Compare commits
No commits in common. "main" and "OpenSSL_1_0_1m" have entirely different histories.
main
...
OpenSSL_1_
22
.cvsignore
Normal file
22
.cvsignore
Normal file
@ -0,0 +1,22 @@
|
||||
openssl.pc
|
||||
libcrypto.pc
|
||||
libssl.pc
|
||||
MINFO
|
||||
makefile.one
|
||||
tmp
|
||||
out
|
||||
outinc
|
||||
rehash.time
|
||||
testlog
|
||||
make.log
|
||||
maketest.log
|
||||
cctest
|
||||
cctest.c
|
||||
cctest.a
|
||||
*.flc
|
||||
semantic.cache
|
||||
Makefile
|
||||
*.dll*
|
||||
*.so*
|
||||
*.sl*
|
||||
*.dylib*
|
||||
5
.gitignore
vendored
5
.gitignore
vendored
@ -7,7 +7,6 @@
|
||||
.#*
|
||||
#*#
|
||||
*~
|
||||
/.dir-locals.el
|
||||
|
||||
# Top level excludes
|
||||
/Makefile.bak
|
||||
@ -96,12 +95,8 @@ tags
|
||||
TAGS
|
||||
|
||||
# Windows
|
||||
/tmp32
|
||||
/tmp32.dbg
|
||||
/tmp32dll
|
||||
/tmp32dll.dbg
|
||||
/out32
|
||||
/out32.dbg
|
||||
/out32dll
|
||||
/out32dll.dbg
|
||||
/inc32
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
#! /bin/sh
|
||||
|
||||
# $1 is expected to be $TRAVIS_OS_NAME
|
||||
|
||||
if [ "$1" == osx ]; then
|
||||
make -f Makefile.org \
|
||||
DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist
|
||||
else
|
||||
make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist
|
||||
fi
|
||||
60
.travis.yml
60
.travis.yml
@ -1,60 +0,0 @@
|
||||
language: c
|
||||
|
||||
addons:
|
||||
apt_packages:
|
||||
- binutils-mingw-w64
|
||||
- gcc-mingw-w64
|
||||
|
||||
os:
|
||||
- linux
|
||||
- osx
|
||||
|
||||
compiler:
|
||||
- clang
|
||||
- gcc
|
||||
- i686-w64-mingw32-gcc
|
||||
- x86_64-w64-mingw32-gcc
|
||||
|
||||
env:
|
||||
- CONFIG_OPTS=""
|
||||
- CONFIG_OPTS="shared"
|
||||
- CONFIG_OPTS="-d --strict-warnings"
|
||||
|
||||
matrix:
|
||||
exclude:
|
||||
- os: osx
|
||||
compiler: i686-w64-mingw32-gcc
|
||||
- os: osx
|
||||
compiler: x86_64-w64-mingw32-gcc
|
||||
- compiler: i686-w64-mingw32-gcc
|
||||
env: CONFIG_OPTS="-d --strict-warnings"
|
||||
- compiler: x86_64-w64-mingw32-gcc
|
||||
env: CONFIG_OPTS="-d --strict-warnings"
|
||||
|
||||
before_script:
|
||||
- sh .travis-create-release.sh $TRAVIS_OS_NAME
|
||||
- tar -xvzf _srcdist.tar.gz
|
||||
- cd _srcdist
|
||||
- if [ "$CC" == i686-w64-mingw32-gcc ]; then
|
||||
export CROSS_COMPILE=${CC%%gcc}; unset CC;
|
||||
./Configure mingw $CONFIG_OPTS;
|
||||
elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
|
||||
export CROSS_COMPILE=${CC%%gcc}; unset CC;
|
||||
./Configure mingw64 $CONFIG_OPTS;
|
||||
else
|
||||
./config $CONFIG_OPTS;
|
||||
fi
|
||||
- cd ..
|
||||
|
||||
script:
|
||||
- cd _srcdist
|
||||
- make
|
||||
- if [ -z "$CROSS_COMPILE" ]; then make test; fi
|
||||
- cd ..
|
||||
|
||||
notifications:
|
||||
recipient:
|
||||
- openssl-commits@openssl.org
|
||||
email:
|
||||
on_success: change
|
||||
on_failure: always
|
||||
@ -1,2 +1,30 @@
|
||||
Please https://www.openssl.org/community/thanks.html for the current
|
||||
acknowledgements.
|
||||
The OpenSSL project depends on volunteer efforts and financial support from
|
||||
the end user community. That support comes in the form of donations and paid
|
||||
sponsorships, software support contracts, paid consulting services
|
||||
and commissioned software development.
|
||||
|
||||
Since all these activities support the continued development and improvement
|
||||
of OpenSSL we consider all these clients and customers as sponsors of the
|
||||
OpenSSL project.
|
||||
|
||||
We would like to identify and thank the following such sponsors for their past
|
||||
or current significant support of the OpenSSL project:
|
||||
|
||||
Major support:
|
||||
|
||||
Qualys http://www.qualys.com/
|
||||
|
||||
Very significant support:
|
||||
|
||||
OpenGear: http://www.opengear.com/
|
||||
|
||||
Significant support:
|
||||
|
||||
PSW Group: http://www.psw.net/
|
||||
Acano Ltd. http://acano.com/
|
||||
|
||||
Please note that we ask permission to identify sponsors and that some sponsors
|
||||
we consider eligible for inclusion here have requested to remain anonymous.
|
||||
|
||||
Additional sponsorship or financial support is always welcome: for more
|
||||
information please contact the OpenSSL Software Foundation.
|
||||
|
||||
471
CHANGES
471
CHANGES
@ -2,315 +2,6 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.1s and 1.0.1t [xx XXX xxxx]
|
||||
|
||||
*) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
|
||||
default.
|
||||
[Kurt Roeckx]
|
||||
|
||||
*) Only remove the SSLv2 methods with the no-ssl2-method option. When the
|
||||
methods are enabled and ssl2 is disabled the methods return NULL.
|
||||
[Kurt Roeckx]
|
||||
|
||||
Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
|
||||
|
||||
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
|
||||
Builds that are not configured with "enable-weak-ssl-ciphers" will not
|
||||
provide any "EXPORT" or "LOW" strength ciphers.
|
||||
[Viktor Dukhovni]
|
||||
|
||||
* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
|
||||
is by default disabled at build-time. Builds that are not configured with
|
||||
"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
|
||||
users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
|
||||
will need to explicitly call either of:
|
||||
|
||||
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
|
||||
or
|
||||
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
|
||||
|
||||
as appropriate. Even if either of those is used, or the application
|
||||
explicitly uses the version-specific SSLv2_method() or its client and
|
||||
server variants, SSLv2 ciphers vulnerable to exhaustive search key
|
||||
recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
|
||||
ciphers, and SSLv2 56-bit DES are no longer available.
|
||||
(CVE-2016-0800)
|
||||
[Viktor Dukhovni]
|
||||
|
||||
*) Fix a double-free in DSA code
|
||||
|
||||
A double free bug was discovered when OpenSSL parses malformed DSA private
|
||||
keys and could lead to a DoS attack or memory corruption for applications
|
||||
that receive DSA private keys from untrusted sources. This scenario is
|
||||
considered rare.
|
||||
|
||||
This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
|
||||
libFuzzer.
|
||||
(CVE-2016-0705)
|
||||
[Stephen Henson]
|
||||
|
||||
*) Disable SRP fake user seed to address a server memory leak.
|
||||
|
||||
Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
|
||||
|
||||
SRP_VBASE_get_by_user had inconsistent memory management behaviour.
|
||||
In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
|
||||
was changed to ignore the "fake user" SRP seed, even if the seed
|
||||
is configured.
|
||||
|
||||
Users should use SRP_VBASE_get1_by_user instead. Note that in
|
||||
SRP_VBASE_get1_by_user, caller must free the returned value. Note
|
||||
also that even though configuring the SRP seed attempts to hide
|
||||
invalid usernames by continuing the handshake with fake
|
||||
credentials, this behaviour is not constant time and no strong
|
||||
guarantees are made that the handshake is indistinguishable from
|
||||
that of a valid user.
|
||||
(CVE-2016-0798)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
|
||||
|
||||
In the BN_hex2bn function the number of hex digits is calculated using an
|
||||
int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
|
||||
large values of |i| this can result in |bn_expand| not allocating any
|
||||
memory because |i * 4| is negative. This can leave the internal BIGNUM data
|
||||
field as NULL leading to a subsequent NULL ptr deref. For very large values
|
||||
of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
|
||||
In this case memory is allocated to the internal BIGNUM data field, but it
|
||||
is insufficiently sized leading to heap corruption. A similar issue exists
|
||||
in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
|
||||
is ever called by user applications with very large untrusted hex/dec data.
|
||||
This is anticipated to be a rare occurrence.
|
||||
|
||||
All OpenSSL internal usage of these functions use data that is not expected
|
||||
to be untrusted, e.g. config file data or application command line
|
||||
arguments. If user developed applications generate config file data based
|
||||
on untrusted data then it is possible that this could also lead to security
|
||||
consequences. This is also anticipated to be rare.
|
||||
|
||||
This issue was reported to OpenSSL by Guido Vranken.
|
||||
(CVE-2016-0797)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Fix memory issues in BIO_*printf functions
|
||||
|
||||
The internal |fmtstr| function used in processing a "%s" format string in
|
||||
the BIO_*printf functions could overflow while calculating the length of a
|
||||
string and cause an OOB read when printing very long strings.
|
||||
|
||||
Additionally the internal |doapr_outch| function can attempt to write to an
|
||||
OOB memory location (at an offset from the NULL pointer) in the event of a
|
||||
memory allocation failure. In 1.0.2 and below this could be caused where
|
||||
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
|
||||
could be in processing a very long "%s" format string. Memory leaks can
|
||||
also occur.
|
||||
|
||||
The first issue may mask the second issue dependent on compiler behaviour.
|
||||
These problems could enable attacks where large amounts of untrusted data
|
||||
is passed to the BIO_*printf functions. If applications use these functions
|
||||
in this way then they could be vulnerable. OpenSSL itself uses these
|
||||
functions when printing out human-readable dumps of ASN.1 data. Therefore
|
||||
applications that print this data could be vulnerable if the data is from
|
||||
untrusted sources. OpenSSL command line applications could also be
|
||||
vulnerable where they print out ASN.1 data, or if untrusted data is passed
|
||||
as command line arguments.
|
||||
|
||||
Libssl is not considered directly vulnerable. Additionally certificates etc
|
||||
received via remote connections via libssl are also unlikely to be able to
|
||||
trigger these issues because of message size limits enforced within libssl.
|
||||
|
||||
This issue was reported to OpenSSL Guido Vranken.
|
||||
(CVE-2016-0799)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Side channel attack on modular exponentiation
|
||||
|
||||
A side-channel attack was found which makes use of cache-bank conflicts on
|
||||
the Intel Sandy-Bridge microarchitecture which could lead to the recovery
|
||||
of RSA keys. The ability to exploit this issue is limited as it relies on
|
||||
an attacker who has control of code in a thread running on the same
|
||||
hyper-threaded core as the victim thread which is performing decryptions.
|
||||
|
||||
This issue was reported to OpenSSL by Yuval Yarom, The University of
|
||||
Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
|
||||
Nadia Heninger, University of Pennsylvania with more information at
|
||||
http://cachebleed.info.
|
||||
(CVE-2016-0702)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Change the req app to generate a 2048-bit RSA/DSA key by default,
|
||||
if no keysize is specified with default_bits. This fixes an
|
||||
omission in an earlier change that changed all RSA/DSA key generation
|
||||
apps to use 2048 bits by default.
|
||||
[Emilia Käsper]
|
||||
|
||||
Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
|
||||
|
||||
*) Protection for DH small subgroup attacks
|
||||
|
||||
As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
|
||||
switched on by default and cannot be disabled. This could have some
|
||||
performance impact.
|
||||
[Matt Caswell]
|
||||
|
||||
*) SSLv2 doesn't block disabled ciphers
|
||||
|
||||
A malicious client can negotiate SSLv2 ciphers that have been disabled on
|
||||
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
|
||||
been disabled, provided that the SSLv2 protocol was not also disabled via
|
||||
SSL_OP_NO_SSLv2.
|
||||
|
||||
This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
|
||||
and Sebastian Schinzel.
|
||||
(CVE-2015-3197)
|
||||
[Viktor Dukhovni]
|
||||
|
||||
*) Reject DH handshakes with parameters shorter than 1024 bits.
|
||||
[Kurt Roeckx]
|
||||
|
||||
Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
|
||||
|
||||
*) Certificate verify crash with missing PSS parameter
|
||||
|
||||
The signature verification routines will crash with a NULL pointer
|
||||
dereference if presented with an ASN.1 signature using the RSA PSS
|
||||
algorithm and absent mask generation function parameter. Since these
|
||||
routines are used to verify certificate signature algorithms this can be
|
||||
used to crash any certificate verification operation and exploited in a
|
||||
DoS attack. Any application which performs certificate verification is
|
||||
vulnerable including OpenSSL clients and servers which enable client
|
||||
authentication.
|
||||
|
||||
This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
|
||||
(CVE-2015-3194)
|
||||
[Stephen Henson]
|
||||
|
||||
*) X509_ATTRIBUTE memory leak
|
||||
|
||||
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
|
||||
memory. This structure is used by the PKCS#7 and CMS routines so any
|
||||
application which reads PKCS#7 or CMS data from untrusted sources is
|
||||
affected. SSL/TLS is not affected.
|
||||
|
||||
This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
|
||||
libFuzzer.
|
||||
(CVE-2015-3195)
|
||||
[Stephen Henson]
|
||||
|
||||
*) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
|
||||
This changes the decoding behaviour for some invalid messages,
|
||||
though the change is mostly in the more lenient direction, and
|
||||
legacy behaviour is preserved as much as possible.
|
||||
[Emilia Käsper]
|
||||
|
||||
*) In DSA_generate_parameters_ex, if the provided seed is too short,
|
||||
use a random seed, as already documented.
|
||||
[Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
|
||||
|
||||
Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
|
||||
|
||||
*) Alternate chains certificate forgery
|
||||
|
||||
During certificate verfification, OpenSSL will attempt to find an
|
||||
alternative certificate chain if the first attempt to build such a chain
|
||||
fails. An error in the implementation of this logic can mean that an
|
||||
attacker could cause certain checks on untrusted certificates to be
|
||||
bypassed, such as the CA flag, enabling them to use a valid leaf
|
||||
certificate to act as a CA and "issue" an invalid certificate.
|
||||
|
||||
This issue was reported to OpenSSL by Adam Langley/David Benjamin
|
||||
(Google/BoringSSL).
|
||||
(CVE-2015-1793)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Race condition handling PSK identify hint
|
||||
|
||||
If PSK identity hints are received by a multi-threaded client then
|
||||
the values are wrongly updated in the parent SSL_CTX structure. This can
|
||||
result in a race condition potentially leading to a double free of the
|
||||
identify hint data.
|
||||
(CVE-2015-3196)
|
||||
[Stephen Henson]
|
||||
|
||||
Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
|
||||
*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
|
||||
incompatibility in the handling of HMAC. The previous ABI has now been
|
||||
restored.
|
||||
|
||||
Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
|
||||
|
||||
*) Malformed ECParameters causes infinite loop
|
||||
|
||||
When processing an ECParameters structure OpenSSL enters an infinite loop
|
||||
if the curve specified is over a specially malformed binary polynomial
|
||||
field.
|
||||
|
||||
This can be used to perform denial of service against any
|
||||
system which processes public keys, certificate requests or
|
||||
certificates. This includes TLS clients and TLS servers with
|
||||
client authentication enabled.
|
||||
|
||||
This issue was reported to OpenSSL by Joseph Barr-Pixton.
|
||||
(CVE-2015-1788)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Exploitable out-of-bounds read in X509_cmp_time
|
||||
|
||||
X509_cmp_time does not properly check the length of the ASN1_TIME
|
||||
string and can read a few bytes out of bounds. In addition,
|
||||
X509_cmp_time accepts an arbitrary number of fractional seconds in the
|
||||
time string.
|
||||
|
||||
An attacker can use this to craft malformed certificates and CRLs of
|
||||
various sizes and potentially cause a segmentation fault, resulting in
|
||||
a DoS on applications that verify certificates or CRLs. TLS clients
|
||||
that verify CRLs are affected. TLS clients and servers with client
|
||||
authentication enabled may be affected if they use custom verification
|
||||
callbacks.
|
||||
|
||||
This issue was reported to OpenSSL by Robert Swiecki (Google), and
|
||||
independently by Hanno Böck.
|
||||
(CVE-2015-1789)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) PKCS7 crash with missing EnvelopedContent
|
||||
|
||||
The PKCS#7 parsing code does not handle missing inner EncryptedContent
|
||||
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
|
||||
with missing content and trigger a NULL pointer dereference on parsing.
|
||||
|
||||
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
|
||||
structures from untrusted sources are affected. OpenSSL clients and
|
||||
servers are not affected.
|
||||
|
||||
This issue was reported to OpenSSL by Michal Zalewski (Google).
|
||||
(CVE-2015-1790)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) CMS verify infinite loop with unknown hash function
|
||||
|
||||
When verifying a signedData message the CMS code can enter an infinite loop
|
||||
if presented with an unknown hash function OID. This can be used to perform
|
||||
denial of service against any system which verifies signedData messages using
|
||||
the CMS code.
|
||||
This issue was reported to OpenSSL by Johannes Bauer.
|
||||
(CVE-2015-1792)
|
||||
[Stephen Henson]
|
||||
|
||||
*) Race condition handling NewSessionTicket
|
||||
|
||||
If a NewSessionTicket is received by a multi-threaded client when attempting to
|
||||
reuse a previous ticket then a race condition can occur potentially leading to
|
||||
a double free of the ticket data.
|
||||
(CVE-2015-1791)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Reject DH handshakes with parameters shorter than 768 bits.
|
||||
[Kurt Roeckx and Emilia Kasper]
|
||||
|
||||
*) dhparam: generate 2048-bit parameters by default.
|
||||
[Kurt Roeckx and Emilia Kasper]
|
||||
|
||||
Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
|
||||
|
||||
*) Segmentation fault in ASN1_TYPE_cmp fix
|
||||
@ -349,7 +40,7 @@
|
||||
|
||||
This issue was reported to OpenSSL by Michal Zalewski (Google).
|
||||
(CVE-2015-0289)
|
||||
[Emilia Käsper]
|
||||
[Emilia Käsper]
|
||||
|
||||
*) DoS via reachable assert in SSLv2 servers fix
|
||||
|
||||
@ -357,10 +48,10 @@
|
||||
servers that both support SSLv2 and enable export cipher suites by sending
|
||||
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
|
||||
|
||||
This issue was discovered by Sean Burford (Google) and Emilia Käsper
|
||||
This issue was discovered by Sean Burford (Google) and Emilia Käsper
|
||||
(OpenSSL development team).
|
||||
(CVE-2015-0293)
|
||||
[Emilia Käsper]
|
||||
[Emilia Käsper]
|
||||
|
||||
*) Use After Free following d2i_ECPrivatekey error fix
|
||||
|
||||
@ -505,12 +196,12 @@
|
||||
version does not match the session's version. Resuming with a different
|
||||
version, while not strictly forbidden by the RFC, is of questionable
|
||||
sanity and breaks all known clients.
|
||||
[David Benjamin, Emilia Käsper]
|
||||
[David Benjamin, Emilia Käsper]
|
||||
|
||||
*) Tighten handling of the ChangeCipherSpec (CCS) message: reject
|
||||
early CCS messages during renegotiation. (Note that because
|
||||
renegotiation is encrypted, this early CCS was not exploitable.)
|
||||
[Emilia Käsper]
|
||||
[Emilia Käsper]
|
||||
|
||||
*) Tighten client-side session ticket handling during renegotiation:
|
||||
ensure that the client only accepts a session ticket if the server sends
|
||||
@ -521,7 +212,7 @@
|
||||
Similarly, ensure that the client requires a session ticket if one
|
||||
was advertised in the ServerHello. Previously, a TLS client would
|
||||
ignore a missing NewSessionTicket message.
|
||||
[Emilia Käsper]
|
||||
[Emilia Käsper]
|
||||
|
||||
Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
|
||||
|
||||
@ -601,10 +292,10 @@
|
||||
with a null pointer dereference (read) by specifying an anonymous (EC)DH
|
||||
ciphersuite and sending carefully crafted handshake messages.
|
||||
|
||||
Thanks to Felix Gröbert (Google) for discovering and researching this
|
||||
Thanks to Felix Gröbert (Google) for discovering and researching this
|
||||
issue.
|
||||
(CVE-2014-3510)
|
||||
[Emilia Käsper]
|
||||
[Emilia Käsper]
|
||||
|
||||
*) By sending carefully crafted DTLS packets an attacker could cause openssl
|
||||
to leak memory. This can be exploited through a Denial of Service attack.
|
||||
@ -641,7 +332,7 @@
|
||||
properly negotiated with the client. This can be exploited through a
|
||||
Denial of Service attack.
|
||||
|
||||
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
|
||||
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
|
||||
discovering and researching this issue.
|
||||
(CVE-2014-5139)
|
||||
[Steve Henson]
|
||||
@ -653,7 +344,7 @@
|
||||
|
||||
Thanks to Ivan Fratric (Google) for discovering this issue.
|
||||
(CVE-2014-3508)
|
||||
[Emilia Käsper, and Steve Henson]
|
||||
[Emilia Käsper, and Steve Henson]
|
||||
|
||||
*) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
|
||||
for corner cases. (Certain input points at infinity could lead to
|
||||
@ -683,15 +374,15 @@
|
||||
client or server. This is potentially exploitable to run arbitrary
|
||||
code on a vulnerable client or server.
|
||||
|
||||
Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
|
||||
[Jüri Aedla, Steve Henson]
|
||||
Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
|
||||
[Jüri Aedla, Steve Henson]
|
||||
|
||||
*) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
|
||||
are subject to a denial of service attack.
|
||||
|
||||
Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
|
||||
Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
|
||||
this issue. (CVE-2014-3470)
|
||||
[Felix Gröbert, Ivan Fratric, Steve Henson]
|
||||
[Felix Gröbert, Ivan Fratric, Steve Henson]
|
||||
|
||||
*) Harmonize version and its documentation. -f flag is used to display
|
||||
compilation flags.
|
||||
@ -770,9 +461,9 @@
|
||||
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
||||
Security Group at Royal Holloway, University of London
|
||||
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
|
||||
Emilia Käsper for the initial patch.
|
||||
Emilia Käsper for the initial patch.
|
||||
(CVE-2013-0169)
|
||||
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
|
||||
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
|
||||
|
||||
*) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
|
||||
ciphersuites which can be exploited in a denial of service attack.
|
||||
@ -947,7 +638,7 @@
|
||||
EC_GROUP_new_by_curve_name() will automatically use these (while
|
||||
EC_GROUP_new_curve_GFp() currently prefers the more flexible
|
||||
implementations).
|
||||
[Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
|
||||
[Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
|
||||
|
||||
*) Use type ossl_ssize_t instad of ssize_t which isn't available on
|
||||
all platforms. Move ssize_t definition from e_os.h to the public
|
||||
@ -1223,7 +914,7 @@
|
||||
[Adam Langley (Google)]
|
||||
|
||||
*) Fix spurious failures in ecdsatest.c.
|
||||
[Emilia Käsper (Google)]
|
||||
[Emilia Käsper (Google)]
|
||||
|
||||
*) Fix the BIO_f_buffer() implementation (which was mixing different
|
||||
interpretations of the '..._len' fields).
|
||||
@ -1237,7 +928,7 @@
|
||||
lock to call BN_BLINDING_invert_ex, and avoids one use of
|
||||
BN_BLINDING_update for each BN_BLINDING structure (previously,
|
||||
the last update always remained unused).
|
||||
[Emilia Käsper (Google)]
|
||||
[Emilia Käsper (Google)]
|
||||
|
||||
*) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
|
||||
[Bob Buckholz (Google)]
|
||||
@ -2046,7 +1737,7 @@
|
||||
|
||||
*) Add RFC 3161 compliant time stamp request creation, response generation
|
||||
and response verification functionality.
|
||||
[Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project]
|
||||
[Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project]
|
||||
|
||||
*) Add initial support for TLS extensions, specifically for the server_name
|
||||
extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
|
||||
@ -3214,7 +2905,7 @@
|
||||
|
||||
*) BN_CTX_get() should return zero-valued bignums, providing the same
|
||||
initialised value as BN_new().
|
||||
[Geoff Thorpe, suggested by Ulf Möller]
|
||||
[Geoff Thorpe, suggested by Ulf Möller]
|
||||
|
||||
*) Support for inhibitAnyPolicy certificate extension.
|
||||
[Steve Henson]
|
||||
@ -3233,7 +2924,7 @@
|
||||
some point, these tighter rules will become openssl's default to improve
|
||||
maintainability, though the assert()s and other overheads will remain only
|
||||
in debugging configurations. See bn.h for more details.
|
||||
[Geoff Thorpe, Nils Larsch, Ulf Möller]
|
||||
[Geoff Thorpe, Nils Larsch, Ulf Möller]
|
||||
|
||||
*) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
|
||||
that can only be obtained through BN_CTX_new() (which implicitly
|
||||
@ -3300,7 +2991,7 @@
|
||||
[Douglas Stebila (Sun Microsystems Laboratories)]
|
||||
|
||||
*) Add the possibility to load symbols globally with DSO.
|
||||
[Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
|
||||
[Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
|
||||
|
||||
*) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
|
||||
control of the error stack.
|
||||
@ -4015,7 +3706,7 @@
|
||||
[Steve Henson]
|
||||
|
||||
*) Undo Cygwin change.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Added support for proxy certificates according to RFC 3820.
|
||||
Because they may be a security thread to unaware applications,
|
||||
@ -4048,11 +3739,11 @@
|
||||
[Stephen Henson, reported by UK NISCC]
|
||||
|
||||
*) Use Windows randomness collection on Cygwin.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Fix hang in EGD/PRNGD query when communication socket is closed
|
||||
prematurely by EGD/PRNGD.
|
||||
[Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
|
||||
[Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
|
||||
|
||||
*) Prompt for pass phrases when appropriate for PKCS12 input format.
|
||||
[Steve Henson]
|
||||
@ -4514,7 +4205,7 @@
|
||||
pointers passed to them whenever necessary. Otherwise it is possible
|
||||
the caller may have overwritten (or deallocated) the original string
|
||||
data when a later ENGINE operation tries to use the stored values.
|
||||
[Götz Babin-Ebell <babinebell@trustcenter.de>]
|
||||
[Götz Babin-Ebell <babinebell@trustcenter.de>]
|
||||
|
||||
*) Improve diagnostics in file reading and command-line digests.
|
||||
[Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
|
||||
@ -6619,7 +6310,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Bodo Moeller]
|
||||
|
||||
*) BN_sqr() bug fix.
|
||||
[Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
|
||||
[Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
|
||||
|
||||
*) Rabin-Miller test analyses assume uniformly distributed witnesses,
|
||||
so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
|
||||
@ -6779,7 +6470,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Fix OAEP check.
|
||||
[Ulf Möller, Bodo Möller]
|
||||
[Ulf Möller, Bodo Möller]
|
||||
|
||||
*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
|
||||
RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
|
||||
@ -7041,10 +6732,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Use better test patterns in bntest.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) rand_win.c fix for Borland C.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) BN_rshift bugfix for n == 0.
|
||||
[Bodo Moeller]
|
||||
@ -7189,14 +6880,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
|
||||
*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
|
||||
BIO_ctrl (for BIO pairs).
|
||||
[Bodo Möller]
|
||||
[Bodo Möller]
|
||||
|
||||
*) Add DSO method for VMS.
|
||||
[Richard Levitte]
|
||||
|
||||
*) Bug fix: Montgomery multiplication could produce results with the
|
||||
wrong sign.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Add RPM specification openssl.spec and modify it to build three
|
||||
packages. The default package contains applications, application
|
||||
@ -7214,7 +6905,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
|
||||
*) Don't set the two most significant bits to one when generating a
|
||||
random number < q in the DSA library.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
|
||||
behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
|
||||
@ -7480,7 +7171,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
*) Randomness polling function for Win9x, as described in:
|
||||
Peter Gutmann, Software Generation of Practically Strong
|
||||
Random Numbers.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Fix so PRNG is seeded in req if using an already existing
|
||||
DSA key.
|
||||
@ -7700,7 +7391,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Steve Henson]
|
||||
|
||||
*) Eliminate non-ANSI declarations in crypto.h and stack.h.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Fix for SSL server purpose checking. Server checking was
|
||||
rejecting certificates which had extended key usage present
|
||||
@ -7732,7 +7423,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Bugfix for linux-elf makefile.one.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) RSA_get_default_method() will now cause a default
|
||||
RSA_METHOD to be chosen if one doesn't exist already.
|
||||
@ -7821,7 +7512,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Steve Henson]
|
||||
|
||||
*) des_quad_cksum() byte order bug fix.
|
||||
[Ulf Möller, using the problem description in krb4-0.9.7, where
|
||||
[Ulf Möller, using the problem description in krb4-0.9.7, where
|
||||
the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
|
||||
|
||||
*) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
|
||||
@ -7922,7 +7613,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Rolf Haberrecker <rolf@suse.de>]
|
||||
|
||||
*) Assembler module support for Mingw32.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Shared library support for HPUX (in shlib/).
|
||||
[Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
|
||||
@ -7941,7 +7632,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
|
||||
*) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
|
||||
case was implemented. This caused BN_div_recp() to fail occasionally.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Add an optional second argument to the set_label() in the perl
|
||||
assembly language builder. If this argument exists and is set
|
||||
@ -7971,14 +7662,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Steve Henson]
|
||||
|
||||
*) Fix potential buffer overrun problem in BIO_printf().
|
||||
[Ulf Möller, using public domain code by Patrick Powell; problem
|
||||
[Ulf Möller, using public domain code by Patrick Powell; problem
|
||||
pointed out by David Sacerdote <das33@cornell.edu>]
|
||||
|
||||
*) Support EGD <http://www.lothar.com/tech/crypto/>. New functions
|
||||
RAND_egd() and RAND_status(). In the command line application,
|
||||
the EGD socket can be specified like a seed file using RANDFILE
|
||||
or -rand.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
|
||||
Some CAs (e.g. Verisign) distribute certificates in this form.
|
||||
@ -8011,7 +7702,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
#define OPENSSL_ALGORITHM_DEFINES
|
||||
#include <openssl/opensslconf.h>
|
||||
defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
|
||||
[Richard Levitte, Ulf and Bodo Möller]
|
||||
[Richard Levitte, Ulf and Bodo Möller]
|
||||
|
||||
*) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
|
||||
record layer.
|
||||
@ -8062,17 +7753,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
|
||||
*) Bug fix for BN_div_recp() for numerators with an even number of
|
||||
bits.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) More tests in bntest.c, and changed test_bn output.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) ./config recognizes MacOS X now.
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Bug fix for BN_div() when the first words of num and divsor are
|
||||
equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Add support for various broken PKCS#8 formats, and command line
|
||||
options to produce them.
|
||||
@ -8080,11 +7771,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
|
||||
*) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
|
||||
get temporary BIGNUMs from a BN_CTX.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
|
||||
for p == 0.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
|
||||
include a #define from the old name to the new. The original intent
|
||||
@ -8108,7 +7799,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
|
||||
*) Source code cleanups: use const where appropriate, eliminate casts,
|
||||
use void * instead of char * in lhash.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Bugfix: ssl3_send_server_key_exchange was not restartable
|
||||
(the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
|
||||
@ -8153,13 +7844,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Steve Henson]
|
||||
|
||||
*) New function BN_pseudo_rand().
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
|
||||
bignum version of BN_from_montgomery() with the working code from
|
||||
SSLeay 0.9.0 (the word based version is faster anyway), and clean up
|
||||
the comments.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Avoid a race condition in s2_clnt.c (function get_server_hello) that
|
||||
made it impossible to use the same SSL_SESSION data structure in
|
||||
@ -8169,25 +7860,25 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
*) The return value of RAND_load_file() no longer counts bytes obtained
|
||||
by stat(). RAND_load_file(..., -1) is new and uses the complete file
|
||||
to seed the PRNG (previously an explicit byte count was required).
|
||||
[Ulf Möller, Bodo Möller]
|
||||
[Ulf Möller, Bodo Möller]
|
||||
|
||||
*) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
|
||||
used (char *) instead of (void *) and had casts all over the place.
|
||||
[Steve Henson]
|
||||
|
||||
*) Make BN_generate_prime() return NULL on error if ret!=NULL.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Retain source code compatibility for BN_prime_checks macro:
|
||||
BN_is_prime(..., BN_prime_checks, ...) now uses
|
||||
BN_prime_checks_for_size to determine the appropriate number of
|
||||
Rabin-Miller iterations.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
|
||||
DH_CHECK_P_NOT_SAFE_PRIME.
|
||||
(Check if this is true? OpenPGP calls them "strong".)
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Merge the functionality of "dh" and "gendh" programs into a new program
|
||||
"dhparam". The old programs are retained for now but will handle DH keys
|
||||
@ -8243,7 +7934,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
*) Add missing #ifndefs that caused missing symbols when building libssl
|
||||
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
|
||||
NO_RSA in ssl/s2*.c.
|
||||
[Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
|
||||
[Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
|
||||
|
||||
*) Precautions against using the PRNG uninitialized: RAND_bytes() now
|
||||
has a return value which indicates the quality of the random data
|
||||
@ -8252,7 +7943,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
guaranteed to be unique but not unpredictable. RAND_add is like
|
||||
RAND_seed, but takes an extra argument for an entropy estimate
|
||||
(RAND_seed always assumes full entropy).
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Do more iterations of Rabin-Miller probable prime test (specifically,
|
||||
3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
|
||||
@ -8282,7 +7973,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Steve Henson]
|
||||
|
||||
*) Honor the no-xxx Configure options when creating .DEF files.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Add PKCS#10 attributes to field table: challengePassword,
|
||||
unstructuredName and unstructuredAddress. These are taken from
|
||||
@ -9116,7 +8807,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
|
||||
*) More DES library cleanups: remove references to srand/rand and
|
||||
delete an unused file.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Add support for the the free Netwide assembler (NASM) under Win32,
|
||||
since not many people have MASM (ml) and it can be hard to obtain.
|
||||
@ -9205,7 +8896,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
worked.
|
||||
|
||||
*) Fix problems with no-hmac etc.
|
||||
[Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
|
||||
[Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
|
||||
|
||||
*) New functions RSA_get_default_method(), RSA_set_method() and
|
||||
RSA_get_method(). These allows replacement of RSA_METHODs without having
|
||||
@ -9322,7 +9013,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Ben Laurie]
|
||||
|
||||
*) DES library cleanups.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
|
||||
used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
|
||||
@ -9365,7 +9056,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Christian Forster <fo@hawo.stw.uni-erlangen.de>]
|
||||
|
||||
*) config now generates no-xxx options for missing ciphers.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Support the EBCDIC character set (work in progress).
|
||||
File ebcdic.c not yet included because it has a different license.
|
||||
@ -9478,7 +9169,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Move openssl.cnf out of lib/.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
|
||||
-Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
|
||||
@ -9535,10 +9226,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Ben Laurie]
|
||||
|
||||
*) Support Borland C++ builder.
|
||||
[Janez Jere <jj@void.si>, modified by Ulf Möller]
|
||||
[Janez Jere <jj@void.si>, modified by Ulf Möller]
|
||||
|
||||
*) Support Mingw32.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) SHA-1 cleanups and performance enhancements.
|
||||
[Andy Polyakov <appro@fy.chalmers.se>]
|
||||
@ -9547,7 +9238,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Andy Polyakov <appro@fy.chalmers.se>]
|
||||
|
||||
*) Accept any -xxx and +xxx compiler options in Configure.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Update HPUX configuration.
|
||||
[Anonymous]
|
||||
@ -9580,7 +9271,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Bodo Moeller]
|
||||
|
||||
*) OAEP decoding bug fix.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Support INSTALL_PREFIX for package builders, as proposed by
|
||||
David Harris.
|
||||
@ -9603,21 +9294,21 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Niels Poppe <niels@netbox.org>]
|
||||
|
||||
*) New Configure option no-<cipher> (rsa, idea, rc5, ...).
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
|
||||
extension adding in x509 utility.
|
||||
[Steve Henson]
|
||||
|
||||
*) Remove NOPROTO sections and error code comments.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Partial rewrite of the DEF file generator to now parse the ANSI
|
||||
prototypes.
|
||||
[Steve Henson]
|
||||
|
||||
*) New Configure options --prefix=DIR and --openssldir=DIR.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Complete rewrite of the error code script(s). It is all now handled
|
||||
by one script at the top level which handles error code gathering,
|
||||
@ -9646,7 +9337,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Steve Henson]
|
||||
|
||||
*) Move the autogenerated header file parts to crypto/opensslconf.h.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
|
||||
8 of keying material. Merlin has also confirmed interop with this fix
|
||||
@ -9664,13 +9355,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Andy Polyakov <appro@fy.chalmers.se>]
|
||||
|
||||
*) Change functions to ANSI C.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Fix typos in error codes.
|
||||
[Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
|
||||
[Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
|
||||
|
||||
*) Remove defunct assembler files from Configure.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) SPARC v8 assembler BIGNUM implementation.
|
||||
[Andy Polyakov <appro@fy.chalmers.se>]
|
||||
@ -9707,7 +9398,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Steve Henson]
|
||||
|
||||
*) New Configure option "rsaref".
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Don't auto-generate pem.h.
|
||||
[Bodo Moeller]
|
||||
@ -9755,7 +9446,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
|
||||
*) New functions DSA_do_sign and DSA_do_verify to provide access to
|
||||
the raw DSA values prior to ASN.1 encoding.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Tweaks to Configure
|
||||
[Niels Poppe <niels@netbox.org>]
|
||||
@ -9765,11 +9456,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Steve Henson]
|
||||
|
||||
*) New variables $(RANLIB) and $(PERL) in the Makefiles.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) New config option to avoid instructions that are illegal on the 80386.
|
||||
The default code is faster, but requires at least a 486.
|
||||
[Ulf Möller]
|
||||
[Ulf Möller]
|
||||
|
||||
*) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
|
||||
SSL2_SERVER_VERSION (not used at all) macros, which are now the
|
||||
@ -10308,7 +9999,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
Hagino <itojun@kame.net>]
|
||||
|
||||
*) File was opened incorrectly in randfile.c.
|
||||
[Ulf Möller <ulf@fitug.de>]
|
||||
[Ulf Möller <ulf@fitug.de>]
|
||||
|
||||
*) Beginning of support for GeneralizedTime. d2i, i2d, check and print
|
||||
functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
|
||||
@ -10318,7 +10009,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
[Steve Henson]
|
||||
|
||||
*) Correct Linux 1 recognition in config.
|
||||
[Ulf Möller <ulf@fitug.de>]
|
||||
[Ulf Möller <ulf@fitug.de>]
|
||||
|
||||
*) Remove pointless MD5 hash when using DSA keys in ca.
|
||||
[Anonymous <nobody@replay.com>]
|
||||
@ -10465,7 +10156,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
||||
|
||||
*) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
|
||||
was already fixed by Eric for 0.9.1 it seems.
|
||||
[Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
|
||||
[Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
|
||||
|
||||
*) Autodetect FreeBSD3.
|
||||
[Ben Laurie]
|
||||
|
||||
38
CONTRIBUTING
38
CONTRIBUTING
@ -1,38 +0,0 @@
|
||||
HOW TO CONTRIBUTE TO OpenSSL
|
||||
----------------------------
|
||||
|
||||
Development is coordinated on the openssl-dev mailing list (see
|
||||
http://www.openssl.org for information on subscribing). If you
|
||||
would like to submit a patch, send it to rt@openssl.org with
|
||||
the string "[PATCH]" in the subject. Please be sure to include a
|
||||
textual explanation of what your patch does.
|
||||
|
||||
You can also make GitHub pull requests. If you do this, please also send
|
||||
mail to rt@openssl.org with a brief description and a link to the PR so
|
||||
that we can more easily keep track of it.
|
||||
|
||||
If you are unsure as to whether a feature will be useful for the general
|
||||
OpenSSL community please discuss it on the openssl-dev mailing list first.
|
||||
Someone may be already working on the same thing or there may be a good
|
||||
reason as to why that feature isn't implemented.
|
||||
|
||||
Patches should be as up to date as possible, preferably relative to the
|
||||
current Git or the last snapshot. They should follow our coding style
|
||||
(see https://www.openssl.org/policies/codingstyle.html) and compile without
|
||||
warnings using the --strict-warnings flag. OpenSSL compiles on many varied
|
||||
platforms: try to ensure you only use portable features.
|
||||
|
||||
Our preferred format for patch files is "git format-patch" output. For example
|
||||
to provide a patch file containing the last commit in your local git repository
|
||||
use the following command:
|
||||
|
||||
# git format-patch --stdout HEAD^ >mydiffs.patch
|
||||
|
||||
Another method of creating an acceptable patch file without using git is as
|
||||
follows:
|
||||
|
||||
# cd openssl-work
|
||||
# [your changes]
|
||||
# ./Configure dist; make clean
|
||||
# cd ..
|
||||
# diff -ur openssl-orig openssl-work > mydiffs.patch
|
||||
68
Configure
68
Configure
@ -58,10 +58,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
|
||||
# library and will be loaded in run-time by the OpenSSL library.
|
||||
# sctp include SCTP support
|
||||
# 386 generate 80386 code
|
||||
# enable-weak-ssl-ciphers
|
||||
# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
|
||||
# default. Note, weak SSLv2 ciphers are unconditionally
|
||||
# disabled.
|
||||
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
|
||||
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
|
||||
# -<xxx> +<xxx> compiler options are passed through
|
||||
@ -109,11 +105,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
|
||||
|
||||
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
|
||||
|
||||
# Warn that "make depend" should be run?
|
||||
my $warn_make_depend = 0;
|
||||
|
||||
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
|
||||
|
||||
my $strict_warnings = 0;
|
||||
|
||||
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
|
||||
@ -206,7 +197,6 @@ my %table=(
|
||||
"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
"debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
"dist", "cc:-O::(unknown)::::::",
|
||||
|
||||
# Basic configs that should work on any (32 and less bit) box
|
||||
@ -240,12 +230,12 @@ my %table=(
|
||||
|
||||
#### SPARC Solaris with GNU C setups
|
||||
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
|
||||
"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
|
||||
####
|
||||
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
|
||||
#### SPARC Solaris with Sun C setups
|
||||
@ -262,7 +252,7 @@ my %table=(
|
||||
|
||||
#### SunOS configs, assuming sparc for the gcc one.
|
||||
#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
|
||||
"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
|
||||
"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
|
||||
|
||||
#### IRIX 5.x configs
|
||||
# -mips2 flag is added by ./config when appropriate.
|
||||
@ -371,7 +361,6 @@ my %table=(
|
||||
"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
#### So called "highgprs" target for z/Architecture CPUs
|
||||
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
|
||||
@ -390,7 +379,7 @@ my %table=(
|
||||
#### SPARC Linux setups
|
||||
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
|
||||
# assisted with debugging of following two configs.
|
||||
"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
# it's a real mess with -mcpu=ultrasparc option under Linux, but
|
||||
# -Wa,-Av8plus should do the trick no matter what.
|
||||
"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
@ -424,7 +413,7 @@ my %table=(
|
||||
"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
|
||||
"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
|
||||
@ -728,12 +717,10 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
|
||||
"md2" => "default",
|
||||
"rc5" => "default",
|
||||
"rfc3779" => "default",
|
||||
"sctp" => "default",
|
||||
"sctp" => "default",
|
||||
"shared" => "default",
|
||||
"ssl2" => "default",
|
||||
"store" => "experimental",
|
||||
"unit-test" => "default",
|
||||
"weak-ssl-ciphers" => "default",
|
||||
"zlib" => "default",
|
||||
"zlib-dynamic" => "default"
|
||||
);
|
||||
@ -1455,7 +1442,7 @@ if ($target =~ /\-icc$/) # Intel C compiler
|
||||
# linker only when --prefix is not /usr.
|
||||
if ($target =~ /^BSD\-/)
|
||||
{
|
||||
$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
|
||||
$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
|
||||
}
|
||||
|
||||
if ($sys_id ne "")
|
||||
@ -1587,20 +1574,11 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
|
||||
|
||||
if ($strict_warnings)
|
||||
{
|
||||
my $ecc = $cc;
|
||||
$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
|
||||
my $wopt;
|
||||
die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
|
||||
die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
|
||||
foreach $wopt (split /\s+/, $gcc_devteam_warn)
|
||||
{
|
||||
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
|
||||
}
|
||||
if ($ecc eq "clang")
|
||||
{
|
||||
foreach $wopt (split /\s+/, $clang_devteam_warn)
|
||||
{
|
||||
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
|
||||
}
|
||||
$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
|
||||
}
|
||||
}
|
||||
|
||||
@ -1962,8 +1940,14 @@ EOF
|
||||
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
|
||||
}
|
||||
if ($depflags ne $default_depflags && !$make_depend) {
|
||||
$warn_make_depend++;
|
||||
}
|
||||
print <<EOF;
|
||||
|
||||
Since you've disabled or enabled at least one algorithm, you need to do
|
||||
the following before building:
|
||||
|
||||
make depend
|
||||
EOF
|
||||
}
|
||||
}
|
||||
|
||||
# create the ms/version32.rc file if needed
|
||||
@ -2042,18 +2026,12 @@ EOF
|
||||
|
||||
print <<\EOF if ($no_shared_warn);
|
||||
|
||||
You gave the option 'shared', which is not supported on this platform, so
|
||||
we will pretend you gave the option 'no-shared'. If you know how to implement
|
||||
shared libraries, please let us know (but please first make sure you have
|
||||
tried with a current version of OpenSSL).
|
||||
EOF
|
||||
|
||||
print <<EOF if ($warn_make_depend);
|
||||
|
||||
*** Because of configuration changes, you MUST do the following before
|
||||
*** building:
|
||||
|
||||
make depend
|
||||
You gave the option 'shared'. Normally, that would give you shared libraries.
|
||||
Unfortunately, the OpenSSL configuration doesn't include shared library support
|
||||
for this platform yet, so it will pretend you gave the option 'no-shared'. If
|
||||
you can inform the developpers (openssl-dev\@openssl.org) how to support shared
|
||||
libraries on this platform, they will at least look at it and try their best
|
||||
(but please first make sure you have tried with a current version of OpenSSL).
|
||||
EOF
|
||||
|
||||
exit(0);
|
||||
|
||||
8
INSTALL
8
INSTALL
@ -164,10 +164,10 @@
|
||||
standard headers). If it is a problem with OpenSSL itself, please
|
||||
report the problem to <openssl-bugs@openssl.org> (note that your
|
||||
message will be recorded in the request tracker publicly readable
|
||||
at https://www.openssl.org/community/index.html#bugs and will be
|
||||
forwarded to a public mailing list). Include the output of "make
|
||||
report" in your message. Please check out the request tracker. Maybe
|
||||
the bug was already reported or has already been fixed.
|
||||
via http://www.openssl.org/support/rt.html and will be forwarded to a
|
||||
public mailing list). Include the output of "make report" in your message.
|
||||
Please check out the request tracker. Maybe the bug was already
|
||||
reported or has already been fixed.
|
||||
|
||||
[If you encounter assembler error messages, try the "no-asm"
|
||||
configuration option as an immediate fix.]
|
||||
|
||||
2
LICENSE
2
LICENSE
@ -12,7 +12,7 @@
|
||||
---------------
|
||||
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
||||
82
Makefile.org
82
Makefile.org
@ -179,11 +179,12 @@ SHARED_LDFLAGS=
|
||||
GENERAL= Makefile
|
||||
BASENAME= openssl
|
||||
NAME= $(BASENAME)-$(VERSION)
|
||||
TARFILE= ../$(NAME).tar
|
||||
TARFILE= $(NAME).tar
|
||||
WTARFILE= $(NAME)-win.tar
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
all: Makefile build_all
|
||||
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
|
||||
|
||||
# as we stick to -e, CLEARENV ensures that local variables in lower
|
||||
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
|
||||
@ -267,25 +268,21 @@ reflect:
|
||||
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
|
||||
|
||||
sub_all: build_all
|
||||
|
||||
build_all: build_libs build_apps build_tests build_tools
|
||||
|
||||
build_libs: build_libcrypto build_libssl openssl.pc
|
||||
|
||||
build_libcrypto: build_crypto build_engines libcrypto.pc
|
||||
build_libssl: build_ssl libssl.pc
|
||||
build_libs: build_crypto build_ssl build_engines
|
||||
|
||||
build_crypto:
|
||||
@dir=crypto; target=all; $(BUILD_ONE_CMD)
|
||||
build_ssl: build_crypto
|
||||
build_ssl:
|
||||
@dir=ssl; target=all; $(BUILD_ONE_CMD)
|
||||
build_engines: build_crypto
|
||||
build_engines:
|
||||
@dir=engines; target=all; $(BUILD_ONE_CMD)
|
||||
build_apps: build_libs
|
||||
build_apps:
|
||||
@dir=apps; target=all; $(BUILD_ONE_CMD)
|
||||
build_tests: build_libs
|
||||
build_tests:
|
||||
@dir=test; target=all; $(BUILD_ONE_CMD)
|
||||
build_tools: build_libs
|
||||
build_tools:
|
||||
@dir=tools; target=all; $(BUILD_ONE_CMD)
|
||||
|
||||
all_testapps: build_libs build_testapps
|
||||
@ -462,9 +459,6 @@ tests: rehash
|
||||
report:
|
||||
@$(PERL) util/selftest.pl
|
||||
|
||||
update: errors stacks util/libeay.num util/ssleay.num TABLE
|
||||
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
depend:
|
||||
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
@ -489,44 +483,60 @@ util/libeay.num::
|
||||
util/ssleay.num::
|
||||
$(PERL) util/mkdef.pl ssl update
|
||||
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
|
||||
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
|
||||
crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
|
||||
|
||||
apps/openssl-vms.cnf: apps/openssl.cnf
|
||||
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
|
||||
|
||||
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
|
||||
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
|
||||
|
||||
|
||||
TABLE: Configure
|
||||
(echo 'Output of `Configure TABLE'"':"; \
|
||||
$(PERL) Configure TABLE) > TABLE
|
||||
|
||||
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
|
||||
|
||||
# Build distribution tar-file. As the list of files returned by "find" is
|
||||
# pretty long, on several platforms a "too many arguments" error or similar
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
||||
# tar does not support the --files-from option.
|
||||
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
|
||||
--owner 0 --group 0 \
|
||||
--transform 's|^|$(NAME)/|' \
|
||||
-cvf -
|
||||
|
||||
$(TARFILE).list:
|
||||
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
|
||||
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
|
||||
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
|
||||
\! -name '.#*' \! -name '*~' \! -type l \
|
||||
| sort > $(TARFILE).list
|
||||
|
||||
tar: $(TARFILE).list
|
||||
tar:
|
||||
find . -type d -print | xargs chmod 755
|
||||
find . -type f -print | xargs chmod a+r
|
||||
find . -type f -perm -0100 -print | xargs chmod a+x
|
||||
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE).gz
|
||||
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
|
||||
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
|
||||
tardy --user_number=0 --user_name=openssl \
|
||||
--group_number=0 --group_name=openssl \
|
||||
--prefix=openssl-$(VERSION) - |\
|
||||
gzip --best >../$(TARFILE).gz; \
|
||||
rm -f ../$(TARFILE).list; \
|
||||
ls -l ../$(TARFILE).gz
|
||||
|
||||
tar-snap: $(TARFILE).list
|
||||
$(TAR_COMMAND) > $(TARFILE)
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE)
|
||||
tar-snap:
|
||||
@$(TAR) $(TARFLAGS) -cvf - \
|
||||
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
|
||||
tardy --user_number=0 --user_name=openssl \
|
||||
--group_number=0 --group_name=openssl \
|
||||
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
|
||||
ls -l ../$(TARFILE)
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) dist_pem_h
|
||||
@$(MAKE) SDIRS='$(SDIRS)' clean
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
|
||||
|
||||
dist_pem_h:
|
||||
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
|
||||
|
||||
install: all install_docs install_sw
|
||||
|
||||
|
||||
47
NEWS
47
NEWS
@ -5,53 +5,6 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [under development]
|
||||
|
||||
o
|
||||
|
||||
Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
|
||||
|
||||
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
|
||||
o Disable SSLv2 default build, default negotiation and weak ciphers
|
||||
(CVE-2016-0800)
|
||||
o Fix a double-free in DSA code (CVE-2016-0705)
|
||||
o Disable SRP fake user seed to address a server memory leak
|
||||
(CVE-2016-0798)
|
||||
o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
|
||||
(CVE-2016-0797)
|
||||
o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
|
||||
o Fix side channel attack on modular exponentiation (CVE-2016-0702)
|
||||
|
||||
Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
|
||||
|
||||
o Protection for DH small subgroup attacks
|
||||
o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
|
||||
|
||||
Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
|
||||
|
||||
o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
|
||||
o X509_ATTRIBUTE memory leak (CVE-2015-3195)
|
||||
o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
|
||||
o In DSA_generate_parameters_ex, if the provided seed is too short,
|
||||
return an error
|
||||
|
||||
Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
|
||||
|
||||
o Alternate chains certificate forgery (CVE-2015-1793)
|
||||
o Race condition handling PSK identify hint (CVE-2015-3196)
|
||||
|
||||
Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
|
||||
|
||||
o Fix HMAC ABI incompatibility
|
||||
|
||||
Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
|
||||
|
||||
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
|
||||
o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
|
||||
o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
|
||||
o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
|
||||
o Race condition handling NewSessionTicket (CVE-2015-1791)
|
||||
|
||||
Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
|
||||
|
||||
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
|
||||
|
||||
205
README
205
README
@ -1,7 +1,7 @@
|
||||
|
||||
OpenSSL 1.0.1t-dev
|
||||
OpenSSL 1.0.1m 19 Mar 2015
|
||||
|
||||
Copyright (c) 1998-2015 The OpenSSL Project
|
||||
Copyright (c) 1998-2011 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
All rights reserved.
|
||||
|
||||
@ -10,17 +10,17 @@
|
||||
|
||||
The OpenSSL Project is a collaborative effort to develop a robust,
|
||||
commercial-grade, fully featured, and Open Source toolkit implementing the
|
||||
Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
|
||||
well as a full-strength general purpose cryptograpic library. The project is
|
||||
managed by a worldwide community of volunteers that use the Internet to
|
||||
communicate, plan, and develop the OpenSSL toolkit and its related
|
||||
documentation.
|
||||
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
|
||||
protocols as well as a full-strength general purpose cryptography library.
|
||||
The project is managed by a worldwide community of volunteers that use the
|
||||
Internet to communicate, plan, and develop the OpenSSL toolkit and its
|
||||
related documentation.
|
||||
|
||||
OpenSSL is descended from the SSLeay library developed by Eric A. Young
|
||||
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
|
||||
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
|
||||
OpenSSL license plus the SSLeay license), which means that you are free to
|
||||
get and use it for commercial and non-commercial purposes as long as you
|
||||
fulfill the conditions of both licenses.
|
||||
OpenSSL license plus the SSLeay license) situation, which basically means
|
||||
that you are free to get and use it for commercial and non-commercial
|
||||
purposes as long as you fulfill the conditions of both licenses.
|
||||
|
||||
OVERVIEW
|
||||
--------
|
||||
@ -28,39 +28,116 @@
|
||||
The OpenSSL toolkit includes:
|
||||
|
||||
libssl.a:
|
||||
Provides the client and server-side implementations for SSLv3 and TLS.
|
||||
Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
|
||||
both SSLv2, SSLv3 and TLSv1 in the one server and client.
|
||||
|
||||
libcrypto.a:
|
||||
Provides general cryptographic and X.509 support needed by SSL/TLS but
|
||||
not logically part of it.
|
||||
General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
|
||||
actually logically part of it. It includes routines for the following:
|
||||
|
||||
Ciphers
|
||||
libdes - EAY's libdes DES encryption package which was floating
|
||||
around the net for a few years, and was then relicensed by
|
||||
him as part of SSLeay. It includes 15 'modes/variations'
|
||||
of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
|
||||
pcbc and a more general form of cfb and ofb) including desx
|
||||
in cbc mode, a fast crypt(3), and routines to read
|
||||
passwords from the keyboard.
|
||||
RC4 encryption,
|
||||
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
|
||||
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
|
||||
IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
|
||||
|
||||
Digests
|
||||
MD5 and MD2 message digest algorithms, fast implementations,
|
||||
SHA (SHA-0) and SHA-1 message digest algorithms,
|
||||
MDC2 message digest. A DES based hash that is popular on smart cards.
|
||||
|
||||
Public Key
|
||||
RSA encryption/decryption/generation.
|
||||
There is no limit on the number of bits.
|
||||
DSA encryption/decryption/generation.
|
||||
There is no limit on the number of bits.
|
||||
Diffie-Hellman key-exchange/key generation.
|
||||
There is no limit on the number of bits.
|
||||
|
||||
X.509v3 certificates
|
||||
X509 encoding/decoding into/from binary ASN1 and a PEM
|
||||
based ASCII-binary encoding which supports encryption with a
|
||||
private key. Program to generate RSA and DSA certificate
|
||||
requests and to generate RSA and DSA certificates.
|
||||
|
||||
Systems
|
||||
The normal digital envelope routines and base64 encoding. Higher
|
||||
level access to ciphers and digests by name. New ciphers can be
|
||||
loaded at run time. The BIO io system which is a simple non-blocking
|
||||
IO abstraction. Current methods supported are file descriptors,
|
||||
sockets, socket accept, socket connect, memory buffer, buffering, SSL
|
||||
client/server, file pointer, encryption, digest, non-blocking testing
|
||||
and null.
|
||||
|
||||
Data structures
|
||||
A dynamically growing hashing system
|
||||
A simple stack.
|
||||
A Configuration loader that uses a format similar to MS .ini files.
|
||||
|
||||
openssl:
|
||||
A command line tool that can be used for:
|
||||
Creation of key parameters
|
||||
Creation of RSA, DH and DSA key parameters
|
||||
Creation of X.509 certificates, CSRs and CRLs
|
||||
Calculation of message digests
|
||||
Encryption and decryption
|
||||
SSL/TLS client and server tests
|
||||
Calculation of Message Digests
|
||||
Encryption and Decryption with Ciphers
|
||||
SSL/TLS Client and Server Tests
|
||||
Handling of S/MIME signed or encrypted mail
|
||||
And more...
|
||||
|
||||
|
||||
PATENTS
|
||||
-------
|
||||
|
||||
Various companies hold various patents for various algorithms in various
|
||||
locations around the world. _YOU_ are responsible for ensuring that your use
|
||||
of any algorithms is legal by checking if there are any patents in your
|
||||
country. The file contains some of the patents that we know about or are
|
||||
rumored to exist. This is not a definitive list.
|
||||
|
||||
RSA Security holds software patents on the RC5 algorithm. If you
|
||||
intend to use this cipher, you must contact RSA Security for
|
||||
licensing conditions. Their web page is http://www.rsasecurity.com/.
|
||||
|
||||
RC4 is a trademark of RSA Security, so use of this label should perhaps
|
||||
only be used with RSA Security's permission.
|
||||
|
||||
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
|
||||
Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
|
||||
should be contacted if that algorithm is to be used; their web page is
|
||||
http://www.ascom.ch/.
|
||||
|
||||
NTT and Mitsubishi have patents and pending patents on the Camellia
|
||||
algorithm, but allow use at no charge without requiring an explicit
|
||||
licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
|
||||
|
||||
INSTALLATION
|
||||
------------
|
||||
|
||||
See the appropriate file:
|
||||
INSTALL Linux, Unix, etc.
|
||||
INSTALL.DJGPP DOS platform with DJGPP
|
||||
INSTALL.NW Netware
|
||||
INSTALL.OS2 OS/2
|
||||
INSTALL.VMS VMS
|
||||
INSTALL.W32 Windows (32bit)
|
||||
INSTALL.W64 Windows (64bit)
|
||||
INSTALL.WCE Windows CE
|
||||
To install this package under a Unix derivative, read the INSTALL file. For
|
||||
a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
|
||||
INSTALL.VMS.
|
||||
|
||||
Read the documentation in the doc/ directory. It is quite rough, but it
|
||||
lists the functions; you will probably have to look at the code to work out
|
||||
how to use them. Look at the example programs.
|
||||
|
||||
PROBLEMS
|
||||
--------
|
||||
|
||||
For some platforms, there are some known problems that may affect the user
|
||||
or application author. We try to collect those in doc/PROBLEMS, with current
|
||||
thoughts on how they should be solved in a future of OpenSSL.
|
||||
|
||||
SUPPORT
|
||||
-------
|
||||
|
||||
See the OpenSSL website www.openssl.org for details on how to obtain
|
||||
See the OpenSSL website www.openssl.org for details of how to obtain
|
||||
commercial technical support.
|
||||
|
||||
If you have any problems with OpenSSL then please take the following steps
|
||||
@ -84,36 +161,58 @@
|
||||
- Problem Description (steps that will reproduce the problem, if known)
|
||||
- Stack Traceback (if the application dumps core)
|
||||
|
||||
Email the report to:
|
||||
Report the bug to the OpenSSL project via the Request Tracker
|
||||
(http://www.openssl.org/support/rt.html) by mail to:
|
||||
|
||||
rt@openssl.org
|
||||
openssl-bugs@openssl.org
|
||||
|
||||
In order to avoid spam, this is a moderated mailing list, and it might
|
||||
take a day for the ticket to show up. (We also scan posts to make sure
|
||||
that security disclosures aren't publically posted by mistake.) Mail
|
||||
to this address is recorded in the public RT (request tracker) database
|
||||
(see https://www.openssl.org/community/index.html#bugs for details) and
|
||||
also forwarded the public openssl-dev mailing list. Confidential mail
|
||||
may be sent to openssl-security@openssl.org (PGP key available from the
|
||||
key servers).
|
||||
Note that the request tracker should NOT be used for general assistance
|
||||
or support queries. Just because something doesn't work the way you expect
|
||||
does not mean it is necessarily a bug in OpenSSL.
|
||||
|
||||
Please do NOT use this for general assistance or support queries.
|
||||
Just because something doesn't work the way you expect does not mean it
|
||||
is necessarily a bug in OpenSSL.
|
||||
|
||||
You can also make GitHub pull requests. If you do this, please also send
|
||||
mail to rt@openssl.org with a link to the PR so that we can more easily
|
||||
keep track of it.
|
||||
Note that mail to openssl-bugs@openssl.org is recorded in the publicly
|
||||
readable request tracker database and is forwarded to a public
|
||||
mailing list. Confidential mail may be sent to openssl-security@openssl.org
|
||||
(PGP key available from the key servers).
|
||||
|
||||
HOW TO CONTRIBUTE TO OpenSSL
|
||||
----------------------------
|
||||
|
||||
See CONTRIBUTING
|
||||
Development is coordinated on the openssl-dev mailing list (see
|
||||
http://www.openssl.org for information on subscribing). If you
|
||||
would like to submit a patch, send it to openssl-bugs@openssl.org with
|
||||
the string "[PATCH]" in the subject. Please be sure to include a
|
||||
textual explanation of what your patch does.
|
||||
|
||||
LEGALITIES
|
||||
----------
|
||||
If you are unsure as to whether a feature will be useful for the general
|
||||
OpenSSL community please discuss it on the openssl-dev mailing list first.
|
||||
Someone may be already working on the same thing or there may be a good
|
||||
reason as to why that feature isn't implemented.
|
||||
|
||||
Patches should be as up to date as possible, preferably relative to the
|
||||
current Git or the last snapshot. They should follow the coding style of
|
||||
OpenSSL and compile without warnings. Some of the core team developer targets
|
||||
can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
|
||||
compiles on many varied platforms: try to ensure you only use portable
|
||||
features.
|
||||
|
||||
Note: For legal reasons, contributions from the US can be accepted only
|
||||
if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
|
||||
(formerly BXA) with a copy to the ENC Encryption Request Coordinator;
|
||||
please take some time to look at
|
||||
http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
|
||||
and
|
||||
http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
|
||||
for the details. If "your encryption source code is too large to serve as
|
||||
an email attachment", they are glad to receive it by fax instead; hope you
|
||||
have a cheap long-distance plan.
|
||||
|
||||
Our preferred format for changes is "diff -u" output. You might
|
||||
generate it like this:
|
||||
|
||||
# cd openssl-work
|
||||
# [your changes]
|
||||
# ./Configure dist; make clean
|
||||
# cd ..
|
||||
# diff -ur openssl-orig openssl-work > mydiffs.patch
|
||||
|
||||
A number of nations, in particular the U.S., restrict the use or export
|
||||
of cryptography. If you are potentially subject to such restrictions
|
||||
you should seek competent professional legal advice before attempting to
|
||||
develop or distribute cryptographic code.
|
||||
|
||||
108
TABLE
108
TABLE
@ -35,7 +35,7 @@ $multilib =
|
||||
|
||||
*** BS2000-OSD
|
||||
$cc = c89
|
||||
$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC
|
||||
$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC
|
||||
$unistd =
|
||||
$thread_cflag = (unknown)
|
||||
$sys_id =
|
||||
@ -68,7 +68,7 @@ $multilib =
|
||||
|
||||
*** BSD-generic32
|
||||
$cc = gcc
|
||||
$cflags = -O3 -fomit-frame-pointer -Wall
|
||||
$cflags = -DTERMIOS -O3 -fomit-frame-pointer -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -101,7 +101,7 @@ $multilib =
|
||||
|
||||
*** BSD-generic64
|
||||
$cc = gcc
|
||||
$cflags = -O3 -Wall
|
||||
$cflags = -DTERMIOS -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -134,7 +134,7 @@ $multilib =
|
||||
|
||||
*** BSD-ia64
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O3 -Wall
|
||||
$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -167,7 +167,7 @@ $multilib =
|
||||
|
||||
*** BSD-sparc64
|
||||
$cc = gcc
|
||||
$cflags = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall
|
||||
$cflags = -DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -200,7 +200,7 @@ $multilib =
|
||||
|
||||
*** BSD-sparcv8
|
||||
$cc = gcc
|
||||
$cflags = -DB_ENDIAN -O3 -mcpu=v8 -Wall
|
||||
$cflags = -DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -233,7 +233,7 @@ $multilib =
|
||||
|
||||
*** BSD-x86
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
|
||||
$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -266,7 +266,7 @@ $multilib =
|
||||
|
||||
*** BSD-x86-elf
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
|
||||
$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -299,7 +299,7 @@ $multilib =
|
||||
|
||||
*** BSD-x86_64
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O3 -Wall
|
||||
$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -398,7 +398,7 @@ $multilib =
|
||||
|
||||
*** DJGPP
|
||||
$cc = gcc
|
||||
$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
|
||||
$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
|
||||
$unistd =
|
||||
$thread_cflag =
|
||||
$sys_id = MSDOS
|
||||
@ -530,7 +530,7 @@ $multilib =
|
||||
|
||||
*** QNX6
|
||||
$cc = gcc
|
||||
$cflags =
|
||||
$cflags = -DTERMIOS
|
||||
$unistd =
|
||||
$thread_cflag =
|
||||
$sys_id =
|
||||
@ -563,7 +563,7 @@ $multilib =
|
||||
|
||||
*** QNX6-i386
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O2 -Wall
|
||||
$cflags = -DL_ENDIAN -DTERMIOS -O2 -Wall
|
||||
$unistd =
|
||||
$thread_cflag =
|
||||
$sys_id =
|
||||
@ -1520,7 +1520,7 @@ $multilib =
|
||||
|
||||
*** debug-BSD-x86-elf
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O3 -Wall -g
|
||||
$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall -g
|
||||
$unistd =
|
||||
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2213,7 +2213,7 @@ $multilib =
|
||||
|
||||
*** debug-levitte-linux-elf-extreme
|
||||
$cc = gcc
|
||||
$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
|
||||
$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2279,7 +2279,7 @@ $multilib =
|
||||
|
||||
*** debug-levitte-linux-noasm-extreme
|
||||
$cc = gcc
|
||||
$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
|
||||
$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2312,7 +2312,7 @@ $multilib =
|
||||
|
||||
*** debug-linux-elf
|
||||
$cc = gcc
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2345,7 +2345,7 @@ $multilib =
|
||||
|
||||
*** debug-linux-elf-noefence
|
||||
$cc = gcc
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2378,7 +2378,7 @@ $multilib =
|
||||
|
||||
*** debug-linux-generic32
|
||||
$cc = gcc
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2411,7 +2411,7 @@ $multilib =
|
||||
|
||||
*** debug-linux-generic64
|
||||
$cc = gcc
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2444,7 +2444,7 @@ $multilib =
|
||||
|
||||
*** debug-linux-ia32-aes
|
||||
$cc = gcc
|
||||
$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
|
||||
$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2477,7 +2477,7 @@ $multilib =
|
||||
|
||||
*** debug-linux-pentium
|
||||
$cc = gcc
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2510,7 +2510,7 @@ $multilib =
|
||||
|
||||
*** debug-linux-ppro
|
||||
$cc = gcc
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2543,7 +2543,7 @@ $multilib =
|
||||
|
||||
*** debug-linux-x86_64
|
||||
$cc = gcc
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -2642,7 +2642,7 @@ $multilib =
|
||||
|
||||
*** debug-solaris-sparcv8-gcc
|
||||
$cc = gcc
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN
|
||||
$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -3566,7 +3566,7 @@ $multilib = /pa20_64
|
||||
|
||||
*** hurd-x86
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall
|
||||
$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -3632,7 +3632,7 @@ $multilib =
|
||||
|
||||
*** irix-cc
|
||||
$cc = cc
|
||||
$cflags = -O2 -use_readonly_const -DB_ENDIAN
|
||||
$cflags = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
|
||||
$unistd =
|
||||
$thread_cflag = (unknown)
|
||||
$sys_id =
|
||||
@ -3665,7 +3665,7 @@ $multilib =
|
||||
|
||||
*** irix-gcc
|
||||
$cc = gcc
|
||||
$cflags = -O3 -DB_ENDIAN
|
||||
$cflags = -O3 -DTERMIOS -DB_ENDIAN
|
||||
$unistd =
|
||||
$thread_cflag = (unknown)
|
||||
$sys_id =
|
||||
@ -3698,7 +3698,7 @@ $multilib =
|
||||
|
||||
*** irix-mips3-cc
|
||||
$cc = cc
|
||||
$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W
|
||||
$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W
|
||||
$unistd =
|
||||
$thread_cflag = -D_SGI_MP_SOURCE
|
||||
$sys_id =
|
||||
@ -3731,7 +3731,7 @@ $multilib = 32
|
||||
|
||||
*** irix-mips3-gcc
|
||||
$cc = gcc
|
||||
$cflags = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W
|
||||
$cflags = -mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
|
||||
$unistd =
|
||||
$thread_cflag = -D_SGI_MP_SOURCE
|
||||
$sys_id =
|
||||
@ -3764,7 +3764,7 @@ $multilib = 32
|
||||
|
||||
*** irix64-mips4-cc
|
||||
$cc = cc
|
||||
$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W
|
||||
$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W
|
||||
$unistd =
|
||||
$thread_cflag = -D_SGI_MP_SOURCE
|
||||
$sys_id =
|
||||
@ -3797,7 +3797,7 @@ $multilib = 64
|
||||
|
||||
*** irix64-mips4-gcc
|
||||
$cc = gcc
|
||||
$cflags = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W
|
||||
$cflags = -mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
|
||||
$unistd =
|
||||
$thread_cflag = -D_SGI_MP_SOURCE
|
||||
$sys_id =
|
||||
@ -3830,7 +3830,7 @@ $multilib = 64
|
||||
|
||||
*** linux-alpha+bwx-ccc
|
||||
$cc = ccc
|
||||
$cflags = -fast -readonly_strings -DL_ENDIAN
|
||||
$cflags = -fast -readonly_strings -DL_ENDIAN -DTERMIO
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -3863,7 +3863,7 @@ $multilib =
|
||||
|
||||
*** linux-alpha+bwx-gcc
|
||||
$cc = gcc
|
||||
$cflags = -O3 -DL_ENDIAN
|
||||
$cflags = -O3 -DL_ENDIAN -DTERMIO
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -3896,7 +3896,7 @@ $multilib =
|
||||
|
||||
*** linux-alpha-ccc
|
||||
$cc = ccc
|
||||
$cflags = -fast -readonly_strings -DL_ENDIAN
|
||||
$cflags = -fast -readonly_strings -DL_ENDIAN -DTERMIO
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -3929,7 +3929,7 @@ $multilib =
|
||||
|
||||
*** linux-alpha-gcc
|
||||
$cc = gcc
|
||||
$cflags = -O3 -DL_ENDIAN
|
||||
$cflags = -O3 -DL_ENDIAN -DTERMIO
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -3962,7 +3962,7 @@ $multilib =
|
||||
|
||||
*** linux-aout
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall
|
||||
$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = (unknown)
|
||||
$sys_id =
|
||||
@ -3995,7 +3995,7 @@ $multilib =
|
||||
|
||||
*** linux-armv4
|
||||
$cc = gcc
|
||||
$cflags = -O3 -Wall
|
||||
$cflags = -DTERMIO -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4028,7 +4028,7 @@ $multilib =
|
||||
|
||||
*** linux-elf
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
|
||||
$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4061,7 +4061,7 @@ $multilib =
|
||||
|
||||
*** linux-generic32
|
||||
$cc = gcc
|
||||
$cflags = -O3 -fomit-frame-pointer -Wall
|
||||
$cflags = -DTERMIO -O3 -fomit-frame-pointer -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4094,7 +4094,7 @@ $multilib =
|
||||
|
||||
*** linux-generic64
|
||||
$cc = gcc
|
||||
$cflags = -O3 -Wall
|
||||
$cflags = -DTERMIO -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4127,7 +4127,7 @@ $multilib =
|
||||
|
||||
*** linux-ia32-icc
|
||||
$cc = icc
|
||||
$cflags = -DL_ENDIAN -O2 -no_cpprt
|
||||
$cflags = -DL_ENDIAN -DTERMIO -O2 -no_cpprt
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4160,7 +4160,7 @@ $multilib =
|
||||
|
||||
*** linux-ia64
|
||||
$cc = gcc
|
||||
$cflags = -DL_ENDIAN -O3 -Wall
|
||||
$cflags = -DL_ENDIAN -DTERMIO -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4193,7 +4193,7 @@ $multilib =
|
||||
|
||||
*** linux-ia64-ecc
|
||||
$cc = ecc
|
||||
$cflags = -DL_ENDIAN -O2 -Wall -no_cpprt
|
||||
$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4226,7 +4226,7 @@ $multilib =
|
||||
|
||||
*** linux-ia64-icc
|
||||
$cc = icc
|
||||
$cflags = -DL_ENDIAN -O2 -Wall -no_cpprt
|
||||
$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4259,7 +4259,7 @@ $multilib =
|
||||
|
||||
*** linux-ppc
|
||||
$cc = gcc
|
||||
$cflags = -DB_ENDIAN -O3 -Wall
|
||||
$cflags = -DB_ENDIAN -DTERMIO -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4292,7 +4292,7 @@ $multilib =
|
||||
|
||||
*** linux-ppc64
|
||||
$cc = gcc
|
||||
$cflags = -m64 -DB_ENDIAN -O3 -Wall
|
||||
$cflags = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4325,7 +4325,7 @@ $multilib = 64
|
||||
|
||||
*** linux-sparcv8
|
||||
$cc = gcc
|
||||
$cflags = -mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
|
||||
$cflags = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4358,7 +4358,7 @@ $multilib =
|
||||
|
||||
*** linux-sparcv9
|
||||
$cc = gcc
|
||||
$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
|
||||
$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id = ULTRASPARC
|
||||
@ -4391,7 +4391,7 @@ $multilib =
|
||||
|
||||
*** linux-x86_64
|
||||
$cc = gcc
|
||||
$cflags = -m64 -DL_ENDIAN -O3 -Wall
|
||||
$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4424,7 +4424,7 @@ $multilib = 64
|
||||
|
||||
*** linux32-s390x
|
||||
$cc = gcc
|
||||
$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall
|
||||
$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4457,7 +4457,7 @@ $multilib = /highgprs
|
||||
|
||||
*** linux64-s390x
|
||||
$cc = gcc
|
||||
$cflags = -m64 -DB_ENDIAN -O3 -Wall
|
||||
$cflags = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -4490,7 +4490,7 @@ $multilib = 64
|
||||
|
||||
*** linux64-sparcv9
|
||||
$cc = gcc
|
||||
$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall
|
||||
$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id = ULTRASPARC
|
||||
@ -5315,7 +5315,7 @@ $multilib =
|
||||
|
||||
*** solaris-sparcv8-gcc
|
||||
$cc = gcc
|
||||
$cflags = -mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
|
||||
$cflags = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
|
||||
$unistd =
|
||||
$thread_cflag = -D_REENTRANT
|
||||
$sys_id =
|
||||
@ -5612,7 +5612,7 @@ $multilib = /64
|
||||
|
||||
*** sunos-gcc
|
||||
$cc = gcc
|
||||
$cflags = -O3 -mcpu=v8 -Dssize_t=int
|
||||
$cflags = -O3 -mv8 -Dssize_t=int
|
||||
$unistd =
|
||||
$thread_cflag = (unknown)
|
||||
$sys_id = SUNOS
|
||||
|
||||
8
apps/.cvsignore
Normal file
8
apps/.cvsignore
Normal file
@ -0,0 +1,8 @@
|
||||
openssl
|
||||
Makefile.save
|
||||
der_chop
|
||||
der_chop.bak
|
||||
CA.pl
|
||||
*.flc
|
||||
semantic.cache
|
||||
*.dll
|
||||
@ -94,9 +94,6 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
|
||||
sreq.o: req.c
|
||||
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
|
||||
|
||||
openssl-vms.cnf: openssl.cnf
|
||||
$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
|
||||
|
||||
@ -130,12 +127,12 @@ links:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: openssl-vms.cnf local_depend
|
||||
|
||||
depend: local_depend
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
local_depend:
|
||||
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
|
||||
depend:
|
||||
@if [ -z "$(THIS)" ]; then \
|
||||
$(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
|
||||
else \
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
|
||||
fi
|
||||
|
||||
dclean:
|
||||
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
|
||||
@ -147,10 +144,10 @@ clean:
|
||||
rm -f req
|
||||
|
||||
$(DLIBSSL):
|
||||
(cd ..; $(MAKE) build_libssl)
|
||||
(cd ..; $(MAKE) DIRS=ssl all)
|
||||
|
||||
$(DLIBCRYPTO):
|
||||
(cd ..; $(MAKE) build_libcrypto)
|
||||
(cd ..; $(MAKE) DIRS=crypto all)
|
||||
|
||||
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
|
||||
$(RM) $(EXE)
|
||||
|
||||
15
apps/apps.c
15
apps/apps.c
@ -119,6 +119,9 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
|
||||
# include <strings.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
@ -569,7 +572,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
|
||||
char *prompt = NULL;
|
||||
|
||||
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
|
||||
if (!prompt) {
|
||||
if(!prompt) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
UI_free(ui);
|
||||
return 0;
|
||||
@ -583,7 +586,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
|
||||
PW_MIN_LENGTH, bufsiz - 1);
|
||||
if (ok >= 0 && verify) {
|
||||
buff = (char *)OPENSSL_malloc(bufsiz);
|
||||
if (!buff) {
|
||||
if(!buff) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
UI_free(ui);
|
||||
OPENSSL_free(prompt);
|
||||
@ -1244,11 +1247,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
|
||||
{"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
|
||||
{NULL, 0, 0}
|
||||
};
|
||||
if (set_multi_opts(flags, arg, ex_tbl) == 0)
|
||||
return 0;
|
||||
if ((*flags & XN_FLAG_SEP_MASK) == 0)
|
||||
*flags |= XN_FLAG_SEP_CPLUS_SPC;
|
||||
return 1;
|
||||
return set_multi_opts(flags, arg, ex_tbl);
|
||||
}
|
||||
|
||||
int set_ext_copy(int *copy_type, const char *arg)
|
||||
@ -2239,8 +2238,6 @@ int args_verify(char ***pargs, int *pargc,
|
||||
flags |= X509_V_FLAG_NOTIFY_POLICY;
|
||||
else if (!strcmp(arg, "-check_ss_sig"))
|
||||
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
|
||||
else if (!strcmp(arg, "-no_alt_chains"))
|
||||
flags |= X509_V_FLAG_NO_ALT_CHAINS;
|
||||
else
|
||||
return 0;
|
||||
|
||||
|
||||
@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
typ = ASN1_TYPE_get(at);
|
||||
if ((typ == V_ASN1_OBJECT)
|
||||
|| (typ == V_ASN1_BOOLEAN)
|
||||
|| (typ == V_ASN1_NULL)) {
|
||||
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
|
||||
BIO_printf(bio_err, "Can't parse %s type\n",
|
||||
typ == V_ASN1_NULL ? "NULL" : "OBJECT");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
|
||||
{
|
||||
CONF *cnf = NULL;
|
||||
int len;
|
||||
long errline = 0;
|
||||
long errline;
|
||||
unsigned char *p;
|
||||
ASN1_TYPE *atyp = NULL;
|
||||
|
||||
|
||||
24
apps/ca.c
24
apps/ca.c
@ -99,19 +99,25 @@
|
||||
#undef PROG
|
||||
#define PROG ca_main
|
||||
|
||||
#define BASE_SECTION "ca"
|
||||
#define CONFIG_FILE "openssl.cnf"
|
||||
#define BASE_SECTION "ca"
|
||||
#define CONFIG_FILE "openssl.cnf"
|
||||
|
||||
#define ENV_DEFAULT_CA "default_ca"
|
||||
|
||||
#define STRING_MASK "string_mask"
|
||||
#define STRING_MASK "string_mask"
|
||||
#define UTF8_IN "utf8"
|
||||
|
||||
#define ENV_DIR "dir"
|
||||
#define ENV_CERTS "certs"
|
||||
#define ENV_CRL_DIR "crl_dir"
|
||||
#define ENV_CA_DB "CA_DB"
|
||||
#define ENV_NEW_CERTS_DIR "new_certs_dir"
|
||||
#define ENV_CERTIFICATE "certificate"
|
||||
#define ENV_SERIAL "serial"
|
||||
#define ENV_CRLNUMBER "crlnumber"
|
||||
#define ENV_CRL "crl"
|
||||
#define ENV_PRIVATE_KEY "private_key"
|
||||
#define ENV_RANDFILE "RANDFILE"
|
||||
#define ENV_DEFAULT_DAYS "default_days"
|
||||
#define ENV_DEFAULT_STARTDATE "default_startdate"
|
||||
#define ENV_DEFAULT_ENDDATE "default_enddate"
|
||||
@ -552,7 +558,7 @@ int MAIN(int argc, char **argv)
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
len = strlen(s) + sizeof(CONFIG_FILE);
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if (!tofree) {
|
||||
if(!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
@ -560,7 +566,7 @@ int MAIN(int argc, char **argv)
|
||||
#else
|
||||
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if (!tofree) {
|
||||
if(!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
@ -2514,8 +2520,6 @@ static int do_updatedb(CA_DB *db)
|
||||
char **rrow, *a_tm_s;
|
||||
|
||||
a_tm = ASN1_UTCTIME_new();
|
||||
if (a_tm == NULL)
|
||||
return -1;
|
||||
|
||||
/* get actual time and make a string */
|
||||
a_tm = X509_gmtime_adj(a_tm, 0);
|
||||
@ -2799,7 +2803,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
ASN1_GENERALIZEDTIME *comp_time = NULL;
|
||||
tmp = BUF_strdup(str);
|
||||
|
||||
if (!tmp) {
|
||||
if(!tmp) {
|
||||
BIO_printf(bio_err, "memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
@ -2821,7 +2825,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
|
||||
if (prevtm) {
|
||||
*prevtm = ASN1_UTCTIME_new();
|
||||
if (!*prevtm) {
|
||||
if(!*prevtm) {
|
||||
BIO_printf(bio_err, "memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
@ -2865,7 +2869,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
goto err;
|
||||
}
|
||||
comp_time = ASN1_GENERALIZEDTIME_new();
|
||||
if (!comp_time) {
|
||||
if(!comp_time) {
|
||||
BIO_printf(bio_err, "memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -580,8 +580,6 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf(bio_err,
|
||||
|
||||
@ -130,7 +130,7 @@
|
||||
# undef PROG
|
||||
# define PROG dhparam_main
|
||||
|
||||
# define DEFBITS 2048
|
||||
# define DEFBITS 512
|
||||
|
||||
/*-
|
||||
* -inform arg - input format - default PEM (DER or PEM)
|
||||
@ -254,7 +254,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
" -5 generate parameters using 5 as the generator value\n");
|
||||
BIO_printf(bio_err,
|
||||
" numbits number of bits in to generate (default 2048)\n");
|
||||
" numbits number of bits in to generate (default 512)\n");
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,
|
||||
" -engine e use engine e, possibly a hardware device.\n");
|
||||
|
||||
@ -413,13 +413,14 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if (check) {
|
||||
if (group == NULL)
|
||||
BIO_printf(bio_err, "no elliptic curve parameters\n");
|
||||
BIO_printf(bio_err, "checking elliptic curve parameters: ");
|
||||
if (!EC_GROUP_check(group, NULL)) {
|
||||
BIO_printf(bio_err, "failed\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err, "ok\n");
|
||||
} else
|
||||
BIO_printf(bio_err, "ok\n");
|
||||
|
||||
}
|
||||
|
||||
|
||||
13
apps/enc.c
13
apps/enc.c
@ -548,14 +548,9 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
OPENSSL_cleanse(str, strlen(str));
|
||||
}
|
||||
if (hiv != NULL) {
|
||||
int siz = EVP_CIPHER_iv_length(cipher);
|
||||
if (siz == 0) {
|
||||
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
|
||||
} else if (!set_hex(hiv, iv, sizeof iv)) {
|
||||
BIO_printf(bio_err, "invalid hex iv value\n");
|
||||
goto end;
|
||||
}
|
||||
if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
|
||||
BIO_printf(bio_err, "invalid hex iv value\n");
|
||||
goto end;
|
||||
}
|
||||
if ((hiv == NULL) && (str == NULL)
|
||||
&& EVP_CIPHER_iv_length(cipher) != 0) {
|
||||
@ -567,7 +562,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "iv undefined\n");
|
||||
goto end;
|
||||
}
|
||||
if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
|
||||
if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
|
||||
BIO_printf(bio_err, "invalid hex key value\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* apps/engine.c */
|
||||
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
|
||||
* 2000.
|
||||
@ -99,6 +99,8 @@ static void identity(char *ptr)
|
||||
|
||||
static int append_buf(char **buf, const char *s, int *size, int step)
|
||||
{
|
||||
int l = strlen(s);
|
||||
|
||||
if (*buf == NULL) {
|
||||
*size = step;
|
||||
*buf = OPENSSL_malloc(*size);
|
||||
@ -107,6 +109,9 @@ static int append_buf(char **buf, const char *s, int *size, int step)
|
||||
**buf = '\0';
|
||||
}
|
||||
|
||||
if (**buf != '\0')
|
||||
l += 2; /* ", " */
|
||||
|
||||
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
|
||||
*size += step;
|
||||
*buf = OPENSSL_realloc(*buf, *size);
|
||||
|
||||
@ -80,7 +80,7 @@
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
# define DEFBITS 2048
|
||||
# define DEFBITS 512
|
||||
# undef PROG
|
||||
# define PROG gendh_main
|
||||
|
||||
|
||||
@ -518,8 +518,6 @@ int MAIN(int argc, char **argv)
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err,
|
||||
"-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-VAfile file validator certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -1003,7 +1001,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
|
||||
bs = OCSP_BASICRESP_new();
|
||||
thisupd = X509_gmtime_adj(NULL, 0);
|
||||
if (ndays != -1)
|
||||
nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
|
||||
nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
|
||||
|
||||
/* Examine each certificate id in the request */
|
||||
for (i = 0; i < id_count; i++) {
|
||||
@ -1220,8 +1218,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (BIO_get_fd(cbio, &fd) < 0) {
|
||||
BIO_puts(bio_err, "Can't get connection fd\n");
|
||||
if (BIO_get_fd(cbio, &fd) <= 0) {
|
||||
BIO_puts(err, "Can't get connection fd\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
||||
@ -79,8 +79,7 @@ const EVP_CIPHER *enc;
|
||||
# define CLCERTS 0x8
|
||||
# define CACERTS 0x10
|
||||
|
||||
static int get_cert_chain(X509 *cert, X509_STORE *store,
|
||||
STACK_OF(X509) **chain);
|
||||
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
|
||||
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
|
||||
int options, char *pempass);
|
||||
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
|
||||
@ -135,13 +134,6 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
apps_startup();
|
||||
|
||||
enc = EVP_des_ede3_cbc();
|
||||
if (bio_err == NULL)
|
||||
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
# ifdef OPENSSL_FIPS
|
||||
if (FIPS_mode())
|
||||
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
@ -149,6 +141,13 @@ int MAIN(int argc, char **argv)
|
||||
# endif
|
||||
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
|
||||
|
||||
enc = EVP_des_ede3_cbc();
|
||||
if (bio_err == NULL)
|
||||
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
args = argv + 1;
|
||||
|
||||
while (*args) {
|
||||
@ -595,7 +594,7 @@ int MAIN(int argc, char **argv)
|
||||
vret = get_cert_chain(ucert, store, &chain2);
|
||||
X509_STORE_free(store);
|
||||
|
||||
if (vret == X509_V_OK) {
|
||||
if (!vret) {
|
||||
/* Exclude verified certificate */
|
||||
for (i = 1; i < sk_X509_num(chain2); i++)
|
||||
sk_X509_push(certs, sk_X509_value(chain2, i));
|
||||
@ -603,7 +602,7 @@ int MAIN(int argc, char **argv)
|
||||
X509_free(sk_X509_value(chain2, 0));
|
||||
sk_X509_free(chain2);
|
||||
} else {
|
||||
if (vret != X509_V_ERR_UNSPECIFIED)
|
||||
if (vret >= 0)
|
||||
BIO_printf(bio_err, "Error %s getting chain.\n",
|
||||
X509_verify_cert_error_string(vret));
|
||||
else
|
||||
@ -907,25 +906,36 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
||||
|
||||
/* Given a single certificate return a verified chain or NULL if error */
|
||||
|
||||
static int get_cert_chain(X509 *cert, X509_STORE *store,
|
||||
STACK_OF(X509) **chain)
|
||||
/* Hope this is OK .... */
|
||||
|
||||
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
|
||||
{
|
||||
X509_STORE_CTX store_ctx;
|
||||
STACK_OF(X509) *chn = NULL;
|
||||
STACK_OF(X509) *chn;
|
||||
int i = 0;
|
||||
|
||||
if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
|
||||
*chain = NULL;
|
||||
return X509_V_ERR_UNSPECIFIED;
|
||||
}
|
||||
|
||||
if (X509_verify_cert(&store_ctx) > 0)
|
||||
/*
|
||||
* FIXME: Should really check the return status of X509_STORE_CTX_init
|
||||
* for an error, but how that fits into the return value of this function
|
||||
* is less obvious.
|
||||
*/
|
||||
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
|
||||
if (X509_verify_cert(&store_ctx) <= 0) {
|
||||
i = X509_STORE_CTX_get_error(&store_ctx);
|
||||
if (i == 0)
|
||||
/*
|
||||
* avoid returning 0 if X509_verify_cert() did not set an
|
||||
* appropriate error value in the context
|
||||
*/
|
||||
i = -1;
|
||||
chn = NULL;
|
||||
goto err;
|
||||
} else
|
||||
chn = X509_STORE_CTX_get1_chain(&store_ctx);
|
||||
else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
|
||||
i = X509_V_ERR_UNSPECIFIED;
|
||||
|
||||
err:
|
||||
X509_STORE_CTX_cleanup(&store_ctx);
|
||||
*chain = chn;
|
||||
|
||||
return i;
|
||||
}
|
||||
|
||||
|
||||
12
apps/pkcs7.c
12
apps/pkcs7.c
@ -235,16 +235,12 @@ int MAIN(int argc, char **argv)
|
||||
i = OBJ_obj2nid(p7->type);
|
||||
switch (i) {
|
||||
case NID_pkcs7_signed:
|
||||
if (p7->d.sign != NULL) {
|
||||
certs = p7->d.sign->cert;
|
||||
crls = p7->d.sign->crl;
|
||||
}
|
||||
certs = p7->d.sign->cert;
|
||||
crls = p7->d.sign->crl;
|
||||
break;
|
||||
case NID_pkcs7_signedAndEnveloped:
|
||||
if (p7->d.signed_and_enveloped != NULL) {
|
||||
certs = p7->d.signed_and_enveloped->cert;
|
||||
crls = p7->d.signed_and_enveloped->crl;
|
||||
}
|
||||
certs = p7->d.signed_and_enveloped->cert;
|
||||
crls = p7->d.signed_and_enveloped->crl;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
||||
@ -111,7 +111,6 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h> /* for memcpy() */
|
||||
#define USE_SOCKETS
|
||||
#define NON_MAIN
|
||||
#include "apps.h"
|
||||
@ -748,7 +747,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
|
||||
|
||||
/* Initialize a random secret */
|
||||
if (!cookie_initialized) {
|
||||
if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
|
||||
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
|
||||
BIO_printf(bio_err, "error setting random cookie secret\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -322,8 +322,6 @@ static void sc_usage(void)
|
||||
" -pass arg - private key file pass phrase source\n");
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err,
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -reconnect - Drop and re-make the connection with the same Session-ID\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -549,7 +547,7 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
|
||||
PW_CB_DATA cb_tmp;
|
||||
int l;
|
||||
|
||||
if (!pass) {
|
||||
if(!pass) {
|
||||
BIO_printf(bio_err, "Malloc failure\n");
|
||||
return NULL;
|
||||
}
|
||||
@ -1179,12 +1177,13 @@ int MAIN(int argc, char **argv)
|
||||
if (!set_cert_key_stuff(ctx, cert, key))
|
||||
goto end;
|
||||
|
||||
if ((CAfile || CApath)
|
||||
&& !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
if (!SSL_CTX_set_default_verify_paths(ctx)) {
|
||||
if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
|
||||
(!SSL_CTX_set_default_verify_paths(ctx))) {
|
||||
/*
|
||||
* BIO_printf(bio_err,"error setting default verify locations\n");
|
||||
*/
|
||||
ERR_print_errors(bio_err);
|
||||
/* goto end; */
|
||||
}
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (servername != NULL) {
|
||||
@ -1884,9 +1883,6 @@ int MAIN(int argc, char **argv)
|
||||
EVP_PKEY_free(key);
|
||||
if (pass)
|
||||
OPENSSL_free(pass);
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
OPENSSL_free(srp_arg.srppassin);
|
||||
#endif
|
||||
if (vpm)
|
||||
X509_VERIFY_PARAM_free(vpm);
|
||||
if (cbuf != NULL) {
|
||||
|
||||
123
apps/s_server.c
123
apps/s_server.c
@ -219,7 +219,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
|
||||
unsigned int *id_len);
|
||||
#ifndef OPENSSL_NO_DH
|
||||
static DH *load_dh_param(const char *dhfile);
|
||||
static DH *get_dh2048(void);
|
||||
static DH *get_dh512(void);
|
||||
#endif
|
||||
|
||||
#ifdef MONOLITH
|
||||
@ -227,48 +227,30 @@ static void s_server_init(void);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
static unsigned char dh2048_p[] = {
|
||||
0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
|
||||
0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
|
||||
0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
|
||||
0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
|
||||
0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
|
||||
0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
|
||||
0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
|
||||
0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
|
||||
0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
|
||||
0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
|
||||
0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
|
||||
0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
|
||||
0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
|
||||
0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
|
||||
0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
|
||||
0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
|
||||
0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
|
||||
0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
|
||||
0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
|
||||
0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
|
||||
0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
|
||||
0xE9,0x32,0x0B,0x3B,
|
||||
static unsigned char dh512_p[] = {
|
||||
0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
|
||||
0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
|
||||
0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
|
||||
0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
|
||||
0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
|
||||
0x47, 0x74, 0xE8, 0x33,
|
||||
};
|
||||
|
||||
static unsigned char dh2048_g[] = {
|
||||
static unsigned char dh512_g[] = {
|
||||
0x02,
|
||||
};
|
||||
|
||||
DH *get_dh2048()
|
||||
static DH *get_dh512(void)
|
||||
{
|
||||
DH *dh;
|
||||
DH *dh = NULL;
|
||||
|
||||
if ((dh = DH_new()) == NULL)
|
||||
return NULL;
|
||||
dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
|
||||
dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
|
||||
if (dh->p == NULL || dh->g == NULL) {
|
||||
DH_free(dh);
|
||||
return NULL;
|
||||
}
|
||||
return dh;
|
||||
return (NULL);
|
||||
dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
|
||||
dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
|
||||
if ((dh->p == NULL) || (dh->g == NULL))
|
||||
return (NULL);
|
||||
return (dh);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -416,8 +398,6 @@ typedef struct srpsrvparm_st {
|
||||
static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
|
||||
{
|
||||
srpsrvparm *p = (srpsrvparm *) arg;
|
||||
int ret = SSL3_AL_FATAL;
|
||||
|
||||
if (p->login == NULL && p->user == NULL) {
|
||||
p->login = SSL_get_srp_username(s);
|
||||
BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
|
||||
@ -426,25 +406,21 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
|
||||
|
||||
if (p->user == NULL) {
|
||||
BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
|
||||
goto err;
|
||||
return SSL3_AL_FATAL;
|
||||
}
|
||||
|
||||
if (SSL_set_srp_server_param
|
||||
(s, p->user->N, p->user->g, p->user->s, p->user->v,
|
||||
p->user->info) < 0) {
|
||||
*ad = SSL_AD_INTERNAL_ERROR;
|
||||
goto err;
|
||||
return SSL3_AL_FATAL;
|
||||
}
|
||||
BIO_printf(bio_err,
|
||||
"SRP parameters set: username = \"%s\" info=\"%s\" \n",
|
||||
p->login, p->user->info);
|
||||
ret = SSL_ERROR_NONE;
|
||||
|
||||
err:
|
||||
SRP_user_pwd_free(p->user);
|
||||
/* need to check whether there are memory leaks */
|
||||
p->user = NULL;
|
||||
p->login = NULL;
|
||||
return ret;
|
||||
return SSL_ERROR_NONE;
|
||||
}
|
||||
|
||||
#endif
|
||||
@ -546,8 +522,6 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err, " -state - Print the SSL states\n");
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err,
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -nocert - Don't use any certificates (Anon-DH)\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -746,7 +720,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
|
||||
num = inl;
|
||||
wbuf =
|
||||
(EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
|
||||
if (!wbuf)
|
||||
if(!wbuf)
|
||||
return 0;
|
||||
OPENSSL_free(b->ptr);
|
||||
|
||||
@ -1024,7 +998,7 @@ int MAIN(int argc, char *argv[])
|
||||
int off = 0;
|
||||
int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
int no_ecdhe = 0;
|
||||
int no_ecdhe;
|
||||
#endif
|
||||
int state = 0;
|
||||
const SSL_METHOD *meth = NULL;
|
||||
@ -1680,11 +1654,7 @@ int MAIN(int argc, char *argv[])
|
||||
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
|
||||
} else {
|
||||
BIO_printf(bio_s_out, "Using default temp DH parameters\n");
|
||||
dh = get_dh2048();
|
||||
if (dh == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
dh = get_dh512();
|
||||
}
|
||||
(void)BIO_flush(bio_s_out);
|
||||
|
||||
@ -2250,10 +2220,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP renego during write\n");
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
@ -2282,10 +2251,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
ret = 1;
|
||||
goto err;
|
||||
}
|
||||
if (k > 0) {
|
||||
l += k;
|
||||
i -= k;
|
||||
}
|
||||
l += k;
|
||||
i -= k;
|
||||
if (i <= 0)
|
||||
break;
|
||||
}
|
||||
@ -2307,10 +2274,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
@ -2395,10 +2361,9 @@ static int init_ssl_connection(SSL *con)
|
||||
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
|
||||
srp_callback_parm.login);
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
@ -2625,10 +2590,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
&& SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
|
||||
srp_callback_parm.login);
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
@ -2664,22 +2628,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
goto err;
|
||||
} else {
|
||||
BIO_printf(bio_s_out, "read R BLOCK\n");
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
if (BIO_should_io_special(io)
|
||||
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
else
|
||||
BIO_printf(bio_s_out, "LOOKUP not successful\n");
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
#if defined(OPENSSL_SYS_NETWARE)
|
||||
delay(1000);
|
||||
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
|
||||
@ -2968,8 +2916,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
|
||||
{
|
||||
unsigned int count = 0;
|
||||
do {
|
||||
if (RAND_pseudo_bytes(id, *id_len) < 0)
|
||||
return 0;
|
||||
RAND_pseudo_bytes(id, *id_len);
|
||||
/*
|
||||
* Prefix the session_id with the required prefix. NB: If our prefix
|
||||
* is too long, clip it - but there will be worse effects anyway, eg.
|
||||
|
||||
@ -302,7 +302,7 @@ static int parseArgs(int argc, char **argv)
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
maxTime = atoi(*(++argv));
|
||||
if (maxTime <= 0) {
|
||||
if(maxTime <= 0) {
|
||||
BIO_printf(bio_err, "time must be > 0\n");
|
||||
badop = 1;
|
||||
}
|
||||
|
||||
@ -441,8 +441,6 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf(bio_err,
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* apps/speed.c */
|
||||
/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
||||
@ -435,7 +435,7 @@ int MAIN(int argc, char **argv)
|
||||
# ifdef OPENSSL_SYS_VMS
|
||||
len = strlen(s) + sizeof(CONFIG_FILE);
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if (!tofree) {
|
||||
if(!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
@ -443,7 +443,7 @@ int MAIN(int argc, char **argv)
|
||||
# else
|
||||
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if (!tofree) {
|
||||
if(!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
|
||||
if (ret == 1) {
|
||||
BIO_printf(bio_err,
|
||||
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
|
||||
BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
|
||||
BIO_printf(bio_err, " [-attime timestamp]");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err, " [-engine e]");
|
||||
#endif
|
||||
|
||||
@ -1170,7 +1170,12 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
|
||||
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
|
||||
goto err;
|
||||
|
||||
if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
|
||||
/* Lets just make it 12:00am GMT, Jan 1 1970 */
|
||||
/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
|
||||
/* 28 days to be certified */
|
||||
|
||||
if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
|
||||
NULL)
|
||||
goto err;
|
||||
|
||||
if (!X509_set_pubkey(x, pkey))
|
||||
|
||||
60
appveyor.yml
60
appveyor.yml
@ -1,60 +0,0 @@
|
||||
platform:
|
||||
- x86
|
||||
- x64
|
||||
|
||||
environment:
|
||||
matrix:
|
||||
- VSVER: 9
|
||||
- VSVER: 10
|
||||
- VSVER: 11
|
||||
- VSVER: 12
|
||||
- VSVER: 14
|
||||
|
||||
configuration:
|
||||
- plain
|
||||
- shared
|
||||
|
||||
matrix:
|
||||
allow_failures:
|
||||
- platform: x64
|
||||
VSVER: 9
|
||||
- platform: x64
|
||||
VSVER: 10
|
||||
- platform: x64
|
||||
VSVER: 11
|
||||
|
||||
before_build:
|
||||
- ps: >-
|
||||
If ($env:Platform -Match "x86") {
|
||||
$env:VCVARS_PLATFORM="x86"
|
||||
$env:TARGET="VC-WIN32"
|
||||
$env:DO="do_ms"
|
||||
} Else {
|
||||
$env:VCVARS_PLATFORM="amd64"
|
||||
$env:TARGET="VC-WIN64A"
|
||||
$env:DO="do_win64a"
|
||||
}
|
||||
- ps: >-
|
||||
If ($env:Configuration -Like "*shared*") {
|
||||
$env:MAK="ntdll.mak"
|
||||
} Else {
|
||||
$env:MAK="nt.mak"
|
||||
}
|
||||
- ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
|
||||
- call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
|
||||
- perl Configure %TARGET% no-asm
|
||||
- call ms\%DO%
|
||||
|
||||
build_script:
|
||||
- nmake /f ms\%MAK%
|
||||
|
||||
test_script:
|
||||
- nmake /f ms\%MAK% test
|
||||
|
||||
notifications:
|
||||
- provider: Email
|
||||
to:
|
||||
- openssl-commits@openssl.org
|
||||
on_build_success: false
|
||||
on_build_failure: true
|
||||
on_build_status_changed: true
|
||||
8
crypto/.cvsignore
Normal file
8
crypto/.cvsignore
Normal file
@ -0,0 +1,8 @@
|
||||
lib
|
||||
buildinf.h
|
||||
opensslconf.h
|
||||
Makefile.save
|
||||
*.flc
|
||||
semantic.cache
|
||||
*cpuid.s
|
||||
uplink-cof.s
|
||||
@ -125,17 +125,12 @@ install:
|
||||
lint:
|
||||
@target=lint; $(RECURSIVE_MAKE)
|
||||
|
||||
update: local_depend
|
||||
@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
|
||||
depend: local_depend
|
||||
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
local_depend:
|
||||
depend:
|
||||
@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
|
||||
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
|
||||
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
|
||||
clean:
|
||||
rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
|
||||
|
||||
5
crypto/aes/.cvsignore
Normal file
5
crypto/aes/.cvsignore
Normal file
@ -0,0 +1,5 @@
|
||||
lib
|
||||
Makefile.save
|
||||
*.flc
|
||||
semantic.cache
|
||||
aes-*.s
|
||||
@ -106,8 +106,6 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes.h */
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_cbc.c */
|
||||
/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_cfb.c */
|
||||
/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_core.c */
|
||||
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/**
|
||||
* rijndael-alg-fst.c
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ctr.c */
|
||||
/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ecb.c */
|
||||
/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ige.c */
|
||||
/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes.h */
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_misc.c */
|
||||
/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ofb.c */
|
||||
/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_core.c */
|
||||
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/**
|
||||
* rijndael-alg-fst.c
|
||||
*
|
||||
|
||||
@ -45,7 +45,7 @@
|
||||
# the undertaken effort was that it appeared that in tight IA-32
|
||||
# register window little-endian flavor could achieve slightly higher
|
||||
# Instruction Level Parallelism, and it indeed resulted in up to 15%
|
||||
# better performance on most recent µ-archs...
|
||||
# better performance on most recent µ-archs...
|
||||
#
|
||||
# Third version adds AES_cbc_encrypt implementation, which resulted in
|
||||
# up to 40% performance imrovement of CBC benchmark results. 40% was
|
||||
@ -223,7 +223,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
|
||||
$speed_limit=512; # chunks smaller than $speed_limit are
|
||||
# processed with compact routine in CBC mode
|
||||
$small_footprint=1; # $small_footprint=1 code is ~5% slower [on
|
||||
# recent µ-archs], but ~5 times smaller!
|
||||
# recent µ-archs], but ~5 times smaller!
|
||||
# I favor compact code to minimize cache
|
||||
# contention and in hope to "collect" 5% back
|
||||
# in real-life applications...
|
||||
@ -562,7 +562,7 @@ sub enctransform()
|
||||
# Performance is not actually extraordinary in comparison to pure
|
||||
# x86 code. In particular encrypt performance is virtually the same.
|
||||
# Decrypt performance on the other hand is 15-20% better on newer
|
||||
# µ-archs [but we're thankful for *any* improvement here], and ~50%
|
||||
# µ-archs [but we're thankful for *any* improvement here], and ~50%
|
||||
# better on PIII:-) And additionally on the pros side this code
|
||||
# eliminates redundant references to stack and thus relieves/
|
||||
# minimizes the pressure on the memory bus.
|
||||
|
||||
@ -74,7 +74,7 @@ $inout3="xmm5"; $in1="xmm5";
|
||||
$inout4="xmm6"; $in0="xmm6";
|
||||
$inout5="xmm7"; $ivec="xmm7";
|
||||
|
||||
# AESNI extension
|
||||
# AESNI extenstion
|
||||
sub aeskeygenassist
|
||||
{ my($dst,$src,$imm)=@_;
|
||||
if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
|
||||
|
||||
4
crypto/asn1/.cvsignore
Normal file
4
crypto/asn1/.cvsignore
Normal file
@ -0,0 +1,4 @@
|
||||
lib
|
||||
Makefile.save
|
||||
*.flc
|
||||
semantic.cache
|
||||
@ -93,8 +93,6 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
|
||||
} else {
|
||||
if (len != 0) {
|
||||
if ((ret->length < len) || (ret->data == NULL)) {
|
||||
if (ret->data != NULL)
|
||||
OPENSSL_free(ret->data);
|
||||
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
|
||||
if (s == NULL) {
|
||||
i = ERR_R_MALLOC_FAILURE;
|
||||
goto err;
|
||||
}
|
||||
if (ret->data != NULL)
|
||||
OPENSSL_free(ret->data);
|
||||
} else
|
||||
s = ret->data;
|
||||
memcpy(s, p, (int)len);
|
||||
|
||||
@ -141,7 +141,6 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
|
||||
#endif
|
||||
|
||||
#define HEADER_SIZE 8
|
||||
#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
|
||||
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
{
|
||||
BUF_MEM *b;
|
||||
@ -218,44 +217,29 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
/* suck in c.slen bytes of data */
|
||||
want = c.slen;
|
||||
if (want > (len - off)) {
|
||||
size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
|
||||
|
||||
want -= (len - off);
|
||||
if (want > INT_MAX /* BIO_read takes an int length */ ||
|
||||
len + want < len) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
if (!BUF_MEM_grow_clean(b, len + want)) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
while (want > 0) {
|
||||
/*
|
||||
* Read content in chunks of increasing size
|
||||
* so we can return an error for EOF without
|
||||
* having to allocate the entire content length
|
||||
* in one go.
|
||||
*/
|
||||
size_t chunk = want > chunk_max ? chunk_max : want;
|
||||
|
||||
if (!BUF_MEM_grow_clean(b, len + chunk)) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
|
||||
i = BIO_read(in, &(b->data[len]), want);
|
||||
if (i <= 0) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||
ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
}
|
||||
want -= chunk;
|
||||
while (chunk > 0) {
|
||||
i = BIO_read(in, &(b->data[len]), chunk);
|
||||
if (i <= 0) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||
ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
}
|
||||
/*
|
||||
* This can't overflow because |len+want| didn't
|
||||
* overflow.
|
||||
*/
|
||||
len += i;
|
||||
chunk -= i;
|
||||
}
|
||||
if (chunk_max < INT_MAX/2)
|
||||
chunk_max *= 2;
|
||||
len += i;
|
||||
want -= i;
|
||||
}
|
||||
}
|
||||
if (off + c.slen < off) {
|
||||
|
||||
@ -124,8 +124,6 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
else {
|
||||
ret = a->length;
|
||||
i = a->data[0];
|
||||
if (ret == 1 && i == 0)
|
||||
neg = 0;
|
||||
if (!neg && (i > 127)) {
|
||||
pad = 1;
|
||||
pb = 0;
|
||||
@ -164,7 +162,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
p += a->length - 1;
|
||||
i = a->length;
|
||||
/* Copy zeros to destination as long as source is zero */
|
||||
while (!*n && i > 1) {
|
||||
while (!*n) {
|
||||
*(p--) = 0;
|
||||
n--;
|
||||
i--;
|
||||
@ -421,7 +419,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
|
||||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (BN_is_negative(bn) && !BN_is_zero(bn))
|
||||
if (BN_is_negative(bn))
|
||||
ret->type = V_ASN1_NEG_INTEGER;
|
||||
else
|
||||
ret->type = V_ASN1_INTEGER;
|
||||
|
||||
@ -74,8 +74,6 @@
|
||||
#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
|
||||
|
||||
#define ASN1_FLAG_EXP_MAX 20
|
||||
/* Maximum number of nested sequences */
|
||||
#define ASN1_GEN_SEQ_MAX_DEPTH 50
|
||||
|
||||
/* Input formats */
|
||||
|
||||
@ -112,16 +110,13 @@ typedef struct {
|
||||
int exp_count;
|
||||
} tag_exp_arg;
|
||||
|
||||
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
|
||||
int *perr);
|
||||
static int bitstr_cb(const char *elem, int len, void *bitstr);
|
||||
static int asn1_cb(const char *elem, int len, void *bitstr);
|
||||
static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
|
||||
int exp_constructed, int exp_pad, int imp_ok);
|
||||
static int parse_tagging(const char *vstart, int vlen, int *ptag,
|
||||
int *pclass);
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
|
||||
int depth, int *perr);
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
|
||||
static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
|
||||
static int asn1_str2tag(const char *tagstr, int len);
|
||||
|
||||
@ -137,16 +132,6 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
|
||||
}
|
||||
|
||||
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
|
||||
{
|
||||
int err = 0;
|
||||
ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
|
||||
if (err)
|
||||
ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
|
||||
int *perr)
|
||||
{
|
||||
ASN1_TYPE *ret;
|
||||
tag_exp_arg asn1_tags;
|
||||
@ -167,22 +152,17 @@ static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
|
||||
asn1_tags.imp_class = -1;
|
||||
asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
|
||||
asn1_tags.exp_count = 0;
|
||||
if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
|
||||
*perr = ASN1_R_UNKNOWN_TAG;
|
||||
if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((asn1_tags.utype == V_ASN1_SEQUENCE)
|
||||
|| (asn1_tags.utype == V_ASN1_SET)) {
|
||||
if (!cnf) {
|
||||
*perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
|
||||
ASN1err(ASN1_F_ASN1_GENERATE_V3,
|
||||
ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
|
||||
return NULL;
|
||||
}
|
||||
if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
|
||||
*perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
|
||||
return NULL;
|
||||
}
|
||||
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
|
||||
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
|
||||
} else
|
||||
ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
|
||||
|
||||
@ -300,7 +280,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
|
||||
int tmp_tag, tmp_class;
|
||||
|
||||
if (elem == NULL)
|
||||
return -1;
|
||||
return 0;
|
||||
|
||||
for (i = 0, p = elem; i < len; p++, i++) {
|
||||
/* Look for the ':' in name value pairs */
|
||||
@ -373,7 +353,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
|
||||
break;
|
||||
|
||||
case ASN1_GEN_FLAG_FORMAT:
|
||||
if (!vstart) {
|
||||
if(!vstart) {
|
||||
ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
|
||||
return -1;
|
||||
}
|
||||
@ -455,8 +435,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
|
||||
|
||||
/* Handle multiple types: SET and SEQUENCE */
|
||||
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
|
||||
int depth, int *perr)
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
|
||||
{
|
||||
ASN1_TYPE *ret = NULL;
|
||||
STACK_OF(ASN1_TYPE) *sk = NULL;
|
||||
@ -475,8 +454,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
|
||||
goto bad;
|
||||
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
|
||||
ASN1_TYPE *typ =
|
||||
generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
|
||||
depth + 1, perr);
|
||||
ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
|
||||
if (!typ)
|
||||
goto bad;
|
||||
if (!sk_ASN1_TYPE_push(sk, typ))
|
||||
|
||||
@ -63,7 +63,7 @@
|
||||
#include <openssl/asn1_mac.h>
|
||||
|
||||
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
long max);
|
||||
int max);
|
||||
static void asn1_put_length(unsigned char **pp, int length);
|
||||
const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
|
||||
|
||||
@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
|
||||
}
|
||||
*ptag = tag;
|
||||
*pclass = xclass;
|
||||
if (!asn1_get_length(&p, &inf, plength, max))
|
||||
if (!asn1_get_length(&p, &inf, plength, (int)max))
|
||||
goto err;
|
||||
|
||||
if (inf && !(ret & V_ASN1_CONSTRUCTED))
|
||||
@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
|
||||
}
|
||||
|
||||
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
long max)
|
||||
int max)
|
||||
{
|
||||
const unsigned char *p = *pp;
|
||||
unsigned long ret = 0;
|
||||
unsigned long i;
|
||||
unsigned int i;
|
||||
|
||||
if (max-- < 1)
|
||||
return 0;
|
||||
return (0);
|
||||
if (*p == 0x80) {
|
||||
*inf = 1;
|
||||
ret = 0;
|
||||
@ -175,11 +175,15 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
*inf = 0;
|
||||
i = *p & 0x7f;
|
||||
if (*(p++) & 0x80) {
|
||||
if (i > sizeof(ret) || max < (long)i)
|
||||
if (i > sizeof(long))
|
||||
return 0;
|
||||
if (max-- == 0)
|
||||
return (0);
|
||||
while (i-- > 0) {
|
||||
ret <<= 8L;
|
||||
ret |= *(p++);
|
||||
if (max-- == 0)
|
||||
return (0);
|
||||
}
|
||||
} else
|
||||
ret = i;
|
||||
@ -188,7 +192,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
return 0;
|
||||
*pp = p;
|
||||
*rl = (long)ret;
|
||||
return 1;
|
||||
return (1);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -62,10 +62,6 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#ifndef ASN1_PARSE_MAXDEPTH
|
||||
#define ASN1_PARSE_MAXDEPTH 128
|
||||
#endif
|
||||
|
||||
static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
|
||||
int indent);
|
||||
static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
@ -132,12 +128,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
#else
|
||||
dump_indent = 6; /* Because we know BIO_dump_indent() */
|
||||
#endif
|
||||
|
||||
if (depth > ASN1_PARSE_MAXDEPTH) {
|
||||
BIO_puts(bp, "BAD RECURSION DEPTH\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
p = *pp;
|
||||
tot = p + length;
|
||||
op = p - 1;
|
||||
@ -173,8 +163,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
|
||||
goto end;
|
||||
if (j & V_ASN1_CONSTRUCTED) {
|
||||
const unsigned char *sp;
|
||||
|
||||
ep = p + len;
|
||||
if (BIO_write(bp, "\n", 1) <= 0)
|
||||
goto end;
|
||||
@ -184,7 +172,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
goto end;
|
||||
}
|
||||
if ((j == 0x21) && (len == 0)) {
|
||||
sp = p;
|
||||
for (;;) {
|
||||
r = asn1_parse2(bp, &p, (long)(tot - p),
|
||||
offset + (p - *pp), depth + 1,
|
||||
@ -193,25 +180,19 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
if ((r == 2) || (p >= tot)) {
|
||||
len = p - sp;
|
||||
if ((r == 2) || (p >= tot))
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
long tmp = len;
|
||||
|
||||
} else
|
||||
while (p < ep) {
|
||||
sp = p;
|
||||
r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
|
||||
r = asn1_parse2(bp, &p, (long)len,
|
||||
offset + (p - *pp), depth + 1,
|
||||
indent, dump);
|
||||
if (r == 0) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
tmp -= p - sp;
|
||||
}
|
||||
}
|
||||
} else if (xclass != 0) {
|
||||
p += len;
|
||||
if (BIO_write(bp, "\n", 1) <= 0)
|
||||
|
||||
@ -289,8 +289,7 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
|
||||
if ((flags & SMIME_DETACHED) && data) {
|
||||
/* We want multipart/signed */
|
||||
/* Generate a random boundary */
|
||||
if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
|
||||
return 0;
|
||||
RAND_pseudo_bytes((unsigned char *)bound, 32);
|
||||
for (i = 0; i < 32; i++) {
|
||||
c = bound[i] & 0xf;
|
||||
if (c < 10)
|
||||
|
||||
@ -162,7 +162,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
|
||||
|
||||
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
|
||||
p = OPENSSL_malloc(derlen);
|
||||
if (!p)
|
||||
if(!p)
|
||||
return 0;
|
||||
|
||||
ndef_aux->derbuf = p;
|
||||
@ -232,7 +232,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
|
||||
|
||||
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
|
||||
p = OPENSSL_malloc(derlen);
|
||||
if (!p)
|
||||
if(!p)
|
||||
return 0;
|
||||
|
||||
ndef_aux->derbuf = p;
|
||||
|
||||
@ -72,7 +72,6 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
|
||||
long length)
|
||||
{
|
||||
EVP_PKEY *ret;
|
||||
const unsigned char *p = *pp;
|
||||
|
||||
if ((a == NULL) || (*a == NULL)) {
|
||||
if ((ret = EVP_PKEY_new()) == NULL) {
|
||||
@ -95,23 +94,21 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
|
||||
}
|
||||
|
||||
if (!ret->ameth->old_priv_decode ||
|
||||
!ret->ameth->old_priv_decode(ret, &p, length)) {
|
||||
!ret->ameth->old_priv_decode(ret, pp, length)) {
|
||||
if (ret->ameth->priv_decode) {
|
||||
PKCS8_PRIV_KEY_INFO *p8 = NULL;
|
||||
p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
|
||||
p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
|
||||
if (!p8)
|
||||
goto err;
|
||||
EVP_PKEY_free(ret);
|
||||
ret = EVP_PKCS82PKEY(p8);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
if (ret == NULL)
|
||||
goto err;
|
||||
|
||||
} else {
|
||||
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
*pp = p;
|
||||
if (a != NULL)
|
||||
(*a) = ret;
|
||||
return (ret);
|
||||
@ -139,7 +136,6 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
|
||||
* input is surrounded by an ASN1 SEQUENCE.
|
||||
*/
|
||||
inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
|
||||
p = *pp;
|
||||
/*
|
||||
* Since we only need to discern "traditional format" RSA and DSA keys we
|
||||
* can just count the elements.
|
||||
@ -150,7 +146,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
|
||||
keytype = EVP_PKEY_EC;
|
||||
else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
|
||||
* traditional format */
|
||||
PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
|
||||
PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
|
||||
EVP_PKEY *ret;
|
||||
|
||||
sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
|
||||
@ -161,9 +157,6 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
|
||||
}
|
||||
ret = EVP_PKCS82PKEY(p8);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
if (ret == NULL)
|
||||
return NULL;
|
||||
*pp = p;
|
||||
if (a) {
|
||||
*a = ret;
|
||||
}
|
||||
|
||||
@ -140,8 +140,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
|
||||
goto err;
|
||||
|
||||
bs = X509_get_serialNumber(x);
|
||||
if (bs->length < (int)sizeof(long)
|
||||
|| (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
|
||||
if (bs->length <= (int)sizeof(long)) {
|
||||
l = ASN1_INTEGER_get(bs);
|
||||
if (bs->type == V_ASN1_NEG_INTEGER) {
|
||||
l = -l;
|
||||
|
||||
@ -180,8 +180,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
int otag;
|
||||
int ret = 0;
|
||||
ASN1_VALUE **pchptr, *ptmpval;
|
||||
int combine = aclass & ASN1_TFLG_COMBINE;
|
||||
aclass &= ~ASN1_TFLG_COMBINE;
|
||||
if (!pval)
|
||||
return 0;
|
||||
if (aux && aux->asn1_cb)
|
||||
@ -352,9 +350,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
}
|
||||
|
||||
asn1_set_choice_selector(pval, i, it);
|
||||
*in = p;
|
||||
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
|
||||
goto auxerr;
|
||||
*in = p;
|
||||
return 1;
|
||||
|
||||
case ASN1_ITYPE_NDEF_SEQUENCE:
|
||||
@ -491,9 +489,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
/* Save encoding */
|
||||
if (!asn1_enc_save(pval, *in, p - *in, it))
|
||||
goto auxerr;
|
||||
*in = p;
|
||||
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
|
||||
goto auxerr;
|
||||
*in = p;
|
||||
return 1;
|
||||
|
||||
default:
|
||||
@ -502,8 +500,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
auxerr:
|
||||
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
|
||||
err:
|
||||
if (combine == 0)
|
||||
ASN1_item_ex_free(pval, it);
|
||||
ASN1_item_ex_free(pval, it);
|
||||
if (errtt)
|
||||
ERR_add_error_data(4, "Field=", errtt->field_name,
|
||||
", Type=", it->sname);
|
||||
@ -692,7 +689,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
|
||||
} else {
|
||||
/* Nothing special */
|
||||
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
|
||||
-1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
|
||||
-1, 0, opt, ctx);
|
||||
if (!ret) {
|
||||
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
|
||||
@ -100,6 +100,9 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||
else
|
||||
asn1_cb = 0;
|
||||
|
||||
if (!combine)
|
||||
*pval = NULL;
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if (it->sname)
|
||||
CRYPTO_push_info(it->sname);
|
||||
|
||||
@ -290,7 +290,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
|
||||
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
|
||||
const ASN1_TEMPLATE *seqtt;
|
||||
seqtt = asn1_do_adb(fld, tt, 1);
|
||||
if (!seqtt)
|
||||
if(!seqtt)
|
||||
return 0;
|
||||
tmpfld = asn1_get_field_ptr(fld, seqtt);
|
||||
if (!asn1_template_print_ctx(out, tmpfld,
|
||||
|
||||
@ -141,9 +141,8 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
||||
int utype, char *free_cont, const ASN1_ITEM *it)
|
||||
{
|
||||
BIGNUM *bn;
|
||||
|
||||
if (*pval == NULL && !bn_new(pval, it))
|
||||
return 0;
|
||||
if (!*pval)
|
||||
bn_new(pval, it);
|
||||
bn = (BIGNUM *)*pval;
|
||||
if (!BN_bin2bn(cont, len, bn)) {
|
||||
bn_free(pval, it);
|
||||
|
||||
@ -66,13 +66,6 @@
|
||||
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
|
||||
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
|
||||
|
||||
/*
|
||||
* Maximum length of X509_NAME: much larger than anything we should
|
||||
* ever see in practice.
|
||||
*/
|
||||
|
||||
#define X509_NAME_MAX (1024 * 1024)
|
||||
|
||||
static int x509_name_ex_d2i(ASN1_VALUE **val,
|
||||
const unsigned char **in, long len,
|
||||
const ASN1_ITEM *it,
|
||||
@ -199,10 +192,6 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
|
||||
int i, j, ret;
|
||||
STACK_OF(X509_NAME_ENTRY) *entries;
|
||||
X509_NAME_ENTRY *entry;
|
||||
if (len > X509_NAME_MAX) {
|
||||
ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
|
||||
return 0;
|
||||
}
|
||||
q = p;
|
||||
|
||||
/* Get internal representation of Name */
|
||||
|
||||
@ -188,16 +188,13 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
|
||||
{
|
||||
X509_PUBKEY *xpk;
|
||||
EVP_PKEY *pktmp;
|
||||
const unsigned char *q;
|
||||
q = *pp;
|
||||
xpk = d2i_X509_PUBKEY(NULL, &q, length);
|
||||
xpk = d2i_X509_PUBKEY(NULL, pp, length);
|
||||
if (!xpk)
|
||||
return NULL;
|
||||
pktmp = X509_PUBKEY_get(xpk);
|
||||
X509_PUBKEY_free(xpk);
|
||||
if (!pktmp)
|
||||
return NULL;
|
||||
*pp = q;
|
||||
if (a) {
|
||||
EVP_PKEY_free(*a);
|
||||
*a = pktmp;
|
||||
|
||||
@ -177,21 +177,22 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
/* Save start position */
|
||||
q = *pp;
|
||||
|
||||
if (!a || *a == NULL) {
|
||||
if(!a || *a == NULL) {
|
||||
freeret = 1;
|
||||
}
|
||||
ret = d2i_X509(a, &q, length);
|
||||
ret = d2i_X509(a, pp, length);
|
||||
/* If certificate unreadable then forget it */
|
||||
if (!ret)
|
||||
return NULL;
|
||||
/* update length */
|
||||
length -= q - *pp;
|
||||
if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
|
||||
length -= *pp - q;
|
||||
if (!length)
|
||||
return ret;
|
||||
if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
|
||||
goto err;
|
||||
*pp = q;
|
||||
return ret;
|
||||
err:
|
||||
if (freeret) {
|
||||
if(freeret) {
|
||||
X509_free(ret);
|
||||
if (a)
|
||||
*a = NULL;
|
||||
@ -201,19 +202,9 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
|
||||
int i2d_X509_AUX(X509 *a, unsigned char **pp)
|
||||
{
|
||||
int length, tmplen;
|
||||
unsigned char *start = pp != NULL ? *pp : NULL;
|
||||
int length;
|
||||
length = i2d_X509(a, pp);
|
||||
if (length < 0 || a == NULL)
|
||||
return length;
|
||||
|
||||
tmplen = i2d_X509_CERT_AUX(a->aux, pp);
|
||||
if (tmplen < 0) {
|
||||
if (start != NULL)
|
||||
*pp = start;
|
||||
return tmplen;
|
||||
}
|
||||
length += tmplen;
|
||||
|
||||
if (a)
|
||||
length += i2d_X509_CERT_AUX(a->aux, pp);
|
||||
return length;
|
||||
}
|
||||
|
||||
5
crypto/bf/.cvsignore
Normal file
5
crypto/bf/.cvsignore
Normal file
@ -0,0 +1,5 @@
|
||||
lib
|
||||
Makefile.save
|
||||
*.flc
|
||||
semantic.cache
|
||||
bf-*.s
|
||||
@ -72,8 +72,6 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
4
crypto/bf/asm/.cvsignore
Normal file
4
crypto/bf/asm/.cvsignore
Normal file
@ -0,0 +1,4 @@
|
||||
bx86unix.cpp
|
||||
bx86-elf.s
|
||||
*.flc
|
||||
semantic.cache
|
||||
4
crypto/bio/.cvsignore
Normal file
4
crypto/bio/.cvsignore
Normal file
@ -0,0 +1,4 @@
|
||||
lib
|
||||
Makefile.save
|
||||
*.flc
|
||||
semantic.cache
|
||||
@ -73,8 +73,6 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -104,6 +104,7 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
|
||||
if ((rows * dump_width) < len)
|
||||
rows++;
|
||||
for (i = 0; i < rows; i++) {
|
||||
buf[0] = '\0'; /* start with empty string */
|
||||
BUF_strlcpy(buf, str, sizeof buf);
|
||||
BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width);
|
||||
BUF_strlcat(buf, tmp, sizeof buf);
|
||||
|
||||
@ -125,16 +125,16 @@
|
||||
# define LLONG long
|
||||
#endif
|
||||
|
||||
static int fmtstr(char **, char **, size_t *, size_t *,
|
||||
const char *, int, int, int);
|
||||
static int fmtint(char **, char **, size_t *, size_t *,
|
||||
LLONG, int, int, int, int);
|
||||
static int fmtfp(char **, char **, size_t *, size_t *,
|
||||
LDOUBLE, int, int, int);
|
||||
static int doapr_outch(char **, char **, size_t *, size_t *, int);
|
||||
static int _dopr(char **sbuffer, char **buffer,
|
||||
size_t *maxlen, size_t *retlen, int *truncated,
|
||||
const char *format, va_list args);
|
||||
static void fmtstr(char **, char **, size_t *, size_t *,
|
||||
const char *, int, int, int);
|
||||
static void fmtint(char **, char **, size_t *, size_t *,
|
||||
LLONG, int, int, int, int);
|
||||
static void fmtfp(char **, char **, size_t *, size_t *,
|
||||
LDOUBLE, int, int, int);
|
||||
static void doapr_outch(char **, char **, size_t *, size_t *, int);
|
||||
static void _dopr(char **sbuffer, char **buffer,
|
||||
size_t *maxlen, size_t *retlen, int *truncated,
|
||||
const char *format, va_list args);
|
||||
|
||||
/* format read states */
|
||||
#define DP_S_DEFAULT 0
|
||||
@ -165,7 +165,7 @@ static int _dopr(char **sbuffer, char **buffer,
|
||||
#define char_to_int(p) (p - '0')
|
||||
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
|
||||
|
||||
static int
|
||||
static void
|
||||
_dopr(char **sbuffer,
|
||||
char **buffer,
|
||||
size_t *maxlen,
|
||||
@ -196,8 +196,7 @@ _dopr(char **sbuffer,
|
||||
if (ch == '%')
|
||||
state = DP_S_FLAGS;
|
||||
else
|
||||
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
|
||||
ch = *format++;
|
||||
break;
|
||||
case DP_S_FLAGS:
|
||||
@ -303,9 +302,8 @@ _dopr(char **sbuffer,
|
||||
value = va_arg(args, int);
|
||||
break;
|
||||
}
|
||||
if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
|
||||
max, flags))
|
||||
return 0;
|
||||
fmtint(sbuffer, buffer, &currlen, maxlen,
|
||||
value, 10, min, max, flags);
|
||||
break;
|
||||
case 'X':
|
||||
flags |= DP_F_UP;
|
||||
@ -328,19 +326,17 @@ _dopr(char **sbuffer,
|
||||
value = (LLONG) va_arg(args, unsigned int);
|
||||
break;
|
||||
}
|
||||
if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
|
||||
ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
|
||||
min, max, flags))
|
||||
return 0;
|
||||
fmtint(sbuffer, buffer, &currlen, maxlen, value,
|
||||
ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
|
||||
min, max, flags);
|
||||
break;
|
||||
case 'f':
|
||||
if (cflags == DP_C_LDOUBLE)
|
||||
fvalue = va_arg(args, LDOUBLE);
|
||||
else
|
||||
fvalue = va_arg(args, double);
|
||||
if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
|
||||
flags))
|
||||
return 0;
|
||||
fmtfp(sbuffer, buffer, &currlen, maxlen,
|
||||
fvalue, min, max, flags);
|
||||
break;
|
||||
case 'E':
|
||||
flags |= DP_F_UP;
|
||||
@ -359,9 +355,8 @@ _dopr(char **sbuffer,
|
||||
fvalue = va_arg(args, double);
|
||||
break;
|
||||
case 'c':
|
||||
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
|
||||
va_arg(args, int)))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, &currlen, maxlen,
|
||||
va_arg(args, int));
|
||||
break;
|
||||
case 's':
|
||||
strvalue = va_arg(args, char *);
|
||||
@ -371,15 +366,13 @@ _dopr(char **sbuffer,
|
||||
else
|
||||
max = *maxlen;
|
||||
}
|
||||
if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
|
||||
flags, min, max))
|
||||
return 0;
|
||||
fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
|
||||
flags, min, max);
|
||||
break;
|
||||
case 'p':
|
||||
value = (long)va_arg(args, void *);
|
||||
if (!fmtint(sbuffer, buffer, &currlen, maxlen,
|
||||
value, 16, min, max, flags | DP_F_NUM))
|
||||
return 0;
|
||||
fmtint(sbuffer, buffer, &currlen, maxlen,
|
||||
value, 16, min, max, flags | DP_F_NUM);
|
||||
break;
|
||||
case 'n': /* XXX */
|
||||
if (cflags == DP_C_SHORT) {
|
||||
@ -401,8 +394,7 @@ _dopr(char **sbuffer,
|
||||
}
|
||||
break;
|
||||
case '%':
|
||||
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
|
||||
break;
|
||||
case 'w':
|
||||
/* not supported yet, treat as next char */
|
||||
@ -426,56 +418,46 @@ _dopr(char **sbuffer,
|
||||
*truncated = (currlen > *maxlen - 1);
|
||||
if (*truncated)
|
||||
currlen = *maxlen - 1;
|
||||
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
|
||||
*retlen = currlen - 1;
|
||||
return 1;
|
||||
return;
|
||||
}
|
||||
|
||||
static int
|
||||
static void
|
||||
fmtstr(char **sbuffer,
|
||||
char **buffer,
|
||||
size_t *currlen,
|
||||
size_t *maxlen, const char *value, int flags, int min, int max)
|
||||
{
|
||||
int padlen;
|
||||
size_t strln;
|
||||
int padlen, strln;
|
||||
int cnt = 0;
|
||||
|
||||
if (value == 0)
|
||||
value = "<NULL>";
|
||||
|
||||
strln = strlen(value);
|
||||
if (strln > INT_MAX)
|
||||
strln = INT_MAX;
|
||||
|
||||
for (strln = 0; value[strln]; ++strln) ;
|
||||
padlen = min - strln;
|
||||
if (min < 0 || padlen < 0)
|
||||
if (padlen < 0)
|
||||
padlen = 0;
|
||||
if (flags & DP_F_MINUS)
|
||||
padlen = -padlen;
|
||||
|
||||
while ((padlen > 0) && (cnt < max)) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
--padlen;
|
||||
++cnt;
|
||||
}
|
||||
while (*value && (cnt < max)) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
|
||||
++cnt;
|
||||
}
|
||||
while ((padlen < 0) && (cnt < max)) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
++padlen;
|
||||
++cnt;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
static void
|
||||
fmtint(char **sbuffer,
|
||||
char **buffer,
|
||||
size_t *currlen,
|
||||
@ -535,44 +517,37 @@ fmtint(char **sbuffer,
|
||||
|
||||
/* spaces */
|
||||
while (spadlen > 0) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
--spadlen;
|
||||
}
|
||||
|
||||
/* sign */
|
||||
if (signvalue)
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
|
||||
|
||||
/* prefix */
|
||||
while (*prefix) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
|
||||
prefix++;
|
||||
}
|
||||
|
||||
/* zeros */
|
||||
if (zpadlen > 0) {
|
||||
while (zpadlen > 0) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
|
||||
--zpadlen;
|
||||
}
|
||||
}
|
||||
/* digits */
|
||||
while (place > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
|
||||
return 0;
|
||||
}
|
||||
while (place > 0)
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
|
||||
|
||||
/* left justified spaces */
|
||||
while (spadlen < 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
++spadlen;
|
||||
}
|
||||
return 1;
|
||||
return;
|
||||
}
|
||||
|
||||
static LDOUBLE abs_val(LDOUBLE value)
|
||||
@ -603,7 +578,7 @@ static long roundv(LDOUBLE value)
|
||||
return intpart;
|
||||
}
|
||||
|
||||
static int
|
||||
static void
|
||||
fmtfp(char **sbuffer,
|
||||
char **buffer,
|
||||
size_t *currlen,
|
||||
@ -682,91 +657,79 @@ fmtfp(char **sbuffer,
|
||||
|
||||
if ((flags & DP_F_ZERO) && (padlen > 0)) {
|
||||
if (signvalue) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
|
||||
--padlen;
|
||||
signvalue = 0;
|
||||
}
|
||||
while (padlen > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
|
||||
--padlen;
|
||||
}
|
||||
}
|
||||
while (padlen > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
--padlen;
|
||||
}
|
||||
if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
|
||||
return 0;
|
||||
if (signvalue)
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
|
||||
|
||||
while (iplace > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
|
||||
return 0;
|
||||
}
|
||||
while (iplace > 0)
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
|
||||
|
||||
/*
|
||||
* Decimal point. This should probably use locale to find the correct
|
||||
* char to print out.
|
||||
*/
|
||||
if (max > 0 || (flags & DP_F_NUM)) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
|
||||
|
||||
while (fplace > 0) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
|
||||
fconvert[--fplace]))
|
||||
return 0;
|
||||
}
|
||||
while (fplace > 0)
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
|
||||
}
|
||||
while (zpadlen > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
|
||||
--zpadlen;
|
||||
}
|
||||
|
||||
while (padlen < 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
++padlen;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
#define BUFFER_INC 1024
|
||||
|
||||
static int
|
||||
static void
|
||||
doapr_outch(char **sbuffer,
|
||||
char **buffer, size_t *currlen, size_t *maxlen, int c)
|
||||
{
|
||||
/* If we haven't at least one buffer, someone has doe a big booboo */
|
||||
assert(*sbuffer != NULL || buffer != NULL);
|
||||
|
||||
/* |currlen| must always be <= |*maxlen| */
|
||||
assert(*currlen <= *maxlen);
|
||||
|
||||
if (buffer && *currlen == *maxlen) {
|
||||
if (*maxlen > INT_MAX - BUFFER_INC)
|
||||
return 0;
|
||||
|
||||
*maxlen += BUFFER_INC;
|
||||
if (*buffer == NULL) {
|
||||
*buffer = OPENSSL_malloc(*maxlen);
|
||||
if (*buffer == NULL)
|
||||
return 0;
|
||||
if (*currlen > 0) {
|
||||
assert(*sbuffer != NULL);
|
||||
memcpy(*buffer, *sbuffer, *currlen);
|
||||
if (buffer) {
|
||||
while (*currlen >= *maxlen) {
|
||||
if (*buffer == NULL) {
|
||||
if (*maxlen == 0)
|
||||
*maxlen = 1024;
|
||||
*buffer = OPENSSL_malloc(*maxlen);
|
||||
if(!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
if (*currlen > 0) {
|
||||
assert(*sbuffer != NULL);
|
||||
memcpy(*buffer, *sbuffer, *currlen);
|
||||
}
|
||||
*sbuffer = NULL;
|
||||
} else {
|
||||
*maxlen += 1024;
|
||||
*buffer = OPENSSL_realloc(*buffer, *maxlen);
|
||||
if(!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
}
|
||||
*sbuffer = NULL;
|
||||
} else {
|
||||
char *tmpbuf;
|
||||
tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
|
||||
if (tmpbuf == NULL)
|
||||
return 0;
|
||||
*buffer = tmpbuf;
|
||||
}
|
||||
/* What to do if *buffer is NULL? */
|
||||
assert(*sbuffer != NULL || *buffer != NULL);
|
||||
}
|
||||
|
||||
if (*currlen < *maxlen) {
|
||||
@ -776,7 +739,7 @@ doapr_outch(char **sbuffer,
|
||||
(*buffer)[(*currlen)++] = (char)c;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return;
|
||||
}
|
||||
|
||||
/***************************************************************************/
|
||||
@ -808,11 +771,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
|
||||
|
||||
dynbuf = NULL;
|
||||
CRYPTO_push_info("doapr()");
|
||||
if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
|
||||
args)) {
|
||||
OPENSSL_free(dynbuf);
|
||||
return -1;
|
||||
}
|
||||
_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
|
||||
if (dynbuf) {
|
||||
ret = BIO_write(bio, dynbuf, (int)retlen);
|
||||
OPENSSL_free(dynbuf);
|
||||
@ -847,8 +806,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
|
||||
size_t retlen;
|
||||
int truncated;
|
||||
|
||||
if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
|
||||
return -1;
|
||||
_dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
|
||||
|
||||
if (truncated)
|
||||
/*
|
||||
|
||||
@ -139,8 +139,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
|
||||
|
||||
BIO_clear_retry_flags(b);
|
||||
#if 1
|
||||
if (RAND_pseudo_bytes(&n, 1) < 0)
|
||||
return -1;
|
||||
RAND_pseudo_bytes(&n, 1);
|
||||
num = (n & 0x07);
|
||||
|
||||
if (outl > num)
|
||||
@ -179,8 +178,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
|
||||
num = nt->lwn;
|
||||
nt->lwn = 0;
|
||||
} else {
|
||||
if (RAND_pseudo_bytes(&n, 1) < 0)
|
||||
return -1;
|
||||
RAND_pseudo_bytes(&n, 1);
|
||||
num = (n & 7);
|
||||
}
|
||||
|
||||
|
||||
@ -290,7 +290,7 @@ void BIO_clear_flags(BIO *b, int flags);
|
||||
* BIO_CB_RETURN flag indicates if it is after the call
|
||||
*/
|
||||
# define BIO_CB_RETURN 0x80
|
||||
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
|
||||
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
|
||||
# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
|
||||
# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
|
||||
|
||||
@ -478,11 +478,11 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
|
||||
# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
|
||||
# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
|
||||
# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
|
||||
# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
|
||||
|
||||
# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
|
||||
|
||||
/* BIO_s_accept() */
|
||||
/* BIO_s_accept_socket() */
|
||||
# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
|
||||
# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
|
||||
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
|
||||
@ -495,7 +495,6 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
|
||||
# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
|
||||
|
||||
/* BIO_s_accept() and BIO_s_connect() */
|
||||
# define BIO_do_connect(b) BIO_do_handshake(b)
|
||||
# define BIO_do_accept(b) BIO_do_handshake(b)
|
||||
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
|
||||
@ -515,15 +514,12 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
|
||||
# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
|
||||
|
||||
/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
|
||||
# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
|
||||
# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
|
||||
|
||||
/* BIO_s_file() */
|
||||
# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
|
||||
# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
|
||||
|
||||
/* BIO_s_fd() and BIO_s_file() */
|
||||
# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
|
||||
# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
|
||||
|
||||
|
||||
@ -536,10 +536,8 @@ BIO *BIO_dup_chain(BIO *in)
|
||||
|
||||
/* copy app data */
|
||||
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
|
||||
&bio->ex_data)) {
|
||||
BIO_free(new_bio);
|
||||
&bio->ex_data))
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (ret == NULL) {
|
||||
eoc = new_bio;
|
||||
@ -551,8 +549,8 @@ BIO *BIO_dup_chain(BIO *in)
|
||||
}
|
||||
return (ret);
|
||||
err:
|
||||
BIO_free_all(ret);
|
||||
|
||||
if (ret != NULL)
|
||||
BIO_free(ret);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/bio/bss_bio.c */
|
||||
/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
{
|
||||
BIO *dbio;
|
||||
int *ip;
|
||||
const char **pptr = NULL;
|
||||
const char **pptr;
|
||||
long ret = 1;
|
||||
BIO_CONNECT *data;
|
||||
|
||||
@ -442,28 +442,19 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
case BIO_C_GET_CONNECT:
|
||||
if (ptr != NULL) {
|
||||
pptr = (const char **)ptr;
|
||||
}
|
||||
if (num == 0) {
|
||||
*pptr = data->param_hostname;
|
||||
|
||||
if (b->init) {
|
||||
if (pptr != NULL) {
|
||||
ret = 1;
|
||||
if (num == 0) {
|
||||
*pptr = data->param_hostname;
|
||||
} else if (num == 1) {
|
||||
*pptr = data->param_port;
|
||||
} else if (num == 2) {
|
||||
*pptr = (char *)&(data->ip[0]);
|
||||
} else {
|
||||
ret = 0;
|
||||
}
|
||||
} else if (num == 1) {
|
||||
*pptr = data->param_port;
|
||||
} else if (num == 2) {
|
||||
*pptr = (char *)&(data->ip[0]);
|
||||
} else if (num == 3) {
|
||||
*((int *)ptr) = data->port;
|
||||
}
|
||||
if (num == 3) {
|
||||
ret = data->port;
|
||||
}
|
||||
} else {
|
||||
if (pptr != NULL)
|
||||
if ((!b->init) || (ptr == NULL))
|
||||
*pptr = "not initialized";
|
||||
ret = 0;
|
||||
ret = 1;
|
||||
}
|
||||
break;
|
||||
case BIO_C_SET_CONNECT:
|
||||
|
||||
@ -299,17 +299,16 @@ static void dgram_adjust_rcv_timeout(BIO *b)
|
||||
|
||||
/* Calculate time left until timer expires */
|
||||
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
|
||||
if (timeleft.tv_usec < timenow.tv_usec) {
|
||||
timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
|
||||
timeleft.tv_sec -= timenow.tv_sec;
|
||||
timeleft.tv_usec -= timenow.tv_usec;
|
||||
if (timeleft.tv_usec < 0) {
|
||||
timeleft.tv_sec--;
|
||||
} else {
|
||||
timeleft.tv_usec -= timenow.tv_usec;
|
||||
timeleft.tv_usec += 1000000;
|
||||
}
|
||||
if (timeleft.tv_sec < timenow.tv_sec) {
|
||||
|
||||
if (timeleft.tv_sec < 0) {
|
||||
timeleft.tv_sec = 0;
|
||||
timeleft.tv_usec = 1;
|
||||
} else {
|
||||
timeleft.tv_sec -= timenow.tv_sec;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -515,8 +514,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
switch (cmd) {
|
||||
case BIO_CTRL_RESET:
|
||||
num = 0;
|
||||
case BIO_C_FILE_SEEK:
|
||||
ret = 0;
|
||||
break;
|
||||
case BIO_C_FILE_TELL:
|
||||
case BIO_CTRL_INFO:
|
||||
ret = 0;
|
||||
break;
|
||||
@ -952,7 +953,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
|
||||
*/
|
||||
sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
|
||||
authchunks = OPENSSL_malloc(sockopt_len);
|
||||
if (!authchunks) {
|
||||
if(!authchunks) {
|
||||
BIO_vfree(bio);
|
||||
return (NULL);
|
||||
}
|
||||
@ -1292,7 +1293,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
|
||||
(socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
|
||||
authchunks = OPENSSL_malloc(optlen);
|
||||
if (!authchunks) {
|
||||
BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
|
||||
BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
|
||||
return -1;
|
||||
}
|
||||
memset(authchunks, 0, sizeof(optlen));
|
||||
@ -1363,8 +1364,8 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
|
||||
if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
|
||||
char *tmp;
|
||||
data->saved_message.bio = b;
|
||||
if (!(tmp = OPENSSL_malloc(inl))) {
|
||||
BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
|
||||
if(!(tmp = OPENSSL_malloc(inl))) {
|
||||
BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
|
||||
return -1;
|
||||
}
|
||||
if (data->saved_message.data)
|
||||
|
||||
@ -115,8 +115,9 @@ static BIO_METHOD methods_filep = {
|
||||
NULL,
|
||||
};
|
||||
|
||||
static FILE *file_fopen(const char *filename, const char *mode)
|
||||
BIO *BIO_new_file(const char *filename, const char *mode)
|
||||
{
|
||||
BIO *ret;
|
||||
FILE *file = NULL;
|
||||
|
||||
# if defined(_WIN32) && defined(CP_UTF8)
|
||||
@ -163,14 +164,6 @@ static FILE *file_fopen(const char *filename, const char *mode)
|
||||
# else
|
||||
file = fopen(filename, mode);
|
||||
# endif
|
||||
return (file);
|
||||
}
|
||||
|
||||
BIO *BIO_new_file(const char *filename, const char *mode)
|
||||
{
|
||||
BIO *ret;
|
||||
FILE *file = file_fopen(filename, mode);
|
||||
|
||||
if (file == NULL) {
|
||||
SYSerr(SYS_F_FOPEN, get_last_sys_error());
|
||||
ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
|
||||
@ -393,7 +386,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
else
|
||||
strcat(p, "t");
|
||||
# endif
|
||||
fp = file_fopen(ptr, p);
|
||||
fp = fopen(ptr, p);
|
||||
if (fp == NULL) {
|
||||
SYSerr(SYS_F_FOPEN, get_last_sys_error());
|
||||
ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
|
||||
|
||||
7
crypto/bn/.cvsignore
Normal file
7
crypto/bn/.cvsignore
Normal file
@ -0,0 +1,7 @@
|
||||
lib
|
||||
Makefile.save
|
||||
*.flc
|
||||
semantic.cache
|
||||
co-*.s
|
||||
bn-*.s
|
||||
*-mont.s
|
||||
@ -167,8 +167,6 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: bn_prime.h depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
@ -243,8 +241,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||
bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||
bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
|
||||
bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
|
||||
bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
|
||||
bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||
bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||
|
||||
6
crypto/bn/asm/.cvsignore
Normal file
6
crypto/bn/asm/.cvsignore
Normal file
@ -0,0 +1,6 @@
|
||||
bn86unix.cpp
|
||||
co86unix.cpp
|
||||
bn86-elf.s
|
||||
co86-elf.s
|
||||
*.flc
|
||||
semantic.cache
|
||||
@ -41,13 +41,13 @@ $code=<<___;
|
||||
.align 5
|
||||
mul_1x1_neon:
|
||||
vshl.u64 `&Dlo("q1")`,d16,#8 @ q1-q3 are slided $a
|
||||
vmull.p8 `&Q("d0")`,d16,d17 @ a·bb
|
||||
vmull.p8 `&Q("d0")`,d16,d17 @ a·bb
|
||||
vshl.u64 `&Dlo("q2")`,d16,#16
|
||||
vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8·bb
|
||||
vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8·bb
|
||||
vshl.u64 `&Dlo("q3")`,d16,#24
|
||||
vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16·bb
|
||||
vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16·bb
|
||||
vshr.u64 `&Dlo("q1")`,#8
|
||||
vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24·bb
|
||||
vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24·bb
|
||||
vshl.u64 `&Dhi("q1")`,#24
|
||||
veor d0,`&Dlo("q1")`
|
||||
vshr.u64 `&Dlo("q2")`,#16
|
||||
@ -158,7 +158,7 @@ ___
|
||||
################
|
||||
# void bn_GF2m_mul_2x2(BN_ULONG *r,
|
||||
# BN_ULONG a1,BN_ULONG a0,
|
||||
# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0
|
||||
# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0
|
||||
|
||||
($A1,$B1,$A0,$B0,$A1B1,$A0B0)=map("d$_",(18..23));
|
||||
|
||||
@ -184,20 +184,20 @@ bn_GF2m_mul_2x2:
|
||||
|
||||
vmov d16,$A1
|
||||
vmov d17,$B1
|
||||
bl mul_1x1_neon @ a1·b1
|
||||
bl mul_1x1_neon @ a1·b1
|
||||
vmov $A1B1,d0
|
||||
|
||||
vmov d16,$A0
|
||||
vmov d17,$B0
|
||||
bl mul_1x1_neon @ a0·b0
|
||||
bl mul_1x1_neon @ a0·b0
|
||||
vmov $A0B0,d0
|
||||
|
||||
veor d16,$A0,$A1
|
||||
veor d17,$B0,$B1
|
||||
veor $A0,$A0B0,$A1B1
|
||||
bl mul_1x1_neon @ (a0+a1)·(b0+b1)
|
||||
bl mul_1x1_neon @ (a0+a1)·(b0+b1)
|
||||
|
||||
veor d0,$A0 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
|
||||
veor d0,$A0 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
|
||||
vshl.u64 d1,d0,#32
|
||||
vshr.u64 d0,d0,#32
|
||||
veor $A0B0,d1
|
||||
@ -220,7 +220,7 @@ $code.=<<___;
|
||||
mov $mask,#7<<2
|
||||
sub sp,sp,#32 @ allocate tab[8]
|
||||
|
||||
bl mul_1x1_ialu @ a1·b1
|
||||
bl mul_1x1_ialu @ a1·b1
|
||||
str $lo,[$ret,#8]
|
||||
str $hi,[$ret,#12]
|
||||
|
||||
@ -230,13 +230,13 @@ $code.=<<___;
|
||||
eor r2,r2,$a
|
||||
eor $b,$b,r3
|
||||
eor $a,$a,r2
|
||||
bl mul_1x1_ialu @ a0·b0
|
||||
bl mul_1x1_ialu @ a0·b0
|
||||
str $lo,[$ret]
|
||||
str $hi,[$ret,#4]
|
||||
|
||||
eor $a,$a,r2
|
||||
eor $b,$b,r3
|
||||
bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
|
||||
bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
|
||||
___
|
||||
@r=map("r$_",(6..9));
|
||||
$code.=<<___;
|
||||
|
||||
@ -422,7 +422,7 @@ bn_mul_add_words:
|
||||
|
||||
// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
|
||||
// Itanium 2. Yes, unlike previous versions it scales:-) Previous
|
||||
// version was performing *all* additions in IALU and was starving
|
||||
// version was peforming *all* additions in IALU and was starving
|
||||
// for those even on Itanium 2. In this version one addition is
|
||||
// moved to FPU and is folded with multiplication. This is at cost
|
||||
// of propogating the result from previous call to this subroutine
|
||||
@ -568,7 +568,7 @@ bn_sqr_comba8:
|
||||
// I've estimated this routine to run in ~120 ticks, but in reality
|
||||
// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
|
||||
// cycles consumed for instructions fetch? Or did I misinterpret some
|
||||
// clause in Itanium µ-architecture manual? Comments are welcomed and
|
||||
// clause in Itanium µ-architecture manual? Comments are welcomed and
|
||||
// highly appreciated.
|
||||
//
|
||||
// On Itanium 2 it takes ~190 ticks. This is because of stalls on
|
||||
|
||||
@ -172,19 +172,19 @@ ___
|
||||
if ($SIZE_T==8) {
|
||||
my @r=map("%r$_",(6..9));
|
||||
$code.=<<___;
|
||||
bras $ra,_mul_1x1 # a1·b1
|
||||
bras $ra,_mul_1x1 # a1·b1
|
||||
stmg $lo,$hi,16($rp)
|
||||
|
||||
lg $a,`$stdframe+128+4*$SIZE_T`($sp)
|
||||
lg $b,`$stdframe+128+6*$SIZE_T`($sp)
|
||||
bras $ra,_mul_1x1 # a0·b0
|
||||
bras $ra,_mul_1x1 # a0·b0
|
||||
stmg $lo,$hi,0($rp)
|
||||
|
||||
lg $a,`$stdframe+128+3*$SIZE_T`($sp)
|
||||
lg $b,`$stdframe+128+5*$SIZE_T`($sp)
|
||||
xg $a,`$stdframe+128+4*$SIZE_T`($sp)
|
||||
xg $b,`$stdframe+128+6*$SIZE_T`($sp)
|
||||
bras $ra,_mul_1x1 # (a0+a1)·(b0+b1)
|
||||
bras $ra,_mul_1x1 # (a0+a1)·(b0+b1)
|
||||
lmg @r[0],@r[3],0($rp)
|
||||
|
||||
xgr $lo,$hi
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
# the time being... Except that it has three code paths: pure integer
|
||||
# code suitable for any x86 CPU, MMX code suitable for PIII and later
|
||||
# and PCLMULQDQ suitable for Westmere and later. Improvement varies
|
||||
# from one benchmark and µ-arch to another. Below are interval values
|
||||
# from one benchmark and µ-arch to another. Below are interval values
|
||||
# for 163- and 571-bit ECDH benchmarks relative to compiler-generated
|
||||
# code:
|
||||
#
|
||||
@ -226,22 +226,22 @@ if ($sse2) {
|
||||
&push ("edi");
|
||||
&mov ($a,&wparam(1));
|
||||
&mov ($b,&wparam(3));
|
||||
&call ("_mul_1x1_mmx"); # a1·b1
|
||||
&call ("_mul_1x1_mmx"); # a1·b1
|
||||
&movq ("mm7",$R);
|
||||
|
||||
&mov ($a,&wparam(2));
|
||||
&mov ($b,&wparam(4));
|
||||
&call ("_mul_1x1_mmx"); # a0·b0
|
||||
&call ("_mul_1x1_mmx"); # a0·b0
|
||||
&movq ("mm6",$R);
|
||||
|
||||
&mov ($a,&wparam(1));
|
||||
&mov ($b,&wparam(3));
|
||||
&xor ($a,&wparam(2));
|
||||
&xor ($b,&wparam(4));
|
||||
&call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1)
|
||||
&call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1)
|
||||
&pxor ($R,"mm7");
|
||||
&mov ($a,&wparam(0));
|
||||
&pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0
|
||||
&pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0
|
||||
|
||||
&movq ($A,$R);
|
||||
&psllq ($R,32);
|
||||
@ -266,13 +266,13 @@ if ($sse2) {
|
||||
|
||||
&mov ($a,&wparam(1));
|
||||
&mov ($b,&wparam(3));
|
||||
&call ("_mul_1x1_ialu"); # a1·b1
|
||||
&call ("_mul_1x1_ialu"); # a1·b1
|
||||
&mov (&DWP(8,"esp"),$lo);
|
||||
&mov (&DWP(12,"esp"),$hi);
|
||||
|
||||
&mov ($a,&wparam(2));
|
||||
&mov ($b,&wparam(4));
|
||||
&call ("_mul_1x1_ialu"); # a0·b0
|
||||
&call ("_mul_1x1_ialu"); # a0·b0
|
||||
&mov (&DWP(0,"esp"),$lo);
|
||||
&mov (&DWP(4,"esp"),$hi);
|
||||
|
||||
@ -280,7 +280,7 @@ if ($sse2) {
|
||||
&mov ($b,&wparam(3));
|
||||
&xor ($a,&wparam(2));
|
||||
&xor ($b,&wparam(4));
|
||||
&call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1)
|
||||
&call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1)
|
||||
|
||||
&mov ("ebp",&wparam(0));
|
||||
@r=("ebx","ecx","edi","esi");
|
||||
|
||||
@ -85,21 +85,6 @@ $frame=32; # size of above frame rounded up to 16n
|
||||
|
||||
&and ("esp",-64); # align to cache line
|
||||
|
||||
# Some OSes, *cough*-dows, insist on stack being "wired" to
|
||||
# physical memory in strictly sequential manner, i.e. if stack
|
||||
# allocation spans two pages, then reference to farmost one can
|
||||
# be punishable by SEGV. But page walking can do good even on
|
||||
# other OSes, because it guarantees that villain thread hits
|
||||
# the guard page before it can make damage to innocent one...
|
||||
&mov ("eax","ebp");
|
||||
&sub ("eax","esp");
|
||||
&and ("eax",-4096);
|
||||
&set_label("page_walk");
|
||||
&mov ("edx",&DWP(0,"esp","eax"));
|
||||
&sub ("eax",4096);
|
||||
&data_byte(0x2e);
|
||||
&jnc (&label("page_walk"));
|
||||
|
||||
################################# load argument block...
|
||||
&mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
|
||||
&mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
|
||||
|
||||
@ -66,7 +66,7 @@
|
||||
# undef sqr
|
||||
|
||||
/*-
|
||||
* "m"(a), "+m"(r) is the way to favor DirectPath µ-code;
|
||||
* "m"(a), "+m"(r) is the way to favor DirectPath µ-code;
|
||||
* "g"(0) let the compiler to decide where does it
|
||||
* want to keep the value of zero;
|
||||
*/
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
|
||||
# the time being... Except that it has two code paths: code suitable
|
||||
# for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and
|
||||
# later. Improvement varies from one benchmark and µ-arch to another.
|
||||
# later. Improvement varies from one benchmark and µ-arch to another.
|
||||
# Vanilla code path is at most 20% faster than compiler-generated code
|
||||
# [not very impressive], while PCLMULQDQ - whole 85%-160% better on
|
||||
# 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that
|
||||
@ -184,13 +184,13 @@ ___
|
||||
$code.=<<___;
|
||||
movdqa %xmm0,%xmm4
|
||||
movdqa %xmm1,%xmm5
|
||||
pclmulqdq \$0,%xmm1,%xmm0 # a1·b1
|
||||
pclmulqdq \$0,%xmm1,%xmm0 # a1·b1
|
||||
pxor %xmm2,%xmm4
|
||||
pxor %xmm3,%xmm5
|
||||
pclmulqdq \$0,%xmm3,%xmm2 # a0·b0
|
||||
pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1)
|
||||
pclmulqdq \$0,%xmm3,%xmm2 # a0·b0
|
||||
pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1)
|
||||
xorps %xmm0,%xmm4
|
||||
xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1
|
||||
xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1
|
||||
movdqa %xmm4,%xmm5
|
||||
pslldq \$8,%xmm4
|
||||
psrldq \$8,%xmm5
|
||||
@ -225,13 +225,13 @@ $code.=<<___;
|
||||
mov \$0xf,$mask
|
||||
mov $a1,$a
|
||||
mov $b1,$b
|
||||
call _mul_1x1 # a1·b1
|
||||
call _mul_1x1 # a1·b1
|
||||
mov $lo,16(%rsp)
|
||||
mov $hi,24(%rsp)
|
||||
|
||||
mov 48(%rsp),$a
|
||||
mov 64(%rsp),$b
|
||||
call _mul_1x1 # a0·b0
|
||||
call _mul_1x1 # a0·b0
|
||||
mov $lo,0(%rsp)
|
||||
mov $hi,8(%rsp)
|
||||
|
||||
@ -239,7 +239,7 @@ $code.=<<___;
|
||||
mov 56(%rsp),$b
|
||||
xor 48(%rsp),$a
|
||||
xor 64(%rsp),$b
|
||||
call _mul_1x1 # (a0+a1)·(b0+b1)
|
||||
call _mul_1x1 # (a0+a1)·(b0+b1)
|
||||
___
|
||||
@r=("%rbx","%rcx","%rdi","%rsi");
|
||||
$code.=<<___;
|
||||
|
||||
@ -91,20 +91,6 @@ bn_mul_mont:
|
||||
|
||||
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
|
||||
.Lmul_body:
|
||||
# Some OSes, *cough*-dows, insist on stack being "wired" to
|
||||
# physical memory in strictly sequential manner, i.e. if stack
|
||||
# allocation spans two pages, then reference to farmost one can
|
||||
# be punishable by SEGV. But page walking can do good even on
|
||||
# other OSes, because it guarantees that villain thread hits
|
||||
# the guard page before it can make damage to innocent one...
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lmul_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x66,0x2e # predict non-taken
|
||||
jnc .Lmul_page_walk
|
||||
|
||||
mov $bp,%r12 # reassign $bp
|
||||
___
|
||||
$bp="%r12";
|
||||
@ -310,14 +296,6 @@ bn_mul4x_mont:
|
||||
|
||||
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
|
||||
.Lmul4x_body:
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lmul4x_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lmul4x_page_walk
|
||||
|
||||
mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
|
||||
mov %rdx,%r12 # reassign $bp
|
||||
___
|
||||
@ -729,7 +707,6 @@ $code.=<<___;
|
||||
.align 16
|
||||
bn_sqr4x_mont:
|
||||
.Lsqr4x_enter:
|
||||
mov %rsp,%rax
|
||||
push %rbx
|
||||
push %rbp
|
||||
push %r12
|
||||
@ -738,23 +715,12 @@ bn_sqr4x_mont:
|
||||
push %r15
|
||||
|
||||
shl \$3,${num}d # convert $num to bytes
|
||||
xor %r10,%r10
|
||||
mov %rsp,%r11 # put aside %rsp
|
||||
neg $num # -$num
|
||||
sub $num,%r10 # -$num
|
||||
mov ($n0),$n0 # *n0
|
||||
lea -72(%rsp,$num,2),%rsp # alloca(frame+2*$num)
|
||||
lea -72(%rsp,%r10,2),%rsp # alloca(frame+2*$num)
|
||||
and \$-1024,%rsp # minimize TLB usage
|
||||
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lsqr4x_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lsqr4x_page_walk
|
||||
|
||||
mov $num,%r10
|
||||
neg $num # restore $num
|
||||
lea -48(%rax),%r11 # restore saved %rsp
|
||||
##############################################################
|
||||
# Stack layout
|
||||
#
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user