsp_uri=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
@@ -225,7 +234,7 @@ int MAIN(int argc, char **argv)
ctx=X509_STORE_new();
if (ctx == NULL) goto end;
X509_STORE_set_verify_cb_func(ctx,callb);
X509_STORE_set_verify_cb(ctx,callb);
argc--;
argv++;
@@ -397,8 +406,16 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-hash") == 0
|| strcmp(*argv,"-subject_hash") == 0)
subject_hash= ++num;
#ifndef OPENSSL_NO_MD5
else if (strcmp(*argv,"-subject_hash_old") == 0)
subject_hash_old= ++num;
#endif
else if (strcmp(*argv,"-issuer_hash") == 0)
issuer_hash= ++num;
#ifndef OPENSSL_NO_MD5
else if (strcmp(*argv,"-issuer_hash_old") == 0)
issuer_hash_old= ++num;
#endif
else if (strcmp(*argv,"-subject") == 0)
subject= ++num;
else if (strcmp(*argv,"-issuer") == 0)
@@ -626,7 +643,7 @@ bad:
if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
pkey = X509_REQ_get_pubkey(req);
X509_set_pubkey(x,pkey);
@@ -738,14 +755,14 @@ bad:
else if ((email == i) || (ocsp_uri == i))
{
int j;
STACK_OF(STRING) *emlst;
STACK_OF(OPENSSL_STRING) *emlst;
if (email == i)
emlst = X509_get1_email(x);
else
emlst = X509_get1_ocsp(x);
for (j = 0; j < sk_STRING_num(emlst); j++)
for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
BIO_printf(STDout, "%s\n",
sk_STRING_value(emlst, j));
sk_OPENSSL_STRING_value(emlst, j));
X509_email_free(emlst);
}
else if (aliasout == i)
@@ -759,10 +776,22 @@ bad:
{
BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
}
#ifndef OPENSSL_NO_MD5
else if (subject_hash_old == i)
{
BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x));
}
#endif
else if (issuer_hash == i)
{
BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
}
#ifndef OPENSSL_NO_MD5
else if (issuer_hash_old == i)
{
BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x));
}
#endif
else if (pprint == i)
{
X509_PURPOSE *ptmp;
@@ -1130,6 +1159,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
/* NOTE: this certificate can/should be self signed, unless it was
* a certificate request in which case it is not. */
X509_STORE_CTX_set_cert(&xsc,x);
X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
if (!reqfile && X509_verify_cert(&xsc) <= 0)
goto end;
@@ -1146,7 +1176,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
goto end;
/* hardwired expired */
if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL)
goto end;
if (clrext)

16
config
View File

@@ -48,10 +48,10 @@ done
# First get uname entries that we use below
MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
[ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
# Now test for ISC and SCO, since it is has a braindamaged uname.
@@ -496,6 +496,12 @@ echo Operating system: $GUESSOS
# script above so we end up with values in vars but that would take
# more time that I want to waste at the moment
case "$GUESSOS" in
uClinux*64*)
OUT=uClinux-dist64
;;
uClinux*)
OUT=uClinux-dist
;;
mips2-sgi-irix)
CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
@@ -798,6 +804,8 @@ case "$GUESSOS" in
j90-cray-unicos) OUT="cray-j90" ;;
nsr-tandem-nsk) OUT="tandem-c89" ;;
beos-*) OUT="$GUESSOS" ;;
x86pc-*-qnx6) OUT="QNX6-i386" ;;
*-*-qnx6) OUT="QNX6" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac

View File

@@ -5,9 +5,9 @@
DIR= crypto
TOP= ..
CC= cc
INCLUDE= -I. -I$(TOP) -I../include
INCLUDE= -I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
# INCLUDES targets sudbirs!
INCLUDES= -I.. -I../.. -I../asn1 -I../evp -I../../include
INCLUDES= -I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
CFLAG= -g
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)

View File

@@ -765,6 +765,11 @@ $code.=<<___ if (!$softonly);
srl %r5,6
ar %r5,%r0
larl %r1,OPENSSL_s390xcap_P
lg %r0,0(%r1)
tmhl %r0,0x4000 # check for message-security assist
jz .Lekey_internal
lghi %r0,0 # query capability vector
la %r1,16($sp)
.long 0xb92f0042 # kmc %r4,%r2
@@ -1323,6 +1328,7 @@ $code.=<<___;
4: ex $len,0($s1)
j .Lcbc_dec_exit
.size AES_cbc_encrypt,.-AES_cbc_encrypt
.comm OPENSSL_s390xcap_P,8,8
___
}
$code.=<<___;

View File

@@ -62,7 +62,7 @@
#ifndef NO_OLD_ASN1
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
{
unsigned char *b,*p;
const unsigned char *p2;

View File

@@ -243,7 +243,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
p=OPENSSL_malloc(len);
if (p == NULL)
{
ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
ERR_R_MALLOC_FAILURE);
return(NULL);
}

View File

@@ -93,7 +93,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
int str_type;
int ret;
char free_out;
int outform, outlen;
int outform, outlen = 0;
ASN1_STRING *dest;
unsigned char *p;
int nchar;

View File

@@ -290,6 +290,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
const unsigned char *p;
unsigned char *data;
int i;
/* Sanity check OID encoding: can't have 0x80 in subidentifiers, see:
* X.690 8.19.2
*/
for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
{
if (*p == 0x80)
{
ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
return NULL;
}
}
/* only the ASN1_OBJECTs from the 'table' will have values
* for ->sn or ->ln */

View File

@@ -85,7 +85,7 @@ static int SetBlobCmp(const void *elem1, const void *elem2 )
}
/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */
int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class,
int is_set)
{
@@ -97,8 +97,8 @@ int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
int totSize;
if (a == NULL) return(0);
for (i=sk_BLOCK_num(a)-1; i>=0; i--)
ret+=i2d(sk_BLOCK_value(a,i),NULL);
for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--)
ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL);
r=ASN1_object_size(1,ret,ex_tag);
if (pp == NULL) return(r);
@@ -109,10 +109,10 @@ int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
/* And then again by Ben */
/* And again by Steve */
if(!is_set || (sk_BLOCK_num(a) < 2))
if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2))
{
for (i=0; i<sk_BLOCK_num(a); i++)
i2d(sk_BLOCK_value(a,i),&p);
for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
*pp=p;
return(r);
@@ -120,17 +120,17 @@ int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
pStart = p; /* Catch the beg of Setblobs*/
/* In this array we will store the SET blobs */
rgSetBlob = OPENSSL_malloc(sk_BLOCK_num(a) * sizeof(MYBLOB));
rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
if (rgSetBlob == NULL)
{
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
return(0);
}
for (i=0; i<sk_BLOCK_num(a); i++)
for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
{
rgSetBlob[i].pbData = p; /* catch each set encode blob */
i2d(sk_BLOCK_value(a,i),&p);
i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
SetBlob
*/
@@ -140,7 +140,7 @@ SetBlob
/* Now we have to sort the blobs. I am using a simple algo.
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
qsort( rgSetBlob, sk_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
if (!(pTempMem = OPENSSL_malloc(totSize)))
{
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
@@ -149,7 +149,7 @@ SetBlob
/* Copy to temp mem */
p = pTempMem;
for(i=0; i<sk_BLOCK_num(a); ++i)
for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i)
{
memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
p += rgSetBlob[i].cbData;
@@ -163,17 +163,18 @@ SetBlob
return(r);
}
STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
const unsigned char **pp,
long length, d2i_of_void *d2i,
void (*free_func)(BLOCK), int ex_tag,
void (*free_func)(OPENSSL_BLOCK), int ex_tag,
int ex_class)
{
ASN1_const_CTX c;
STACK_OF(BLOCK) *ret=NULL;
STACK_OF(OPENSSL_BLOCK) *ret=NULL;
if ((a == NULL) || ((*a) == NULL))
{
if ((ret=sk_BLOCK_new_null()) == NULL)
if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL)
{
ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
goto err;
@@ -221,7 +222,7 @@ STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
asn1_add_error(*pp,(int)(c.p- *pp));
goto err;
}
if (!sk_BLOCK_push(ret,s)) goto err;
if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err;
}
if (a != NULL) (*a)=ret;
*pp=c.p;
@@ -230,9 +231,9 @@ err:
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
{
if (free_func != NULL)
sk_BLOCK_pop_free(ret,free_func);
sk_OPENSSL_BLOCK_pop_free(ret,free_func);
else
sk_BLOCK_free(ret);
sk_OPENSSL_BLOCK_free(ret);
}
return(NULL);
}

View File

@@ -112,7 +112,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
ts=OPENSSL_gmtime(&t,&data);
if (ts == NULL)
{
ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
return NULL;
}
if (offset_day || offset_sec)
@@ -180,6 +180,7 @@ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
t.length = strlen(str);
t.data = (unsigned char *)str;
t.flags = 0;
t.type = V_ASN1_UTCTIME;

View File

@@ -221,7 +221,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
p=OPENSSL_malloc(len);
if (p == NULL)
{
ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
return(NULL);
}
if (s->data != NULL)

View File

@@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
if (!ameth->info)
goto err;
}
else
ameth->info = NULL;
if (pem_str)
{
@@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
if (!ameth->pem_str)
goto err;
}
else
ameth->pem_str = NULL;
ameth->pub_decode = 0;
ameth->pub_encode = 0;

View File

@@ -230,6 +230,10 @@ typedef struct asn1_object_st
*/
#define ASN1_STRING_FLAG_CONT 0x020
/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
* type.
*/
#define ASN1_STRING_FLAG_MSTRING 0x040
/* This is the base type that holds just about everything :-) */
typedef struct asn1_string_st
{
@@ -887,12 +891,13 @@ int ASN1_TIME_check(ASN1_TIME *t);
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class,
int is_set);
STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
const unsigned char **pp,
long length, d2i_of_void *d2i,
void (*free_func)(BLOCK), int ex_tag,
void (*free_func)(OPENSSL_BLOCK), int ex_tag,
int ex_class);
#ifndef OPENSSL_NO_BIO
@@ -947,7 +952,7 @@ int ASN1_put_eoc(unsigned char **pp);
int ASN1_object_size(int constructed, int length, int tag);
/* Used to implement other functions */
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
#define ASN1_dup_of(type,i2d,d2i,x) \
((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
@@ -1045,9 +1050,9 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
unsigned char *data, int max_len);
STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
d2i_of_void *d2i, void (*free_func)(BLOCK));
unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
unsigned char **buf, int *len );
void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
@@ -1172,6 +1177,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
#define ASN1_F_ASN1_EX_C2I 204
#define ASN1_F_ASN1_FIND_END 190
#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216
#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185
#define ASN1_F_ASN1_GENERATE_V3 178
#define ASN1_F_ASN1_GET_OBJECT 114
@@ -1206,10 +1212,12 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
#define ASN1_F_ASN1_TEMPLATE_NEW 133
#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
#define ASN1_F_ASN1_TIME_ADJ 217
#define ASN1_F_ASN1_TIME_SET 175
#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
#define ASN1_F_ASN1_UNPACK_STRING 136
#define ASN1_F_ASN1_UTCTIME_ADJ 218
#define ASN1_F_ASN1_UTCTIME_SET 187
#define ASN1_F_ASN1_VERIFY 137
#define ASN1_F_B64_READ_ASN1 209
@@ -1278,7 +1286,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_BAD_PASSWORD_READ 103
#define ASN1_R_BAD_TAG 104
#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
#define ASN1_R_BN_LIB 105
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
#define ASN1_R_BUFFER_TOO_SMALL 107
@@ -1324,6 +1332,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_INVALID_MIME_TYPE 205
#define ASN1_R_INVALID_MODIFIER 186
#define ASN1_R_INVALID_NUMBER 187
#define ASN1_R_INVALID_OBJECT_ENCODING 216
#define ASN1_R_INVALID_SEPARATOR 131
#define ASN1_R_INVALID_TIME_FORMAT 132
#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133
@@ -1370,7 +1379,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215
#define ASN1_R_UNKNOWN_FORMAT 160
#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
#define ASN1_R_UNKNOWN_OBJECT_TYPE 162

View File

@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -90,6 +90,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
{ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"},
{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"},
{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
@@ -124,10 +125,12 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"},
{ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"},
{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"},
{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
{ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"},
{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
@@ -176,7 +179,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"},
{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_asn1"},
{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
@@ -245,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"},
{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"},
{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"},
{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},

View File

@@ -227,6 +227,8 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
/* Allocate buffer for new encoding */
new_der = OPENSSL_malloc(len);
if (!new_der)
goto err;
/* Generate tagged encoding */
@@ -452,6 +454,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
int derlen;
int i;
sk = sk_ASN1_TYPE_new_null();
if (!sk)
goto bad;
if (section)
{
if (!cnf)
@@ -464,7 +468,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
if (!typ)
goto bad;
sk_ASN1_TYPE_push(sk, typ);
if (!sk_ASN1_TYPE_push(sk, typ))
goto bad;
}
}
@@ -475,6 +480,9 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
else
derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
if (derlen < 0)
goto bad;
if (!(ret = ASN1_TYPE_new()))
goto bad;

View File

@@ -239,7 +239,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
if (ii < 0)
{
if (BIO_write(bp,"Bad boolean\n",12))
if (BIO_write(bp,"Bad boolean\n",12) <= 0)
goto end;
}
BIO_printf(bp,":%d",ii);

View File

@@ -66,10 +66,10 @@
/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
d2i_of_void *d2i, void (*free_func)(BLOCK))
STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK))
{
STACK_OF(BLOCK) *sk;
STACK_OF(OPENSSL_BLOCK) *sk;
const unsigned char *pbuf;
pbuf = buf;
if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
@@ -82,7 +82,7 @@ STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
* OPENSSL_malloc'ed buffer
*/
unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
unsigned char **buf, int *len)
{
int safelen;

View File

@@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
}
else ret= *a;
ret->save_type=type;
ret->type=EVP_PKEY_type(type);
switch (ret->type)
if (!EVP_PKEY_set_type(ret, type))
{
ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
goto err;
}
switch (EVP_PKEY_id(ret))
{
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:

View File

@@ -376,7 +376,7 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
{
s= (v[12]-'0')*10+(v[13]-'0');
/* Check for fractions of seconds. */
if (i >= 15 && v[14] == '.')
if (tm->length >= 15 && v[14] == '.')
{
int l = tm->length;
f = &v[14]; /* The decimal point. */

View File

@@ -325,6 +325,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
ASN1_TYPE *typ;
ASN1_STRING *str;
int utype;
if (it && it->funcs)
@@ -362,7 +363,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
break;
default:
*pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
str = ASN1_STRING_type_new(utype);
if (it->itype == ASN1_ITYPE_MSTRING && str)
str->flags |= ASN1_STRING_FLAG_MSTRING;
*pval = (ASN1_VALUE *)str;
break;
}
if (*pval)

View File

@@ -88,9 +88,15 @@ NETDB_DEFINE_CONTEXT
static int wsa_init_done=0;
#endif
#if defined(OPENSSL_SYS_BEOS_BONE)
/* BONE's IP6 support is incomplete */
#undef AF_INET6
/*
* WSAAPI specifier is required to make indirect calls to run-time
* linked WinSock 2 functions used in this module, to be specific
* [get|free]addrinfo and getnameinfo. This is because WinSock uses
* uses non-C calling convention, __stdcall vs. __cdecl, on x86
* Windows. On non-WinSock platforms WSAAPI needs to be void.
*/
#ifndef WSAAPI
#define WSAAPI
#endif
#if 0
@@ -593,9 +599,14 @@ static int get_ip(const char *str, unsigned char ip[4])
int BIO_get_accept_socket(char *host, int bind_mode)
{
int ret=0;
struct sockaddr server,client;
struct sockaddr_in *sa_in;
int s=INVALID_SOCKET,cs;
union {
struct sockaddr sa;
struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 sa_in6;
#endif
} server,client;
int s=INVALID_SOCKET,cs,addrlen;
unsigned char ip[4];
unsigned short port;
char *str=NULL,*e;
@@ -627,12 +638,12 @@ int BIO_get_accept_socket(char *host, int bind_mode)
#ifdef EAI_FAMILY
do {
static union { void *p;
int (*f)(const char *,const char *,
int (WSAAPI *f)(const char *,const char *,
const struct addrinfo *,
struct addrinfo **);
} p_getaddrinfo = {NULL};
static union { void *p;
void (*f)(struct addrinfo *);
void (WSAAPI *f)(struct addrinfo *);
} p_freeaddrinfo = {NULL};
struct addrinfo *res,hint;
@@ -654,7 +665,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
if (strchr(h,':'))
{
if (h[1]=='\0') h=NULL;
#ifdef AF_INET6
#if OPENSSL_USE_IPV6
hint.ai_family = AF_INET6;
#else
h=NULL;
@@ -665,7 +676,12 @@ int BIO_get_accept_socket(char *host, int bind_mode)
}
if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
server = *res->ai_addr;
addrlen = res->ai_addrlen<=sizeof(server) ?
res->ai_addrlen :
sizeof(server);
memcpy(&server, res->ai_addr, addrlen);
(*p_freeaddrinfo.f)(res);
goto again;
} while (0);
@@ -674,12 +690,12 @@ int BIO_get_accept_socket(char *host, int bind_mode)
if (!BIO_get_port(p,&port)) goto err;
memset((char *)&server,0,sizeof(server));
sa_in = (struct sockaddr_in *)&server;
sa_in->sin_family=AF_INET;
sa_in->sin_port=htons(port);
server.sa_in.sin_family=AF_INET;
server.sa_in.sin_port=htons(port);
addrlen = sizeof(server.sa_in);
if (h == NULL || strcmp(h,"*") == 0)
sa_in->sin_addr.s_addr=INADDR_ANY;
server.sa_in.sin_addr.s_addr=INADDR_ANY;
else
{
if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
@@ -688,11 +704,11 @@ int BIO_get_accept_socket(char *host, int bind_mode)
((unsigned long)ip[1]<<16L)|
((unsigned long)ip[2]<< 8L)|
((unsigned long)ip[3]);
sa_in->sin_addr.s_addr=htonl(l);
server.sa_in.sin_addr.s_addr=htonl(l);
}
again:
s=socket(server.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
s=socket(server.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
if (s == INVALID_SOCKET)
{
SYSerr(SYS_F_SOCKET,get_last_socket_error());
@@ -710,7 +726,7 @@ again:
bind_mode=BIO_BIND_NORMAL;
}
#endif
if (bind(s,&server,sizeof(server)) == -1)
if (bind(s,&server.sa,addrlen) == -1)
{
#ifdef SO_REUSEADDR
err_num=get_last_socket_error();
@@ -720,30 +736,25 @@ again:
client = server;
if (h == NULL || strcmp(h,"*") == 0)
{
#ifdef AF_INET6
if (client.sa_family == AF_INET6)
#if OPENSSL_USE_IPV6
if (client.sa.sa_family == AF_INET6)
{
struct sockaddr_in6 *sin6 =
(struct sockaddr_in6 *)&client;
memset(&sin6->sin6_addr,0,sizeof(sin6->sin6_addr));
sin6->sin6_addr.s6_addr[15]=1;
memset(&client.sa_in6.sin6_addr,0,sizeof(client.sa_in6.sin6_addr));
client.sa_in6.sin6_addr.s6_addr[15]=1;
}
else
#endif
if (client.sa_family == AF_INET)
if (client.sa.sa_family == AF_INET)
{
struct sockaddr_in *sin6 =
(struct sockaddr_in *)&client;
sin6->sin_addr.s_addr=htonl(0x7F000001);
client.sa_in.sin_addr.s_addr=htonl(0x7F000001);
}
else goto err;
}
cs=socket(client.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
cs=socket(client.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
if (cs != INVALID_SOCKET)
{
int ii;
ii=connect(cs,(struct sockaddr *)&client,
sizeof(client));
ii=connect(cs,&client.sa,addrlen);
closesocket(cs);
if (ii == INVALID_SOCKET)
{
@@ -782,21 +793,52 @@ err:
int BIO_accept(int sock, char **addr)
{
int ret=INVALID_SOCKET;
struct sockaddr from;
struct sockaddr_in *sa_in;
unsigned long l;
unsigned short port;
int len;
char *p;
memset(&from,0,sizeof(from));
len=sizeof(from);
/* Note: under VMS with SOCKETSHR the fourth parameter is currently
* of type (int *) whereas under other systems it is (void *) if
* you don't have a cast it will choke the compiler: if you do
* have a cast then you can either go for (int *) or (void *).
struct {
/*
* As for following union. Trouble is that there are platforms
* that have socklen_t and there are platforms that don't, on
* some platforms socklen_t is int and on some size_t. So what
* one can do? One can cook #ifdef spaghetti, which is nothing
* but masochistic. Or one can do union between int and size_t.
* One naturally does it primarily for 64-bit platforms where
* sizeof(int) != sizeof(size_t). But would it work? Note that
* if size_t member is initialized to 0, then later int member
* assignment naturally does the job on little-endian platforms
* regardless accept's expectations! What about big-endians?
* If accept expects int*, then it works, and if size_t*, then
* length value would appear as unreasonably large. But this
* won't prevent it from filling in the address structure. The
* trouble of course would be if accept returns more data than
* actual buffer can accomodate and overwrite stack... That's
* where early OPENSSL_assert comes into picture. Besides, the
* only 64-bit big-endian platform found so far that expects
* size_t* is HP-UX, where stack grows towards higher address.
* <appro>
*/
ret=accept(sock,&from,(void *)&len);
union { size_t s; int i; } len;
union {
struct sockaddr sa;
struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 sa_in6;
#endif
} from;
} sa;
sa.len.s=0;
sa.len.i=sizeof(sa.from);
memset(&sa.from,0,sizeof(sa.from));
ret=accept(sock,&sa.from.sa,(void *)&sa.len);
if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
{
OPENSSL_assert(sa.len.s<=sizeof(sa.from));
sa.len.i = (int)sa.len.s;
/* use sa.len.i from this point */
}
if (ret == INVALID_SOCKET)
{
if(BIO_sock_should_retry(ret)) return -2;
@@ -808,18 +850,18 @@ int BIO_accept(int sock, char **addr)
if (addr == NULL) goto end;
#ifdef EAI_FAMILY
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_BEOS_BONE) || defined(OPENSSL_SYS_MSDOS)
# define SOCKLEN_T size_t
# else
# define SOCKLEN_T socklen_t
#endif
do {
char h[NI_MAXHOST],s[NI_MAXSERV];
size_t nl;
static union { void *p;
int (*f)(const struct sockaddr *,SOCKLEN_T,
int (WSAAPI *f)(const struct sockaddr *,size_t/*socklen_t*/,
char *,size_t,char *,size_t,int);
} p_getnameinfo = {NULL};
/* 2nd argument to getnameinfo is specified to
* be socklen_t. Unfortunately there is a number
* of environments where socklen_t is not defined.
* As it's passed by value, it's safe to pass it
* as size_t... <appro> */
if (p_getnameinfo.p==NULL)
{
@@ -828,9 +870,9 @@ int BIO_accept(int sock, char **addr)
}
if (p_getnameinfo.p==(void *)-1) break;
if ((*p_getnameinfo.f)(&from,sizeof(from),h,sizeof(h),s,sizeof(s),
if ((*p_getnameinfo.f)(&sa.from.sa,sa.len.i,h,sizeof(h),s,sizeof(s),
NI_NUMERICHOST|NI_NUMERICSERV)) break;
nl = strlen(h)+strlen(s)+2; if (len<24) len=24;
nl = strlen(h)+strlen(s)+2;
p = *addr;
if (p) { *p = '\0'; p = OPENSSL_realloc(p,nl); }
else { p = OPENSSL_malloc(nl); }
@@ -844,10 +886,9 @@ int BIO_accept(int sock, char **addr)
goto end;
} while(0);
#endif
if (from.sa_family != AF_INET) goto end;
sa_in = (struct sockaddr_in *)&from;
l=ntohl(sa_in->sin_addr.s_addr);
port=ntohs(sa_in->sin_port);
if (sa.from.sa.sa_family != AF_INET) goto end;
l=ntohl(sa.from.sa_in.sin_addr.s_addr);
port=ntohs(sa.from.sa_in.sin_port);
if (*addr == NULL)
{
if ((p=OPENSSL_malloc(24)) == NULL)

View File

@@ -157,8 +157,11 @@ extern "C" {
* previous write
* operation */
#define BIO_CTRL_DGRAM_GET_PEER 46
#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */
#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
* adjust socket timeouts */
/* modifiers */
#define BIO_FP_READ 0x02
@@ -400,7 +403,7 @@ typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
#define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
@@ -409,7 +412,7 @@ typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
#define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
#define BIO_BIND_NORMAL 0
@@ -536,6 +539,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
#define BIO_dgram_send_timedout(b) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
#define BIO_dgram_get_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
#define BIO_dgram_set_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)

View File

@@ -18,11 +18,19 @@
#define UP_ftell ftell
#define UP_fflush fflush
#define UP_ferror ferror
#ifdef _WIN32
#define UP_fileno _fileno
#define UP_open _open
#define UP_read _read
#define UP_write _write
#define UP_lseek _lseek
#define UP_close _close
#else
#define UP_fileno fileno
#define UP_open open
#define UP_read read
#define UP_write write
#define UP_lseek lseek
#define UP_close close
#endif
#endif

View File

@@ -429,7 +429,7 @@ BIO *BIO_push(BIO *b, BIO *bio)
if (bio != NULL)
bio->prev_bio=lb;
/* called to do internal processing */
BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
BIO_ctrl(b,BIO_CTRL_PUSH,0,lb);
return(b);
}
@@ -441,7 +441,7 @@ BIO *BIO_pop(BIO *b)
if (b == NULL) return(NULL);
ret=b->next_bio;
BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
BIO_ctrl(b,BIO_CTRL_POP,0,b);
if (b->prev_bio != NULL)
b->prev_bio->next_bio=b->next_bio;

View File

@@ -66,7 +66,13 @@
#include <openssl/bio.h>
#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
#include <sys/timeb.h>
#endif
#ifdef OPENSSL_SYS_LINUX
#define IP_MTU 14 /* linux is lame */
#endif
#ifdef WATT32
#define sock_write SockWrite /* Watt-32 uses same names */
@@ -84,6 +90,8 @@ static int dgram_clear(BIO *bio);
static int BIO_dgram_should_retry(int s);
static void get_current_time(struct timeval *t);
static BIO_METHOD methods_dgramp=
{
BIO_TYPE_DGRAM,
@@ -100,10 +108,18 @@ static BIO_METHOD methods_dgramp=
typedef struct bio_dgram_data_st
{
struct sockaddr peer;
union {
struct sockaddr sa;
struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 sa_in6;
#endif
} peer;
unsigned int connected;
unsigned int _errno;
unsigned int mtu;
struct timeval next_timeout;
struct timeval socket_timeout;
} bio_dgram_data;
BIO_METHOD *BIO_s_datagram(void)
@@ -165,31 +181,140 @@ static int dgram_clear(BIO *a)
}
return(1);
}
static void dgram_adjust_rcv_timeout(BIO *b)
{
#if defined(SO_RCVTIMEO)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
int sz = sizeof(int);
/* Is a timer active? */
if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
{
struct timeval timenow, timeleft;
/* Read current socket timeout */
#ifdef OPENSSL_SYS_WINDOWS
int timeout;
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void*)&timeout, &sz) < 0)
{ perror("getsockopt"); }
else
{
data->socket_timeout.tv_sec = timeout / 1000;
data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
}
#else
if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
&(data->socket_timeout), (void *)&sz) < 0)
{ perror("getsockopt"); }
#endif
/* Get current time */
get_current_time(&timenow);
/* Calculate time left until timer expires */
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
timeleft.tv_sec -= timenow.tv_sec;
timeleft.tv_usec -= timenow.tv_usec;
if (timeleft.tv_usec < 0)
{
timeleft.tv_sec--;
timeleft.tv_usec += 1000000;
}
if (timeleft.tv_sec < 0)
{
timeleft.tv_sec = 0;
timeleft.tv_usec = 1;
}
/* Adjust socket timeout if next handhake message timer
* will expire earlier.
*/
if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) ||
(data->socket_timeout.tv_sec > timeleft.tv_sec) ||
(data->socket_timeout.tv_sec == timeleft.tv_sec &&
data->socket_timeout.tv_usec >= timeleft.tv_usec))
{
#ifdef OPENSSL_SYS_WINDOWS
timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void*)&timeout, sizeof(timeout)) < 0)
{ perror("setsockopt"); }
#else
if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
sizeof(struct timeval)) < 0)
{ perror("setsockopt"); }
#endif
}
}
#endif
}
static void dgram_reset_rcv_timeout(BIO *b)
{
#if defined(SO_RCVTIMEO)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
/* Is a timer active? */
if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
{
#ifdef OPENSSL_SYS_WINDOWS
int timeout = data->socket_timeout.tv_sec * 1000 +
data->socket_timeout.tv_usec / 1000;
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void*)&timeout, sizeof(timeout)) < 0)
{ perror("setsockopt"); }
#else
if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
sizeof(struct timeval)) < 0)
{ perror("setsockopt"); }
#endif
}
#endif
}
static int dgram_read(BIO *b, char *out, int outl)
{
int ret=0;
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
struct sockaddr peer;
int peerlen = sizeof(peer);
struct {
/*
* See commentary in b_sock.c. <appro>
*/
union { size_t s; int i; } len;
union {
struct sockaddr sa;
struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 sa_in6;
#endif
} peer;
} sa;
sa.len.s=0;
sa.len.i=sizeof(sa.peer);
if (out != NULL)
{
clear_socket_error();
memset(&peer, 0x00, peerlen);
/* Last arg in recvfrom is signed on some platforms and
* unsigned on others. It is of type socklen_t on some
* but this is not universal. Cast to (void *) to avoid
* compiler warnings.
*/
ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
memset(&sa.peer, 0x00, sizeof(sa.peer));
dgram_adjust_rcv_timeout(b);
ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
{
OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
sa.len.i = (int)sa.len.s;
}
dgram_reset_rcv_timeout(b);
if ( ! data->connected && ret > 0)
BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
if ( ! data->connected && ret >= 0)
BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
BIO_clear_retry_flags(b);
if (ret <= 0)
if (ret < 0)
{
if (BIO_dgram_should_retry(ret))
{
@@ -207,19 +332,29 @@ static int dgram_write(BIO *b, const char *in, int inl)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
clear_socket_error();
if ( data->connected )
ret=writesocket(b->num,in,inl);
else
#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
#else
ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
if ( data->connected )
ret=writesocket(b->num,in,inl);
else
{
int peerlen = sizeof(data->peer);
if (data->peer.sa.sa_family == AF_INET)
peerlen = sizeof(data->peer.sa_in);
#if OPENSSL_USE_IVP6
else if (data->peer.sa.sa_family == AF_INET6)
peerlen = sizeof(data->peer.sa_in6);
#endif
#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
#else
ret=sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
#endif
}
BIO_clear_retry_flags(b);
if (ret <= 0)
{
if (BIO_sock_should_retry(ret))
if (BIO_dgram_should_retry(ret))
{
BIO_set_retry_write(b);
data->_errno = get_last_socket_error();
@@ -240,8 +375,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
int *ip;
struct sockaddr *to = NULL;
bio_dgram_data *data = NULL;
#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
long sockopt_val = 0;
unsigned int sockopt_len = 0;
#endif
#ifdef OPENSSL_SYS_LINUX
socklen_t addr_len;
union {
struct sockaddr sa;
struct sockaddr_in s4;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 s6;
#endif
} addr;
#endif
data = (bio_dgram_data *)b->ptr;
@@ -294,30 +441,110 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
else
{
#endif
memcpy(&(data->peer),to, sizeof(struct sockaddr));
switch (to->sa_family)
{
case AF_INET:
memcpy(&data->peer,to,sizeof(data->peer.sa_in));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
break;
#endif
default:
memcpy(&data->peer,to,sizeof(data->peer.sa));
break;
}
#if 0
}
#endif
break;
/* (Linux)kernel sets DF bit on outgoing IP packets */
#ifdef IP_MTU_DISCOVER
case BIO_CTRL_DGRAM_MTU_DISCOVER:
sockopt_val = IP_PMTUDISC_DO;
if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val))) < 0)
perror("setsockopt");
#ifdef OPENSSL_SYS_LINUX
addr_len = (socklen_t)sizeof(addr);
memset((void *)&addr, 0, sizeof(addr));
if (getsockname(b->num, &addr.sa, &addr_len) < 0)
{
ret = 0;
break;
}
sockopt_len = sizeof(sockopt_val);
switch (addr.sa.sa_family)
{
case AF_INET:
sockopt_val = IP_PMTUDISC_DO;
if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val))) < 0)
perror("setsockopt");
break;
#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER)
case AF_INET6:
sockopt_val = IPV6_PMTUDISC_DO;
if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val))) < 0)
perror("setsockopt");
break;
#endif
default:
ret = -1;
break;
}
ret = -1;
#else
break;
#endif
case BIO_CTRL_DGRAM_QUERY_MTU:
sockopt_len = sizeof(sockopt_val);
if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
&sockopt_len)) < 0 || sockopt_val < 0)
{ ret = 0; }
else
#ifdef OPENSSL_SYS_LINUX
addr_len = (socklen_t)sizeof(addr);
memset((void *)&addr, 0, sizeof(addr));
if (getsockname(b->num, &addr.sa, &addr_len) < 0)
{
data->mtu = sockopt_val;
ret = data->mtu;
ret = 0;
break;
}
sockopt_len = sizeof(sockopt_val);
switch (addr.sa.sa_family)
{
case AF_INET:
if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
&sockopt_len)) < 0 || sockopt_val < 0)
{
ret = 0;
}
else
{
/* we assume that the transport protocol is UDP and no
* IP options are used.
*/
data->mtu = sockopt_val - 8 - 20;
ret = data->mtu;
}
break;
#if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
case AF_INET6:
if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
&sockopt_len)) < 0 || sockopt_val < 0)
{
ret = 0;
}
else
{
/* we assume that the transport protocol is UDP and no
* IPV6 options are used.
*/
data->mtu = sockopt_val - 8 - 40;
ret = data->mtu;
}
break;
#endif
default:
ret = 0;
break;
}
#else
ret = 0;
#endif
break;
case BIO_CTRL_DGRAM_GET_MTU:
return data->mtu;
@@ -332,19 +559,66 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
if ( to != NULL)
{
data->connected = 1;
memcpy(&(data->peer),to, sizeof(struct sockaddr));
switch (to->sa_family)
{
case AF_INET:
memcpy(&data->peer,to,sizeof(data->peer.sa_in));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
break;
#endif
default:
memcpy(&data->peer,to,sizeof(data->peer.sa));
break;
}
}
else
{
data->connected = 0;
memset(&(data->peer), 0x00, sizeof(struct sockaddr));
memset(&(data->peer), 0x00, sizeof(data->peer));
}
break;
case BIO_CTRL_DGRAM_SET_PEER:
to = (struct sockaddr *) ptr;
memcpy(&(data->peer), to, sizeof(struct sockaddr));
break;
case BIO_CTRL_DGRAM_GET_PEER:
switch (data->peer.sa.sa_family)
{
case AF_INET:
ret=sizeof(data->peer.sa_in);
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
ret=sizeof(data->peer.sa_in6);
break;
#endif
default:
ret=sizeof(data->peer.sa);
break;
}
if (num==0 || num>ret)
num=ret;
memcpy(ptr,&data->peer,(ret=num));
break;
case BIO_CTRL_DGRAM_SET_PEER:
to = (struct sockaddr *) ptr;
switch (to->sa_family)
{
case AF_INET:
memcpy(&data->peer,to,sizeof(data->peer.sa_in));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
break;
#endif
default:
memcpy(&data->peer,to,sizeof(data->peer.sa));
break;
}
break;
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
break;
#if defined(SO_RCVTIMEO)
case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
#ifdef OPENSSL_SYS_WINDOWS
@@ -507,10 +781,6 @@ int BIO_dgram_non_fatal_error(int err)
# endif
#endif
#if defined(ENOTCONN)
case ENOTCONN:
#endif
#ifdef EINTR
case EINTR:
#endif
@@ -533,11 +803,6 @@ int BIO_dgram_non_fatal_error(int err)
case EALREADY:
#endif
/* DF bit set, and packet larger than MTU */
#ifdef EMSGSIZE
case EMSGSIZE:
#endif
return(1);
/* break; */
default:
@@ -546,3 +811,20 @@ int BIO_dgram_non_fatal_error(int err)
return(0);
}
#endif
static void get_current_time(struct timeval *t)
{
#ifdef OPENSSL_SYS_WIN32
struct _timeb tb;
_ftime(&tb);
t->tv_sec = (long)tb.time;
t->tv_usec = (long)tb.millitm * 1000;
#elif defined(OPENSSL_SYS_VMS)
struct timeb tb;
ftime(&tb);
t->tv_sec = (long)tb.time;
t->tv_usec = (long)tb.millitm * 1000;
#else
gettimeofday(t, NULL);
#endif
}

View File

@@ -403,11 +403,18 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
buf[0]='\0';
if (bp->flags&BIO_FLAGS_UPLINK)
UP_fgets(buf,size,bp->ptr);
{
if (!UP_fgets(buf,size,bp->ptr))
goto err;
}
else
fgets(buf,size,(FILE *)bp->ptr);
{
if (!fgets(buf,size,(FILE *)bp->ptr))
goto err;
}
if (buf[0] != '\0')
ret=strlen(buf);
err:
return(ret);
}

View File

@@ -161,7 +161,7 @@ static void ctxdbg(BN_CTX *ctx)
fprintf(stderr,"(%08x): ", (unsigned int)ctx);
while(bnidx < ctx->used)
{
fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
if(!(bnidx % BN_CTX_POOL_SIZE))
item = item->next;
}
@@ -171,8 +171,8 @@ static void ctxdbg(BN_CTX *ctx)
while(fpidx < stack->depth)
{
while(bnidx++ < stack->indexes[fpidx])
fprintf(stderr," ");
fprintf(stderr,"^^ ");
fprintf(stderr," ");
fprintf(stderr,"^^^ ");
bnidx++;
fpidx++;
}

View File

@@ -229,7 +229,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
if (dv == NULL)
res=BN_CTX_get(ctx);
else res=dv;
if (sdiv == NULL || res == NULL) goto err;
if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
goto err;
/* First we normalise the numbers */
norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);

View File

@@ -134,7 +134,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
rr = BN_CTX_get(ctx);
else
rr = r;
if ((v = BN_CTX_get(ctx)) == NULL) goto err;
v = BN_CTX_get(ctx);
if (rr == NULL || v == NULL) goto err;
if (BN_copy(v,a) == NULL) goto err;
bits=BN_num_bits(p);

View File

@@ -1028,17 +1028,19 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
assert(j <= al || j <= bl);
k = j+j;
t = BN_CTX_get(ctx);
if (t == NULL)
goto err;
if (al > j || bl > j)
{
bn_wexpand(t,k*4);
bn_wexpand(rr,k*4);
if (bn_wexpand(t,k*4) == NULL) goto err;
if (bn_wexpand(rr,k*4) == NULL) goto err;
bn_mul_part_recursive(rr->d,a->d,b->d,
j,al-j,bl-j,t->d);
}
else /* al <= j || bl <= j */
{
bn_wexpand(t,k*2);
bn_wexpand(rr,k*2);
if (bn_wexpand(t,k*2) == NULL) goto err;
if (bn_wexpand(rr,k*2) == NULL) goto err;
bn_mul_recursive(rr->d,a->d,b->d,
j,al-j,bl-j,t->d);
}

View File

@@ -1029,7 +1029,7 @@ int test_exp(BIO *bp, BN_CTX *ctx)
BN_bntest_rand(a,20+i*5,0,0); /**/
BN_bntest_rand(b,2+i,0,0); /**/
if (!BN_exp(d,a,b,ctx))
if (BN_exp(d,a,b,ctx) <= 0)
return(0);
if (bp != NULL)

View File

@@ -1133,6 +1133,6 @@ my ($s0,$s1,$s2,$s3) = @T;
&function_end("Camellia_cbc_encrypt");
}
&asciz("Camellia for x86 by <appro@openssl.org>");
&asciz("Camellia for x86 by <appro\@openssl.org>");
&asm_finish();

View File

@@ -656,7 +656,7 @@ Camellia_cbc_encrypt:
mov %rsi,$out # out argument
mov %r8,%rbx # ivp argument
mov %rcx,$key # key argument
mov 272(%rcx),$keyend # grandRounds
mov 272(%rcx),${keyend}d # grandRounds
mov %r8,$_ivp
mov %rbp,$_rsp
@@ -859,7 +859,7 @@ Camellia_cbc_encrypt:
ret
.size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
.asciz "Camellia for x86_64 by <appro@openssl.org>"
.asciz "Camellia for x86_64 by <appro\@openssl.org>"
___
}

View File

@@ -91,10 +91,24 @@
# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
# define RightRotate(x, s) _lrotr(x, s)
# define LeftRotate(x, s) _lrotl(x, s)
# if _MSC_VER >= 1400
# define SWAP(x) _byteswap_ulong(x)
# else
# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
# endif
# define GETU32(p) SWAP(*((u32 *)(p)))
# define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
# elif defined(__GNUC__) && __GNUC__>=2
# if defined(__i386) || defined(__x86_64)
# define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
# define LeftRotate(x,s) ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
# if defined(B_ENDIAN) /* stratus.com does it */
# define GETU32(p) (*(u32 *)(p))
# define PUTU32(p,v) (*(u32 *)(p)=(v))
# else
# define GETU32(p) ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
# define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
# endif
# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
# define LeftRotate(x,s) ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
@@ -102,13 +116,20 @@
# elif defined(__s390x__)
# define LeftRotate(x,s) ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
# define RightRotate(x,s) LeftRotate(x,(32-s))
# define GETU32(p) (*(u32 *)(p))
# define PUTU32(p,v) (*(u32 *)(p)=(v))
# endif
# endif
#endif
#if !defined(RightRotate) && !defined(LeftRotate)
#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
#define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) )
# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
# define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) )
#endif
#if !defined(GETU32) && !defined(PUTU32)
# define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3]))
# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v))
#endif
/* S-box data */

View File

@@ -71,30 +71,6 @@
typedef unsigned int u32;
typedef unsigned char u8;
#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
# if _MSC_VER >= 1400
# define SWAP(x) _byteswap_ulong(x)
# else
# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
# endif
# define GETU32(p) SWAP(*((u32 *)(p)))
# define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
#elif defined(__GNUC__) && __GNUC__>=2 && (defined(__i386) || defined(__x86_64)) && !defined(PEDANTIC)
# if defined(B_ENDIAN) /* stratus.com does it */
# define GETU32(p) (*(u32 *)(p))
# define PUTU32(p,v) (*(u32 *)(p)=(v))
# else
# define GETU32(p) ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
# define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
# endif
#elif defined(__s390__) || defined(__s390x__)
# define GETU32(p) (*(u32 *)(p))
# define PUTU32(p,v) (*(u32 *)(p)=(v))
#else
# define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3]))
# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v))
#endif
int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE keyTable);
void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);

View File

@@ -65,7 +65,7 @@
*/
void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num, int enc)
{
register CAST_LONG v0,v1,t;
@@ -119,4 +119,3 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
v0=v1=ti[0]=ti[1]=t=c=cc=0;
*num=n;
}

View File

@@ -63,7 +63,7 @@
const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
CAST_KEY *ks, int enc)
const CAST_KEY *ks, int enc)
{
CAST_LONG l,d[2];
@@ -77,4 +77,3 @@ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
l=d[1]; l2n(l,out);
l=d[0]=d[1]=0;
}

View File

@@ -59,9 +59,10 @@
#include <openssl/cast.h>
#include "cast_lcl.h"
void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
{
register CAST_LONG l,r,*k,t;
register CAST_LONG l,r,t;
const register CAST_LONG *k;
k= &(key->data[0]);
l=data[0];
@@ -91,9 +92,10 @@ void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
data[0]=r&0xffffffffL;
}
void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
{
register CAST_LONG l,r,*k,t;
register CAST_LONG l,r,t;
const register CAST_LONG *k;
k= &(key->data[0]);
l=data[0];
@@ -124,7 +126,7 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
}
void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
CAST_KEY *ks, unsigned char *iv, int enc)
const CAST_KEY *ks, unsigned char *iv, int enc)
{
register CAST_LONG tin0,tin1;
register CAST_LONG tout0,tout1,xor0,xor1;
@@ -204,4 +206,3 @@ void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
tin0=tin1=tout0=tout1=xor0=xor1=0;
tin[0]=tin[1]=0;
}

View File

@@ -64,7 +64,7 @@
* 64bit block we have used is contained in *num;
*/
void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num)
{
register CAST_LONG v0,v1,t;
@@ -108,4 +108,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
t=v0=v1=ti[0]=ti[1]=0;
*num=n;
}

View File

@@ -85,17 +85,17 @@ typedef struct cast_key_st
void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
int enc);
void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
CAST_KEY *ks, unsigned char *iv, int enc);
const CAST_KEY *ks, unsigned char *iv, int enc);
void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num, int enc);
void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, CAST_KEY *schedule, unsigned char *ivec,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num);
#ifdef __cplusplus

Some files were not shown because too many files have changed in this diff Show More