Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[openssl-commits] [openssl] master update
1,631 views
Skip to first unread message
Dr. Stephen Henson
May 19, 2016, 5:44:01 PM5/19/16
to
The branch master has been updated
via 2197494da6a2f4b1cc7024bb647c775f277f53c5 (commit)
from 6c4be50a5d775866e79b2f58fafb23a862bd38b2 (commit)
- Log -----------------------------------------------------------------
commit 2197494da6a2f4b1cc7024bb647c775f277f53c5
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu May 19 17:22:57 2016 +0100
Use correct EOL in headers.
RT#1817
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/cms.c | 8 +++++---
apps/smime.c | 8 +++++---
doc/apps/cms.pod | 6 ++++++
doc/apps/smime.pod | 7 +++++++
4 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/apps/cms.c b/apps/cms.c
index 1c3069f..3a9b7af 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -216,6 +216,7 @@ int cms_main(int argc, char **argv)
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
unsigned char *secret_key = NULL, *secret_keyid = NULL;
long ltmp;
+ const char *mime_eol = "\n";
OPTION_CHOICE o;
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
@@ -348,6 +349,7 @@ int cms_main(int argc, char **argv)
flags |= CMS_NOOLDMIMETYPE;
break;
case OPT_CRLFEOL:
+ mime_eol = "\r\n";
flags |= CMS_CRLFEOL;
break;
case OPT_NOOUT:
@@ -1040,11 +1042,11 @@ int cms_main(int argc, char **argv)
CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
} else if (outformat == FORMAT_SMIME) {
if (to)
- BIO_printf(out, "To: %s\n", to);
+ BIO_printf(out, "To: %s%s", to, mime_eol);
if (from)
- BIO_printf(out, "From: %s\n", from);
+ BIO_printf(out, "From: %s%s", from, mime_eol);
if (subject)
- BIO_printf(out, "Subject: %s\n", subject);
+ BIO_printf(out, "Subject: %s%s", subject, mime_eol);
if (operation == SMIME_RESIGN)
ret = SMIME_write_CMS(out, cms, indata, flags);
else
diff --git a/apps/smime.c b/apps/smime.c
index ae1b017..f9f3d23 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -134,6 +134,7 @@ int smime_main(int argc, char **argv)
FORMAT_PEM;
int vpmtouched = 0, rv = 0;
ENGINE *e = NULL;
+ const char *mime_eol = "\n";
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
@@ -224,6 +225,7 @@ int smime_main(int argc, char **argv)
break;
case OPT_CRLFEOL:
flags |= PKCS7_CRLFEOL;
+ mime_eol = "\r\n";
break;
case OPT_RAND:
inrand = opt_arg();
@@ -574,11 +576,11 @@ int smime_main(int argc, char **argv)
PEM_write_bio_PKCS7(out, p7);
else {
if (to)
- BIO_printf(out, "To: %s\n", to);
+ BIO_printf(out, "To: %s%s", to, mime_eol);
if (from)
- BIO_printf(out, "From: %s\n", from);
+ BIO_printf(out, "From: %s%s", from, mime_eol);
if (subject)
- BIO_printf(out, "Subject: %s\n", subject);
+ BIO_printf(out, "Subject: %s%s", subject, mime_eol);
if (outformat == FORMAT_SMIME) {
if (operation == SMIME_RESIGN)
rv = SMIME_write_PKCS7(out, p7, indata, flags);
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 2c75664..4876ef1 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -74,6 +74,7 @@ B<openssl> B<cms>
[B<-noattr>]
[B<-nosmimecap>]
[B<-binary>]
+[B<-crlfeol>]
[B<-asciicrlf>]
[B<-nodetach>]
[B<-certfile file>]
@@ -340,6 +341,11 @@ effectively using CR and LF as end of line: as required by the S/MIME
specification. When this option is present no translation occurs. This
is useful when handling binary data which may not be in MIME format.
+=item B<-crlfeol>
+
+normally the output file uses a single B<LF> as end of line. When this
+option is present B<CRLF> is used instead.
+
=item B<-asciicrlf>
when signing use ASCII CRLF format canonicalisation. This strips trailing
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 8b58ccc..4dc7378 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -14,6 +14,8 @@ B<openssl> B<smime>
[B<-resign>]
[B<-verify>]
[B<-pk7out>]
+[B<-binary>]
+[B<-crlfeol>]
[B<-[cipher]>]
[B<-in file>]
[B<-CAfile file>]
@@ -245,6 +247,11 @@ effectively using CR and LF as end of line: as required by the S/MIME
specification. When this option is present no translation occurs. This
is useful when handling binary data which may not be in MIME format.
+=item B<-crlfeol>
+
+normally the output file uses a single B<LF> as end of line. When this
+option is present B<CRLF> is used instead.
+
=item B<-nodetach>
when signing a message use opaque signing: this form is more resistant
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
via 2197494da6a2f4b1cc7024bb647c775f277f53c5 (commit)
from 6c4be50a5d775866e79b2f58fafb23a862bd38b2 (commit)
- Log -----------------------------------------------------------------
commit 2197494da6a2f4b1cc7024bb647c775f277f53c5
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu May 19 17:22:57 2016 +0100
Use correct EOL in headers.
RT#1817
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/cms.c | 8 +++++---
apps/smime.c | 8 +++++---
doc/apps/cms.pod | 6 ++++++
doc/apps/smime.pod | 7 +++++++
4 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/apps/cms.c b/apps/cms.c
index 1c3069f..3a9b7af 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -216,6 +216,7 @@ int cms_main(int argc, char **argv)
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
unsigned char *secret_key = NULL, *secret_keyid = NULL;
long ltmp;
+ const char *mime_eol = "\n";
OPTION_CHOICE o;
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
@@ -348,6 +349,7 @@ int cms_main(int argc, char **argv)
flags |= CMS_NOOLDMIMETYPE;
break;
case OPT_CRLFEOL:
+ mime_eol = "\r\n";
flags |= CMS_CRLFEOL;
break;
case OPT_NOOUT:
@@ -1040,11 +1042,11 @@ int cms_main(int argc, char **argv)
CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
} else if (outformat == FORMAT_SMIME) {
if (to)
- BIO_printf(out, "To: %s\n", to);
+ BIO_printf(out, "To: %s%s", to, mime_eol);
if (from)
- BIO_printf(out, "From: %s\n", from);
+ BIO_printf(out, "From: %s%s", from, mime_eol);
if (subject)
- BIO_printf(out, "Subject: %s\n", subject);
+ BIO_printf(out, "Subject: %s%s", subject, mime_eol);
if (operation == SMIME_RESIGN)
ret = SMIME_write_CMS(out, cms, indata, flags);
else
diff --git a/apps/smime.c b/apps/smime.c
index ae1b017..f9f3d23 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -134,6 +134,7 @@ int smime_main(int argc, char **argv)
FORMAT_PEM;
int vpmtouched = 0, rv = 0;
ENGINE *e = NULL;
+ const char *mime_eol = "\n";
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
@@ -224,6 +225,7 @@ int smime_main(int argc, char **argv)
break;
case OPT_CRLFEOL:
flags |= PKCS7_CRLFEOL;
+ mime_eol = "\r\n";
break;
case OPT_RAND:
inrand = opt_arg();
@@ -574,11 +576,11 @@ int smime_main(int argc, char **argv)
PEM_write_bio_PKCS7(out, p7);
else {
if (to)
- BIO_printf(out, "To: %s\n", to);
+ BIO_printf(out, "To: %s%s", to, mime_eol);
if (from)
- BIO_printf(out, "From: %s\n", from);
+ BIO_printf(out, "From: %s%s", from, mime_eol);
if (subject)
- BIO_printf(out, "Subject: %s\n", subject);
+ BIO_printf(out, "Subject: %s%s", subject, mime_eol);
if (outformat == FORMAT_SMIME) {
if (operation == SMIME_RESIGN)
rv = SMIME_write_PKCS7(out, p7, indata, flags);
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 2c75664..4876ef1 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -74,6 +74,7 @@ B<openssl> B<cms>
[B<-noattr>]
[B<-nosmimecap>]
[B<-binary>]
+[B<-crlfeol>]
[B<-asciicrlf>]
[B<-nodetach>]
[B<-certfile file>]
@@ -340,6 +341,11 @@ effectively using CR and LF as end of line: as required by the S/MIME
specification. When this option is present no translation occurs. This
is useful when handling binary data which may not be in MIME format.
+=item B<-crlfeol>
+
+normally the output file uses a single B<LF> as end of line. When this
+option is present B<CRLF> is used instead.
+
=item B<-asciicrlf>
when signing use ASCII CRLF format canonicalisation. This strips trailing
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 8b58ccc..4dc7378 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -14,6 +14,8 @@ B<openssl> B<smime>
[B<-resign>]
[B<-verify>]
[B<-pk7out>]
+[B<-binary>]
+[B<-crlfeol>]
[B<-[cipher]>]
[B<-in file>]
[B<-CAfile file>]
@@ -245,6 +247,11 @@ effectively using CR and LF as end of line: as required by the S/MIME
specification. When this option is present no translation occurs. This
is useful when handling binary data which may not be in MIME format.
+=item B<-crlfeol>
+
+normally the output file uses a single B<LF> as end of line. When this
+option is present B<CRLF> is used instead.
+
=item B<-nodetach>
when signing a message use opaque signing: this form is more resistant
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
Richard Levitte
May 19, 2016, 5:52:03 PM5/19/16
to
The branch master has been updated
via e990ec5234d9daad66359833c40e4536d7fce499 (commit)
via 2bc57c88d852d83ee31f68f5b84b36d54b4c3dc4 (commit)
from 2197494da6a2f4b1cc7024bb647c775f277f53c5 (commit)
- Log -----------------------------------------------------------------
commit e990ec5234d9daad66359833c40e4536d7fce499
Author: Richard Levitte <lev...@openssl.org>
Date: Thu May 19 16:33:58 2016 +0200
Use the process_docs script to install docs on Windows and VMS
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 2bc57c88d852d83ee31f68f5b84b36d54b4c3dc4
Author: Richard Levitte <lev...@openssl.org>
Date: Thu May 19 15:41:04 2016 +0200
Documentation processor in perl, for platforms that don't have sh
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configurations/windows-makefile.tmpl | 2 +
util/process_docs.pl | 252 +++++++++++++++++++++++++++++++++++
3 files changed, 258 insertions(+)
create mode 100644 util/process_docs.pl
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 5f07637..7c4715d 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -418,6 +418,10 @@ vmsconfig.pm : configdata.pm
WRITE CONFIG "1;"
CLOSE CONFIG
+install_html_docs : check_INSTALLTOP
+ @ $(PERL) {- sourcefile("util", "process_docs.pl") -} -
+ --destdir=ossl_installroot:[HTML] --type=html
+
check_INSTALLTOP :
@ IF "$(INSTALLTOP)" .EQS. "" THEN -
WRITE SYS$ERROR "INSTALLTOP should not be empty"
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index b04d850..3f92f14 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -189,6 +189,8 @@ install_sw: all install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
install_docs:
+ $(PERL) $(SRCDIR)\util\process_docs.pl \
+ "--destdir=$(DESTDIR)$(INSTALLTOP)\html" --type=html
uninstall_docs:
diff --git a/util/process_docs.pl b/util/process_docs.pl
new file mode 100644
index 0000000..eaa4964
--- /dev/null
+++ b/util/process_docs.pl
@@ -0,0 +1,252 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use File::Spec::Functions;
+use File::Basename;
+use File::Copy;
+use File::Path;
+use Getopt::Long;
+use Pod::Usage;
+
+use lib '.';
+use configdata;
+
+my %options = ();
+GetOptions(\%options,
+ 'sourcedir=s', # Source directory
+ 'subdir=s%', # Subdirectories to look through,
+ # with associated section numbers
+ 'destdir=s', # Destination directory
+ #'in=s@', # Explicit files to process (ignores sourcedir)
+ #'section=i', # Default section used for --in files
+ 'type=s', # The result type, 'man' or 'html'
+ 'remove', # To remove files rather than writing them
+ 'dry-run|n', # Only output file names on STDOUT
+ 'debug|D+',
+ );
+
+unless ($options{subdir}) {
+ $options{subdir} = { apps => '1',
+ crypto => '3',
+ ssl => '3' };
+}
+unless ($options{sourcedir}) {
+ $options{sourcedir} = catdir($config{sourcedir}, "doc");
+}
+pod2usage(1) unless ( defined $options{subdir}
+ && defined $options{sourcedir}
+ && defined $options{destdir}
+ && defined $options{type}
+ && ($options{type} eq 'man'
+ || $options{type} eq 'html') );
+
+if ($options{debug}) {
+ print STDERR "DEBUG: options:\n";
+ print STDERR "DEBUG: --sourcedir = $options{sourcedir}\n"
+ if defined $options{sourcedir};
+ print STDERR "DEBUG: --destdir = $options{destdir}\n"
+ if defined $options{destdir};
+ print STDERR "DEBUG: --type = $options{type}\n"
+ if defined $options{type};
+ foreach (keys %{$options{subdir}}) {
+ print STDERR "DEBUG: --subdir = $_=$options{subdir}->{$_}\n";
+ }
+ print STDERR "DEBUG: --remove = $options{remove}\n"
+ if defined $options{remove};
+ print STDERR "DEBUG: --debug = $options{debug}\n"
+ if defined $options{debug};
+ print STDERR "DEBUG: --dry-run = $options{\"dry-run\"}\n"
+ if defined $options{"dry-run"};
+}
+
+my $symlink_exists = eval { symlink("",""); 1 };
+
+foreach my $subdir (keys %{$options{subdir}}) {
+ my $section = $options{subdir}->{$subdir};
+ my $podsourcedir = catfile($options{sourcedir}, $subdir);
+ my $podglob = catfile($podsourcedir, "*.pod");
+
+ foreach my $podfile (glob "$podglob") {
+ my $podname = basename($podfile, ".pod");
+ my $podpath = catfile($podfile);
+ my %podinfo = ( section => $section );
+
+ print STDERR "DEBUG: Reading $podpath\n" if $options{debug};
+ open my $pod_fh, $podpath or die "Trying to read $podpath: $!\n";
+ while (<$pod_fh>) {
+ s|\R$||;
+ if (m|^=for\s+comment\s+openssl_manual_section:\s*([0-9])\s*$|) {
+ print STDERR "Found section number $1\n" if $options{debug};
+ $podinfo{section} = $1;
+ }
+ last if m|^=head1| && defined $podinfo{lastsect} eq "NAME";
+ if (m|^head1=\s*(.*)|) {
+ $podinfo{lastsect} = $1;
+ $podinfo{lastsect} =~ s/\s+$//;
+ }
+ next if (m|^=| || m|^\s*$|);
+ $podinfo{lastsecttext} .= " ";
+ $podinfo{lastsecttext} .= $_;
+ }
+ close $pod_fh;
+ $podinfo{lastsecttext} =~ s| - .*$||;
+ print STDERR "DEBUG: Done reading $podpath\n" if $options{debug};
+
+ my @podfiles =
+ grep { $_ ne $podname }
+ map { s|\s+||g; $_ }
+ split(m|,|, $podinfo{lastsecttext});
+
+ my $updir = updir();
+ my $name = uc $podname;
+ my $suffix = { man => ".$podinfo{section}",
+ html => ".html" } -> {$options{type}};
+ my $generate = { man => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"",
+ html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=apps:crypto:ssl \"--infile=$podpath\" \"--title=$podname\""
+ } -> {$options{type}};
+ my $output_dir = catdir($options{destdir}, "man$podinfo{section}");
+ my $output_file = $podname . $suffix;
+ my $output_path = catfile($output_dir, $output_file);
+
+ if (! $options{remove}) {
+ my @output;
+ print STDERR "DEBUG: Processing, using \"$generate\"\n"
+ if $options{debug};
+ unless ($options{"dry-run"}) {
+ @output = `$generate`;
+ map { s|href="http://man\.he\.net/man|href="../man|g; } @output
+ if $options{type} eq "html";
+ }
+ print STDERR "DEBUG: Done processing\n" if $options{debug};
+
+ if (! -d $output_dir) {
+ print STDERR "DEBUG: Creating directory $output_dir\n" if $options{debug};
+ unless ($options{"dry-run"}) {
+ mkpath $output_dir
+ or die "Trying to create directory $output_dir: $!\n";
+ }
+ }
+ print STDERR "DEBUG: Writing $output_path\n" if $options{debug};
+ unless ($options{"dry-run"}) {
+ open my $output_fh, '>', $output_path
+ or die "Trying to write to $output_path: $!\n";
+ foreach (@output) {
+ print $output_fh $_;
+ }
+ close $output_fh;
+ }
+ print STDERR "DEBUG: Done writing $output_path\n" if $options{debug};
+ } else {
+ print STDERR "DEBUG: Removing $output_path\n" if $options{debug};
+ unless ($options{"dry-run"}) {
+ while (unlink $output_path) {}
+ }
+ }
+ print "$output_path\n";
+
+ foreach (@podfiles) {
+ my $link_file = $_ . $suffix;
+ my $link_path = catfile($output_dir, $link_file);
+ if (! $options{remove}) {
+ if ($symlink_exists) {
+ print STDERR "DEBUG: Linking $link_path -> $output_file\n"
+ if $options{debug};
+ unless ($options{"dry-run"}) {
+ symlink $output_file, $link_path;
+ }
+ } else {
+ print STDERR "DEBUG: Copying $output_path to link_path\n"
+ if $options{debug};
+ unless ($options{"dry-run"}) {
+ copy $output_path, $link_path;
+ }
+ }
+ } else {
+ print STDERR "DEBUG: Removing $link_path\n" if $options{debug};
+ unless ($options{"dry-run"}) {
+ while (unlink $link_path) {}
+ }
+ }
+ print "$link_path -> $output_path\n";
+ }
+ }
+}
+
+__END__
+
+=pod
+
+=head1 NAME
+
+process_docs.pl - A script to process OpenSSL docs
+
+=head1 SYNOPSIS
+
+B<process_docs.pl>
+[B<--sourcedir>=I<dir>]
+B<--destdir>=I<dir>
+B<--type>=B<man>|B<html>
+[B<--remove>]
+[B<--dry-run>|B<-n>]
+[B<--debug>|B<-D>]
+
+=head1 DESCRIPTION
+
+This script looks for .pod files in the subdirectories 'apps', 'crypto'
+and 'ssl' under the given source directory.
+
+The OpenSSL configuration data file F<configdata.pm> I<must> reside in
+the current directory, I<or> perl must have the directory it resides in
+in its inclusion array. For the latter variant, a call like this would
+work:
+
+ perl -I../foo util/process_docs.pl {options ...}
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<--sourcedir>=I<dir>
+
+Top directory where the source files are found.
+
+=item B<--destdir>=I<dir>
+
+Top directory where the resulting files should end up
+
+=item B<--type>=B<man>|B<html>
+
+Type of output to produce. Currently supported are man pages and HTML files.
+
+=item B<--remove>
+
+Instead of writing the files, remove them.
+
+=item B<--dry-run>|B<-n>
+
+Do not perform any file writing, directory creation or file removal.
+
+=item B<--debug>|B<-D>
+
+Print extra debugging output.
+
+=back
+
+=head1 COPYRIGHT
+
+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+https://www.openssl.org/source/license.html
+
+=cut
Richard Levitte
May 20, 2016, 8:23:07 AM5/20/16
to
The branch master has been updated
via 72106aaab439eddc69df29aa328fb5eeb2086f84 (commit)
from 1bc74519a2a57ef8e67484ca92890fa94d3dd66f (commit)
- Log -----------------------------------------------------------------
commit 72106aaab439eddc69df29aa328fb5eeb2086f84
Author: Richard Levitte <lev...@openssl.org>
Date: Fri May 20 10:13:14 2016 +0200
Fixup READLINE case
RT#4543
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/openssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/openssl.c b/apps/openssl.c
index 978790e..e554010 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -204,7 +204,7 @@ int main(int argc, char *argv[])
extern void add_history(const char *cp);
char *text;
- char *text = readline(prompt);
+ text = readline(prompt);
if (text == NULL)
goto end;
i = strlen(text);
Matt Caswell
May 20, 2016, 9:13:28 AM5/20/16
to
The branch master has been updated
via 464175692f1f00a9e5a87f040d0c59184d63b53b (commit)
from 72106aaab439eddc69df29aa328fb5eeb2086f84 (commit)
- Log -----------------------------------------------------------------
commit 464175692f1f00a9e5a87f040d0c59184d63b53b
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 17 12:28:14 2016 +0100
Simplify SSL BIO buffering logic
The write BIO for handshake messages is bufferred so that we only write
out to the network when we have a complete flight. There was some
complexity in the buffering logic so that we switched buffering on and
off at various points through out the handshake. The only real reason to
do this was historically it complicated the state machine when you wanted
to flush because you had to traverse through the "flush" state (in order
to cope with NBIO). Where we knew up front that there was only going to
be one message in the flight we switched off buffering to avoid that.
In the new state machine there is no longer a need for a flush state so
it is simpler just to have buffering on for the whole handshake. This
also gives us the added benefit that we can simply call flush after every
flight even if it only has one message in it. This means that BIO authors
can implement their own buffering strategies and not have to be aware of
the state of the SSL object (previously they would have to switch off
their own buffering during the handshake because they could not rely on
a flush being received when they really needed to write data out). This
last point addresses GitHub Issue #322.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_locl.h | 4 ++--
ssl/statem/statem.c | 20 ++++++++++----------
ssl/statem/statem_clnt.c | 15 ++-------------
test/heartbeat_test.c | 2 +-
5 files changed, 23 insertions(+), 41 deletions(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9fb6e89..83ad9ef 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3220,34 +3220,27 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s)
#endif
}
-int ssl_init_wbio_buffer(SSL *s, int push)
+int ssl_init_wbio_buffer(SSL *s)
{
BIO *bbio;
if (s->bbio == NULL) {
bbio = BIO_new(BIO_f_buffer());
if (bbio == NULL)
- return (0);
+ return 0;
s->bbio = bbio;
+ s->wbio = BIO_push(bbio, s->wbio);
} else {
bbio = s->bbio;
- if (s->bbio == s->wbio)
- s->wbio = BIO_pop(s->wbio);
+ (void)BIO_reset(bbio);
}
- (void)BIO_reset(bbio);
-/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
+
if (!BIO_set_read_buffer_size(bbio, 1)) {
SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
- return (0);
- }
- if (push) {
- if (s->wbio != bbio)
- s->wbio = BIO_push(bbio, s->wbio);
- } else {
- if (s->wbio == bbio)
- s->wbio = BIO_pop(bbio);
+ return 0;
}
- return (1);
+
+ return 1;
}
void ssl_free_wbio_buffer(SSL *s)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 968a2ec..a1f5774 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1787,7 +1787,7 @@ const SSL_METHOD *func_name(void) \
}
struct openssl_ssl_test_functions {
- int (*p_ssl_init_wbio_buffer) (SSL *s, int push);
+ int (*p_ssl_init_wbio_buffer) (SSL *s);
int (*p_ssl3_setup_buffers) (SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS
int (*p_dtls1_process_heartbeat) (SSL *s,
@@ -1963,7 +1963,7 @@ __owur int dtls1_shutdown(SSL *s);
__owur int dtls1_dispatch_alert(SSL *s);
-__owur int ssl_init_wbio_buffer(SSL *s, int push);
+__owur int ssl_init_wbio_buffer(SSL *s);
void ssl_free_wbio_buffer(SSL *s);
__owur int tls1_change_cipher_state(SSL *s, int which);
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index d0ea55f..20353c3 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -320,20 +320,20 @@ static int state_machine(SSL *s, int server)
*/
s->s3->change_cipher_spec = 0;
- if (!server || st->state != MSG_FLOW_RENEGOTIATE) {
- /*
- * Ok, we now need to push on a buffering BIO ...but not with
- * SCTP
- */
+
+ /*
+ * Ok, we now need to push on a buffering BIO ...but not with
+ * SCTP
+ */
#ifndef OPENSSL_NO_SCTP
- if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
+ if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
#endif
- if (!ssl_init_wbio_buffer(s, server ? 1 : 0)) {
- goto end;
- }
+ if (!ssl_init_wbio_buffer(s)) {
+ goto end;
+ }
+ if (!server || st->state != MSG_FLOW_RENEGOTIATE)
ssl3_init_finished_mac(s);
- }
if (server) {
if (st->state != MSG_FLOW_RENEGOTIATE) {
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 7591bb9..ecbc43b 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -437,20 +437,9 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
switch(st->hand_state) {
case TLS_ST_CW_CLNT_HELLO:
- if (SSL_IS_DTLS(s) && s->d1->cookie_len > 0 && statem_flush(s) != 1)
+ if (wst == WORK_MORE_A && statem_flush(s) != 1)
return WORK_MORE_A;
-#ifndef OPENSSL_NO_SCTP
- /* Disable buffering for SCTP */
- if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-#endif
- /*
- * turn on buffering for the next lot of output
- */
- if (s->bbio != s->wbio)
- s->wbio = BIO_push(s->bbio, s->wbio);
-#ifndef OPENSSL_NO_SCTP
- }
-#endif
+
if (SSL_IS_DTLS(s)) {
/* Treat the next message as the first packet */
s->first_packet = 1;
diff --git a/test/heartbeat_test.c b/test/heartbeat_test.c
index f92510a..906736c 100644
--- a/test/heartbeat_test.c
+++ b/test/heartbeat_test.c
@@ -101,7 +101,7 @@ static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name,
goto fail;
}
- if (!ssl_init_wbio_buffer(fixture.s, 1)) {
+ if (!ssl_init_wbio_buffer(fixture.s)) {
fprintf(stderr, "Failed to set up wbio buffer for test: %s\n",
test_case_name);
setup_ok = 0;
Matt Caswell
May 20, 2016, 9:22:02 AM5/20/16
to
The branch master has been updated
via 1257adecd4afba978806b77bd5d45f32715d97d3 (commit)
from 464175692f1f00a9e5a87f040d0c59184d63b53b (commit)
- Log -----------------------------------------------------------------
commit 1257adecd4afba978806b77bd5d45f32715d97d3
Author: David Benjamin <davi...@google.com>
Date: Sat Mar 5 22:50:44 2016 -0500
Tighten up logic around ChangeCipherSpec.
ChangeCipherSpec messages have a defined value. They also may not occur
in the middle of a handshake message. The current logic will accept a
ChangeCipherSpec with value 2. It also would accept up to three bytes of
handshake data before the ChangeCipherSpec which it would discard
(because s->init_num gets reset).
Instead, require that s->init_num is 0 when a ChangeCipherSpec comes in.
RT#4391
Reviewed-by: Andy Polyakov <ap...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_lib.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 6ceb9ec..eb3e591 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -354,6 +354,16 @@ int tls_get_message_header(SSL *s, int *mt)
return 0;
}
if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ /*
+ * A ChangeCipherSpec must be a single byte and may not occur
+ * in the middle of a handshake message.
+ */
+ if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
+ SSL_R_BAD_CHANGE_CIPHER_SPEC);
+ goto f_err;
+ }
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
s->init_num = i - 1;
s->s3->tmp.message_size = i;
Matt Caswell
May 20, 2016, 9:45:52 AM5/20/16
to
The branch master has been updated
via d7295cd6d2e9f01b6aee367004e18c4c0a607565 (commit)
via 1689e7e688b3b0ae492932b07f2626f8a4e1e664 (commit)
from 1257adecd4afba978806b77bd5d45f32715d97d3 (commit)
- Log -----------------------------------------------------------------
commit d7295cd6d2e9f01b6aee367004e18c4c0a607565
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 12 16:04:10 2016 +0100
Add an async io test
This adds an async IO test. There are two test runs. The first one does
a normal handshake with lots of async IO events. The second one does the
same but this time breaks up all the written records into multiple records
of one byte in length. We do this all the way up until the CCS.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
commit 1689e7e688b3b0ae492932b07f2626f8a4e1e664
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 12 17:18:32 2016 +0100
Ensure async IO works with new state machine
In the new state machine if using nbio and we get the header of a
handshake message is one record with the body in the next, with an nbio
event in the middle, then the connection was failing. This is because
s->init_num was getting reset. We should only reset it after we have
read the whole message.
RT#4394
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
test/asynciotest.c | 380 +++++++++++++++++++++
test/build.info | 6 +-
.../{70-test_clienthello.t => 70-test_asyncio.t} | 6 +-
4 files changed, 393 insertions(+), 4 deletions(-)
create mode 100644 test/asynciotest.c
copy test/recipes/{70-test_clienthello.t => 70-test_asyncio.t} (73%)
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 20353c3..0b0595d 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -500,7 +500,6 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) {
while(1) {
switch(st->read_state) {
case READ_STATE_HEADER:
- s->init_num = 0;
/* Get the state the peer wants to move to */
if (SSL_IS_DTLS(s)) {
/*
@@ -559,6 +558,10 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) {
return SUB_STATE_ERROR;
}
ret = process_message(s, &pkt);
+
+ /* Discard the packet data */
+ s->init_num = 0;
+
if (ret == MSG_PROCESS_ERROR) {
return SUB_STATE_ERROR;
}
diff --git a/test/asynciotest.c b/test/asynciotest.c
new file mode 100644
index 0000000..f80425e
--- /dev/null
+++ b/test/asynciotest.c
@@ -0,0 +1,380 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <string.h>
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#include "../ssl/packet_locl.h"
+
+/* Should we fragment records or not? 0 = no, !0 = yes*/
+static int fragment = 0;
+
+static int async_new(BIO *bi);
+static int async_free(BIO *a);
+static int async_read(BIO *b, char *out, int outl);
+static int async_write(BIO *b, const char *in, int inl);
+static long async_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int async_gets(BIO *bp, char *buf, int size);
+static int async_puts(BIO *bp, const char *str);
+
+/* Choose a sufficiently large type likely to be unused for this custom BIO */
+# define BIO_TYPE_ASYNC_FILTER (0x80 | BIO_TYPE_FILTER)
+
+static BIO_METHOD *methods_async = NULL;
+
+struct async_ctrs {
+ unsigned int rctr;
+ unsigned int wctr;
+};
+
+static const BIO_METHOD *bio_f_async_filter()
+{
+ if (methods_async == NULL) {
+ methods_async = BIO_meth_new(BIO_TYPE_ASYNC_FILTER, "Async filter");
+ if ( methods_async == NULL
+ || !BIO_meth_set_write(methods_async, async_write)
+ || !BIO_meth_set_read(methods_async, async_read)
+ || !BIO_meth_set_puts(methods_async, async_puts)
+ || !BIO_meth_set_gets(methods_async, async_gets)
+ || !BIO_meth_set_ctrl(methods_async, async_ctrl)
+ || !BIO_meth_set_create(methods_async, async_new)
+ || !BIO_meth_set_destroy(methods_async, async_free))
+ return NULL;
+ }
+ return methods_async;
+}
+
+static int async_new(BIO *bio)
+{
+ struct async_ctrs *ctrs;
+
+ ctrs = OPENSSL_zalloc(sizeof(struct async_ctrs));
+ if (ctrs == NULL)
+ return 0;
+
+ BIO_set_data(bio, ctrs);
+ BIO_set_init(bio, 1);
+ return 1;
+}
+
+static int async_free(BIO *bio)
+{
+ struct async_ctrs *ctrs;
+
+ if (bio == NULL)
+ return 0;
+ ctrs = BIO_get_data(bio);
+ OPENSSL_free(ctrs);
+ BIO_set_data(bio, NULL);
+ BIO_set_init(bio, 0);
+
+ return 1;
+}
+
+static int async_read(BIO *bio, char *out, int outl)
+{
+ struct async_ctrs *ctrs;
+ int ret = 0;
+ BIO *next = BIO_next(bio);
+
+ if (outl <= 0)
+ return 0;
+ if (next == NULL)
+ return 0;
+
+ ctrs = BIO_get_data(bio);
+
+ BIO_clear_retry_flags(bio);
+
+ if (ctrs->rctr > 0) {
+ ret = BIO_read(next, out, 1);
+ if (ret <= 0 && BIO_should_read(next))
+ BIO_set_retry_read(bio);
+ ctrs->rctr = 0;
+ } else {
+ ctrs->rctr++;
+ BIO_set_retry_read(bio);
+ }
+
+ return ret;
+}
+
+#define MIN_RECORD_LEN 6
+
+#define CONTENTTYPEPOS 0
+#define VERSIONHIPOS 1
+#define VERSIONLOPOS 2
+#define DATAPOS 5
+
+static int async_write(BIO *bio, const char *in, int inl)
+{
+ struct async_ctrs *ctrs;
+ int ret = 0;
+ size_t written = 0;
+ BIO *next = BIO_next(bio);
+
+ if (inl <= 0)
+ return 0;
+ if (next == NULL)
+ return 0;
+
+ ctrs = BIO_get_data(bio);
+
+ BIO_clear_retry_flags(bio);
+
+ if (ctrs->wctr > 0) {
+ ctrs->wctr = 0;
+ if (fragment) {
+ PACKET pkt;
+
+ if (!PACKET_buf_init(&pkt, (const unsigned char *)in, inl))
+ abort();
+
+ while (PACKET_remaining(&pkt) > 0) {
+ PACKET payload;
+ unsigned int contenttype, versionhi, versionlo, data;
+
+ if ( !PACKET_get_1(&pkt, &contenttype)
+ || !PACKET_get_1(&pkt, &versionhi)
+ || !PACKET_get_1(&pkt, &versionlo)
+ || !PACKET_get_length_prefixed_2(&pkt, &payload))
+ abort();
+
+ /* Pretend we wrote out the record header */
+ written += SSL3_RT_HEADER_LENGTH;
+
+ while (PACKET_get_1(&payload, &data)) {
+ /* Create a new one byte long record for each byte in the
+ * record in the input buffer
+ */
+ char smallrec[MIN_RECORD_LEN] = {
+ 0, /* Content type */
+ 0, /* Version hi */
+ 0, /* Version lo */
+ 0, /* Length hi */
+ 1, /* Length lo */
+ 0 /* Data */
+ };
+
+ smallrec[CONTENTTYPEPOS] = contenttype;
+ smallrec[VERSIONHIPOS] = versionhi;
+ smallrec[VERSIONLOPOS] = versionlo;
+ smallrec[DATAPOS] = data;
+ ret = BIO_write(next, smallrec, MIN_RECORD_LEN);
+ if (ret <= 0)
+ abort();
+ written++;
+ }
+ /*
+ * We can't fragment anything after the CCS, otherwise we
+ * get a bad record MAC
+ */
+ if (contenttype == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ fragment = 0;
+ break;
+ }
+ }
+ }
+ /* Write any data we have left after fragmenting */
+ ret = 0;
+ if ((int)written < inl) {
+ ret = BIO_write(next, in + written , inl - written);
+ }
+
+ if (ret <= 0 && BIO_should_write(next))
+ BIO_set_retry_write(bio);
+ else
+ ret += written;
+ } else {
+ ctrs->wctr++;
+ BIO_set_retry_write(bio);
+ }
+
+ return ret;
+}
+
+static long async_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+ long ret;
+ BIO *next = BIO_next(bio);
+
+ if (next == NULL)
+ return 0;
+
+ switch (cmd) {
+ case BIO_CTRL_DUP:
+ ret = 0L;
+ break;
+ default:
+ ret = BIO_ctrl(next, cmd, num, ptr);
+ break;
+ }
+ return ret;
+}
+
+static int async_gets(BIO *bio, char *buf, int size)
+{
+ /* We don't support this - not needed anyway */
+ return -1;
+}
+
+static int async_puts(BIO *bio, const char *str)
+{
+ return async_write(bio, str, strlen(str));
+}
+
+#define MAXLOOPS 100000
+
+int main(int argc, char *argv[])
+{
+ SSL_CTX *serverctx = NULL, *clientctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
+ BIO *s_to_c_fbio = NULL, *c_to_s_fbio = NULL;
+ int retc = -1, rets = -1, err, abortctr;
+ int test;
+
+ CRYPTO_set_mem_debug(1);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ if (argc != 3) {
+ printf("Invalid argument count\n");
+ goto end;
+ }
+
+ serverctx = SSL_CTX_new(TLS_server_method());
+ }
+
+ clientctx = SSL_CTX_new(TLS_client_method());
+ if (serverctx == NULL || clientctx == NULL) {
+ printf("Failed to create SSL_CTX\n");
+ goto end;
+ }
+
+ if (SSL_CTX_use_certificate_file(serverctx, argv[1],
+ }
+
+ SSL_FILETYPE_PEM) <= 0) {
+ printf("Failed to load server certificate\n");
+ goto end;
+ }
+ if (SSL_CTX_use_PrivateKey_file(serverctx, argv[2],
+ SSL_FILETYPE_PEM) <= 0) {
+ printf("Failed to load server private key\n");
+ }
+ if (SSL_CTX_check_private_key(serverctx) <= 0) {
+ printf("Failed to check private key\n");
+ goto end;
+ }
+
+ /*
+ }
+
+ * We do 2 test runs. The first time around we just do a normal handshake
+ * with lots of async io going on. The second time around we also break up
+ * all records so that the content is only one byte length (up until the
+ * CCS)
+ */
+ for (test = 1; test < 3; test++) {
+ abortctr = 0;
+ retc = rets = -1;
+ if (test == 2)
+ fragment = 1;
+
+ serverssl = SSL_new(serverctx);
+ clientssl = SSL_new(clientctx);
+ if (serverssl == NULL || clientssl == NULL) {
+ printf("Failed to create SSL object\n");
+ goto end;
+ }
+
+ s_to_c_bio = BIO_new(BIO_s_mem());
+ }
+
+ c_to_s_bio = BIO_new(BIO_s_mem());
+ if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
+ printf("Failed to create mem BIOs\n");
+ goto end;
+ }
+
+ s_to_c_fbio = BIO_new(bio_f_async_filter());
+ }
+
+ c_to_s_fbio = BIO_new(bio_f_async_filter());
+ if (s_to_c_fbio == NULL || c_to_s_fbio == NULL) {
+ printf("Failed to create filter BIOs\n");
+ goto end;
+ }
+
+ s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio);
+ }
+
+ c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio);
+ if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
+ printf("Failed to create chained BIOs\n");
+ goto end;
+ }
+
+ /* Set Non-blocking IO behaviour */
+ }
+
+ BIO_set_mem_eof_return(s_to_c_bio, -1);
+ BIO_set_mem_eof_return(c_to_s_bio, -1);
+
+ /* Up ref these as we are passing them to two SSL objects */
+ BIO_up_ref(s_to_c_bio);
+ BIO_up_ref(c_to_s_bio);
+
+ SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio);
+ SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio);
+
+ do {
+ err = SSL_ERROR_WANT_WRITE;
+ while (retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
+ retc = SSL_connect(clientssl);
+ if (retc <= 0)
+ err = SSL_get_error(clientssl, retc);
+ }
+
+ if (retc <= 0 && err != SSL_ERROR_WANT_READ) {
+ printf("Test %d failed: SSL_connect() failed %d, %d\n",
+ test, retc, err);
+ goto end;
+ }
+
+ err = SSL_ERROR_WANT_WRITE;
+ }
+
+ while (rets <= 0 && err == SSL_ERROR_WANT_WRITE) {
+ rets = SSL_accept(serverssl);
+ if (rets <= 0)
+ err = SSL_get_error(serverssl, rets);
+ }
+
+ if (rets <= 0 && err != SSL_ERROR_WANT_READ) {
+ printf("Test %d failed: SSL_accept() failed %d, %d\n",
+ test, retc, err);
+ goto end;
+ }
+ if (++abortctr == MAXLOOPS) {
+ printf("Test %d failed: No progress made\n", test);
+ goto end;
+ }
+ } while (retc <=0 || rets <= 0);
+
+ /* Also frees the BIOs */
+ SSL_free(clientssl);
+ SSL_free(serverssl);
+ clientssl = serverssl = NULL;
+ }
+
+ printf("Test success\n");
+
+ end:
+ if (retc <= 0 || rets <= 0)
+ ERR_print_errors_fp(stderr);
+
+ SSL_free(clientssl);
+ SSL_free(serverssl);
+ SSL_CTX_free(clientctx);
+ SSL_CTX_free(serverctx);
+
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
+ CRYPTO_mem_leaks_fp(stderr);
+# endif
+
+ return (retc > 0 && rets > 0) ? 0 : 1;
+}
diff --git a/test/build.info b/test/build.info
index 0f41a73..7dce8e5 100644
--- a/test/build.info
+++ b/test/build.info
@@ -16,7 +16,7 @@ IF[{- !$disabled{tests} -}]
constant_time_test verify_extra_test clienthellotest \
packettest asynctest secmemtest srptest memleaktest \
dtlsv1listentest ct_test threadstest afalgtest d2i_test \
- ssl_test_ctx_test ssl_test x509aux cipherlist_test
+ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest
SOURCE[aborttest]=aborttest.c
INCLUDE[aborttest]={- rel2abs(catdir($builddir,"../include")) -} ../include
@@ -245,4 +245,8 @@ IF[{- !$disabled{tests} -}]
SOURCE[x509aux]=x509aux.c
INCLUDE[x509aux]={- rel2abs(catdir($builddir,"../include")) -} ../include
DEPEND[x509aux]=../libcrypto
+
+ SOURCE[asynciotest]=asynciotest.c
+ INCLUDE[asynciotest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ DEPEND[asynciotest]=../libcrypto ../libssl
ENDIF
diff --git a/test/recipes/70-test_clienthello.t b/test/recipes/70-test_asyncio.t
similarity index 73%
copy from test/recipes/70-test_clienthello.t
copy to test/recipes/70-test_asyncio.t
index ef0868f..c26f757 100644
--- a/test/recipes/70-test_clienthello.t
+++ b/test/recipes/70-test_asyncio.t
@@ -9,12 +9,14 @@
use OpenSSL::Test;
use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
-setup("test_clienthello");
+setup("test_asyncio");
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
plan tests => 1;
-ok(run(test(["clienthellotest"])), "running clienthellotest");
+ok(run(test(["asynciotest", srctop_file("apps", "server.pem"),
+ srctop_file("apps", "server.pem")])), "running asynciotest");
Richard Levitte
May 20, 2016, 10:10:03 AM5/20/16
to
The branch master has been updated
via 06593767b21d4ebacc3e6ecc8daedd9d5c5f9f97 (commit)
via 8ff889c2a242927305d013e3bf79c7bb735793b0 (commit)
from d7295cd6d2e9f01b6aee367004e18c4c0a607565 (commit)
- Log -----------------------------------------------------------------
commit 06593767b21d4ebacc3e6ecc8daedd9d5c5f9f97
Author: Richard Levitte <lev...@openssl.org>
Date: Fri May 20 15:18:22 2016 +0200
Clean up the VMS hacks in crypto/rand/randfile.c
Reviewed-by: Andy Polyakov <ap...@openssl.org>
commit 8ff889c2a242927305d013e3bf79c7bb735793b0
Author: Richard Levitte <lev...@openssl.org>
Date: Fri May 20 11:12:15 2016 +0200
VMS: setbuf() only takes 32-bit pointers
Giving setbuf() a 64-bit pointer isn't faulty, as the argument is
passed by a 64-bit register anyway, so you only get a warning
(MAYLOSEDATA2) pointing out that only the least significant 32 bits
will be used.
However, we know that a FILE* returned by fopen() and such really is a
32-bit pointer (a study of the system header files make that clear),
so we temporarly turn off that warning when calling setbuf().
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 38 insertions(+), 12 deletions(-)
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 4354764..49f5405 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -65,12 +65,45 @@
#ifdef OPENSSL_SYS_VMS
/*
+ * Misc hacks needed for specific cases.
+ *
+ * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
+ * to make sure the FILE* is a 32-bit pointer no matter what. We know that
+ * stdio function return this type (a study of stdio.h proves it).
+ * Additionally, we create a similar char pointer type for the sake of
+ * vms_setbuf below.
+ */
+# if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+# endif
+typedef char *char_ptr32;
+# if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size restore
+# endif
+
+/*
+ * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+ * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+ * Since we know that the FILE* really is a 32-bit pointer expanded to
+ * 64 bits, we also know it's safe to convert it back to a 32-bit pointer.
+ * As for the buffer parameter, we only use NULL here, so that passes as
+ * well...
+ */
+static void vms_setbuf(FILE *fp, char *buf)
+{
+ setbuf((__FILE_ptr32)fp, (char_ptr32)buf);
+}
+/*
* This declaration is a nasty hack to get around vms' extension to fopen for
- * passing in sharing options being disabled by our /STANDARD=ANSI89
+ * passing in sharing options being disabled by /STANDARD=ANSI89
*/
-static FILE *(*const vms_fopen)(const char *, const char *, ...) =
- (FILE *(*)(const char *, const char *, ...))fopen;
+static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
+ (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+
+# define fopen(fname,mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
+# define setbuf(fp,buf) vms_setbuf((fp), (buf))
#endif
#define RFILE ".rnd"
@@ -112,11 +145,7 @@ int RAND_load_file(const char *file, long bytes)
if (bytes == 0)
return (ret);
-#ifdef OPENSSL_SYS_VMS
- in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
-#else
in = fopen(file, "rb");
-#endif
if (in == NULL)
goto err;
#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO)
@@ -212,13 +241,10 @@ int RAND_write_file(const char *file)
* rand file in a concurrent use situation.
*/
- out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS);
- if (out == NULL)
- out = vms_fopen(file, "wb", VMS_OPEN_ATTRS);
-#else
+ out = fopen(file, "rb+");
+#endif
if (out == NULL)
out = fopen(file, "wb");
-#endif
if (out == NULL)
goto err;
Matt Caswell
May 20, 2016, 6:19:17 PM5/20/16
to
The branch master has been updated
via fcb318c64b8c3ff24ec36f99797880386bed5867 (commit)
from 739a1eb1961cdc3b1597a040766f3cb359d095f6 (commit)
- Log -----------------------------------------------------------------
commit fcb318c64b8c3ff24ec36f99797880386bed5867
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 19 20:11:09 2016 +0100
Fix Windows 64 bit crashes
The function InitOnceExceuteOnce is the best way to support the
implementation of CRYPTO_THREAD_run_once() on Windows. Unfortunately
WinXP doesn't have it. To get around that we had two different
implementations: one for WinXP and one for later versions. Which one was
used was based on the value of _WIN32_WINNT.
This approach was starting to cause problems though because other parts of
OpenSSL assume _WIN32_WINNT is going to be 0x0501 and crashes were
occurring dependant on include file ordering. In addition a conditional
based on _WIN32_WINNT had made its way into a public header file through
commit 5c4328f. This is problematic because the value of this macro can
vary between OpenSSL build time and application build time.
The simplest solution to this mess is just to always use the WinXP version
of CRYPTO_THREAD_run_once(). Its perhaps slightly sub-optimal but probably
not noticably.
GitHub Issue #1086
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/threads_win.c | 27 ++++-----------------------
include/openssl/crypto.h | 7 +------
2 files changed, 5 insertions(+), 29 deletions(-)
diff --git a/crypto/threads_win.c b/crypto/threads_win.c
index ff4aae4..545b9be 100644
--- a/crypto/threads_win.c
+++ b/crypto/threads_win.c
@@ -55,12 +55,14 @@ void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
return;
}
-# if _WIN32_WINNT < 0x0600
-
# define ONCE_UNINITED 0
# define ONCE_ININIT 1
# define ONCE_DONE 2
+/*
+ * We don't use InitOnceExecuteOnce because that isn't available in WinXP which
+ * we still have to support.
+ */
int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
{
LONG volatile *lock = (LONG *)once;
@@ -81,27 +83,6 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
return (*lock == ONCE_DONE);
}
-# else
-
-BOOL CALLBACK once_cb(PINIT_ONCE once, PVOID p, PVOID *pp)
-{
- void (*init)(void) = p;
-
- init();
-
- return TRUE;
-}
-
-int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
-{
- if (InitOnceExecuteOnce(once, once_cb, init, NULL))
- return 1;
-
- return 0;
-}
-
-# endif
-
int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
{
*key = TlsAlloc();
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 1162c71..84c479c 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -396,13 +396,8 @@ typedef unsigned int CRYPTO_THREAD_ID;
typedef DWORD CRYPTO_THREAD_LOCAL;
typedef DWORD CRYPTO_THREAD_ID;
-# if _WIN32_WINNT < 0x0600
typedef LONG CRYPTO_ONCE;
-# define CRYPTO_ONCE_STATIC_INIT 0
-# else
-typedef INIT_ONCE CRYPTO_ONCE;
-# define CRYPTO_ONCE_STATIC_INIT INIT_ONCE_STATIC_INIT
-# endif
+# define CRYPTO_ONCE_STATIC_INIT 0
# else
# include <pthread.h>
Rich Salz
May 21, 2016, 8:58:57 AM5/21/16
to
The branch master has been updated
via 8bf780432c11bcedf20161f5e76bc19e300af419 (commit)
from 6aa36e8e5a062e31543e7796f0351ff9628832ce (commit)
- Log -----------------------------------------------------------------
commit 8bf780432c11bcedf20161f5e76bc19e300af419
Author: FdaSilvaYY <fdasi...@gmail.com>
Date: Fri May 20 23:36:18 2016 +0200
Indent and dead code cleanup
tofree pointer is no more used...
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1103)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 83 +++++++++++++++++++++++++++++++-------------------------------
apps/srp.c | 4 +--
2 files changed, 43 insertions(+), 44 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index e8a0713..acbd388 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -240,7 +240,7 @@ int ca_main(int argc, char **argv)
char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
char *serialfile = NULL, *startdate = NULL, *subj = NULL;
char *prog, *enddate = NULL, *tmp_email_dn = NULL;
- char *dbfile = NULL, *f, *randfile = NULL, *tofree = NULL;
+ char *dbfile = NULL, *f, *randfile = NULL;
char buf[3][BSIZE];
char *const *pp;
const char *p;
@@ -258,38 +258,38 @@ int ca_main(int argc, char **argv)
prog = opt_init(argc, argv, ca_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
- case OPT_EOF:
- case OPT_ERR:
+ case OPT_EOF:
+ case OPT_ERR:
opthelp:
- BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
- goto end;
- case OPT_HELP:
- opt_help(ca_options);
- ret = 0;
- goto end;
- case OPT_IN:
- req = 1;
- infile = opt_arg();
- break;
- case OPT_OUT:
- outfile = opt_arg();
- break;
- case OPT_VERBOSE:
- verbose = 1;
- break;
- case OPT_CONFIG:
- configfile = opt_arg();
- break;
- case OPT_NAME:
- section = opt_arg();
- break;
- case OPT_SUBJ:
- subj = opt_arg();
- /* preserve=1; */
- break;
- case OPT_UTF8:
- chtype = MBSTRING_UTF8;
- break;
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(ca_options);
+ ret = 0;
+ goto end;
+ case OPT_IN:
+ req = 1;
+ infile = opt_arg();
+ break;
+ case OPT_OUT:
+ outfile = opt_arg();
+ break;
+ case OPT_VERBOSE:
+ verbose = 1;
+ break;
+ case OPT_CONFIG:
+ configfile = opt_arg();
+ break;
+ case OPT_NAME:
+ section = opt_arg();
+ break;
+ case OPT_SUBJ:
+ subj = opt_arg();
+ /* preserve=1; */
+ break;
+ case OPT_UTF8:
+ chtype = MBSTRING_UTF8;
+ break;
case OPT_CREATE_SERIAL:
create_ser = 1;
break;
@@ -496,7 +496,7 @@ end_of_options:
} else
ERR_clear_error();
- /*****************************************************************/
+ /*****************************************************************/
/* report status of cert with serial number given on command line */
if (ser_status) {
if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
@@ -515,7 +515,7 @@ end_of_options:
goto end;
}
- /*****************************************************************/
+ /*****************************************************************/
/* we definitely need a private key, so let's get it */
if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
@@ -540,7 +540,7 @@ end_of_options:
goto end;
}
- /*****************************************************************/
+ /*****************************************************************/
/* we need a certificate */
if (!selfsign || spkac_file || ss_cert_file || gencrl) {
if ((certfile == NULL)
@@ -608,7 +608,7 @@ end_of_options:
} else
ERR_clear_error();
- /*****************************************************************/
+ /*****************************************************************/
/* lookup where to write new certificates */
if ((outdir == NULL) && (req)) {
@@ -634,7 +634,7 @@ end_of_options:
#endif
}
- /*****************************************************************/
+ /*****************************************************************/
/* we need to load the database file */
if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
lookup_fail(section, ENV_DATABASE);
@@ -692,7 +692,7 @@ end_of_options:
if (!index_index(db))
goto end;
- /*****************************************************************/
+ /*****************************************************************/
/* Update the db file for expired certificates */
if (doupdatedb) {
if (verbose)
@@ -1060,7 +1060,7 @@ end_of_options:
}
}
- /*****************************************************************/
+ /*****************************************************************/
if (gencrl) {
int crl_v2 = 0;
if (!crl_ext) {
@@ -1201,7 +1201,7 @@ end_of_options:
goto end;
}
- /*****************************************************************/
+ /*****************************************************************/
if (dorevoke) {
if (infile == NULL) {
BIO_printf(bio_err, "no input files\n");
@@ -1227,10 +1227,9 @@ end_of_options:
BIO_printf(bio_err, "Data Base Updated\n");
}
}
- /*****************************************************************/
+ /*****************************************************************/
ret = 0;
end:
- OPENSSL_free(tofree);
BIO_free_all(Cout);
BIO_free_all(Sout);
BIO_free_all(out);
diff --git a/apps/srp.c b/apps/srp.c
index cbbaae4..d81346d 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -212,7 +212,7 @@ int srp_main(int argc, char **argv)
int doupdatedb = 0, mode = OPT_ERR;
char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
- char *randfile = NULL, *tofree = NULL, *section = NULL;
+ char *randfile = NULL, *section = NULL;
char **gNrow = NULL, *configfile = NULL;
char *srpvfile = NULL, **pp, *prog;
OPTION_CHOICE o;
@@ -596,7 +596,7 @@ int srp_main(int argc, char **argv)
if (verbose)
BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
- OPENSSL_free(tofree);
+
if (ret)
ERR_print_errors(bio_err);
if (randfile)
Dr. Stephen Henson
May 21, 2016, 5:50:29 PM5/21/16
to
The branch master has been updated
via 4591e5fb4168eb81d198a236d265d87256bf67c1 (commit)
from 8bf780432c11bcedf20161f5e76bc19e300af419 (commit)
- Log -----------------------------------------------------------------
commit 4591e5fb4168eb81d198a236d265d87256bf67c1
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sat May 21 16:31:09 2016 +0100
Constify stack and lhash macros.
RT#4471
Reviewed-by: Tim Hudson <t...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/stack/stack.c | 13 +++++++------
include/openssl/lhash.h | 6 +++---
include/openssl/safestack.h | 7 ++++---
include/openssl/stack.h | 6 +++---
4 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index 36fc921..0076db1 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -142,14 +142,14 @@ int OPENSSL_sk_insert(OPENSSL_STACK *st, void *data, int loc)
return (st->num);
}
-void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, void *p)
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)
{
int i;
for (i = 0; i < st->num; i++)
if (st->data[i] == p)
- return (OPENSSL_sk_delete(st, i));
- return (NULL);
+ return OPENSSL_sk_delete(st, i);
+ return NULL;
}
void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
@@ -174,7 +174,8 @@ void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
return (ret);
}
-static int internal_find(OPENSSL_STACK *st, void *data, int ret_val_options)
+static int internal_find(OPENSSL_STACK *st, const void *data,
+ int ret_val_options)
{
const void *const *r;
int i;
@@ -198,12 +199,12 @@ static int internal_find(OPENSSL_STACK *st, void *data, int ret_val_options)
return (int)((char **)r - st->data);
}
-int OPENSSL_sk_find(OPENSSL_STACK *st, void *data)
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data)
{
return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
}
-int OPENSSL_sk_find_ex(OPENSSL_STACK *st, void *data)
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data)
{
return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
}
diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h
index 7c568ac..e2ccb65 100644
--- a/include/openssl/lhash.h
+++ b/include/openssl/lhash.h
@@ -153,15 +153,15 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
} \
static ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
{ \
- OPENSSL_LH_node_stats_bio((OPENSSL_LHASH *)lh, out); \
+ OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \
} \
static ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
{ \
- OPENSSL_LH_node_usage_stats_bio((OPENSSL_LHASH *)lh, out); \
+ OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \
} \
static ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
{ \
- OPENSSL_LH_stats_bio((OPENSSL_LHASH *)lh, out); \
+ OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \
} \
static ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \
{ \
diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h
index d0af0eb..306b3ac 100644
--- a/include/openssl/safestack.h
+++ b/include/openssl/safestack.h
@@ -54,7 +54,8 @@ extern "C" {
} \
static ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \
{ \
- return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, (void *)ptr); \
+ return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
+ (const void *)ptr); \
} \
static ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \
{ \
@@ -86,11 +87,11 @@ extern "C" {
} \
static ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \
{ \
- return OPENSSL_sk_find((OPENSSL_STACK *)sk, (void *)ptr); \
+ return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \
} \
static ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \
{ \
- return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (void *)ptr); \
+ return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \
} \
static ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \
{ \
diff --git a/include/openssl/stack.h b/include/openssl/stack.h
index 6fab33b..9bc550f 100644
--- a/include/openssl/stack.h
+++ b/include/openssl/stack.h
@@ -32,9 +32,9 @@ void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *));
OPENSSL_STACK *OPENSSL_sk_deep_copy(OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f);
int OPENSSL_sk_insert(OPENSSL_STACK *sk, void *data, int where);
void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc);
-void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, void *p);
-int OPENSSL_sk_find(OPENSSL_STACK *st, void *data);
-int OPENSSL_sk_find_ex(OPENSSL_STACK *st, void *data);
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p);
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data);
int OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
int OPENSSL_sk_unshift(OPENSSL_STACK *st, void *data);
void *OPENSSL_sk_shift(OPENSSL_STACK *st);
Richard Levitte
May 22, 2016, 5:00:19 AM5/22/16
to
The branch master has been updated
via 169a8e391e2956687e9f148719687a5ff6ffaa39 (commit)
from 4591e5fb4168eb81d198a236d265d87256bf67c1 (commit)
- Log -----------------------------------------------------------------
commit 169a8e391e2956687e9f148719687a5ff6ffaa39
Author: Richard Levitte <lev...@openssl.org>
Date: Sun May 22 01:26:45 2016 +0200
Have doc-nit-check look for mandatory manual sections
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 32 insertions(+), 8 deletions(-)
diff --git a/util/doc-nit-check.pl b/util/doc-nit-check.pl
index 3cf260b..29599f3 100644
--- a/util/doc-nit-check.pl
+++ b/util/doc-nit-check.pl
@@ -12,33 +12,57 @@ use warnings;
use strict;
use Pod::Checker;
use File::Find;
+use File::Basename;
my $temp = '/tmp/docnits.txt';
my $OUT;
+my %mandatory_sections =
+ ( '*' => [ 'NAME', 'DESCRIPTION', 'COPYRIGHT' ],
+ 1 => [ 'SYNOPSIS', '(COMMAND\s+)?OPTIONS' ],
+ 3 => [ 'SYNOPSIS', 'RETURN\s+VALUES' ],
+ 5 => [ ],
+ 7 => [ ] );
+my %default_sections =
+ ( apps => 1,
+ crypto => 3,
+ ssl => 3 );
+
sub check()
{
+ my $filename = shift;
+ my $dirname = basename(dirname($filename));
my $contents = '';
{
local $/ = undef;
- open POD, $_ or die "Couldn't open $_, $!";
+ open POD, $filename or die "Couldn't open $filename, $!";
$contents = <POD>;
close POD;
}
- print $OUT "$_ doesn't start with =pod\n"
+ print $OUT "$filename doesn't start with =pod\n"
if $contents !~ /^=pod/;
- print $OUT "$_ doesn't end with =cut\n"
+ print $OUT "$filename doesn't end with =cut\n"
if $contents !~ /=cut\n$/;
- print $OUT "$_ more than one cut line.\n"
+ print $OUT "$filename more than one cut line.\n"
if $contents =~ /=cut.*=cut/ms;
- print $OUT "$_ missing copyright\n"
+ print $OUT "$filename missing copyright\n"
if $contents !~ /Copyright .* The OpenSSL Project Authors/;
- print $OUT "$_ copyright not last\n"
+ print $OUT "$filename copyright not last\n"
if $contents =~ /head1 COPYRIGHT.*=head/ms;
- print $OUT "$_ head2 in All uppercase\n"
+ print $OUT "$filename head2 in All uppercase\n"
if $contents =~ /head2.*[A-Z ]+\n/;
- podchecker($_, $OUT);
+ my $section = $default_sections{$dirname};
+ if ($contents =~ /^=for\s+comment\s+openssl_manual_section:\s*(\d+)\s*$/m) {
+ $section = $1;
+ }
+
+ foreach ((@{$mandatory_sections{'*'}}, @{$mandatory_sections{$section}})) {
+ print $OUT "$filename doesn't have a head1 section matching $_\n"
+ if $contents !~ /^=head1\s+${_}\s*$/m;
+ }
+
+ podchecker($filename, $OUT);
}
open $OUT, '>', $temp
Kurt Roeckx
May 22, 2016, 6:10:26 AM5/22/16
to
The branch master has been updated
via 1544583bbc2b60f1a4f456ca591495c215e661c2 (commit)
via acc600928dfddebb6f0dc5a44dee35339e8820fb (commit)
from 169a8e391e2956687e9f148719687a5ff6ffaa39 (commit)
- Log -----------------------------------------------------------------
commit 1544583bbc2b60f1a4f456ca591495c215e661c2
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Sat May 21 16:53:14 2016 +0200
Avoid creating an illegal pointer
Found by tis-interpreter
Reviewed-by: Rich Salz <rs...@openssl.org>
GH: #1106
commit acc600928dfddebb6f0dc5a44dee35339e8820fb
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Sat May 21 16:32:15 2016 +0200
Avoid creating an illegal pointer
Found by tis-interpreter
Reviewed-by: Rich Salz <rs...@openssl.org>
GH: #1106
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_div.c | 6 +++++-
crypto/bn/bn_lib.c | 6 ++++--
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index a456ce8..eef1b87 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -278,6 +278,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
res->top--;
}
+ /* Increase the resp pointer so that we never create an invalid pointer. */
+ resp++;
+
/*
* if res->top == 0 then clear the neg value otherwise decrease the resp
* pointer
@@ -287,7 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
else
resp--;
- for (i = 0; i < loop - 1; i++, wnump--, resp--) {
+ for (i = 0; i < loop - 1; i++, wnump--) {
BN_ULONG q, l0;
/*
* the first part of the loop uses the top two words of snum and sdiv
@@ -393,6 +396,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
(*wnump)++;
}
/* store part of the result */
+ resp--;
*resp = q;
}
bn_correct_top(snum);
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 7c43402..ccdefb3 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -1022,9 +1022,11 @@ void bn_correct_top(BIGNUM *a)
int tmp_top = a->top;
if (tmp_top > 0) {
- for (ftl = &(a->d[tmp_top - 1]); tmp_top > 0; tmp_top--)
- if (*(ftl--))
+ for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
+ ftl--;
+ if (*ftl != 0)
break;
+ }
a->top = tmp_top;
}
bn_pollute(a);
Richard Levitte
May 22, 2016, 6:46:08 PM5/22/16
to
The branch master has been updated
via 398c1b773a551183ed701b99fde901e5f4fc9426 (commit)
via c4d598939ac275ce0c4a28d6b76efd1e2e47af05 (commit)
via beadb441572e47e163c6b59a9eb72b47e2d9227d (commit)
via e4860d531dc52d6616e133a4a68f268bf44e1501 (commit)
via eae029244d09b185287da0e1dc60f6289c775b89 (commit)
via aec3ecd02fcf207294a8cc3da55991d0840f8dc3 (commit)
from 1544583bbc2b60f1a4f456ca591495c215e661c2 (commit)
- Log -----------------------------------------------------------------
commit 398c1b773a551183ed701b99fde901e5f4fc9426
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 00:38:48 2016 +0200
util/process_docs.pl: Add more debugging output
Reviewed-by: Rich Salz <rs...@openssl.org>
commit c4d598939ac275ce0c4a28d6b76efd1e2e47af05
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 00:36:37 2016 +0200
Improve the checking of pod sections
(i.e. remove some bugs)
Reviewed-by: Rich Salz <rs...@openssl.org>
commit beadb441572e47e163c6b59a9eb72b47e2d9227d
Author: Richard Levitte <lev...@openssl.org>
Date: Sat May 21 20:51:18 2016 +0200
HTML docs on Unix: Add a HTML title
Reviewed-by: Rich Salz <rs...@openssl.org>
commit e4860d531dc52d6616e133a4a68f268bf44e1501
Author: Richard Levitte <lev...@openssl.org>
Date: Sat May 21 20:50:48 2016 +0200
process_docs.pl: When starting to read a new head1 section, remove previous text
Reviewed-by: Rich Salz <rs...@openssl.org>
commit eae029244d09b185287da0e1dc60f6289c775b89
Author: Richard Levitte <lev...@openssl.org>
Date: Sat May 21 20:49:58 2016 +0200
Add a missing comma in OPENSSL_malloc.pod
Reviewed-by: Rich Salz <rs...@openssl.org>
commit aec3ecd02fcf207294a8cc3da55991d0840f8dc3
Author: Richard Levitte <lev...@openssl.org>
Date: Sat May 21 20:49:33 2016 +0200
Add the missing NAME header in the OCSP docs
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/OCSP_REQUEST_new.pod | 2 ++
doc/crypto/OCSP_cert_to_id.pod | 2 ++
doc/crypto/OCSP_request_add1_nonce.pod | 2 ++
doc/crypto/OCSP_response_find_status.pod | 2 ++
doc/crypto/OCSP_response_status.pod | 2 ++
doc/crypto/OPENSSL_malloc.pod | 2 +-
util/process_docs.pl | 19 +++++++++++++++----
8 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index de20ad7..469bd32 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -528,6 +528,7 @@ PROCESS_PODS=\
SEC=`sed -ne 's/^=for *comment *openssl_manual_section: *\([0-9]\) *$$/\1/p' $$p`; \
[ -z "$$SEC" ] && SEC=$$defsec; \
fn=`basename $$p .pod`; \
+ Name=$$fn; \
NAME=`echo $$fn | tr [a-z] [A-Z]`; \
suf=`eval "echo $$OUTSUFFIX"`; \
top=`eval "echo $$OUTTOP"`; \
@@ -607,7 +608,7 @@ install_html_docs:
OUTSUFFIX='.$(HTMLSUFFIX)'; \
OUTTOP="$(DESTDIR)$(HTMLDIR)"; \
GENERATE="pod2html --podroot=$(SRCDIR)/doc --htmldir=.. \
- --podpath=apps:crypto:ssl \
+ --podpath=apps:crypto:ssl --title=\$$Name \
| sed -e 's|href=\"http://man.he.net/man|href=\"../man|g'"; \
$(PROCESS_PODS)
diff --git a/doc/crypto/OCSP_REQUEST_new.pod b/doc/crypto/OCSP_REQUEST_new.pod
index 1553c28..82de0d5 100644
--- a/doc/crypto/OCSP_REQUEST_new.pod
+++ b/doc/crypto/OCSP_REQUEST_new.pod
@@ -1,5 +1,7 @@
=pod
+=head1 NAME
+
OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign,
OCSP_request_add1_cert, OCSP_request_onereq_count,
OCSP_request_onereq_get0 - OCSP request functions.
diff --git a/doc/crypto/OCSP_cert_to_id.pod b/doc/crypto/OCSP_cert_to_id.pod
index 115ba34..bd06417 100644
--- a/doc/crypto/OCSP_cert_to_id.pod
+++ b/doc/crypto/OCSP_cert_to_id.pod
@@ -1,5 +1,7 @@
=pod
+=head1 NAME
+
OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp,
OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions.
diff --git a/doc/crypto/OCSP_request_add1_nonce.pod b/doc/crypto/OCSP_request_add1_nonce.pod
index 590ee25..4162c70 100644
--- a/doc/crypto/OCSP_request_add1_nonce.pod
+++ b/doc/crypto/OCSP_request_add1_nonce.pod
@@ -1,5 +1,7 @@
=pod
+=head1 NAME
+
OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions.
=head1 SYNOPSIS
diff --git a/doc/crypto/OCSP_response_find_status.pod b/doc/crypto/OCSP_response_find_status.pod
index 56a9c83..8baeb2f 100644
--- a/doc/crypto/OCSP_response_find_status.pod
+++ b/doc/crypto/OCSP_response_find_status.pod
@@ -1,5 +1,7 @@
=pod
+=head1 NAME
+
OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions.
=head1 SYNOPSIS
diff --git a/doc/crypto/OCSP_response_status.pod b/doc/crypto/OCSP_response_status.pod
index 9689fac..8cae3ae 100644
--- a/doc/crypto/OCSP_response_status.pod
+++ b/doc/crypto/OCSP_response_status.pod
@@ -1,5 +1,7 @@
=pod
+=head1 NAME
+
OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create,
OCSP_RESPONSE_free - OCSP response functions.
diff --git a/doc/crypto/OPENSSL_malloc.pod b/doc/crypto/OPENSSL_malloc.pod
index d7f4fda..ca21698 100644
--- a/doc/crypto/OPENSSL_malloc.pod
+++ b/doc/crypto/OPENSSL_malloc.pod
@@ -4,7 +4,7 @@
OPENSSL_malloc_init,
OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free,
-OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse
+OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse,
CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free,
OPENSSL_strdup, OPENSSL_strndup,
OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat,
diff --git a/util/process_docs.pl b/util/process_docs.pl
index eaa4964..c2c35ee 100644
--- a/util/process_docs.pl
+++ b/util/process_docs.pl
@@ -84,19 +84,30 @@ foreach my $subdir (keys %{$options{subdir}}) {
while (<$pod_fh>) {
s|\R$||;
if (m|^=for\s+comment\s+openssl_manual_section:\s*([0-9])\s*$|) {
- print STDERR "Found section number $1\n" if $options{debug};
+ print STDERR "DEBUG: Found man section number $1\n"
+ if $options{debug};
$podinfo{section} = $1;
}
- last if m|^=head1| && defined $podinfo{lastsect} eq "NAME";
- if (m|^head1=\s*(.*)|) {
+ last if (m|^=head1|
+ && defined $podinfo{lastsect}
+ && $podinfo{lastsect} eq "NAME");
+ if (m|^=head1\s*(.*)|) {
$podinfo{lastsect} = $1;
$podinfo{lastsect} =~ s/\s+$//;
+ print STDERR "DEBUG: Found new pod section $1\n"
+ if $options{debug};
+ print STDERR "DEBUG: Clearing pod section text\n"
+ if $options{debug};
+ $podinfo{lastsecttext} = "";
}
next if (m|^=| || m|^\s*$|);
- $podinfo{lastsecttext} .= " ";
next if (m|^=| || m|^\s*$|);
+ print STDERR "DEBUG: accumulating pod section text \"$_\"\n"
+ if $options{debug};
+ $podinfo{lastsecttext} .= " " if $podinfo{lastsecttext};
$podinfo{lastsecttext} .= $_;
}
close $pod_fh;
+ print STDERR "DEBUG: Done reading $podpath\n" if $options{debug};
$podinfo{lastsecttext} =~ s| - .*$||;
print STDERR "DEBUG: Done reading $podpath\n" if $options{debug};
$podinfo{lastsecttext} =~ s| - .*$||;
print STDERR "DEBUG: Done reading $podpath\n" if $options{debug};
Richard Levitte
May 22, 2016, 6:47:31 PM5/22/16
to
The branch master has been updated
via 154fe2b4be294050b9975edbbe2d83294a83d6b6 (commit)
from 398c1b773a551183ed701b99fde901e5f4fc9426 (commit)
- Log -----------------------------------------------------------------
commit 154fe2b4be294050b9975edbbe2d83294a83d6b6
Author: Richard Levitte <lev...@openssl.org>
Date: Sun May 22 10:57:18 2016 +0200
Complete the rename of LHASH functions and types
LHASH_NODE was used internally, which doesn't work when configured
'no-deprecated'
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/lhash/lhash_lcl.h b/crypto/lhash/lhash_lcl.h
index cfb0e1a..eb4a1a3 100644
--- a/crypto/lhash/lhash_lcl.h
+++ b/crypto/lhash/lhash_lcl.h
@@ -15,7 +15,7 @@ struct lhash_node_st {
};
struct lhash_st {
- LHASH_NODE **b;
+ OPENSSL_LH_NODE **b;
OPENSSL_LH_COMPFUNC comp;
OPENSSL_LH_HASHFUNC hash;
unsigned int num_nodes;
Richard Levitte
May 23, 2016, 7:18:49 AM5/23/16
to
The branch master has been updated
via 7d52e55457eb8e888c3441a5b1de328238a7d9fb (commit)
from 154fe2b4be294050b9975edbbe2d83294a83d6b6 (commit)
- Log -----------------------------------------------------------------
commit 7d52e55457eb8e888c3441a5b1de328238a7d9fb
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 09:36:02 2016 +0200
Windows: shut DEL up
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 3f92f14..258421d 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -394,8 +394,8 @@ $target: $deps $ordinalsfile $mkdef_pl
/implib:\$@ \$(LDOUTFLAG)$shlib$shlibext /def:$shlib.def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1)
$objs $shlib.res$linklibs \$(EX_LIBS)
<<
- DEL /Q /F apps\\$shlib$shlibext
- DEL /Q /F test\\$shlib$shlibext
+ IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
+ IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
COPY $shlib$shlibext apps
COPY $shlib$shlibext test
EOF
Matt Caswell
May 23, 2016, 8:40:08 AM5/23/16
to
The branch master has been updated
via 11ed851db0c49f9fdd534fbd8a2791266f32c5b8 (commit)
via aca6dae94b5bb298b05081a876e30370d82e22b5 (commit)
from 7d52e55457eb8e888c3441a5b1de328238a7d9fb (commit)
- Log -----------------------------------------------------------------
commit 11ed851db0c49f9fdd534fbd8a2791266f32c5b8
Author: FdaSilvaYY <fdasi...@gmail.com>
Date: Tue May 17 21:21:46 2016 +0200
Fix and simplify error handling in (RSA/EC_kmeth)_new_method()
Inspired from PR #873.
Nearly same as 2bbf0ba.
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit aca6dae94b5bb298b05081a876e30370d82e22b5
Author: FdaSilvaYY <fdasi...@gmail.com>
Date: Sat May 7 18:54:01 2016 +0200
Remove useless NULL checks
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_meth.c | 3 +--
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_meth.c | 3 +--
crypto/ec/ec_kmeth.c | 29 ++++++++++++-----------------
crypto/rsa/rsa_lib.c | 44 +++++++++++++++++++-------------------------
crypto/rsa/rsa_meth.c | 3 +--
5 files changed, 34 insertions(+), 48 deletions(-)
diff --git a/crypto/dh/dh_meth.c b/crypto/dh/dh_meth.c
index afd47ab..45753b6 100644
--- a/crypto/dh/dh_meth.c
+++ b/crypto/dh/dh_meth.c
@@ -31,8 +31,7 @@ DH_METHOD *DH_meth_new(const char *name, int flags)
void DH_meth_free(DH_METHOD *dhm)
{
if (dhm != NULL) {
- if (dhm->name != NULL)
- OPENSSL_free(dhm->name);
+ OPENSSL_free(dhm->name);
OPENSSL_free(dhm);
}
}
diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c
index 5ce9339..1d27cea 100644
--- a/crypto/dsa/dsa_meth.c
+++ b/crypto/dsa/dsa_meth.c
@@ -39,8 +39,7 @@ DSA_METHOD *DSA_meth_new(const char *name, int flags)
void DSA_meth_free(DSA_METHOD *dsam)
{
if (dsam != NULL) {
- if (dsam->name != NULL)
- OPENSSL_free(dsam->name);
+ OPENSSL_free(dsam->name);
OPENSSL_free(dsam);
}
}
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index fead014..eb469ba 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -78,15 +78,11 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
return NULL;
}
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
- OPENSSL_free(ret);
- return NULL;
- }
+ ret->references = 1;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
OPENSSL_free(ret);
return NULL;
}
@@ -96,10 +92,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
if (engine != NULL) {
if (!ENGINE_init(engine)) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
- CRYPTO_THREAD_lock_free(ret->lock);
- OPENSSL_free(ret);
- return NULL;
+ goto err;
}
ret->engine = engine;
} else
@@ -108,25 +101,27 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
ret->meth = ENGINE_get_EC(ret->engine);
if (ret->meth == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
- CRYPTO_THREAD_lock_free(ret->lock);
- OPENSSL_free(ret);
- return NULL;
+ goto err;
}
}
#endif
ret->version = 1;
ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
- ret->references = 1;
+
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
+ goto err;
+ }
if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_INIT_FAIL);
- EC_KEY_free(ret);
- return NULL;
+ goto err;
}
return ret;
+
+err:
+ EC_KEY_free(ret);
+ return NULL;
}
int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 0ccb3ce..4f93cbc 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -70,21 +70,28 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
RSA *RSA_new_method(ENGINE *engine)
{
- RSA *ret;
+ RSA *ret = OPENSSL_zalloc(sizeof(*ret));
- ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
return NULL;
}
+ ret->references = 1;
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+
ret->meth = RSA_get_default_method();
+ }
+
#ifndef OPENSSL_NO_ENGINE
+ ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
if (engine) {
if (!ENGINE_init(engine)) {
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
- OPENSSL_free(ret);
- return NULL;
+ goto err;
}
ret->engine = engine;
} else
@@ -93,39 +100,26 @@ RSA *RSA_new_method(ENGINE *engine)
ret->meth = ENGINE_get_RSA(ret->engine);
if (ret->meth == NULL) {
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
+ goto err;
}
}
#endif
- ret->references = 1;
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(ret->engine);
-#endif
- OPENSSL_free(ret);
- return NULL;
- }
-
- ret->lock = CRYPTO_THREAD_lock_new();
- if (ret->lock == NULL) {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(ret->engine);
-#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
- OPENSSL_free(ret);
- return NULL;
+ goto err;
}
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
- RSA_free(ret);
- ret = NULL;
+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
+ goto err;
}
return ret;
+
+err:
+ RSA_free(ret);
+ return NULL;
}
void RSA_free(RSA *r)
diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c
index bce5ee8..ef0dc97 100644
--- a/crypto/rsa/rsa_meth.c
+++ b/crypto/rsa/rsa_meth.c
@@ -31,8 +31,7 @@ RSA_METHOD *RSA_meth_new(const char *name, int flags)
void RSA_meth_free(RSA_METHOD *meth)
{
if (meth != NULL) {
- if (meth->name != NULL)
- OPENSSL_free(meth->name);
+ OPENSSL_free(meth->name);
OPENSSL_free(meth);
Matt Caswell
May 23, 2016, 8:46:04 AM5/23/16
to
The branch master has been updated
via e5a5e3f3db5832f7ba4eff8016bad00f37dada58 (commit)
via a98810bfac37a77750592611bb9f5a22e4634692 (commit)
from 11ed851db0c49f9fdd534fbd8a2791266f32c5b8 (commit)
- Log -----------------------------------------------------------------
commit e5a5e3f3db5832f7ba4eff8016bad00f37dada58
Author: FdaSilvaYY <fdasi...@gmail.com>
Date: Sun Feb 14 10:42:29 2016 +0100
Add checks on CRYPTO_set_ex_data return value
Fix possible leak in danetest.c
commit a98810bfac37a77750592611bb9f5a22e4634692
Author: FdaSilvaYY <fdasi...@gmail.com>
Date: Sat Feb 13 19:01:14 2016 +0100
Fix some malloc failure crashes on X509_STORE_CTX_set_ex_data
from BoringSSL 306ece31bcaaed49e0240a2e5555f8901ebb2d45
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_cert.c | 4 +++-
test/danetest.c | 8 +++++---
util/indent.pro | 3 ---
4 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index af9942c..718599f 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -154,6 +154,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr,
static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
{
dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
+ int ret = 1;
if (c == NULL) {
ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
@@ -173,9 +174,11 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
dynamic_ex_data_idx))
== NULL) {
/* Good, we're the first */
- ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
- *ctx = c;
- c = NULL;
+ ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+ if (ret) {
+ *ctx = c;
+ c = NULL;
+ }
}
CRYPTO_THREAD_unlock(global_engine_lock);
/*
@@ -185,7 +188,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
if (c)
sk_OPENSSL_STRING_free(c->dirs);
OPENSSL_free(c);
- return 1;
+ return ret;
}
/*
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f285fbe..7481705 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -409,7 +409,9 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
/* Set suite B flags if needed */
X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
- X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s);
+ if (!X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
+ goto end;
+ }
/* Verify via DANE if enabled */
if (DANETLS_ENABLED(&s->dane))
diff --git a/test/danetest.c b/test/danetest.c
index d914c45..d473b12 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -74,7 +74,7 @@ static void print_errors(void)
static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
{
- int ret;
+ int ret = -1;
X509_STORE_CTX *store_ctx;
SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl);
X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
@@ -85,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
return -1;
if (!X509_STORE_CTX_init(store_ctx, store, cert, chain))
- return 0;
- X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl);
+ goto end;
+ if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl))
+ goto end;
X509_STORE_CTX_set_default(store_ctx,
SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
@@ -101,6 +102,7 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));
X509_STORE_CTX_cleanup(store_ctx);
+end:
X509_STORE_CTX_free(store_ctx);
return (ret);
diff --git a/util/indent.pro b/util/indent.pro
index b7958e3..71997cb 100644
--- a/util/indent.pro
+++ b/util/indent.pro
@@ -187,11 +187,8 @@
-T CRYPTO_EX_DATA_FUNCS
-T CRYPTO_EX_DATA_IMPL
-T CRYPTO_EX_dup
--T CRYPTO_EX_dup
--T CRYPTO_EX_free
-T CRYPTO_EX_free
-T CRYPTO_EX_new
--T CRYPTO_EX_new
-T CRYPTO_MEM_LEAK_CB
-T CRYPTO_THREADID
-T CRYPTO_dynlock_value
Matt Caswell
May 23, 2016, 8:56:46 AM5/23/16
to
The branch master has been updated
via 482441097a523db8ee7e323905ccc947e03e5043 (commit)
from e5a5e3f3db5832f7ba4eff8016bad00f37dada58 (commit)
- Log -----------------------------------------------------------------
commit 482441097a523db8ee7e323905ccc947e03e5043
Author: Todd Short <tsh...@akamai.com>
Date: Mon May 23 08:48:22 2016 -0400
Add text/x509aux to gitignore
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 1 insertion(+)
diff --git a/.gitignore b/.gitignore
index 6ad374d..2f99952 100644
--- a/.gitignore
+++ b/.gitignore
@@ -80,6 +80,7 @@ Makefile
/test/fips_rngvs
/test/fips_test_suite
/test/ssltest_old
+/test/x509aux
*.so*
*.dylib*
*.dll*
Rich Salz
May 23, 2016, 9:55:56 AM5/23/16
to
The branch master has been updated
via 20ab55f4941755ced3ff6c99abc63a68914a3cb1 (commit)
from 482441097a523db8ee7e323905ccc947e03e5043 (commit)
- Log -----------------------------------------------------------------
commit 20ab55f4941755ced3ff6c99abc63a68914a3cb1
Author: Rich Salz <rs...@openssl.org>
Date: Mon May 23 08:55:57 2016 -0400
Remove INSTALL.WCE and refs to it.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
INSTALL.WCE | 93 -------------------------------------------------------------
NOTES.WIN | 2 --
README | 1 -
4 files changed, 2 insertions(+), 99 deletions(-)
delete mode 100644 INSTALL.WCE
diff --git a/INSTALL b/INSTALL
index 4283e9d..bdf67a6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -4,8 +4,7 @@
[This document describes installation on the main supported operating
systems, currently the Linux/Unix family, OpenVMS and Windows.
- Installation on DOS (with djgpp), MacOS (before MacOS X)
- is described in INSTALL.DJGPP or INSTALL.MacOS, respectively.]
+ Installation on DOS (with djgpp) is described in INSTALL.DJGPP.]
To install OpenSSL, you will need:
@@ -21,7 +20,7 @@
please read one of these:
* NOTES.VMS (OpenVMS)
- * NOTES.WIN (any Windows except for Windows CE)
+ * NOTES.WIN (any supported Windows)
Quick Start
-----------
diff --git a/INSTALL.WCE b/INSTALL.WCE
deleted file mode 100644
index fe1431a..0000000
--- a/INSTALL.WCE
+++ /dev/null
@@ -1,93 +0,0 @@
-
- INSTALLATION FOR THE WINDOWS CE PLATFORM
- ----------------------------------------
-
- Building OpenSSL for Windows CE requires the following external tools:
-
- * Microsoft eMbedded Visual C++ 3.0 or later
- * Appropriate SDK might be required
- * Perl for Win32 [commonly recommended ActiveState Perl is available
- from http://www.activestate.com/Products/ActivePerl/]
- You also need the perl module Text::Template.
- Please read README.PERL for more information.
-
- * wcecompat compatibility library available at
- http://www.essemer.com.au/windowsce/
- * Optionally ceutils for running automated tests (same location)
-
- _or_
-
- * PocketConsole driver and PortSDK available at
- http://www.symbolictools.de/public/pocketconsole/
- * CMD command interpreter (same location)
-
- As Windows CE support in OpenSSL relies on 3rd party compatibility
- library, it's appropriate to check corresponding URL for updates. For
- example if you choose wcecompat, note that as for the moment of this
- writing version 1.2 is available and actually required for WCE 4.2
- and newer platforms. All wcecompat issues should be directed to
- www.essemer.com.au.
-
- Why compatibility library at all? The C Runtime Library implementation
- for Windows CE that is included with Microsoft eMbedded Visual C++ is
- incomplete and in some places incorrect. Compatibility library plugs
- the holes and tries to bring the Windows CE CRT to [more] usable level.
- Most gaping hole in CRT is support for stdin/stdout/stderr IO, which
- proposed compatibility libraries solve in two different ways: wcecompat
- redirects IO to active sync link, while PortSDK - to NT-like console
- driver on the handheld itself.
-
- Building
- --------
-
- Setup the eMbedded Visual C++ environment. There are batch files for doing
- this installed with eVC++. For an ARM processor, for example, execute:
-
- > "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
-
- Next pick compatibility library according to your preferences.
-
- 1. To choose wcecompat set up WCECOMPAT environment variable pointing
- at the location of wcecompat tree "root":
-
- > set WCECOMPAT=C:\wcecompat
- > set PORTSDK_LIBPATH=
-
- 2. To choose PortSDK set up PORTSDK_LIBPATH to point at hardware-
- specific location where your portlib.lib is installed:
-
- > set PORTSDK_LIBPATH=C:\PortSDK\lib\ARM
- > set WCECOMPAT=
-
- Note that you may not set both variables.
-
- Next you should run Configure:
-
- > perl Configure VC-CE
-
- Next you need to build the Makefiles:
-
- > ms\do_ms
-
- Then from the VC++ environment at a prompt do:
-
- > nmake -f ms\cedll.mak
-
- [note that static builds are not supported under CE]
-
- If all is well it should compile and you will have some DLLs and executables
- in out32dll*.
-
- <<< everyting below needs revision in respect to wcecompat vs. PortSDK >>>
-
- If you want
- to try the tests then make sure the ceutils are in the path and do:
-
- > cd out32
- > ..\ms\testce
-
- This will copy each of the test programs to the Windows CE device and execute
- them, displaying the output of the tests on this computer. The output should
- look similar to the output produced by running the tests for a regular Windows
- build.
-
diff --git a/NOTES.WIN b/NOTES.WIN
index f2fb087..bed5037 100644
--- a/NOTES.WIN
+++ b/NOTES.WIN
@@ -2,8 +2,6 @@
NOTES FOR THE WINDOWS PLATFORMS
===============================
- [Notes for Windows CE can be found in INSTALL.WCE]
-
Requirement details for native (Visual C++) builds
--------------------------------------------------
diff --git a/README b/README
index edcf59e..e32844e 100644
--- a/README
+++ b/README
@@ -50,7 +50,6 @@
See the appropriate file:
INSTALL Linux, Unix, Windows, OpenVMS
INSTALL.DJGPP DOS platform with DJGPP
- INSTALL.WCE Windows CE
SUPPORT
-------
Richard Levitte
May 23, 2016, 10:03:44 AM5/23/16
to
The branch master has been updated
via 07930a75a1f82fd359d0af7849f01990b73659dd (commit)
from 20ab55f4941755ced3ff6c99abc63a68914a3cb1 (commit)
- Log -----------------------------------------------------------------
commit 07930a75a1f82fd359d0af7849f01990b73659dd
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 15:11:04 2016 +0200
Slight cleanup of the collection of READMEs, INSTALLs and NOTES
README is a fairly independent document, and so is INSTALL. NOTES are
merely addendums to INSTALL. Therefore , INSTALL.DJGPP and
README.PERL get renamed to NOTES.DJGPP and NOTES.PERL.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
INSTALL | 13 +++++++------
INSTALL.DJGPP => NOTES.DJGPP | 2 +-
README.PERL => NOTES.PERL | 0
NOTES.WIN | 5 ++++-
README | 4 ++--
5 files changed, 14 insertions(+), 10 deletions(-)
rename INSTALL.DJGPP => NOTES.DJGPP (98%)
rename README.PERL => NOTES.PERL (100%)
diff --git a/INSTALL b/INSTALL
index bdf67a6..ab35353 100644
--- a/INSTALL
+++ b/INSTALL
@@ -2,15 +2,15 @@
OPENSSL INSTALLATION
--------------------
- [This document describes installation on the main supported operating
- systems, currently the Linux/Unix family, OpenVMS and Windows.
- Installation on DOS (with djgpp) is described in INSTALL.DJGPP.]
+ [This document describes installation on all supported operating
+ systems (currently mainly the Linux/Unix family, OpenVMS and
+ Windows)]
To install OpenSSL, you will need:
- * Perl 5 with core modules (please read README.PERL)
- * The perl module Text::Template (please read README.PERL)
+ * A make implementation
+ * Perl 5 with core modules (please read NOTES.PERL)
+ * The perl module Text::Template (please read NOTES.PERL)
* an ANSI C compiler
* a development environment in the form of development libraries and C
header files
@@ -21,6 +21,7 @@
* NOTES.VMS (OpenVMS)
* NOTES.WIN (any supported Windows)
+ * NOTES.DJGPP (DOS platform with DJGPP)
Quick Start
-----------
diff --git a/INSTALL.DJGPP b/NOTES.DJGPP
similarity index 98%
rename from INSTALL.DJGPP
rename to NOTES.DJGPP
index 4fd94e4..bbe63dc 100644
--- a/INSTALL.DJGPP
+++ b/NOTES.DJGPP
@@ -12,7 +12,7 @@
You should have a full DJGPP environment installed, including the
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
requires that PERL and the PERL module Text::Template also be
- installed.
+ installed (see NOTES.PERL).
All of these can be obtained from the usual DJGPP mirror sites or
directly at "http://www.delorie.com/pub/djgpp". For help on which
diff --git a/README.PERL b/NOTES.PERL
similarity index 100%
rename from README.PERL
rename to NOTES.PERL
diff --git a/NOTES.WIN b/NOTES.WIN
index bed5037..a2e9120 100644
--- a/NOTES.WIN
+++ b/NOTES.WIN
@@ -5,10 +5,13 @@
Requirement details for native (Visual C++) builds
--------------------------------------------------
+ In addition to the requirements and instructions listed in INSTALL,
--------------------------------------------------
+ this are required as well:
+
- You need Perl. We recommend ActiveState Perl, available from
http://www.activestate.com/ActivePerl.
You also need the perl module Text::Template, available on CPAN.
- Please read README.PERL for more information.
+ Please read NOTES.PERL for more information.
- You need a C compiler. OpenSSL has been tested to build with these:
diff --git a/README b/README
index e32844e..1672580 100644
--- a/README
+++ b/README
@@ -48,8 +48,8 @@
------------
See the appropriate file:
- INSTALL Linux, Unix, Windows, OpenVMS
- INSTALL.DJGPP DOS platform with DJGPP
+ INSTALL Linux, Unix, Windows, OpenVMS, ...
+ NOTES.* INSTALL addendums for different platforms
Dr. Stephen Henson
May 23, 2016, 11:44:14 AM5/23/16
to
The branch master has been updated
via 60980390b1275fb236e98d5e618a86ecaab6f490 (commit)
via 05dba8151bd418cdc111d62102aaf9f4e7bd2f3f (commit)
from 07930a75a1f82fd359d0af7849f01990b73659dd (commit)
- Log -----------------------------------------------------------------
commit 60980390b1275fb236e98d5e618a86ecaab6f490
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu May 19 17:59:17 2016 +0100
make update
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit 05dba8151bd418cdc111d62102aaf9f4e7bd2f3f
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue May 17 14:15:20 2016 +0100
Support for traditional format private keys.
Add new function PEM_write_bio_PrivateKey_traditional() to enforce the
use of legacy "traditional" private key format. Add -traditional option
to pkcs8 and pkey utilities.
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/pkey.c | 18 ++++++++++---
crypto/pem/pem_pkey.c | 11 ++++++--
doc/apps/pkcs8.pod | 74 ++++++++++++++++++++++++++++++++++-----------------
doc/apps/pkey.pod | 7 +++++
doc/crypto/pem.pod | 41 +++++++++++++++++-----------
include/openssl/pem.h | 5 ++++
util/libcrypto.num | 1 +
8 files changed, 126 insertions(+), 52 deletions(-)
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index cd6b537..22b5866 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -23,7 +23,8 @@ typedef enum OPTION_choice {
#ifndef OPENSSL_NO_SCRYPT
OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
#endif
- OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT
+ OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
+ OPT_TRADITIONAL
} OPTION_CHOICE;
OPTIONS pkcs8_options[] = {
@@ -41,6 +42,7 @@ OPTIONS pkcs8_options[] = {
{"iter", OPT_ITER, 'p', "Specify the iteration count"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+ {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
@@ -70,7 +72,7 @@ int pkcs8_main(int argc, char **argv)
OPTION_CHOICE o;
int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
- int private = 0;
+ int private = 0, traditional = 0;
#ifndef OPENSSL_NO_SCRYPT
long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
#endif
@@ -110,6 +112,9 @@ int pkcs8_main(int argc, char **argv)
case OPT_NOCRYPT:
nocrypt = 1;
break;
+ case OPT_TRADITIONAL:
+ traditional = 1;
+ break;
case OPT_V2:
if (!opt_cipher(opt_arg(), &cipher))
goto opthelp;
@@ -320,11 +325,15 @@ int pkcs8_main(int argc, char **argv)
}
assert(private);
- if (outformat == FORMAT_PEM)
- PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
- else if (outformat == FORMAT_ASN1)
+ if (outformat == FORMAT_PEM) {
+ if (traditional)
+ PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
+ NULL, passout);
+ else
+ PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
+ } else if (outformat == FORMAT_ASN1) {
i2d_PrivateKey_bio(out, pkey);
- else {
+ } else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
diff --git a/apps/pkey.c b/apps/pkey.c
index 6abd63c..50ee05f 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -18,7 +18,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
- OPT_TEXT, OPT_NOOUT, OPT_MD
+ OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL
} OPTION_CHOICE;
OPTIONS pkey_options[] = {
@@ -36,6 +36,8 @@ OPTIONS pkey_options[] = {
{"text", OPT_TEXT, '-', "Output in plaintext as well"},
{"noout", OPT_NOOUT, '-', "Don't output the key"},
{"", OPT_MD, '-', "Any supported cipher"},
+ {"traditional", OPT_TRADITIONAL, '-',
+ "Use traditional format for private keys"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
@@ -53,7 +55,7 @@ int pkey_main(int argc, char **argv)
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
- int private = 0;
+ int private = 0, traditional = 0;
prog = opt_init(argc, argv, pkey_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -105,6 +107,9 @@ int pkey_main(int argc, char **argv)
case OPT_NOOUT:
noout = 1;
break;
+ case OPT_TRADITIONAL:
+ traditional = 1;
+ break;
case OPT_MD:
if (!opt_cipher(opt_unknown(), &cipher))
goto opthelp;
@@ -140,8 +145,13 @@ int pkey_main(int argc, char **argv)
PEM_write_bio_PUBKEY(out, pkey);
else {
assert(private);
- PEM_write_bio_PrivateKey(out, pkey, cipher,
- NULL, 0, NULL, passout);
+ if (traditional)
+ PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
+ NULL, 0, NULL,
+ passout);
+ else
+ PEM_write_bio_PrivateKey(out, pkey, cipher,
+ NULL, 0, NULL, passout);
}
} else if (outformat == FORMAT_ASN1) {
if (pubout)
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 38446d6..f3a45e4 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -95,11 +95,18 @@ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- char pem_str[80];
- if (!x->ameth || x->ameth->priv_encode)
+ if (x->ameth == NULL || x->ameth->priv_encode != NULL)
return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
(char *)kstr, klen, cb, u);
+ return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u);
+}
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ char pem_str[80];
BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
pem_str, bp, x, enc, kstr, klen, cb, u);
diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
index d8522b2..cd6db02 100644
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@@ -18,6 +18,7 @@ B<openssl> B<pkcs8>
[B<-iter count>]
[B<-noiter>]
[B<-nocrypt>]
+[B<-traditional>]
[B<-v2 alg>]
[B<-v2prf alg>]
[B<-v1 alg>]
@@ -43,22 +44,22 @@ Print out a usage message.
=item B<-topk8>
-Normally a PKCS#8 private key is expected on input and a traditional format
-private key will be written. With the B<-topk8> option the situation is
-reversed: it reads a traditional format private key and writes a PKCS#8
-format key.
+Normally a PKCS#8 private key is expected on input and a private key will be
+written to the output file. With the B<-topk8> option the situation is
+reversed: it reads a private key and writes a PKCS#8 format key.
=item B<-inform DER|PEM>
-This specifies the input format. If a PKCS#8 format key is expected on input
-then either a B<DER> or B<PEM> encoded version of a PKCS#8 key will be
-expected. Otherwise the B<DER> or B<PEM> format of the traditional format
-private key is used.
+This specifies the input format: see L<KEY FORMATS> for more details.
=item B<-outform DER|PEM>
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
+This specifies the output format: see L<KEY FORMATS> for more details.
+
+=item B<-traditional>
+
+When this option is present and B<-topk8> is not a traditional format private
+key is written.
=item B<-in filename>
@@ -119,7 +120,7 @@ the B<hmacWithSHA1> option to work.
This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some
older implementations may not support PKCS#5 v2.0 and may require this option.
-If not specified PKCS#5 v2.0 for is used.
+If not specified PKCS#5 v2.0 form is used.
=item B<-engine id>
@@ -141,6 +142,27 @@ sets the scrypt B<N>, B<r> or B<p> parameters.
=back
+=head1 KEY FORMATS
+
+Various different formats are used by the pkcs8 utility. These are detailed
+below.
+
+If a key is being converted from PKCS#8 form (i.e. the B<-topk8> option is
+not used) then the input file must be in PKCS#8 format. An encrypted
+key is expected unless B<-nocrypt> is included.
+
+If B<-topk8> is not used and B<PEM> mode is set the output file will be an
+unencrypted private key in PKCS#8 format. If the B<-traditional> option is
+used then a traditional format private key is written instead.
+
+If B<-topk8> is not used and B<DER> mode is set the output file will be an
+unencrypted private key in traditional DER format.
+
+If B<-topk8> is used then any supported private key can be used for the input
+file in a format specified by B<-inform>. The output file will be encrypted
+PKCS#8 format using the specified encryption parameters unless B<-nocrypt>
+is included.
+
=head1 NOTES
By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit
@@ -199,20 +221,28 @@ allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
=head1 EXAMPLES
-Convert a private from traditional to PKCS#5 v2.0 format using triple
-DES:
+Convert a private key to PKCS#8 format using default parameters (AES with
+256 bit key and B<hmacWithSHA256>):
+
+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
+
+Convert a private key to PKCS#8 unencrypted format:
+
+ openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem
+
+Convert a private key to PKCS#5 v2.0 format using triple DES:
openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
-Convert a private from traditional to PKCS#5 v2.0 format using AES with
-256 bits in CBC mode and B<hmacWithSHA256> PRF:
+Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC
+mode and B<hmacWithSHA512> PRF:
- openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 -out enckey.pem
+ openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem
Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
(DES):
- openssl pkcs8 -in key.pem -topk8 -out enckey.pem
+ openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem
Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
(3DES):
@@ -223,14 +253,14 @@ Read a DER unencrypted PKCS#8 format private key:
openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
-Convert a private key from any PKCS#8 format to traditional format:
+Convert a private key from any PKCS#8 encrypted format to traditional format:
- openssl pkcs8 -in pk8.pem -out key.pem
+ openssl pkcs8 -in pk8.pem -traditional -out key.pem
Convert a private key to PKCS#8 format, encrypting with AES-256 and with
one million iterations of the password:
- openssl pkcs8 -in raw.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
+ openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
=head1 STANDARDS
@@ -250,10 +280,6 @@ PKCS#8 private key format complies with this standard.
There should be an option that prints out the encryption algorithm
in use and other details such as the iteration count.
-PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private
-key format for OpenSSL: for compatibility several of the utilities use
-the old format at present.
-
=head1 SEE ALSO
L<dsa(1)>, L<rsa(1)>, L<genrsa(1)>,
diff --git a/doc/apps/pkey.pod b/doc/apps/pkey.pod
index 2848502..dc736a3 100644
--- a/doc/apps/pkey.pod
+++ b/doc/apps/pkey.pod
@@ -14,6 +14,7 @@ B<openssl> B<pkey>
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
+[B<-traditional>]
[B<-cipher>]
[B<-text>]
[B<-text_pub>]
@@ -67,6 +68,12 @@ filename.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+=item B<-traditional>
+
+normally a private key is written using standard format: this is PKCS#8 form
+with the appropriate encryption algorithm (if any). If the B<-traditional>
+option is specified then the older "traditional" format is used instead.
+
=item B<-cipher>
These options encrypt the private key with the supplied cipher. Any algorithm
diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod
index cec8c55..f355196 100644
--- a/doc/crypto/pem.pod
+++ b/doc/crypto/pem.pod
@@ -3,7 +3,8 @@
=head1 NAME
PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
-PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
+PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
+PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
@@ -35,6 +36,10 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u);
+ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u);
int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u);
@@ -157,19 +162,21 @@ clarity the term "B<foobar> functions" will be used to collectively
refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
PEM_write_bio_foobar() and PEM_write_foobar() functions.
-The B<PrivateKey> functions read or write a private key in
-PEM format using an EVP_PKEY structure. The write routines use
-"traditional" private key format and can handle both RSA and DSA
-private keys. The read functions can additionally transparently
-handle PKCS#8 format encrypted and unencrypted keys too.
+The B<PrivateKey> functions read or write a private key in PEM format using an
+EVP_PKEY structure. The write routines use PKCS#8 private key format and are
+equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently
+handle traditional and PKCS#8 format encrypted and unencrypted keys.
-PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
-write a private key in an EVP_PKEY structure in PKCS#8
-EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
-algorithms. The B<cipher> argument specifies the encryption algorithm to
-use: unlike all other PEM routines the encryption is applied at the
-PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
-encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
+PEM_write_bio_PrivateKey_traditional() writes out a private key in legacy
+"traditional" format.
+
+PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private
+key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using
+PKCS#5 v2.0 password based encryption algorithms. The B<cipher> argument
+specifies the encryption algorithm to use: unlike some other PEM routines the
+encryption is applied at the PKCS#8 level and not in the PEM headers. If
+B<cipher> is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo
+structure is used instead.
PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
@@ -182,7 +189,8 @@ structure. The public key is encoded as a SubjectPublicKeyInfo
structure.
The B<RSAPrivateKey> functions process an RSA private key using an
-RSA structure. It handles the same formats as the B<PrivateKey>
+RSA structure. The write routines uses traditional format. The read
+routines handles the same formats as the B<PrivateKey>
functions but an error occurs if the private key is not RSA.
The B<RSAPublicKey> functions process an RSA public key using an
@@ -195,7 +203,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public
key is not RSA.
The B<DSAPrivateKey> functions process a DSA private key using a
-DSA structure. It handles the same formats as the B<PrivateKey>
+DSA structure. The write routines uses traditional format. The read
+routines handles the same formats as the B<PrivateKey>
functions but an error occurs if the private key is not DSA.
The B<DSA_PUBKEY> functions process a DSA public key using
@@ -403,7 +412,7 @@ password is passed to EVP_BytesToKey() using the B<data> and B<datal>
parameters. Finally, the library uses an iteration count of 1 for
EVP_BytesToKey().
-he B<key> derived by EVP_BytesToKey() along with the original initialization
+The B<key> derived by EVP_BytesToKey() along with the original initialization
vector is then used to decrypt the encrypted data. The B<iv> produced by
EVP_BytesToKey() is not utilized or needed, and NULL should be passed to
the function.
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 74445ca..df78fd8 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -359,6 +359,11 @@ DECLARE_PEM_write_const(DHxparams, DH)
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+
int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
char *kstr, int klen,
pem_password_cb *cb, void *u);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index ccd37f8..7583e07 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4213,3 +4213,4 @@ X509_OBJECT_get_type 4087 1_1_0 EXIST::FUNCTION:
X509_STORE_set_verify 4088 1_1_0 EXIST::FUNCTION:
X509_OBJECT_new 4089 1_1_0 EXIST::FUNCTION:
X509_STORE_get0_param 4090 1_1_0 EXIST::FUNCTION:
+PEM_write_bio_PrivateKey_traditional 4091 1_1_0 EXIST::FUNCTION:
Dr. Stephen Henson
May 23, 2016, 2:16:17 PM5/23/16
to
The branch master has been updated
via f65a8c1e66f43b642d5d1709a933615aac62cebd (commit)
via 77ab2b0193a5b53112af3e99409e3ac57e6b5555 (commit)
from f3fcd4d5e79bdb2b9dbeac73603a52de38bba5ab (commit)
- Log -----------------------------------------------------------------
commit f65a8c1e66f43b642d5d1709a933615aac62cebd
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon May 23 18:13:16 2016 +0100
Support -no-CAfile -no-CApath in ctx2
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
commit 77ab2b0193a5b53112af3e99409e3ac57e6b5555
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon May 23 18:23:33 2016 +0100
remove encrypt then mac ifdefs
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_locl.h | 4 ----
ssl/t1_lib.c | 12 ------------
3 files changed, 3 insertions(+), 18 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index dd12475..35baac9 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1760,9 +1760,10 @@ int s_server_main(int argc, char *argv[])
if (async)
SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2))) {
+ if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile,
+ noCApath)) {
ERR_print_errors(bio_err);
+ goto end;
}
if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) {
BIO_printf(bio_err, "Error setting verify params\n");
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a1f5774..243535f 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -363,11 +363,7 @@
# define SSL_CLIENT_USE_SIGALGS(s) \
SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
-# ifdef TLSEXT_TYPE_encrypt_then_mac
# define SSL_USE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
-# else
-# define SSL_USE_ETM(s) (0)
-# endif
/* Mostly for SSLv3 */
# define SSL_PKEY_RSA_ENC 0
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2e0b35e..8f16668 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1367,10 +1367,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
/* Add custom TLS Extensions to ClientHello */
if (!custom_ext_add(s, 0, &ret, limit, al))
return NULL;
-#ifdef TLSEXT_TYPE_encrypt_then_mac
s2n(TLSEXT_TYPE_encrypt_then_mac, ret);
s2n(0, ret);
-#endif
#ifndef OPENSSL_NO_CT
if (s->ct_validation_callback != NULL) {
s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret);
@@ -1597,7 +1595,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
#endif
if (!custom_ext_add(s, 1, &ret, limit, al))
return NULL;
-#ifdef TLSEXT_TYPE_encrypt_then_mac
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) {
/*
* Don't use encrypt_then_mac if AEAD or RC4 might want to disable
@@ -1613,7 +1610,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(0, ret);
}
}
-#endif
if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
s2n(TLSEXT_TYPE_extended_master_secret, ret);
s2n(0, ret);
@@ -1826,9 +1822,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL;
-#ifdef TLSEXT_TYPE_encrypt_then_mac
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
-#endif
#ifndef OPENSSL_NO_SRP
OPENSSL_free(s->srp_ctx.login);
@@ -2165,10 +2159,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0;
}
#endif
-#ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
-#endif
/*
* Note: extended master secret extension handled in
* tls_check_serverhello_tlsext_early()
@@ -2268,9 +2260,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
#endif
-#ifdef TLSEXT_TYPE_encrypt_then_mac
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
-#endif
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
@@ -2482,14 +2472,12 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0;
}
#endif
-#ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac) {
/* Ignore if inappropriate ciphersuite */
if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
&& s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
}
-#endif
else if (type == TLSEXT_TYPE_extended_master_secret) {
s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
if (!s->hit)
Matt Caswell
May 23, 2016, 3:11:33 PM5/23/16
to
The branch master has been updated
via 050a36a9a1af1e00003f76597df7cf9ff33f8101 (commit)
from 0cd0a820abc6124cf8e176fa92d620a2abf9e419 (commit)
- Log -----------------------------------------------------------------
commit 050a36a9a1af1e00003f76597df7cf9ff33f8101
Author: Todd Short <tsh...@akamai.com>
Date: Mon May 23 08:50:32 2016 -0400
Add buf-freelists to deprecated options
The buf-freelists option was removed in master. There may be some
things that try to disable it, so don't error out.
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configure | 1 +
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 1 insertion(+)
diff --git a/Configure b/Configure
index 4d3346e..215ffb8 100755
--- a/Configure
+++ b/Configure
@@ -356,6 +356,7 @@ foreach my $proto ((@tls, @dtls))
my @deprecated_disablables = (
"ssl2",
+ "buf-freelists",
);
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
Richard Levitte
May 23, 2016, 3:48:59 PM5/23/16
to
The branch master has been updated
via 7285ac09563d19842fb2bce1a818598ebb278be4 (commit)
via 2ff4d2933e55408d91fcdb8093792952a9f72dad (commit)
via 5f94746fa476150b0279d980991fbdf19eaa538d (commit)
via 34f5d44f6a4eb09f4d41041091a20c2bf4bf9bf7 (commit)
via 35b060fcc994bc019acdfa96f30cf8aa4f41881a (commit)
from 050a36a9a1af1e00003f76597df7cf9ff33f8101 (commit)
- Log -----------------------------------------------------------------
commit 7285ac09563d19842fb2bce1a818598ebb278be4
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 18:35:23 2016 +0200
VMS: show the ossl_dataroot logical as well when doing "mms debug_logicals"
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 2ff4d2933e55408d91fcdb8093792952a9f72dad
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 16:46:45 2016 +0200
Install the scripts the same way on Windows and VMS as on Unix
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 5f94746fa476150b0279d980991fbdf19eaa538d
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 15:51:19 2016 +0200
Make sure tsget.pl and c_rehash.pl get installed on VMS and Windows.
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 34f5d44f6a4eb09f4d41041091a20c2bf4bf9bf7
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 15:49:25 2016 +0200
Make sure tsget and c_rehash are named with .pl suffix on Windows and VMS
Especially on Windows, the .pl suffix is associated with the perl
interpreter, and therefore make those scripts usable as commands of
their own. On VMS, it simply looks better.
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 35b060fcc994bc019acdfa96f30cf8aa4f41881a
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 15:47:43 2016 +0200
Make sure to initialize all CA.pl variables properly
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configurations/windows-makefile.tmpl | 9 +++++++++
VMS/openssl_utils.com | 5 ++---
apps/CA.pl.in | 4 ++--
apps/build.info | 8 +++++---
tools/build.info | 7 +++++--
6 files changed, 32 insertions(+), 15 deletions(-)
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 7c4715d..3314a17 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -113,6 +113,10 @@ DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; }
keys %{$unified_info{sources}};
join(", ", map { "-\n\t".$_ } @deps); -}
{- output_on() if $disabled{makedepend}; "" -}
+{- output_off() if $disabled{apps}; "" -}
+BIN_SCRIPTS=[.tools]c_rehash.pl
+MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
+{- output_on() if $disabled{apps}; "" -}
# DESTDIR is for package builders so that they can configure for, say,
# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
@@ -347,8 +351,7 @@ install_runtime : check_INSTALLTOP
COPY/PROT=W:RE [.APPS]openssl.EXE ossl_installroot:[EXE.'arch']
@ ! Install scripts
- CREATE/DIR ossl_installroot:[EXE]
- COPY/PROT=W:RE [.APPS]CA.pl ossl_installroot:[EXE]
- COPY/PROT=W:RE [.TOOLS]c_rehash. ossl_installroot:[EXE]c_rehash.pl
+ COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
@ ! {- output_on() if $disabled{apps}; "" -}
@ ! Install configuration file
- CREATE/DIR ossl_dataroot:[000000]
@@ -370,6 +373,8 @@ install_config : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[CERTS]
IF F$SEARCH("OSSL_DATAROOT:[000000]PRIVATE.DIR;1") .EQS. "" THEN -
CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[PRIVATE]
+ IF F$SEARCH("OSSL_DATAROOT:[000000]MISC.DIR;1") .EQS. "" THEN -
+ CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[MISC]
- CREATE/DIR ossl_installroot:[SYS$STARTUP]
COPY/PROT=W:RE -
[.VMS]openssl_startup.com,openssl_shutdown.com -
@@ -377,6 +382,7 @@ install_config : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
COPY/PROT=W:RE -
{- sourcefile("VMS", "openssl_utils.com") -} -
ossl_installroot:[SYS$STARTUP]
+ COPY/PROT=W:RE $(MISC_SCRIPTS) OSSL_DATAROOT:[MISC]
[.VMS]openssl_startup.com : vmsconfig.pm {- sourcefile("VMS", "openssl_startup.com.in") -}
- CREATE/DIR [.VMS]
@@ -433,9 +439,7 @@ check_INSTALLTOP :
# Developer targets ##################################################
debug_logicals :
- SH LOGICAL/PROC openssl,internal,ossl_installroot
- IF "$(DESTDIR)" .EQS. "" THEN -
- SH LOGICAL/PROC ossl_dataroot
+ SH LOGICAL/PROC openssl,internal,ossl_installroot,ossl_dataroot
# Building targets ###################################################
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 258421d..d72c7bc 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -67,6 +67,10 @@ PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{pr
PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{programs}}) -}
TESTPROGS={- join(" ", map { $_.$exeext } grep { m|^test\\| } @{$unified_info{programs}}) -}
SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
+{- output_off() if $disabled{apps}; "" -}
+BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl
+MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl
+{- output_on() if $disabled{apps}; "" -}
{- output_off() if $disabled{makedepend}; "" -}
DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
@@ -197,8 +201,11 @@ uninstall_docs:
install_ssldirs:
@$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)\certs"
@$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)\private"
+ @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)\misc"
@$(PERL) $(SRCDIR)\util\copy.pl $(SRCDIR)\apps\openssl.cnf \
"$(DESTDIR)$(OPENSSLDIR)"
+ @$(PERL) $(SRCDIR)\util\copy.pl $(MISC_SCRIPTS) \
+ "$(DESTDIR)$(OPENSSLDIR)\misc"
install_dev:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@@ -241,6 +248,8 @@ install_runtime:
"$(DESTDIR)$(INSTALLTOP)\bin"
@$(PERL) $(SRCDIR)\util\copy.pl $(PROGRAMPDBS) \
"$(DESTDIR)$(INSTALLTOP)\bin"
+ @$(PERL) $(SRCDIR)\util\copy.pl $(BIN_SCRIPTS) \
+ "$(DESTDIR)$(INSTALLTOP)\bin"
uninstall_runtime:
diff --git a/VMS/openssl_utils.com b/VMS/openssl_utils.com
index b9dea72..09c75d9 100644
--- a/VMS/openssl_utils.com
+++ b/VMS/openssl_utils.com
@@ -5,8 +5,7 @@ $ OPENSSL :== $OSSL$EXE:OPENSSL
$
$ IF F$SYMBOL(PERL) .EQS. "STRING"
$ THEN
-$ OSSLCA :== 'PERL' OSSL$EXE:CA.pl
-$ OSSLREHASH :== 'PERL' OSSL$EXE:c_rehash.pl
+$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl
$ ELSE
-$ WRITE SYS$ERROR "NOTE: no perl => no OSSLCA or OSSLREHASH"
+$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
$ ENDIF
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 4fc4088..0dec24c 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -23,7 +23,7 @@ if(defined $ENV{'OPENSSL'}) {
my $verbose = 1;
-my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"};
+my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
my $DAYS = "-days 365";
my $CADAYS = "-days 1095"; # 3 years
my $REQ = "$openssl req $OPENSSL_CONFIG";
@@ -45,7 +45,7 @@ my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
my $NEWP12 = "newcert.p12";
my $RET = 0;
-my $WHAT = shift @ARGV;
+my $WHAT = shift @ARGV || "";
my $FILE;
# See if reason for a CRL entry is valid; exit if not.
diff --git a/apps/build.info b/apps/build.info
index 3baba66..6a742cf 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -1,4 +1,6 @@
-{- use File::Spec::Functions qw/catdir rel2abs/; -}
+{- use File::Spec::Functions qw/catdir rel2abs/;
+ our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget";
+ "" -}
IF[{- !$disabled{apps} -}]
PROGRAMS=openssl
SOURCE[openssl]=\
@@ -15,7 +17,7 @@ IF[{- !$disabled{apps} -}]
INCLUDE[openssl]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
DEPEND[openssl]=../libssl
- SCRIPTS=CA.pl tsget
+ SCRIPTS=CA.pl {- $tsget_name -}
SOURCE[CA.pl]=CA.pl.in
- SOURCE[tsget]=tsget.in
+ SOURCE[{- $tsget_name -}]=tsget.in
ENDIF
diff --git a/tools/build.info b/tools/build.info
index 3810fbc..059e582 100644
--- a/tools/build.info
+++ b/tools/build.info
@@ -1,4 +1,7 @@
+{- our $c_rehash_name =
+ $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash";
+ "" -}
IF[{- !$disabled{apps} -}]
- SCRIPTS=c_rehash
- SOURCE[c_rehash]=c_rehash.in
+ SCRIPTS={- $c_rehash_name -}
+ SOURCE[{- $c_rehash_name -}]=c_rehash.in
ENDIF
Richard Levitte
May 23, 2016, 5:02:45 PM5/23/16
to
The branch master has been updated
via 1c7bfec5982210b2666a91771777c56338cf4d8d (commit)
from 7285ac09563d19842fb2bce1a818598ebb278be4 (commit)
- Log -----------------------------------------------------------------
commit 1c7bfec5982210b2666a91771777c56338cf4d8d
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 23 22:24:13 2016 +0200
Windows notes: add a few lines on gaining admin privs for installing
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 6 insertions(+)
diff --git a/NOTES.WIN b/NOTES.WIN
index a2e9120..b3d1967 100644
--- a/NOTES.WIN
+++ b/NOTES.WIN
@@ -47,6 +47,12 @@
PREFIX: %ProgramFiles%\OpenSSL
OPENSSLDIR: %CommonProgramFiles%\SSL
+ ALSO NOTE that those directories are usually write protected, even if
+ your account is in the Administrators group. To work around that,
+ start the command prompt by right-clicking on it and choosing "Run as
+ Administrator" before running 'nmake install'. The other solution
+ is, of course, to choose a different set of directories by using
+ --prefix and --openssldir when configuring.
GNU C (Cygwin)
--------------
Matt Caswell
May 23, 2016, 6:10:29 PM5/23/16
to
The branch master has been updated
via a93e0e78db78e03bdcd29acf9bbc8a812ee50cb6 (commit)from 1c7bfec5982210b2666a91771777c56338cf4d8d (commit)
- Log -----------------------------------------------------------------
commit a93e0e78db78e03bdcd29acf9bbc8a812ee50cb6
Author: J Mohan Rao Arisankala <mo...@barracuda.com>
Date: Mon May 23 23:37:47 2016 +0530
#4342: few missing malloc return checks and free in error paths
ossl_hmac_cleanup, pkey_hmac_cleanup:
- allow to invoke with NULL data
- using EVP_PKEY_CTX_[get|set]_data
EVP_DigestInit_ex:
- remove additional check for ‘type’ and doing clear free instead of
free
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/engine/eng_openssl.c | 25 ++++++++++++++++++++-----
crypto/evp/digest.c | 8 +++-----
crypto/hmac/hm_pmeth.c | 24 ++++++++++++++++++------
3 files changed, 41 insertions(+), 16 deletions(-)
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 75fd23d..7e28604 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -441,6 +441,10 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING;
hctx->ctx = HMAC_CTX_new();
+ if (hctx->ctx == NULL) {
+ OPENSSL_free(hctx);
+ return 0;
+ }
EVP_PKEY_CTX_set_data(ctx, hctx);
EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
# ifdef TEST_ENG_OPENSSL_HMAC_INIT
@@ -449,31 +453,42 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
return 1;
}
+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
OSSL_HMAC_PKEY_CTX *sctx, *dctx;
+
+ /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
if (!ossl_hmac_init(dst))
return 0;
sctx = EVP_PKEY_CTX_get_data(src);
dctx = EVP_PKEY_CTX_get_data(dst);
dctx->md = sctx->md;
if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
- return 0;
+ goto err;
if (sctx->ktmp.data) {
if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
sctx->ktmp.data, sctx->ktmp.length))
- return 0;
+ goto err;
}
return 1;
+err:
+ /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+ ossl_hmac_cleanup(dst);
+ return 0;
}
static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
{
OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
- HMAC_CTX_free(hctx->ctx);
- OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
- OPENSSL_free(hctx);
+ if (hctx) {
+ HMAC_CTX_free(hctx->ctx);
+ OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
+ OPENSSL_free(hctx);
+ EVP_PKEY_CTX_set_data(ctx, NULL);
+ }
}
static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 051fc7b..c594a0a 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -68,10 +68,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
* previous handle, re-querying for an ENGINE, and having a
* reinitialisation, when it may all be unnecessary.
*/
- if (ctx->engine && ctx->digest && (!type ||
- (type
- && (type->type ==
- ctx->digest->type))))
+ if (ctx->engine && ctx->digest &&
+ (type == NULL || (type->type == ctx->digest->type)))
goto skip_to_init;
if (type) {
/*
@@ -117,7 +115,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
#endif
if (ctx->digest != type) {
if (ctx->digest && ctx->digest->ctx_size) {
- OPENSSL_free(ctx->md_data);
+ OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
ctx->md_data = NULL;
}
ctx->digest = type;
diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c
index 55493be..5b98477 100644
--- a/crypto/hmac/hm_pmeth.c
+++ b/crypto/hmac/hm_pmeth.c
@@ -32,6 +32,10 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING;
hctx->ctx = HMAC_CTX_new();
+ if (hctx->ctx == NULL) {
+ OPENSSL_free(hctx);
+ return 0;
+ }
ctx->data = hctx;
ctx->keygen_info_count = 0;
@@ -39,33 +43,41 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
return 1;
}
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
HMAC_PKEY_CTX *sctx, *dctx;
+
+ /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
if (!pkey_hmac_init(dst))
return 0;
- sctx = src->data;
- dctx = dst->data;
+ sctx = EVP_PKEY_CTX_get_data(src);
+ dctx = EVP_PKEY_CTX_get_data(dst);
dctx->md = sctx->md;
if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
- return 0;
+ goto err;
if (sctx->ktmp.data) {
if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
sctx->ktmp.data, sctx->ktmp.length))
- return 0;
+ goto err;
}
return 1;
+err:
+ /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+ pkey_hmac_cleanup (dst);
+ return 0;
}
static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
{
- HMAC_PKEY_CTX *hctx = ctx->data;
+ HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
if (hctx != NULL) {
HMAC_CTX_free(hctx->ctx);
OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
OPENSSL_free(hctx);
- ctx->data = NULL;
+ EVP_PKEY_CTX_set_data(ctx, NULL);
Matt Caswell
May 23, 2016, 6:27:52 PM5/23/16
to
The branch master has been updated
via 7d37818dacc87c21dfc9d2def5014657344875e3 (commit)
from a93e0e78db78e03bdcd29acf9bbc8a812ee50cb6 (commit)
- Log -----------------------------------------------------------------
commit 7d37818dacc87c21dfc9d2def5014657344875e3
Author: Matt Caswell <ma...@openssl.org>
Date: Mon May 23 13:52:29 2016 +0100
Use strerror_r()/strerror_s() instead of strerror() where possible
The function strerror() is not thread safe. We should use strerror_r()
where possible, or strerror_s() on Windows.
RT#2267
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/err/err.c | 6 +-----
crypto/include/internal/cryptlib.h | 2 ++
crypto/o_str.c | 28 ++++++++++++++++++++++++++++
4 files changed, 37 insertions(+), 7 deletions(-)
diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c
index f5c51bf..bc29fb2 100644
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@@ -66,8 +66,10 @@ static int dl_load(DSO *dso)
(dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
DYNAMIC_PATH), 0L);
if (ptr == NULL) {
+ char errbuf[160];
DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
- ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno));
+ if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+ ERR_add_error_data(4, "filename(", filename, "): ", errbuf);
goto err;
}
if (!sk_push(dso->meth_data, (char *)ptr)) {
@@ -130,8 +132,10 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
return (NULL);
}
if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+ char errbuf[160];
DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
- ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
+ if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+ ERR_add_error_data(4, "symname(", symname, "): ", errbuf);
return (NULL);
}
return ((DSO_FUNC_TYPE)sym);
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 1035e4c..9b679d9 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -220,12 +220,8 @@ static void build_SYS_str_reasons(void)
str->error = (unsigned long)i;
if (str->string == NULL) {
char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
- char *src = strerror(i);
- if (src != NULL) {
- strncpy(*dest, src, sizeof(*dest));
- (*dest)[sizeof(*dest) - 1] = '\0';
+ if (openssl_strerror_r(i, *dest, sizeof(*dest)))
str->string = *dest;
- }
}
if (str->string == NULL)
str->string = "unknown";
diff --git a/crypto/include/internal/cryptlib.h b/crypto/include/internal/cryptlib.h
index 1327dca..f2377d1 100644
--- a/crypto/include/internal/cryptlib.h
+++ b/crypto/include/internal/cryptlib.h
@@ -67,6 +67,8 @@ void OPENSSL_showfatal(const char *fmta, ...);
extern int OPENSSL_NONPIC_relocated;
void crypto_cleanup_all_ex_data_int(void);
+int openssl_strerror_r(int errnum, char *buf, size_t buflen);
+
#ifdef __cplusplus
}
#endif
diff --git a/crypto/o_str.c b/crypto/o_str.c
index 0ee2c86..98eb163 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -258,3 +258,31 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
return tmp;
}
+
+int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+{
+#if defined(OPENSSL_SYS_WINDOWS)
+ if (strerror_s(buf, buflen, errnum) == EINVAL)
+ return 0;
+ return 1;
+#elif (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) && !_GNU_SOURCE
+ /*
+ * We can use "real" strerror_r. The OpenSSL version differs in that it
+ * gives 1 on success and 0 on failure for consistency with other OpenSSL
+ * functions. Real strerror_r does it the other way around
+ */
+ return !strerror_r(errnum, buf, buflen);
+#else
+ char *err;
+ /* Fall back to non-thread safe strerror()...its all we can do */
+ if (buflen < 2)
+ return 0;
+ err = strerror(errnum);
+ /* Can this ever happen? */
+ if (err == NULL)
+ return 0;
+ strncpy(buf, err, buflen - 1);
+ buf[buflen - 1] = '\0';
+ return 1;
+#endif
+}
Matt Caswell
May 23, 2016, 6:32:06 PM5/23/16
to
The branch master has been updated
via dae00d631fdaed48d88c454864abbd6ce99c63d6 (commit)
from 7d37818dacc87c21dfc9d2def5014657344875e3 (commit)
- Log -----------------------------------------------------------------
commit dae00d631fdaed48d88c454864abbd6ce99c63d6
Author: Matt Caswell <ma...@openssl.org>
Date: Mon May 23 10:55:54 2016 +0100
Add error return for OPENSSL_INIT_set_config_filename()
The OPENSSL_INIT_set_config_filename() function can fail so ensure that it
provides a suitable error code.
GitHub Issue #920
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/OPENSSL_init_crypto.pod | 12 +++++++-----
include/openssl/crypto.h | 4 ++--
3 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 1b902e2..a1e42eb 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -339,11 +339,21 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
#ifndef OPENSSL_NO_STDIO
-void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
- const char *config_file)
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+ const char *config_file)
{
+ char *new_config_file = NULL;
+
+ if (config_file != NULL) {
+ new_config_file = strdup(config_file);
+ if (new_config_file == NULL)
+ return 0;
+ }
+
free(settings->config_name);
- settings->config_name = config_file == NULL ? NULL : strdup(config_file);
+ settings->config_name = new_config_file;
+
+ return 1;
}
#endif
diff --git a/doc/crypto/OPENSSL_init_crypto.pod b/doc/crypto/OPENSSL_init_crypto.pod
index 157ab81..8caa361 100644
--- a/doc/crypto/OPENSSL_init_crypto.pod
+++ b/doc/crypto/OPENSSL_init_crypto.pod
@@ -16,8 +16,9 @@ initialisation and deinitialisation functions
void OPENSSL_thread_stop(void);
OPENSSL_INIT_SETTINGS *OPENSSL_init_new(void);
- OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, const char* name);
- OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
+ int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
+ const char* name);
+ void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
=head1 DESCRIPTION
@@ -208,8 +209,8 @@ using static linking should also call OPENSSL_thread_stop().
=head1 RETURN VALUES
-The functions OPENSSL_init_crypto and OPENSSL_atexit() returns 1 on success or
-0 on error.
+The functions OPENSSL_init_crypto, OPENSSL_atexit() and
+OPENSSL_INIT_set_config_filename() return 1 on success or 0 on error.
=head1 SEE ALSO
@@ -218,7 +219,8 @@ L<OPENSSL_init_ssl(3)>
=head1 HISTORY
The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
-and OPENSSL_thread_stop() functions were added in OpenSSL 1.1.0.
+OPENSSL_thread_stop(), OPENSSL_init_new(), OPENSSL_INIT_set_config_filename()
+and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index c98b99b..c4b31d9 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -380,8 +380,8 @@ void OPENSSL_thread_stop(void);
/* Low-level control of initialization */
OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
#ifndef OPENSSL_NO_STDIO
-void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
- const char *config_file);
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+ const char *config_file);
#endif
void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
Matt Caswell
May 23, 2016, 7:09:09 PM5/23/16
to
The branch master has been updated
via 308ff28673ae1a4a1b346761224b4a8851d41f58 (commit)
from dae00d631fdaed48d88c454864abbd6ce99c63d6 (commit)
- Log -----------------------------------------------------------------
commit 308ff28673ae1a4a1b346761224b4a8851d41f58
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Apr 25 16:22:31 2016 +0100
Fix error return value in SRP functions
The functions SRP_Calc_client_key() and SRP_Calc_server_key() were
incorrectly returning a valid pointer in the event of error.
Issue reported by Yuan Jochen Kang
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 780f5ab..766a0a2 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -104,8 +104,7 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
return NULL;
- if ((bn_ctx = BN_CTX_new()) == NULL ||
- (tmp = BN_new()) == NULL || (S = BN_new()) == NULL)
+ if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
goto err;
/* S = (A*v**u) ** b */
@@ -114,8 +113,12 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
goto err;
if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
goto err;
- if (!BN_mod_exp(S, tmp, b, N, bn_ctx))
- goto err;
+
+ S = BN_new();
+ if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
+ BN_free(S);
+ S = NULL;
+ }
err:
BN_CTX_free(bn_ctx);
BN_clear_free(tmp);
@@ -216,8 +219,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
if ((tmp = BN_new()) == NULL ||
(tmp2 = BN_new()) == NULL ||
- (tmp3 = BN_new()) == NULL ||
- (K = BN_new()) == NULL)
+ (tmp3 = BN_new()) == NULL)
goto err;
if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
@@ -232,8 +234,11 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
goto err;
if (!BN_add(tmp2, a, tmp3))
goto err;
- if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
- goto err;
+ K = BN_new();
+ if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
+ BN_free(K);
+ K = NULL;
+ }
err:
BN_CTX_free(bn_ctx);
Matt Caswell
May 23, 2016, 7:14:17 PM5/23/16
to
The branch master has been updated
via 0a618df059d93bf7fe9e3ec92e04db8bc1eeff07 (commit)
from 308ff28673ae1a4a1b346761224b4a8851d41f58 (commit)
- Log -----------------------------------------------------------------
commit 0a618df059d93bf7fe9e3ec92e04db8bc1eeff07
Author: Matt Caswell <ma...@openssl.org>
Date: Mon May 9 17:44:26 2016 +0100
Fix a mem leak on an error path in OBJ_NAME_add()
If lh_OBJ_NAME_insert() fails then the allocated |onp| value is leaked.
RT#2238
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index e43fb30..c655a90 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -191,7 +191,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
onp = OPENSSL_malloc(sizeof(*onp));
if (onp == NULL) {
/* ERROR */
- return (0);
+ return 0;
}
onp->name = name;
@@ -216,10 +216,11 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
} else {
if (lh_OBJ_NAME_error(names_lh)) {
/* ERROR */
- return (0);
+ OPENSSL_free(onp);
+ return 0;
}
}
- return (1);
+ return 1;
}
int OBJ_NAME_remove(const char *name, int type)
Rich Salz
May 24, 2016, 10:50:29 AM5/24/16
to
The branch master has been updated
via e0a675e211302257256ed80ea1edeff329c9b9e9 (commit)
from 0a618df059d93bf7fe9e3ec92e04db8bc1eeff07 (commit)
- Log -----------------------------------------------------------------
commit e0a675e211302257256ed80ea1edeff329c9b9e9
Author: Todd Short <tsh...@akamai.com>
Date: Tue May 24 08:55:12 2016 -0400
Clean up RAND_bytes() calls
When RAND_pseudo_bytes() was replaced with RAND_bytes(), this case
was not reduced to a simple RAND_bytes() call.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1117)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_rand.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 1dd07e7..9c0a4ee 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -44,13 +44,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
time(&tim);
RAND_add(&tim, sizeof(tim), 0.0);
- if (pseudorand) {
- if (RAND_bytes(buf, bytes) <= 0)
- goto err;
- } else {
- if (RAND_bytes(buf, bytes) <= 0)
- goto err;
- }
+ if (RAND_bytes(buf, bytes) <= 0)
+ goto err;
if (pseudorand == 2) {
/*
Rich Salz
May 24, 2016, 10:51:40 AM5/24/16
to
The branch master has been updated
via c01a3c6df038d4cbec87ae658c25b3730c5af88c (commit)
from e0a675e211302257256ed80ea1edeff329c9b9e9 (commit)
- Log -----------------------------------------------------------------
commit c01a3c6df038d4cbec87ae658c25b3730c5af88c
Author: Todd Short <tsh...@akamai.com>
Date: Tue May 24 09:03:25 2016 -0400
Fix braces in e_aes.c: aes_init_key
This compiles correctly, but depending on what may be defined, it's
possible that this could fail compilation. The braces are mismatched,
and it's possible to end up with an else followed by another else.
This presumes the indentation is mostly correct and indicative of
intent. Found via static analysis.
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1118)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/e_aes.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index ae39992..cfa65b8 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1027,7 +1027,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
mode = EVP_CIPHER_CTX_mode(ctx);
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
- && !enc)
+ && !enc) {
#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
ret = HWAES_set_decrypt_key(key,
@@ -1066,6 +1066,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
dat->block = (block128_f) AES_decrypt;
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
(cbc128_f) AES_cbc_encrypt : NULL;
+ }
} else
#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
Rich Salz
May 24, 2016, 11:05:27 AM5/24/16
to
The branch master has been updated
via 04473165815e93c8453f6c0b55a5dd0b93f668fa (commit)
from c01a3c6df038d4cbec87ae658c25b3730c5af88c (commit)
- Log -----------------------------------------------------------------
commit 04473165815e93c8453f6c0b55a5dd0b93f668fa
Author: Rich Salz <rs...@openssl.org>
Date: Tue May 24 09:19:43 2016 -0400
GH919: Fix wrappers for two headers
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
engines/afalg/e_afalg.h | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/ppc_arch.h b/crypto/ppc_arch.h
index 5f5a5c9..65cf96f 100644
--- a/crypto/ppc_arch.h
+++ b/crypto/ppc_arch.h
@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
-#ifndef __PPC_ARCH_H__
-# define __PPC_ARCH_H__
+#ifndef HEADER_PPC_ARCH_H
+# define HEADER_PPC_ARCH_H
extern unsigned int OPENSSL_ppccap_P;
diff --git a/engines/afalg/e_afalg.h b/engines/afalg/e_afalg.h
index f990f48..8f4d2d1 100644
--- a/engines/afalg/e_afalg.h
+++ b/engines/afalg/e_afalg.h
@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
-#ifndef _E_AFALG_H_
-# define _E_AFALG_H_
+#ifndef HEADER_AFALG_H
+# define HEADER_AFALG_H
# ifdef ALG_DEBUG
# define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
Kurt Roeckx
May 24, 2016, 3:36:45 PM5/24/16
to
The branch master has been updated
via 73b61c7e14115ae98c174bfdd7c7733d6cc7e909 (commit)
from 04473165815e93c8453f6c0b55a5dd0b93f668fa (commit)
- Log -----------------------------------------------------------------
commit 73b61c7e14115ae98c174bfdd7c7733d6cc7e909
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Mon May 23 23:09:33 2016 +0200
Avoid creating an illegal pointer
Found by tis-interpreter
GH: #1115
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/tasn_fre.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index 1471680..9b623d9 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -102,9 +102,11 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
* field and we wont be able to determine the type of the field it
* defines. So free up in reverse order.
*/
- tt = it->templates + it->tcount - 1;
- for (i = 0; i < it->tcount; tt--, i++) {
+ tt = it->templates + it->tcount;
+ for (i = 0; i < it->tcount; i++) {
ASN1_VALUE **pseqval;
+
+ tt--;
seqtt = asn1_do_adb(pval, tt, 0);
if (!seqtt)
continue;
Richard Levitte
May 24, 2016, 6:46:13 PM5/24/16
to
The branch master has been updated
via b202bf675b54dddf268d168a9a7c5db9f62e05ae (commit)
via 05a7aee0e2b9102c8b2ececdc1dfdb727c453c95 (commit)
from 73b61c7e14115ae98c174bfdd7c7733d6cc7e909 (commit)
- Log -----------------------------------------------------------------
commit b202bf675b54dddf268d168a9a7c5db9f62e05ae
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 16 14:58:33 2016 +0200
Complete the list of files to clean up on Windows
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 05a7aee0e2b9102c8b2ececdc1dfdb727c453c95
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 16 14:54:39 2016 +0200
Communicate Configure generated header files to build files
Add Configure generated header files to $unified_info{generate}. This
makes sure the build files will pick them up with the rest for the
GENERATED macro, and thereby make sure they get cleaned away by 'make
clean'
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configurations/unix-Makefile.tmpl | 7 ++++++-
Configurations/windows-makefile.tmpl | 13 ++++++++++++-
Configure | 7 +++++++
4 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl
index af1746a..e3f49e7 100644
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
@@ -42,6 +42,8 @@
my $bin = shift;
my %opts = @_;
if ($unified_info{generate}->{$src}) {
+ die "$src is generated by Configure, should not appear in build file\n"
+ if ref $unified_info{generate}->{$src} eq "";
my $script = $unified_info{generate}->{$src}->[0];
$OUT .= generatesrc(src => $src,
generator => $unified_info{generate}->{$src},
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 469bd32..8c27ba9 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -84,7 +84,12 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
keys %{$unified_info{sources}}); -}
{- output_on() if $disabled{makedepend}; "" -}
-GENERATED={- join(" ", map { (my $x = $_) =~ s|\.S$|\.s|; $x } keys %{$unified_info{generate}}) -}
+GENERATED={- join(" ",
+ ( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
+ grep { defined $unified_info{generate}->{$_} }
+ map { @{$unified_info{sources}->{$_}} }
+ grep { /\.o$/ } keys %{$unified_info{sources}} ),
+ ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index d72c7bc..454f2ed 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -77,6 +77,12 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
keys %{$unified_info{sources}}); -}
{- output_on() if $disabled{makedepend}; "" -}
+GENERATED={- join(" ",
+ ( map { (my $x = $_) =~ s|\.[sS]$|\.asm|; $x }
+ grep { defined $unified_info{generate}->{$_} }
+ map { @{$unified_info{sources}->{$_}} }
+ grep { /\.o$/ } keys %{$unified_info{sources}} ),
+ ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
@@ -171,18 +177,23 @@ uninstall: uninstall_docs uninstall_sw
libclean:
$(PERL) -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
+ $(PERL) -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
+ $(PERL) -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS)
-del /Q ossl_static.pdb
clean: libclean
-del /Q /F $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS)
- -del /Q /S /F *.asm
+ -del /Q /S /F $(GENERATED)
-del /Q /S /F *.d
-del /Q /S /F *.obj
-del /Q /S /F *.pdb
-del /Q /S /F *.exp
-del /Q /S /F engines\*.ilk
-del /Q /S /F engines\*.lib
+ -del /Q /S /F apps\*.lib
+ -del /Q /S /F engines\*.manifest
+ -del /Q /S /F apps\*.manifest
depend:
diff --git a/Configure b/Configure
index 215ffb8..95d457c 100755
--- a/Configure
+++ b/Configure
@@ -1731,6 +1731,13 @@ EOF
}
}
+ ### Add information about files generated by Configure
+ foreach (map { abs2rel($_) } @generated_headers) {
+ die "Configure gerenerated header file $_ has a GENERATE in a build.info\n"
+ if $unified_info{generate}->{$_};
+ $unified_info{generate}->{$_} = "Generated by Configure";
+ }
+
### Make unified_info a bit more efficient
# One level structures
foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
Richard Levitte
May 25, 2016, 5:51:55 AM5/25/16
to
The branch master has been updated
via 7030e35d079655ccb5ec6de92da74559cdab0416 (commit)
via ce9598124e7613137531bfc1a2aa2935ba862e20 (commit)
from b202bf675b54dddf268d168a9a7c5db9f62e05ae (commit)
- Log -----------------------------------------------------------------
commit 7030e35d079655ccb5ec6de92da74559cdab0416
Author: Richard Levitte <lev...@openssl.org>
Date: Tue May 24 17:41:56 2016 +0200
build.info files: add quotes around any spec that may contain spaces
RT#4492
Reviewed-by: Tim Hudson <t...@openssl.org>
commit ce9598124e7613137531bfc1a2aa2935ba862e20
Author: Richard Levitte <lev...@openssl.org>
Date: Tue May 24 17:39:52 2016 +0200
Configure: To allow file names with spaces, tokenize with respect for quotes
For parsing build.info files.
RT#4492
Reviewed-by: Tim Hudson <t...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configure | 64 +++++++++++++++++++------
apps/build.info | 2 +-
build.info | 4 +-
crypto/bn/build.info | 2 +-
engines/afalg/build.info | 2 +-
engines/build.info | 8 ++--
test/build.info | 118 +++++++++++++++++++++++------------------------
7 files changed, 119 insertions(+), 81 deletions(-)
diff --git a/Configure b/Configure
index 95d457c..826e882 100755
--- a/Configure
+++ b/Configure
@@ -1418,47 +1418,47 @@ if ($builder eq "unified") {
=> sub { die "ENDIF out of scope" if ! @skip;
pop @skip; },
qr/^\s*PROGRAMS\s*=\s*(.*)\s*$/
- => sub { push @programs, split(/\s+/, $1)
+ => sub { push @programs, tokenize($1)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*LIBS\s*=\s*(.*)\s*$/
- => sub { push @libraries, split(/\s+/, $1)
+ => sub { push @libraries, tokenize($1)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*ENGINES\s*=\s*(.*)\s*$/
- => sub { push @engines, split(/\s+/, $1)
+ => sub { push @engines, tokenize($1)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*SCRIPTS\s*=\s*(.*)\s*$/
- => sub { push @scripts, split(/\s+/, $1)
+ => sub { push @scripts, tokenize($1)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*EXTRA\s*=\s*(.*)\s*$/
- => sub { push @extra, split(/\s+/, $1)
+ => sub { push @extra, tokenize($1)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*OVERRIDES\s*=\s*(.*)\s*$/
- => sub { push @overrides, split(/\s+/, $1)
+ => sub { push @overrides, tokenize($1)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*ORDINALS\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/,
- => sub { push @{$ordinals{$1}}, split(/\s+/, $2)
+ => sub { push @{$ordinals{$1}}, tokenize($2)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
- => sub { push @{$sources{$1}}, split(/\s+/, $2)
+ => sub { push @{$sources{$1}}, tokenize($2)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*SHARED_SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
- => sub { push @{$shared_sources{$1}}, split(/\s+/, $2)
+ => sub { push @{$shared_sources{$1}}, tokenize($2)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*INCLUDE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
- => sub { push @{$includes{$1}}, split(/\s+/, $2)
+ => sub { push @{$includes{$1}}, tokenize($2)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*DEPEND\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
- => sub { push @{$depends{$1}}, split(/\s+/, $2)
+ => sub { push @{$depends{$1}}, tokenize($2)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*GENERATE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
=> sub { push @{$generate{$1}}, $2
if !@skip || $skip[$#skip] > 0 },
qr/^\s*RENAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
- => sub { push @{$renames{$1}}, split(/\s+/, $2)
+ => sub { push @{$renames{$1}}, tokenize($2)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*SHARED_NAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
- => sub { push @{$sharednames{$1}}, split(/\s+/, $2)
+ => sub { push @{$sharednames{$1}}, tokenize($2)
if !@skip || $skip[$#skip] > 0 },
qr/^\s*BEGINRAW\[((?:\\.|[^\\\]])+)\]\s*$/
=> sub {
@@ -2576,3 +2576,41 @@ sub collect_information {
}
}
}
+
+# tokenize($line)
+# $line is a line of text to split up into tokens
+# returns a list of tokens
+#
+# Tokens are divided by spaces. If the tokens include spaces, they
+# have to be quoted with single or double quotes. Double quotes
+# inside a double quoted token must be escaped. Escaping is done
+# with backslash.
+# Basically, the same quoting rules apply for " and ' as in any
+# Unix shell.
+sub tokenize {
+ my $line = my $debug_line = shift;
+ my @result = ();
+
+ while ($line =~ s|^\s+||, $line ne "") {
+ my $token = "";
+ while ($line ne "" && $line !~ m|^\s|) {
+ if ($line =~ m/^"((?:[^"\\]+|\\.)*)"/) {
+ $token .= $1;
+ $line = $';
+ } elsif ($line =~ m/^'([^']*)'/) {
+ $token .= $1;
+ $line = $';
+ } elsif ($line =~ m/^(\S+)/) {
+ $token .= $1;
+ $line = $';
+ }
+ }
+ push @result, $token;
+ }
+
+ if ($ENV{CONFIGURE_DEBUG_TOKENIZE}) {
+ print STDERR "DEBUG[tokenize]: Parsed '$debug_line' into:\n";
+ print STDERR "DEBUG[tokenize]: ('", join("', '", @result), "')\n";
+ }
+ return @result;
+}
diff --git a/apps/build.info b/apps/build.info
index 6a742cf..c7dc19f 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -14,7 +14,7 @@ IF[{- !$disabled{apps} -}]
apps.c opt.c s_cb.c s_socket.c \
app_rand.c \
{- $target{apps_aux_src} -}
- INCLUDE[openssl]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[openssl]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[openssl]=../libssl
SCRIPTS=CA.pl {- $tsget_name -}
diff --git a/build.info b/build.info
index ab941f8..6bc70c6 100644
--- a/build.info
+++ b/build.info
@@ -2,8 +2,8 @@
LIBS=libcrypto libssl
ORDINALS[libcrypto]=crypto
ORDINALS[libssl]=ssl
-INCLUDE[libcrypto]={- rel2abs(catdir($builddir,"include")) -} . crypto/include include
-INCLUDE[libssl]={- rel2abs(catdir($builddir,"include")) -} . include
+INCLUDE[libcrypto]="{- rel2abs(catdir($builddir,"include")) -}" . crypto/include include
+INCLUDE[libssl]="{- rel2abs(catdir($builddir,"include")) -}" . include
DEPEND[libssl]=libcrypto
IF[{- $config{target} =~ /^Cygwin/ -}]
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index f657db2..edceb73 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -7,7 +7,7 @@ SOURCE[../../libcrypto]=\
{- $target{bn_asm_src} -} \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
-INCLUDE[../../libcrypto]={- rel2abs(catdir($builddir,"..","..","crypto","include")) -}
+INCLUDE[../../libcrypto]="{- rel2abs(catdir($builddir,"..","..","crypto","include")) -}"
INCLUDE[bn_exp.o]=..
diff --git a/engines/afalg/build.info b/engines/afalg/build.info
index 5aba447..d096279 100644
--- a/engines/afalg/build.info
+++ b/engines/afalg/build.info
@@ -9,7 +9,7 @@ IF[{- !$disabled{"engine"} -}]
ENGINES=afalg
SOURCE[afalg]=e_afalg.c e_afalg_err.c
DEPEND[afalg]=../../libcrypto
- INCLUDE[afalg]= {- rel2abs(catdir($builddir,"../../include")) -} ../../include
+ INCLUDE[afalg]= "{- rel2abs(catdir($builddir,"../../include")) -}" ../../include
ENDIF
ENDIF
ENDIF
diff --git a/engines/build.info b/engines/build.info
index 065d412..850ecac 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -12,19 +12,19 @@ IF[{- !$disabled{"engine"} -}]
ENGINES=padlock dasync ossltest
SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
DEPEND[padlock]=../libcrypto
- INCLUDE[padlock]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[padlock]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
IF[{- !$disabled{capieng} -}]
ENGINES=capi
SOURCE[capi]=e_capi.c
DEPEND[capi]=../libcrypto
- INCLUDE[capi]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[capi]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
ENDIF
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
- INCLUDE[dasync]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[dasync]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto
- INCLUDE[ossltest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[ossltest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
ENDIF
GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
diff --git a/test/build.info b/test/build.info
index 7dce8e5..c369267 100644
--- a/test/build.info
+++ b/test/build.info
@@ -19,234 +19,234 @@ IF[{- !$disabled{tests} -}]
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest
SOURCE[aborttest]=aborttest.c
- INCLUDE[aborttest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[aborttest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[aborttest]=../libcrypto
SOURCE[nptest]=nptest.c
- INCLUDE[nptest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[nptest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[nptest]=../libcrypto
SOURCE[bntest]=bntest.c
- INCLUDE[bntest]={- rel2abs(catdir($builddir,"../crypto/include")) -} {- rel2abs(catdir($builddir,"../include")) -} .. ../crypto/include ../include
+ INCLUDE[bntest]="{- rel2abs(catdir($builddir,"../crypto/include")) -}" "{- rel2abs(catdir($builddir,"../include")) -}" .. ../crypto/include ../include
DEPEND[bntest]=../libcrypto
SOURCE[ectest]=ectest.c
- INCLUDE[ectest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[ectest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[ectest]=../libcrypto
SOURCE[ecdsatest]=ecdsatest.c
- INCLUDE[ecdsatest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[ecdsatest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[ecdsatest]=../libcrypto
SOURCE[ecdhtest]=ecdhtest.c
- INCLUDE[ecdhtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[ecdhtest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[ecdhtest]=../libcrypto
SOURCE[gmdifftest]=gmdifftest.c
- INCLUDE[gmdifftest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[gmdifftest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[gmdifftest]=../libcrypto
SOURCE[pbelutest]=pbelutest.c
- INCLUDE[pbelutest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[pbelutest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[pbelutest]=../libcrypto
SOURCE[ideatest]=ideatest.c
- INCLUDE[ideatest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[ideatest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[ideatest]=../libcrypto
SOURCE[md2test]=md2test.c
- INCLUDE[md2test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[md2test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[md2test]=../libcrypto
SOURCE[md4test]=md4test.c
- INCLUDE[md4test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[md4test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[md4test]=../libcrypto
SOURCE[md5test]=md5test.c
- INCLUDE[md5test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[md5test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[md5test]=../libcrypto
SOURCE[hmactest]=hmactest.c
- INCLUDE[hmactest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[hmactest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[hmactest]=../libcrypto
SOURCE[wp_test]=wp_test.c
- INCLUDE[wp_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[wp_test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[wp_test]=../libcrypto
SOURCE[rc2test]=rc2test.c
- INCLUDE[rc2test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[rc2test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[rc2test]=../libcrypto
SOURCE[rc4test]=rc4test.c
- INCLUDE[rc4test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[rc4test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[rc4test]=../libcrypto
SOURCE[rc5test]=rc5test.c
- INCLUDE[rc5test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[rc5test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[rc5test]=../libcrypto
SOURCE[destest]=destest.c
- INCLUDE[destest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[destest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[destest]=../libcrypto
SOURCE[sha1test]=sha1test.c
- INCLUDE[sha1test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[sha1test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[sha1test]=../libcrypto
SOURCE[sha256t]=sha256t.c
- INCLUDE[sha256t]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[sha256t]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[sha256t]=../libcrypto
SOURCE[sha512t]=sha512t.c
- INCLUDE[sha512t]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[sha512t]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[sha512t]=../libcrypto
SOURCE[mdc2test]=mdc2test.c
- INCLUDE[mdc2test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[mdc2test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[mdc2test]=../libcrypto
SOURCE[rmdtest]=rmdtest.c
- INCLUDE[rmdtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[rmdtest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[rmdtest]=../libcrypto
SOURCE[randtest]=randtest.c
- INCLUDE[randtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[randtest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[randtest]=../libcrypto
SOURCE[dhtest]=dhtest.c
- INCLUDE[dhtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[dhtest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[dhtest]=../libcrypto
SOURCE[enginetest]=enginetest.c
- INCLUDE[enginetest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[enginetest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[enginetest]=../libcrypto
SOURCE[casttest]=casttest.c
- INCLUDE[casttest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[casttest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[casttest]=../libcrypto
SOURCE[bftest]=bftest.c
- INCLUDE[bftest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[bftest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[bftest]=../libcrypto
SOURCE[ssltest_old]=ssltest_old.c
- INCLUDE[ssltest_old]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[ssltest_old]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[ssltest_old]=../libcrypto ../libssl
SOURCE[dsatest]=dsatest.c
- INCLUDE[dsatest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[dsatest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[dsatest]=../libcrypto
SOURCE[exptest]=exptest.c
- INCLUDE[exptest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[exptest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[exptest]=../libcrypto
SOURCE[rsa_test]=rsa_test.c
- INCLUDE[rsa_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[rsa_test]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[rsa_test]=../libcrypto
SOURCE[evp_test]=evp_test.c
- INCLUDE[evp_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[evp_test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[evp_test]=../libcrypto
SOURCE[evp_extra_test]=evp_extra_test.c
- INCLUDE[evp_extra_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[evp_extra_test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[evp_extra_test]=../libcrypto
SOURCE[igetest]=igetest.c
- INCLUDE[igetest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[igetest]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[igetest]=../libcrypto
SOURCE[v3nametest]=v3nametest.c
- INCLUDE[v3nametest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[v3nametest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[v3nametest]=../libcrypto
SOURCE[danetest]=danetest.c
- INCLUDE[danetest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[danetest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[danetest]=../libcrypto ../libssl
SOURCE[heartbeat_test]=heartbeat_test.c testutil.c
- INCLUDE[heartbeat_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[heartbeat_test]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[heartbeat_test]=../libcrypto ../libssl
SOURCE[p5_crpt2_test]=p5_crpt2_test.c
- INCLUDE[p5_crpt2_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[p5_crpt2_test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[p5_crpt2_test]=../libcrypto
SOURCE[constant_time_test]=constant_time_test.c
- INCLUDE[constant_time_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[constant_time_test]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[constant_time_test]=../libcrypto
SOURCE[verify_extra_test]=verify_extra_test.c
- INCLUDE[verify_extra_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[verify_extra_test]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[verify_extra_test]=../libcrypto
SOURCE[clienthellotest]=clienthellotest.c
- INCLUDE[clienthellotest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[clienthellotest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[clienthellotest]=../libcrypto ../libssl
SOURCE[packettest]=packettest.c
- INCLUDE[packettest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[packettest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[packettest]=../libcrypto
SOURCE[asynctest]=asynctest.c
- INCLUDE[asynctest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[asynctest]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[asynctest]=../libcrypto
SOURCE[secmemtest]=secmemtest.c
- INCLUDE[secmemtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[secmemtest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[secmemtest]=../libcrypto
SOURCE[srptest]=srptest.c
- INCLUDE[srptest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[srptest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[srptest]=../libcrypto
SOURCE[memleaktest]=memleaktest.c
- INCLUDE[memleaktest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[memleaktest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[memleaktest]=../libcrypto
SOURCE[dtlsv1listentest]=dtlsv1listentest.c
- INCLUDE[dtlsv1listentest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[dtlsv1listentest]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[dtlsv1listentest]=../libssl
SOURCE[ct_test]=ct_test.c testutil.c
- INCLUDE[ct_test]={- rel2abs(catdir($builddir,"../include")) -} ../crypto/include ../include
+ INCLUDE[ct_test]="{- rel2abs(catdir($builddir,"../include")) -}" ../crypto/include ../include
DEPEND[ct_test]=../libcrypto
SOURCE[threadstest]=threadstest.c
- INCLUDE[threadstest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[threadstest]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[threadstest]=../libcrypto
SOURCE[afalgtest]=afalgtest.c
- INCLUDE[afalgtest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[afalgtest]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[afalgtest]=../libcrypto
SOURCE[d2i_test]=d2i_test.c testutil.c
- INCLUDE[d2i_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[d2i_test]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[d2i_test]=../libcrypto
SOURCE[ssl_test_ctx_test]=ssl_test_ctx_test.c ssl_test_ctx.c testutil.c
- INCLUDE[ssl_test_ctx_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[ssl_test_ctx_test]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[ssl_test_ctx_test]=../libcrypto
SOURCE[ssl_test]=ssl_test.c ssl_test_ctx.c testutil.c handshake_helper.c
- INCLUDE[ssl_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[ssl_test]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[ssl_test]=../libcrypto ../libssl
SOURCE[cipherlist_test]=cipherlist_test.c testutil.c
- INCLUDE[cipherlist_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
+ INCLUDE[cipherlist_test]="{- rel2abs(catdir($builddir,"../include")) -}" .. ../include
DEPEND[cipherlist_test]=../libcrypto ../libssl
INCLUDE[testutil.o]=..
- INCLUDE[ssl_test_ctx.o]={- rel2abs(catdir($builddir,"../include")) -} ../include
- INCLUDE[handshake_helper.o]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[ssl_test_ctx.o]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
+ INCLUDE[handshake_helper.o]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
SOURCE[x509aux]=x509aux.c
- INCLUDE[x509aux]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[x509aux]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[x509aux]=../libcrypto
SOURCE[asynciotest]=asynciotest.c
- INCLUDE[asynciotest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[asynciotest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[asynciotest]=../libcrypto ../libssl
ENDIF
Richard Levitte
May 25, 2016, 3:16:48 PM5/25/16
to
The branch master has been updated
via 4639c68b976c04f11ce45111f55755f1cf0dbcc9 (commit)
from 7030e35d079655ccb5ec6de92da74559cdab0416 (commit)
- Log -----------------------------------------------------------------
commit 4639c68b976c04f11ce45111f55755f1cf0dbcc9
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 25 15:42:15 2016 +0200
Make sure crypto-mdebug-backtrace must be enabled explicitely
As it was until now, crypto-mdebug-backtrace was enabled by default
and only disabled if crypto-mdebug was disabled.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configure | 1 +
1 file changed, 1 insertion(+)
diff --git a/Configure b/Configure
1 file changed, 1 insertion(+)
index 826e882..f3eb72b 100755
--- a/Configure
+++ b/Configure
@@ -378,6 +378,7 @@ our %disabled = ( # "what" => "comment"
"zlib" => "default",
"zlib-dynamic" => "default",
"crypto-mdebug" => "default",
+ "crypto-mdebug-backtrace" => "default",
"heartbeats" => "default",
);
Richard Levitte
May 25, 2016, 3:19:43 PM5/25/16
to
The branch master has been updated
via 223516eadcd6c896392f8915585a50934adb863d (commit)
from 4639c68b976c04f11ce45111f55755f1cf0dbcc9 (commit)
- Log -----------------------------------------------------------------
commit 223516eadcd6c896392f8915585a50934adb863d
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 25 20:54:54 2016 +0200
Don't clean away headers generated by Configure
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 7 deletions(-)
diff --git a/Configure b/Configure
index f3eb72b..20470a9 100755
--- a/Configure
+++ b/Configure
@@ -1732,13 +1732,6 @@ EOF
}
}
- ### Add information about files generated by Configure
- foreach (map { abs2rel($_) } @generated_headers) {
- die "Configure gerenerated header file $_ has a GENERATE in a build.info\n"
- if $unified_info{generate}->{$_};
- $unified_info{generate}->{$_} = "Generated by Configure";
- }
-
### Make unified_info a bit more efficient
# One level structures
foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
# One level structures
foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
Kurt Roeckx
May 25, 2016, 3:20:25 PM5/25/16
to
The branch master has been updated
via dc9887c0199f5b7579e7b82dd7910008e419816f (commit)
from 223516eadcd6c896392f8915585a50934adb863d (commit)
- Log -----------------------------------------------------------------
commit dc9887c0199f5b7579e7b82dd7910008e419816f
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Tue May 24 21:32:01 2016 +0200
Avoid creating an illegal pointer
Found by tis-interpreter
GH: #1122
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_int.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index d06d417..9c28c02 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -201,18 +201,18 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg,
/* Must be negative: calculate twos complement */
if (b) {
const unsigned char *from = p + plen - 1 + pad;
- unsigned char *to = b + plen - 1;
+ unsigned char *to = b + plen;
i = plen;
while (*from == 0 && i) {
- *to-- = 0;
+ *--to = 0;
i--;
from--;
}
- *to-- = (*from-- ^ 0xff) + 1;
+ *--to = (*from-- ^ 0xff) + 1;
OPENSSL_assert(i != 0);
i--;
for (; i > 0; i--)
- *to-- = *from-- ^ 0xff;
+ *--to = *from-- ^ 0xff;
}
return plen;
Andy Polyakov
May 25, 2016, 5:48:51 PM5/25/16
to
The branch master has been updated
via 02f603f29753b9b07a4d71229c68465e56e4f352 (commit)
from dc9887c0199f5b7579e7b82dd7910008e419816f (commit)
- Log -----------------------------------------------------------------
commit 02f603f29753b9b07a4d71229c68465e56e4f352
Author: Andy Polyakov <ap...@openssl.org>
Date: Fri May 20 09:30:06 2016 +0200
Makefile.shared: revert Haiku support commit.
Configurations/50-haiku.conf reuses gnu-shared rules and doesn't
require dedicated targets.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Makefile.shared b/Makefile.shared
index 68b87a7..d856180 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -562,11 +562,11 @@ symlink.hpux:
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
# Compatibility targets
-link_dso.bsd-gcc-shared link_dso.linux-shared link_dso.gnu-shared link_dso.haiku-shared: link_dso.gnu
+link_dso.bsd-gcc-shared link_dso.linux-shared link_dso.gnu-shared: link_dso.gnu
link_shlib.bsd-gcc-shared: link_shlib.linux-shared
-link_shlib.gnu-shared link_shlib.haiku-shared: link_shlib.gnu
-link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared link_app.haiku-shared: link_app.gnu
-symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared symlink.haiku-shared: symlink.gnu
+link_shlib.gnu-shared: link_shlib.gnu
+link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
+symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
link_dso.bsd-shared: link_dso.bsd
link_shlib.bsd-shared: link_shlib.bsd
link_app.bsd-shared: link_app.bsd
Andy Polyakov
May 25, 2016, 5:52:40 PM5/25/16
to
The branch master has been updated
via 656bbdc68c4f6e79209cb7622fac0ca1301dee24 (commit)
from 02f603f29753b9b07a4d71229c68465e56e4f352 (commit)
- Log -----------------------------------------------------------------
commit 656bbdc68c4f6e79209cb7622fac0ca1301dee24
Author: Andy Polyakov <ap...@openssl.org>
Date: Fri May 20 21:31:11 2016 +0200
Configure: pull 'which' back.
At earlier point 'which' was replaced with IPC::Cmd::can_run call.
Unfortunately on RPM-based systems it is a separate package and it's
not given that it's installed. Resurrected 'which' provides
poor-man fallback for IPC::Cmd::can_run.
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configure | 26 +++++++++++++++++++++++---
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/Configure b/Configure
index 20470a9..37ace21 100755
--- a/Configure
+++ b/Configure
@@ -14,7 +14,6 @@ use strict;
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
-use IPC::Cmd qw/can_run/;
# see INSTALL for instructions.
@@ -913,7 +912,7 @@ $config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'}
$config{perl} = $ENV{'PERL'} || ($^O ne "VMS" ? $^X : "perl");
$target{cc} = $ENV{'CC'} || $target{cc} || "cc";
$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} ||
- (scalar can_run("$config{cross_compile_prefix}ranlib") ?
+ (which("$config{cross_compile_prefix}ranlib") ?
"\$(CROSS_COMPILE)ranlib" : "true");
$target{ar} = $ENV{'AR'} || $target{ar} || "ar";
$target{nm} = $ENV{'NM'} || $target{nm} || "nm";
@@ -1158,7 +1157,7 @@ if ($^O ne "VMS" && !$disabled{makedepend}) {
}
close(PIPE);
- $config{makedepprog} = scalar can_run('makedepend') unless $config{makedepprog};
+ $config{makedepprog} = which('makedepend') unless $config{makedepprog};
$disabled{makedepend} = "unavailable" unless $config{makedepprog};
}
@@ -2340,6 +2339,27 @@ sub run_dofile
rename("$out.new", $out) || die "Can't rename $out.new, $!";
}
+sub which
+{
+ my ($name)=@_;
+
+ if (eval { require IPC::Cmd; 1; }) {
+ IPC::Cmd->import();
+ return scalar IPC::Cmd::can_run($name);
+ } else {
+ # if there is $directories component in splitpath,
+ # then it's not something to test with $PATH...
+ return $name if (File::Spec->splitpath($name))[1];
+
+ foreach (File::Spec->path()) {
+ my $fullpath = catfile($_, "$name$target{exe_extension}");
+ if (-f $fullpath and -x $fullpath) {
+ return $fullpath;
+ }
+ }
+ }
+}
+
# Configuration printer ##############################################
sub print_table_entry
Richard Levitte
May 25, 2016, 6:48:41 PM5/25/16
to
The branch master has been updated
via dc6b5c7beb9f637f6cf5b5412e810bd0a9e1983b (commit)
from 656bbdc68c4f6e79209cb7622fac0ca1301dee24 (commit)
- Log -----------------------------------------------------------------
commit dc6b5c7beb9f637f6cf5b5412e810bd0a9e1983b
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 25 23:35:54 2016 +0200
Handle Visual C warning about non-standard function names.
Visual C version from version 2003 complain about certain function
names, for example:
apps\apps.c(2572) : warning C4996: 'open': The POSIX name for this item is deprecated. Instead, use the ISO C++ conformant name: _open. See online help for details.
This adds preprocessor aliases for them in e_os.h.
Additionally, crypto/conf/conf_lib.c needs to include e_os.h to catch
those aliases.
RT#4488
RT#4489
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
e_os.h | 7 +++++++
2 files changed, 8 insertions(+)
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index a1e42eb..c998373 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -15,6 +15,7 @@
#include <openssl/conf.h>
#include <openssl/conf_api.h>
#include <openssl/lhash.h>
+#include "e_os.h"
static CONF_METHOD *default_CONF_method = NULL;
diff --git a/e_os.h b/e_os.h
index 1c4c204..53e0ecf 100644
--- a/e_os.h
+++ b/e_os.h
@@ -469,6 +469,13 @@ struct servent *PASCAL getservbyname(const char *, const char *);
# if defined(OPENSSL_SYS_WINDOWS)
# define strcasecmp _stricmp
# define strncasecmp _strnicmp
+# if (_MSC_VER >= 1310)
+# define open _open
+# define fdopen _fdopen
+# define close _close
+# define strdup _strdup
+# define unlink _unlink
+# endif
# elif defined(OPENSSL_SYS_VMS)
/* VMS below version 7.0 doesn't have strcasecmp() */
# include "internal/o_str.h"
Dr. Stephen Henson
May 25, 2016, 10:21:54 PM5/25/16
to
The branch master has been updated
via 1d00db6b5a50950c6b516688040de4e6da32dd4d (commit)
from dc6b5c7beb9f637f6cf5b5412e810bd0a9e1983b (commit)
- Log -----------------------------------------------------------------
commit 1d00db6b5a50950c6b516688040de4e6da32dd4d
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Wed May 25 16:29:47 2016 +0100
Add rfc822Mailbox to string table.
RT#2369
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_strnid.c | 6 ++++++
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 6 insertions(+)
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index d1c1ae1..118e0cb 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -118,6 +118,10 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
#define ub_email_address 128
#define ub_serial_number 64
+/* From RFC4524 */
+
+#define ub_rfc822_mailbox 256
+
/* This table must be kept in NID order */
static const ASN1_STRING_TABLE tbl_standard[] = {
@@ -143,6 +147,8 @@ static const ASN1_STRING_TABLE tbl_standard[] = {
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+ {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING,
+ STABLE_NO_MASK},
{NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
{NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
{NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
Matt Caswell
May 26, 2016, 11:50:04 AM5/26/16
to
The branch master has been updated
via ea32151f7b9353f8906188d007c6893704ac17bb (commit)
from 1d00db6b5a50950c6b516688040de4e6da32dd4d (commit)
- Log -----------------------------------------------------------------
commit ea32151f7b9353f8906188d007c6893704ac17bb
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 26 15:45:14 2016 +0100
The ssl3_digest_cached_records() function does not handle errors properly
The ssl3_digest_cached_records() function was failing to handle errors
that might be returned from EVP_DigestSignInit() and
EVP_DigestSignUpdate().
RT#4180
Reviewed-by: Stephen Henson <st...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_enc.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index c1222a7..cb571c1 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -374,14 +374,13 @@ int ssl3_digest_cached_records(SSL *s, int keep)
}
md = ssl_handshake_md(s);
- if (md == NULL) {
+ if ( md == NULL
+ || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
+ || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen))
+ {
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
return 0;
}
-
- EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL);
- EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen);
-
}
if (keep == 0) {
BIO_free(s->s3->handshake_buffer);
Matt Caswell
May 27, 2016, 5:02:05 AM5/27/16
to
The branch master has been updated
via 753be41d592e53189fc3905a2d45fd51de9aeaea (commit)
from ea32151f7b9353f8906188d007c6893704ac17bb (commit)
- Log -----------------------------------------------------------------
commit 753be41d592e53189fc3905a2d45fd51de9aeaea
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 26 14:47:17 2016 +0100
Fix some suspect warnings on Windows
Windows was complaining about a unary minus operator being applied to an
unsigned type. It did seem to go on and do the right thing anyway, but the
code does look a little suspect. This fixes it.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_d1.c | 2 +-
ssl/record/rec_layer_s3.c | 8 ++++----
ssl/record/record_locl.h | 1 +
3 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 577fdfc..a7cffc8 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -464,7 +464,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
if (!peek) {
- SSL3_RECORD_add_length(rr, -n);
+ SSL3_RECORD_sub_length(rr, n);
SSL3_RECORD_add_off(rr, n);
if (SSL3_RECORD_get_length(rr) == 0) {
s->rlayer.rstate = SSL_ST_READ_HEADER;
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index dd4869c..8c02efd 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -201,7 +201,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
left = rb->left;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
- align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
#endif
if (!extend) {
@@ -711,7 +711,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* payload, then we can just pretend we simply have two headers.
*/
align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
- align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
#endif
outbuf[0] = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
@@ -724,7 +724,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
wb = &s->rlayer.wbuf[j];
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
- align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
#endif
outbuf[j] = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
@@ -1131,7 +1131,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
memcpy(buf, &(rr->data[rr->off]), n);
buf += n;
if (!peek) {
- SSL3_RECORD_add_length(rr, -n);
+ SSL3_RECORD_sub_length(rr, n);
SSL3_RECORD_add_off(rr, n);
if (SSL3_RECORD_get_length(rr) == 0) {
s->rlayer.rstate = SSL_ST_READ_HEADER;
diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h
index 9881d61..67ae1f4 100644
--- a/ssl/record/record_locl.h
+++ b/ssl/record/record_locl.h
@@ -76,6 +76,7 @@ int ssl3_release_write_buffer(SSL *s);
#define SSL3_RECORD_get_length(r) ((r)->length)
#define SSL3_RECORD_set_length(r, l) ((r)->length = (l))
#define SSL3_RECORD_add_length(r, l) ((r)->length += (l))
+#define SSL3_RECORD_sub_length(r, l) ((r)->length -= (l))
#define SSL3_RECORD_get_data(r) ((r)->data)
#define SSL3_RECORD_set_data(r, d) ((r)->data = (d))
#define SSL3_RECORD_get_input(r) ((r)->input)
Matt Caswell
May 27, 2016, 5:08:33 AM5/27/16
to
The branch master has been updated
via 5e0dc5c9992ad53d12b07eb5d12a0e23dd5be670 (commit)
via 58c03e3b9225fe1a8e3f6b8c23c45b33e26fedb5 (commit)
from 753be41d592e53189fc3905a2d45fd51de9aeaea (commit)
- Log -----------------------------------------------------------------
commit 5e0dc5c9992ad53d12b07eb5d12a0e23dd5be670
Author: huangqinjin <huang...@gmail.com>
Date: Wed May 18 18:07:10 2016 +0800
Update the documentation of BN_hex2bn()
Reviewed-by: Kurt Roeckx <ku...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit 58c03e3b9225fe1a8e3f6b8c23c45b33e26fedb5
Author: huangqinjin <huang...@gmail.com>
Date: Sat May 7 00:50:22 2016 +0800
fix BN_hex2bn()/BN_dec2bn() memory leak
Reviewed-by: Kurt Roeckx <ku...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_print.c | 4 ++--
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/BN_bn2bin.pod | 16 +++++++++-------
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 8d06405..78589db 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -139,7 +139,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
continue;
- if (i > INT_MAX/4)
+ if (i == 0 || i > INT_MAX/4)
goto err;
num = i + neg;
@@ -209,7 +209,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
continue;
- if (i > INT_MAX/4)
+ if (i == 0 || i > INT_MAX/4)
goto err;
num = i + neg;
diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod
index b229da7..8098fd9 100644
--- a/doc/crypto/BN_bn2bin.pod
+++ b/doc/crypto/BN_bn2bin.pod
@@ -51,11 +51,12 @@ hexadecimal and decimal encoding of B<a> respectively. For negative
numbers, the string is prefaced with a leading '-'. The string must be
freed later using OPENSSL_free().
-BN_hex2bn() converts the string B<str> containing a hexadecimal number
-to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
-B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
-length in hexadecimal digits. If the string starts with '-', the
-number is negative. BN_dec2bn() is the same using the decimal system.
+BN_hex2bn()takes as many characters as possible from the string B<str>,
+including the leading character '-' which means negative, to form a valid
+hexadecimal number representation and converts them to a B<BIGNUM> and
+stores it in **B<bn>. If *B<bn> is NULL, a new B<BIGNUM> is created. If
+B<bn> is NULL, it only computes the length of valid representation.
+BN_dec2bn() is the same using the decimal system.
BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
@@ -84,8 +85,9 @@ BN_bn2binpad() returns the number of bytes written or -1 if the supplied
buffer is too small.
BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
-on error. BN_hex2bn() and BN_dec2bn() return the number's length in
-hexadecimal or decimal digits, and 0 on error.
+on error. BN_hex2bn() and BN_dec2bn() return the the length of valid
+representation in hexadecimal or decimal digits, and 0 on error, in which
+case no new B<BIGNUM> will be created.
BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
Matt Caswell
May 27, 2016, 5:33:42 AM5/27/16
to
The branch master has been updated
via f8f686ec1cda6a077ec9d5c2ab540cf202059279 (commit)
via 1b62d880b5190de8c49a01837d96501cecf2a111 (commit)
via d6056f085dc0d53663433d98eb105cb5f26624e7 (commit)
via 242073bdbc0bcca8fa7d193f9dc43c53a482c829 (commit)
from 5e0dc5c9992ad53d12b07eb5d12a0e23dd5be670 (commit)
- Log -----------------------------------------------------------------
commit f8f686ec1cda6a077ec9d5c2ab540cf202059279
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 26 13:47:47 2016 +0100
Add a test for printing floating point format specifiers
Previous commits fixed the implementation of the %e and %g format
specifiers as well as other issues. This commit adds a test.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 1b62d880b5190de8c49a01837d96501cecf2a111
Author: Matt Caswell <ma...@openssl.org>
Date: Wed May 25 16:20:48 2016 +0100
Prevent an overflow when trying to print excessively big floats
We convert the integer part of the float to a long. We should check it
fits first.
Issue reported by Guido Vranken.
GitHub Issue #1102
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit d6056f085dc0d53663433d98eb105cb5f26624e7
Author: Matt Caswell <ma...@openssl.org>
Date: Wed May 25 15:33:15 2016 +0100
Fix implementation of "e" and "g" formats for printing floating points
The previous commit which "fixed" the "e" and "g" floating point formats
just printed them in the same way as "f". This is wrong. This commit
provides the correct formatting.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 242073bdbc0bcca8fa7d193f9dc43c53a482c829
Author: Matt Caswell <ma...@openssl.org>
Date: Wed May 25 15:37:11 2016 +0100
Fix some issues in b_print.c code
Convert assert to OPENSSL_assert(), add some documentation, add the calls
to fmtfp() for the "e" and "g" floating point formats which were missing.
Based on a patch provided by Ger Hobbelt <g...@hobbelt.com>.
RT#2270
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
test/bioprinttest.c | 225 +++++++++++++++++++++
test/build.info | 7 +-
.../recipes/{05-test_hmac.t => 90-test_bioprint.t} | 4 +-
4 files changed, 394 insertions(+), 19 deletions(-)
create mode 100644 test/bioprinttest.c
copy test/recipes/{05-test_hmac.t => 90-test_bioprint.t} (72%)
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 8c574e1..d52ad7c 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -10,7 +10,6 @@
#include <stdio.h>
#include <string.h>
#include <ctype.h>
-#include <assert.h>
#include <limits.h>
#include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
@@ -53,7 +52,7 @@ static int fmtstr(char **, char **, size_t *, size_t *,
static int fmtint(char **, char **, size_t *, size_t *,
LLONG, int, int, int, int);
static int fmtfp(char **, char **, size_t *, size_t *,
- LDOUBLE, int, int, int);
+ LDOUBLE, int, int, int, int);
static int doapr_outch(char **, char **, size_t *, size_t *, int);
static int _dopr(char **sbuffer, char **buffer,
size_t *maxlen, size_t *retlen, int *truncated,
@@ -70,12 +69,19 @@ static int _dopr(char **sbuffer, char **buffer,
#define DP_S_DONE 7
/* format flags - Bits */
+/* left-aligned padding */
#define DP_F_MINUS (1 << 0)
+/* print an explicit '+' for a value with positive sign */
#define DP_F_PLUS (1 << 1)
+/* print an explicit ' ' for a value with positive sign */
#define DP_F_SPACE (1 << 2)
+/* print 0/0x prefix for octal/hex and decimal point for floating point */
#define DP_F_NUM (1 << 3)
+/* print leading zeroes */
#define DP_F_ZERO (1 << 4)
+/* print HEX in UPPPERcase */
#define DP_F_UP (1 << 5)
+/* treat value as unsigned */
#define DP_F_UNSIGNED (1 << 6)
/* conversion flags */
@@ -84,6 +90,11 @@ static int _dopr(char **sbuffer, char **buffer,
#define DP_C_LDOUBLE 3
#define DP_C_LLONG 4
+/* Floating point formats */
+#define F_FORMAT 0
+#define E_FORMAT 1
+#define G_FORMAT 2
+
/* some handy macros */
#define char_to_int(p) (p - '0')
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
@@ -262,7 +273,7 @@ _dopr(char **sbuffer,
else
fvalue = va_arg(args, double);
if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
- flags))
+ flags, F_FORMAT))
return 0;
break;
case 'E':
@@ -272,6 +283,9 @@ _dopr(char **sbuffer,
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
+ if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+ flags, E_FORMAT))
+ return 0;
break;
case 'G':
flags |= DP_F_UP;
@@ -280,6 +294,9 @@ _dopr(char **sbuffer,
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
+ if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+ flags, G_FORMAT))
+ return 0;
break;
case 'c':
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
@@ -530,23 +547,28 @@ static int
fmtfp(char **sbuffer,
char **buffer,
size_t *currlen,
- size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags)
+ size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
{
int signvalue = 0;
LDOUBLE ufvalue;
+ LDOUBLE tmpvalue;
char iconvert[20];
char fconvert[20];
+ char econvert[20];
int iplace = 0;
int fplace = 0;
+ int eplace = 0;
int padlen = 0;
int zpadlen = 0;
- long intpart;
- long fracpart;
- long max10;
+ long exp = 0;
+ unsigned long intpart;
+ unsigned long fracpart;
+ unsigned long max10;
+ int realstyle;
if (max < 0)
max = 6;
- ufvalue = abs_val(fvalue);
+
if (fvalue < 0)
signvalue = '-';
else if (flags & DP_F_PLUS)
@@ -554,7 +576,73 @@ fmtfp(char **sbuffer,
else if (flags & DP_F_SPACE)
signvalue = ' ';
- intpart = (long)ufvalue;
+ /*
+ * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
+ * depending on the number to be printed. Work out which one it is and use
+ * that from here on.
+ */
+ if (style == G_FORMAT) {
+ if (fvalue == 0.0) {
+ realstyle = F_FORMAT;
+ } else if (fvalue < 0.0001) {
+ realstyle = E_FORMAT;
+ } else if ((max == 0 && fvalue >= 10)
+ || (max > 0 && fvalue >= pow_10(max))) {
+ realstyle = E_FORMAT;
+ } else {
+ realstyle = F_FORMAT;
+ }
+ } else {
+ realstyle = style;
+ }
+
+ if (style != F_FORMAT) {
+ tmpvalue = fvalue;
+ /* Calculate the exponent */
+ if (fvalue != 0.0) {
+ while (tmpvalue < 1) {
+ tmpvalue *= 10;
+ exp--;
+ }
+ while (tmpvalue > 10) {
+ tmpvalue /= 10;
+ exp++;
+ }
+ }
+ if (style == G_FORMAT) {
+ /*
+ * In G_FORMAT the "precision" represents significant digits. We
+ * always have at least 1 significant digit.
+ */
+ if (max == 0)
+ max = 1;
+ /* Now convert significant digits to decimal places */
+ if (realstyle == F_FORMAT) {
+ max -= (exp + 1);
+ if (max < 0) {
+ /*
+ * Should not happen. If we're in F_FORMAT then exp < max?
+ */
+ return 0;
+ }
+ } else {
+ /*
+ * In E_FORMAT there is always one significant digit in front
+ * of the decimal point, so:
+ * significant digits == 1 + decimal places
+ */
+ max--;
+ }
+ }
+ if (realstyle == E_FORMAT)
+ fvalue = tmpvalue;
+ }
+ ufvalue = abs_val(fvalue);
+ if (ufvalue > ULONG_MAX) {
+ /* Number too big */
+ return 0;
+ }
+ intpart = (unsigned long)ufvalue;
/*
* sorry, we only support 9 digits past the decimal because of our
@@ -585,16 +673,51 @@ fmtfp(char **sbuffer,
iconvert[iplace] = 0;
/* convert fractional part */
- do {
+ while (fplace < max) {
+ if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
+ /* We strip trailing zeros in G_FORMAT */
+ max--;
+ fracpart = fracpart / 10;
+ if (fplace < max)
+ continue;
+ break;
+ }
fconvert[fplace++] = "0123456789"[fracpart % 10];
fracpart = (fracpart / 10);
- } while (fplace < max);
+ }
+
if (fplace == sizeof fconvert)
fplace--;
fconvert[fplace] = 0;
- /* -1 for decimal point, another -1 if we are printing a sign */
- padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
+ /* convert exponent part */
+ if (realstyle == E_FORMAT) {
+ int tmpexp;
+ if (exp < 0)
+ tmpexp = -exp;
+ else
+ tmpexp = exp;
+
+ do {
+ econvert[eplace++] = "0123456789"[tmpexp % 10];
+ tmpexp = (tmpexp / 10);
+ } while (tmpexp > 0 && eplace < (int)sizeof(econvert));
+ /* Exponent is huge!! Too big to print */
+ if (tmpexp > 0)
+ return 0;
+ /* Add a leading 0 for single digit exponents */
+ if (eplace == 1)
+ econvert[eplace++] = '0';
+ }
+
+ /*
+ * -1 for decimal point (if we have one, i.e. max > 0),
+ * another -1 if we are printing a sign
+ */
+ padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
+ /* Take some off for exponent prefix "+e" and exponent */
+ if (realstyle == E_FORMAT)
+ padlen -= 2 + eplace;
zpadlen = max - fplace;
if (zpadlen < 0)
zpadlen = 0;
@@ -648,6 +771,28 @@ fmtfp(char **sbuffer,
return 0;
--zpadlen;
}
+ if (realstyle == E_FORMAT) {
+ char ech;
+
+ if ((flags & DP_F_UP) == 0)
+ ech = 'e';
+ else
+ ech = 'E';
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
+ return 0;
+ if (exp < 0) {
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
+ return 0;
+ } else {
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
+ return 0;
+ }
+ while (eplace > 0) {
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
+ econvert[--eplace]))
+ return 0;
+ }
+ }
while (padlen < 0) {
+ }
+ }
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
@@ -664,10 +809,10 @@ doapr_outch(char **sbuffer,
char **buffer, size_t *currlen, size_t *maxlen, int c)
{
/* If we haven't at least one buffer, someone has doe a big booboo */
- assert(*sbuffer != NULL || buffer != NULL);
+ OPENSSL_assert(*sbuffer != NULL || buffer != NULL);
/* |currlen| must always be <= |*maxlen| */
- assert(*currlen <= *maxlen);
+ OPENSSL_assert(*currlen <= *maxlen);
if (buffer && *currlen == *maxlen) {
if (*maxlen > INT_MAX - BUFFER_INC)
@@ -679,7 +824,7 @@ doapr_outch(char **sbuffer,
if (*buffer == NULL)
return 0;
if (*currlen > 0) {
- assert(*sbuffer != NULL);
+ OPENSSL_assert(*sbuffer != NULL);
memcpy(*buffer, *sbuffer, *currlen);
}
*sbuffer = NULL;
diff --git a/test/bioprinttest.c b/test/bioprinttest.c
new file mode 100644
index 0000000..d376cfb
--- /dev/null
+++ b/test/bioprinttest.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bio.h>
+
+static int justprint = 0;
+
+static char *fpexpected[][5] = {
+ /* 0 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" },
+ /* 1 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" },
+ /* 2 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" },
+ /* 3 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" },
+ /* 4 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
+ /* 5 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" },
+ /* 6 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" },
+ /* 7 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" },
+ /* 8 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" },
+ /* 9 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+ /* 10 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" },
+ /* 11 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" },
+ /* 12 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" },
+ /* 13 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" },
+ /* 14 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" },
+ /* 15 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" },
+ /* 16 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" },
+ /* 17 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" },
+ /* 18 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" },
+ /* 19 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" },
+ /* 20 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" },
+ /* 21 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" },
+ /* 22 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" },
+ /* 23 */ { " 6.6667e-04", " 0.0007", " 0.0006667", " 6.6667E-04", " 0.0006667" },
+ /* 24 */ { " 6.6667e-05", " 0.0001", " 6.667e-05", " 6.6667E-05", " 6.667E-05" },
+ /* 25 */ { " 6.6667e+00", " 6.6667", " 6.667", " 6.6667E+00", " 6.667" },
+ /* 26 */ { " 6.6667e+01", " 66.6667", " 66.67", " 6.6667E+01", " 66.67" },
+ /* 27 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" },
+ /* 28 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" },
+ /* 29 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" },
+ /* 30 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" },
+ /* 31 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" },
+ /* 32 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" },
+ /* 33 */ { " 6.66667e-04", " 0.00067", " 0.00066667", " 6.66667E-04", " 0.00066667" },
+ /* 34 */ { " 6.66667e-05", " 0.00007", " 6.6667e-05", " 6.66667E-05", " 6.6667E-05" },
+ /* 35 */ { " 6.66667e+00", " 6.66667", " 6.6667", " 6.66667E+00", " 6.6667" },
+ /* 36 */ { " 6.66667e+01", " 66.66667", " 66.667", " 6.66667E+01", " 66.667" },
+ /* 37 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" },
+ /* 38 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" },
+ /* 39 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" },
+ /* 40 */ { "0e+00", "0", "0", "0E+00", "0" },
+ /* 41 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
+ /* 42 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
+ /* 43 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" },
+ /* 44 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" },
+ /* 45 */ { "7e+00", "7", "7", "7E+00", "7" },
+ /* 46 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" },
+ /* 47 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" },
+ /* 48 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" },
+ /* 49 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" },
+ /* 50 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" },
+ /* 51 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" },
+ /* 52 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" },
+ /* 53 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" },
+ /* 54 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" },
+ /* 55 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" },
+ /* 56 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" },
+ /* 57 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" },
+ /* 58 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" },
+ /* 59 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" },
+ /* 60 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" },
+ /* 61 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" },
+ /* 62 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" },
+ /* 63 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" },
+ /* 64 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
+ /* 65 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" },
+ /* 66 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" },
+ /* 67 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" },
+ /* 68 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" },
+ /* 69 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+};
+
+static void dofptest(int test, double val, char *width, int prec, int *fail)
+{
+ char format[80], result[80];
+ int i;
+
+ for (i = 0; i < 5; i++) {
+ char *fspec;
+ switch (i) {
+ case 0:
+ fspec = "e";
+ break;
+ case 1:
+ fspec = "f";
+ break;
+ case 2:
+ fspec = "g";
+ break;
+ case 3:
+ fspec = "E";
+ break;
+ case 4:
+ fspec = "G";
+ break;
+ }
+
+ if (prec >= 0)
+ BIO_snprintf(format, sizeof(format), "%%%s.%d%s", width, prec,
+ fspec);
+ else
+ BIO_snprintf(format, sizeof(format), "%%%s%s", width, fspec);
+ BIO_snprintf(result, sizeof(result), format, val);
+
+ if (justprint) {
+ if (i == 0) {
+ printf(" /* %3d */ { \"%s\"", test, result);
+ } else {
+ printf(", \"%s\"", result);
+ }
+ } else {
+ if (strcmp(fpexpected[test][i], result) != 0) {
+ printf("Test %d(%d) failed. Expected \"%s\". Got \"%s\". "
+ "Format \"%s\"\n", test, i, fpexpected[test][i], result,
+ format);
+ *fail = 1;
+ }
+ }
+ }
+ if (justprint) {
+ printf(" },\n");
+ }
+}
+
+int main(int argc, char **argv)
+{
+ int test = 0;
+ int i;
+ int fail = 0;
+ int prec;
+ char *width;
+ const double frac = 2.0/3.0;
+ char buf[80];
+
+ if (argc == 2 && strcmp(argv[1], "-expected") == 0) {
+ justprint = 1;
+ }
+
+ CRYPTO_set_mem_debug(1);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ /* Tests for floating point format specifiers */
+ for (i = 0; i < 7; i++) {
+ switch (i) {
+ case 0:
+ prec = 4;
+ width = "";
+ break;
+ case 1:
+ prec = 5;
+ width = "";
+ break;
+ case 2:
+ prec = 4;
+ width = "12";
+ break;
+ case 3:
+ prec = 5;
+ width = "12";
+ break;
+ case 4:
+ prec = 0;
+ width = "";
+ break;
+ case 5:
+ prec = -1;
+ width = "";
+ break;
+ case 6:
+ prec = 4;
+ width = "08";
+ break;
+ }
+
+ dofptest(test++, 0.0, width, prec, &fail);
+ dofptest(test++, 0.67, width, prec, &fail);
+ dofptest(test++, frac, width, prec, &fail);
+ dofptest(test++, frac / 1000, width, prec, &fail);
+ dofptest(test++, frac / 10000, width, prec, &fail);
+ dofptest(test++, 6.0 + frac, width, prec, &fail);
+ dofptest(test++, 66.0 + frac, width, prec, &fail);
+ dofptest(test++, 666.0 + frac, width, prec, &fail);
+ dofptest(test++, 6666.0 + frac, width, prec, &fail);
+ dofptest(test++, 66666.0 + frac, width, prec, &fail);
+ }
+
+ /* Test excessively big number. Should fail */
+ if (BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX) != -1) {
+ printf("Test %d failed. Unexecpted success return from "
+ "BIO_snprintf()\n", test);
+ fail = 1;
+ }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+ if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+ return 1;
+# endif
+
+ if (!justprint) {
+ if (fail) {
+ printf("FAIL\n");
+ return 1;
+ }
+ printf ("PASS\n");
+ }
+ return 0;
+}
+
+
+}
+
diff --git a/test/build.info b/test/build.info
index c369267..84c881e 100644
--- a/test/build.info
+++ b/test/build.info
@@ -16,7 +16,8 @@ IF[{- !$disabled{tests} -}]
constant_time_test verify_extra_test clienthellotest \
packettest asynctest secmemtest srptest memleaktest \
dtlsv1listentest ct_test threadstest afalgtest d2i_test \
- ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest
+ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
+ bioprinttest
SOURCE[aborttest]=aborttest.c
INCLUDE[aborttest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
@@ -249,4 +250,8 @@ IF[{- !$disabled{tests} -}]
SOURCE[asynciotest]=asynciotest.c
INCLUDE[asynciotest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[asynciotest]=../libcrypto ../libssl
+
DEPEND[asynciotest]=../libcrypto ../libssl
+ SOURCE[bioprinttest]=bioprinttest.c
+ INCLUDE[bioprinttest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ DEPEND[bioprinttest]=../libcrypto
ENDIF
diff --git a/test/recipes/05-test_hmac.t b/test/recipes/90-test_bioprint.t
similarity index 72%
copy from test/recipes/05-test_hmac.t
copy to test/recipes/90-test_bioprint.t
index 2059bcc..b86e828 100644
--- a/test/recipes/05-test_hmac.t
+++ b/test/recipes/90-test_bioprint.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -9,4 +9,4 @@
use OpenSSL::Test::Simple;
-simple_test("test_hmac", "hmactest");
+simple_test("test_bioprint", "bioprinttest");
Matt Caswell
May 27, 2016, 10:09:47 AM5/27/16
to
The branch master has been updated
via ec91f92ddf74bea473148674aff25410311edaab (commit)
from f8f686ec1cda6a077ec9d5c2ab540cf202059279 (commit)
- Log -----------------------------------------------------------------
commit ec91f92ddf74bea473148674aff25410311edaab
Author: Matt Caswell <ma...@openssl.org>
Date: Fri May 27 14:59:47 2016 +0100
Silence some "may be uninitialized when used" warning
Clang was complaining about some variables possibly being uninitialized
when used. The warnings are bogus, but clang can't figure that out. This
silences the warnings.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/bioprinttest.c b/test/bioprinttest.c
index d376cfb..c69a79c 100644
--- a/test/bioprinttest.c
+++ b/test/bioprinttest.c
@@ -92,7 +92,7 @@ static void dofptest(int test, double val, char *width, int prec, int *fail)
int i;
for (i = 0; i < 5; i++) {
+ char *fspec = NULL;
switch (i) {
case 0:
fspec = "e";
@@ -143,8 +143,8 @@ int main(int argc, char **argv)
int test = 0;
int i;
int fail = 0;
- int prec;
- char *width;
+ int prec = -1;
+ char *width = "";
const double frac = 2.0/3.0;
char buf[80];
Matt Caswell
May 27, 2016, 10:21:00 AM5/27/16
to
The branch master has been updated
via 46ac07f5455dd39840b63bebd2942c2058e7a9cb (commit)
via cb2e10f257a464c6b475b321dd9e4769df84dbf6 (commit)
via 75dd6c1a39c4e73de7d8d782adb7008645248f50 (commit)
via 384f08dc76e4df2c004042bd9b1bad60f98c281f (commit)
from ec91f92ddf74bea473148674aff25410311edaab (commit)
- Log -----------------------------------------------------------------
commit 46ac07f5455dd39840b63bebd2942c2058e7a9cb
Author: Matt Caswell <ma...@openssl.org>
Date: Fri May 20 17:49:33 2016 +0100
Avoid msys name mangling
If using the msys console then msys attempts to "fix" command line
arguments to convert them from Unix style to Windows style. One of the
things it does is to look for arguments seperated by colons. This it
assumes is a list of file paths, so it replaces the colon with a semi-colon.
This was causing one of our tests to fail when calling the "req" command
line app. We were attempting to create a new DSA key and passing the
argument "dsa:../apps/dsa1024.pem". This is exactly what we intended but
Msys mangles it to "dsa;../apps/dsa1024.pem" and the command fails.
There doesn't seem to be a way to suppress Msys name mangling. Fortunately
we can work around this issue by generating the DSA key in a separate step
by calling "gendsa".
RT#4255
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit cb2e10f257a464c6b475b321dd9e4769df84dbf6
Author: Matt Caswell <ma...@openssl.org>
Date: Fri May 20 16:34:24 2016 +0100
Fix intermittent windows failures in TLSProxy tests
When closing down the socket in s_client Windows will close it immediately
even if there is data in the write buffer still waiting to be sent. This
was causing tests to fail in Msys/Mingw builds because TLSProxy doesn't see
the final CloseNotify.
I have experimented with various ways of doing this "properly" (e.g.
shutting down the socket before closing, setting SO_LINGER etc). I can't
seem to find the "magic" formula that will make Windows do this. Inserting
a short 50ms sleep seems to do the trick...but its not very "nice" so I've
inserted a TODO on this item. Perhaps someone else will have better luck
in figuring this out.
RT#4255
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 75dd6c1a39c4e73de7d8d782adb7008645248f50
Author: Matt Caswell <ma...@openssl.org>
Date: Fri May 20 11:53:26 2016 +0100
Fix s_client/s_server waiting for stdin on Windows
On Windows we were using the function _kbhit() to determine whether there
was input waiting in stdin for us to read. Actually all this does is work
out whether there is a keyboard press event waiting to be processed in the
input buffer. This only seems to work in a standard Windows console (not
Msys console) and also doesn't work if you redirect the input from some
other source (as we do in TLSProxy tests). This commit changes things to
work differently depending on whether we are on the Windows console or not.
RT#4255
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 384f08dc76e4df2c004042bd9b1bad60f98c281f
Author: Matt Caswell <ma...@openssl.org>
Date: Fri May 20 11:20:22 2016 +0100
Fix some s_server issues on Windows
In s_server we call BIO_sock_should_retry() to determine the state of the
socket and work out whether we should retry an operation on it or not.
However if you leave it too long to call this then other operations may
have occurred in the meantime which affect the result. Therefore we should
call it early and remember the result for when we need to use it. This fixes
a test problem on Windows.
Another issue with s_server on Windows is that some of output to stdout does
not get displayed immediately. Apparently more liberal use of BIO_flush is
required.
RT#4255
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.h | 3 +++
apps/s_client.c | 33 ++++++++++++++-------------------
apps/s_server.c | 21 +++++++++++++++++----
test/recipes/80-test_ssl_old.t | 14 ++++++++++----
5 files changed, 74 insertions(+), 28 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 5db4b22..a3e1794 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -14,6 +14,7 @@
*/
# define _POSIX_C_SOURCE 2
#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -41,7 +42,7 @@
#endif
#include <openssl/bn.h>
#include <openssl/ssl.h>
-
+#include "s_apps.h"
#include "apps.h"
#ifdef _WIN32
@@ -2550,3 +2551,31 @@ void wait_for_async(SSL *s)
select(width, (void *)&asyncfds, NULL, NULL, NULL);
#endif
}
+
+/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
+#if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void)
+{
+# if defined(OPENSSL_SYS_WINDOWS)
+ HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
+ DWORD events = 0;
+ INPUT_RECORD inputrec;
+ DWORD insize = 1;
+ BOOL peeked;
+
+ if (inhand == INVALID_HANDLE_VALUE) {
+ return 0;
+ }
+
+ peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
+ }
+
+ if (!peeked) {
+ /* Probably redirected input? _kbhit() does not work in this case */
+ if (!feof(stdin)) {
+ return 1;
+ }
+ return 0;
+ }
+# endif
+ return _kbhit();
+}
+#endif
diff --git a/apps/apps.h b/apps/apps.h
index 83dc0c1..6a0acab 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -67,6 +67,9 @@ CONF *app_load_config_quiet(const char *filename);
int app_load_modules(const CONF *config);
void unbuffer(FILE *fp);
void wait_for_async(SSL *s);
+# if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void);
+# endif
/*
* Common verification options.
diff --git a/apps/s_client.c b/apps/s_client.c
index d8678c3..4b9880a 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2160,18 +2160,8 @@ int s_client_main(int argc, char **argv)
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
-# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
- if (!i && (!_kbhit() || !read_tty))
+ if (!i && (!has_stdin_waiting() || !read_tty))
continue;
-# else
- if (!i && (!((_kbhit())
- || (WAIT_OBJECT_0 ==
- WaitForSingleObject(GetStdHandle
- (STD_INPUT_HANDLE),
- 0)))
- || !read_tty))
- continue;
-# endif
} else
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, timeoutp);
@@ -2348,14 +2338,9 @@ int s_client_main(int argc, char **argv)
/* break; */
}
}
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
- else if (_kbhit())
-# else
- else if ((_kbhit())
- || (WAIT_OBJECT_0 ==
- WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
-# endif
+/* OPENSSL_SYS_MSDOS includes OPENSSL_SYS_WINDOWS */
+#if defined(OPENSSL_SYS_MSDOS)
+ else if (has_stdin_waiting())
#else
else if (FD_ISSET(fileno(stdin), &readfds))
#endif
@@ -2417,6 +2402,16 @@ int s_client_main(int argc, char **argv)
if (in_init)
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
+#if defined(OPENSSL_SYS_WINDOWS)
+ /*
+ * Give the socket time to send its last data before we close it.
+ * No amount of setting SO_LINGER etc on the socket seems to persuade
+ * Windows to send the data before closing the socket...but sleeping
+ * for a short time seems to do it (units in ms)
+ * TODO: Find a better way to do this
+ */
+ Sleep(50);
+#endif
BIO_closesocket(SSL_get_fd(con));
end:
if (con != NULL) {
diff --git a/apps/s_server.c b/apps/s_server.c
index 35baac9..08753c3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2167,10 +2167,10 @@ static int sv_body(int s, int stype, unsigned char *context)
tv.tv_sec = 1;
tv.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &tv);
- if ((i < 0) || (!i && !_kbhit()))
- continue;
- if (_kbhit())
+ if (has_stdin_waiting())
read_from_terminal = 1;
+ if ((i < 0) || (!i && !read_from_terminal))
+ continue;
#else
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
@@ -2309,12 +2309,14 @@ static int sv_body(int s, int stype, unsigned char *context)
break;
case SSL_ERROR_WANT_ASYNC:
BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
+ (void)BIO_flush(bio_s_out);
wait_for_async(con);
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_printf(bio_s_out, "Write BLOCK\n");
+ (void)BIO_flush(bio_s_out);
break;
case SSL_ERROR_WANT_ASYNC_JOB:
/*
@@ -2383,16 +2385,19 @@ static int sv_body(int s, int stype, unsigned char *context)
ascii2ebcdic(buf, buf, i);
#endif
raw_write_stdout(buf, (unsigned int)i);
+ (void)BIO_flush(bio_s_out);
if (SSL_has_pending(con))
goto again;
break;
case SSL_ERROR_WANT_ASYNC:
BIO_printf(bio_s_out, "Read BLOCK (Async)\n");
+ (void)BIO_flush(bio_s_out);
wait_for_async(con);
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
BIO_printf(bio_s_out, "Read BLOCK\n");
+ (void)BIO_flush(bio_s_out);
break;
case SSL_ERROR_WANT_ASYNC_JOB:
/*
@@ -2448,6 +2453,7 @@ static int init_ssl_connection(SSL *con)
unsigned next_proto_neg_len;
#endif
unsigned char *exportedkeymat;
+ int retry = 0;
#ifndef OPENSSL_NO_DTLS
if(dtlslisten) {
@@ -2482,6 +2488,8 @@ static int init_ssl_connection(SSL *con)
do {
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
#ifdef CERT_CB_TEST_RETRY
{
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
@@ -2489,6 +2497,8 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_err,
"LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
}
}
#endif
@@ -2507,13 +2517,15 @@ static int init_ssl_connection(SSL *con)
else
BIO_printf(bio_s_out, "LOOKUP not successful\n");
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
}
#endif
} while (i < 0 && SSL_waiting_for_async(con));
if (i <= 0) {
if ((dtlslisten && i == 0)
- || (!dtlslisten && BIO_sock_should_retry(i))) {
+ || (!dtlslisten && retry)) {
BIO_printf(bio_s_out, "DELAY\n");
return (1);
}
@@ -2599,6 +2611,7 @@ static int init_ssl_connection(SSL *con)
OPENSSL_free(exportedkeymat);
}
+ (void)BIO_flush(bio_s_out);
return (1);
}
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 3763530..b41e67a 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -36,6 +36,7 @@ my $digest = "-sha1";
my @reqcmd = ("openssl", "req");
my @x509cmd = ("openssl", "x509", $digest);
my @verifycmd = ("openssl", "verify");
+my @gendsacmd = ("openssl", "gendsa");
my $dummycnf = srctop_file("apps", "openssl.cnf");
my $CAkey = "keyCA.ss";
@@ -105,6 +106,7 @@ sub testss {
my @req_dsa = ("-newkey",
"dsa:".srctop_file("apps", "dsa1024.pem"));
+ my $dsaparams = srctop_file("apps", "dsa1024.pem");
my @req_new;
if ($no_rsa) {
@req_new = @req_dsa;
@@ -175,14 +177,18 @@ sub testss {
plan skip_all => "skipping DSA certificate creation"
if $no_dsa;
- plan tests => 4;
+ plan tests => 5;
SKIP: {
$ENV{CN2} = "DSA Certificate";
+ skip 'failure', 4 unless
+ ok(run(app([@gendsacmd, "-out", $Dkey,
+ $dsaparams],
+ stdout => "err.ss")),
+ "make a DSA key");
skip 'failure', 3 unless
- ok(run(app([@reqcmd, "-config", $Uconf,
- "-out", $Dreq, "-keyout", $Dkey,
- @req_dsa],
+ ok(run(app([@reqcmd, "-new", "-config", $Uconf,
+ "-out", $Dreq, "-key", $Dkey],
stdout => "err.ss")),
"make a DSA user cert request");
skip 'failure', 2 unless
Richard Levitte
May 27, 2016, 11:39:04 AM5/27/16
to
The branch master has been updated
via cbece22079a61e57d17858174ee57e7dffa9e4dd (commit)
from 46ac07f5455dd39840b63bebd2942c2058e7a9cb (commit)
- Log -----------------------------------------------------------------
commit cbece22079a61e57d17858174ee57e7dffa9e4dd
Author: Richard Levitte <lev...@openssl.org>
Date: Fri May 27 17:18:57 2016 +0200
Allow space in PERL spec (unix only)
Someone wants to configure like this:
PERL="/usr/bin/env perl" ./config
The end goal is to get that in the #! line of CA.pl and a few other
scripts. That works well already, but in the Makefile, there were a
few lines looking like this:
PERL=$(PERL) $(PERL) whatever.pl ...
Those need some quoting.
RT#4311
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 8c27ba9..e20b632 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -230,6 +230,7 @@ tests: build_tests_nodep build_apps_nodep build_engines_nodep \
( cd test; \
SRCTOP=../$(SRCDIR) \
BLDTOP=../$(BLDDIR) \
+ PERL="$(PERL)" \
EXE_EXT={- $exeext -} \
OPENSSL_ENGINES=../$(BLDDIR)/engines \
$(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
@@ -238,7 +239,7 @@ tests: build_tests_nodep build_apps_nodep build_engines_nodep \
@ : {- output_on() if !$disabled{tests}; "" -}
list-tests:
- @TOP=$(SRCDIR) PERL=$(PERL) $(PERL) $(SRCDIR)/test/run_tests.pl list
+ @TOP="$(SRCDIR)" PERL="$(PERL)" $(PERL) $(SRCDIR)/test/run_tests.pl list
libclean:
@set -e; for s in $(SHLIB_INFO); do \
@@ -960,7 +961,7 @@ EOF
$target: $lib$libext $deps $ordinalsfile
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
- PERL=\$(PERL) SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
+ PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
LIBNAME=$libname LIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
@@ -996,7 +997,7 @@ EOF
$target: $objs $deps
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
- PERL=\$(PERL) SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
+ PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
@@ -1033,7 +1034,7 @@ EOF
$bin$exeext: $objs $deps
\$(RM) $bin$exeext
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
- PERL=\$(PERL) SRCDIR=\$(SRCDIR) \\
+ PERL="\$(PERL)" SRCDIR=\$(SRCDIR) \\
APPNAME=$bin$exeext OBJECTS="$objs" \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\
Richard Levitte
May 27, 2016, 11:42:16 AM5/27/16
to
The branch master has been updated
via ac1a998d04a66e69ad36141a0254cf8baf3aa5d0 (commit)
via 04b7805a8686d33186ca9e0571355e7fa2ef2d86 (commit)
via cb66390857fe9477e567f163302b4e34aeff8e6e (commit)
via a3a08f81256f4e9156e384c224adcc8e0519577b (commit)
from cbece22079a61e57d17858174ee57e7dffa9e4dd (commit)
- Log -----------------------------------------------------------------
commit ac1a998d04a66e69ad36141a0254cf8baf3aa5d0
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 25 15:03:08 2016 +0200
make sure to put quotes around -config argument, in case of spaces
RT#4486
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit 04b7805a8686d33186ca9e0571355e7fa2ef2d86
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 25 15:02:20 2016 +0200
perl glob: make sure to put quotes around the pattern, in case of spaces
RT#4486
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit cb66390857fe9477e567f163302b4e34aeff8e6e
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 25 11:58:19 2016 +0200
Windows makefile: handle the case with space in source directory
This applies when building out-of-source.
RT#4486
NOTE: we can't do the same for Unix, as Unix make doesn't handle this
type of issue. Also, directory specs are much less likely to have
spaces on Unix...
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit a3a08f81256f4e9156e384c224adcc8e0519577b
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 25 11:57:23 2016 +0200
Configure: handle spaces in source directory spec
RT#4486
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configure | 4 +-
test/recipes/80-test_ca.t | 6 +--
test/recipes/80-test_ssl_new.t | 2 +-
test/run_tests.pl | 4 +-
util/process_docs.pl | 4 +-
6 files changed, 61 insertions(+), 60 deletions(-)
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 454f2ed..9a8109f 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -161,7 +161,7 @@ tests: build_tests_nodep build_apps_nodep build_engines_nodep depend
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
set PERL=$(PERL)
- $(PERL) $(SRCDIR)\test\run_tests.pl $(TESTS)
+ "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -}
@@ -169,16 +169,16 @@ tests: build_tests_nodep build_apps_nodep build_engines_nodep depend
list-tests:
@set TOP=$(SRCDIR)
@set PERL=$(PERL)
- @$(PERL) $(SRCDIR)\test\run_tests.pl list
+ @"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
install: install_sw install_ssldirs install_docs
uninstall: uninstall_docs uninstall_sw
libclean:
- $(PERL) -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
- $(PERL) -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
- $(PERL) -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
+ "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
+ "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
+ "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS)
-del /Q ossl_static.pdb
@@ -204,33 +204,33 @@ install_sw: all install_dev install_engines install_runtime
+ "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS)
-del /Q ossl_static.pdb
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
install_docs:
- $(PERL) $(SRCDIR)\util\process_docs.pl \
+ "$(PERL)" "$(SRCDIR)\util\process_docs.pl" \
"--destdir=$(DESTDIR)$(INSTALLTOP)\html" --type=html
uninstall_docs:
install_ssldirs:
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)\certs"
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)\private"
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)\misc"
- @$(PERL) $(SRCDIR)\util\copy.pl $(SRCDIR)\apps\openssl.cnf \
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(DESTDIR)$(OPENSSLDIR)\certs"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(DESTDIR)$(OPENSSLDIR)\private"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(DESTDIR)$(OPENSSLDIR)\misc"
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
"$(DESTDIR)$(OPENSSLDIR)"
- @$(PERL) $(SRCDIR)\util\copy.pl $(MISC_SCRIPTS) \
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
"$(DESTDIR)$(OPENSSLDIR)\misc"
install_dev:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing development files
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)\include\openssl"
- @$(PERL) $(SRCDIR)\util\copy.pl $(SRCDIR)\include\openssl\*.h \
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(DESTDIR)$(INSTALLTOP)\include\openssl"
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \
"$(DESTDIR)$(INSTALLTOP)\include\openssl"
- @$(PERL) $(SRCDIR)\util\copy.pl $(BLDDIR)\include\openssl\*.h \
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \
"$(DESTDIR)$(INSTALLTOP)\include\openssl"
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)\$(LIBDIR)"
- @$(PERL) $(SRCDIR)\util\copy.pl $(LIBS) \
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(DESTDIR)$(INSTALLTOP)\$(LIBDIR)"
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(LIBS) \
"$(DESTDIR)$(INSTALLTOP)\$(LIBDIR)"
@if "$(SHLIBS)"=="" \
- $(PERL) $(SRCDIR)\util\copy.pl ossl_static.pdb \
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb \
"$(DESTDIR)$(INSTALLTOP)\$(LIBDIR)"
uninstall_dev:
@@ -238,38 +238,38 @@ uninstall_dev:
install_engines:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing engines
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(ENGINESDIR)"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(DESTDIR)$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
- $(PERL) $(SRCDIR)\util\copy.pl $(ENGINES) "$(DESTDIR)$(ENGINESDIR)"
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(ENGINES) "$(DESTDIR)$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
- $(PERL) $(SRCDIR)\util\copy.pl $(ENGINEPDBS) "$(DESTDIR)$(ENGINESDIR)"
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(ENGINEPDBS) "$(DESTDIR)$(ENGINESDIR)"
uninstall_engines:
install_runtime:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing runtime files
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)\bin"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(DESTDIR)$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
- $(PERL) $(SRCDIR)\util\copy.pl $(SHLIBS) "$(DESTDIR)$(INSTALLTOP)\bin"
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(SHLIBS) "$(DESTDIR)$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
- $(PERL) $(SRCDIR)\util\copy.pl $(SHLIBPDBS) \
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(SHLIBPDBS) \
"$(DESTDIR)$(INSTALLTOP)\bin"
- @$(PERL) $(SRCDIR)\util\copy.pl $(PROGRAMS) \
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(PROGRAMS) \
"$(DESTDIR)$(INSTALLTOP)\bin"
- @$(PERL) $(SRCDIR)\util\copy.pl $(PROGRAMPDBS) \
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(PROGRAMPDBS) \
"$(DESTDIR)$(INSTALLTOP)\bin"
- @$(PERL) $(SRCDIR)\util\copy.pl $(BIN_SCRIPTS) \
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \
"$(DESTDIR)$(INSTALLTOP)\bin"
uninstall_runtime:
# Building targets ###################################################
-configdata.pm: {- $config{build_file_template} -} $(SRCDIR)\Configure
+configdata.pm: "{- $config{build_file_template} -}" "$(SRCDIR)\Configure"
@echo "Detected changed: $?"
@echo "Reconfiguring..."
- $(PERL) $(SRCDIR)\Configure reconf
+ "$(PERL)" "$(SRCDIR)\Configure" reconf
@echo "**************************************************"
@echo "*** ***"
@echo "*** Please run the same make command again ***"
@@ -293,19 +293,20 @@ configdata.pm: {- $config{build_file_template} -} $(SRCDIR)\Configure
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
- my $generator = join(" ", @{$args{generator}});
- my $generator_incs = join("", map { " -I".$_ } @{$args{generator_incs}});
- my $incs = join("", map { " /I ".$_ } @{$args{incs}});
- my $deps = join(" ", @{$args{generator_deps}}, @{$args{deps}});
+ my $generator = '"'.join('" "', @{$args{generator}}).'"';
+ my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
+ my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
+ my $deps = @{$args{deps}} ?
+ '"'.join('" "', @{$args{generator_deps}}, @{$args{deps}}).'"' : '';
if ($target !~ /\.asm$/) {
return <<"EOF";
-$target: $args{generator}->[0] $deps
- \$(PERL)$generator_incs $generator > \$@
+$target: "$args{generator}->[0]" $deps
+ "\$(PERL)"$generator_incs $generator > \$@
EOF
} else {
if ($args{generator}->[0] =~ /\.pl$/) {
- $generator = '$(PERL)'.$generator_incs.' '.$generator;
+ $generator = '"$(PERL)"'.$generator_incs.' '.$generator;
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
@@ -317,7 +318,7 @@ EOF
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
-$target: $args{generator}->[0] $deps
+$target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@.S
\$(CC) \$(CFLAGS) $incs /EP /C \$@.S > \$@.i && move /Y \$@.i \$@
@@ -326,14 +327,14 @@ EOF
}
# Otherwise....
return <<"EOF";
-$target: $args{generator}->[0] $deps
+$target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@
EOF
}
return <<"EOF";
-$target: $args{generator}->[0] $deps
- \$(CC) \$(CFLAGS) $incs /EP /C $args{generator}->[0] > \$@.i && move /Y \$@.i \$@
+$target: "$args{generator}->[0]" $deps
+ \$(CC) \$(CFLAGS) $incs /EP /C "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@
EOF
}
}
@@ -343,12 +344,12 @@ EOF
my $obj = $args{obj};
my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
} ( @{$args{srcs}} );
- my $srcs = join(" ", @srcs);
- my $deps = join(" ", @srcs, @{$args{deps}});
- my $incs = join("", map { " /I ".$_ } @{$args{incs}});
+ my $srcs = '"'.join('" "', @srcs).'"';
+ my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"';
+ my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}});
unless ($disabled{zlib}) {
if ($withargs{zlib_include}) {
- $incs .= " /I ".$withargs{zlib_include};
+ $incs .= ' /I "'.$withargs{zlib_include}.'"';
}
}
my $ecflags = { lib => '$(LIB_CFLAGS)',
@@ -364,7 +365,7 @@ EOF
return <<"EOF" if (!$disabled{makedepend});
$obj$depext: $deps
\$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\
- \$(PERL) -n << > $obj$depext
+ "\$(PERL)" -n << > $obj$depext
chomp;
s/^Note: including file: *//;
\$\$collect{\$\$_} = 1;
@@ -404,11 +405,11 @@ EOF
rel2abs($config{builddir}));
my $target = shlib_import($lib);
return <<"EOF"
-$target: $deps $ordinalsfile $mkdef_pl
- \$(PERL) $mkdef_pl "$mkdef_key" 32 > $shlib.def
- \$(PERL) -i.tmp -pe "s|^LIBRARY\\s+${mkdef_key}32|LIBRARY $shlib|;" $shlib.def
+$target: $deps "$ordinalsfile" "$mkdef_pl"
+ "\$(PERL)" "$mkdef_pl" "$mkdef_key" 32 > $shlib.def
+ "\$(PERL)" -i.tmp -pe "s|^LIBRARY\\s+${mkdef_key}32|LIBRARY $shlib|;" $shlib.def
DEL $shlib.def.tmp
- \$(PERL) $mkrc_pl $shlib$shlibext > $shlib.rc
+ "\$(PERL)" "$mkrc_pl" $shlib$shlibext > $shlib.rc
\$(RC) \$(RCOUTFLAG)$shlib.res $shlib.rc
\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
/implib:\$@ \$(LDOUTFLAG)$shlib$shlibext /def:$shlib.def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1)
@@ -478,13 +479,13 @@ EOF
sub in2script {
my %args = @_;
my $script = $args{script};
- my $sources = join(" ", @{$args{sources}});
+ my $sources = '"'.join('" "', @{$args{sources}}).'"';
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$script: $sources
- \$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+ "\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
"-o$target{build_file}" $sources > "$script"
EOF
}
diff --git a/Configure b/Configure
index 37ace21..0c87cd1 100755
--- a/Configure
+++ b/Configure
@@ -210,7 +210,7 @@ die "erroneous version information in opensslv.h: ",
# Collect target configurations
my $pattern = catfile(dirname($0), "Configurations", "*.conf");
-foreach (sort glob($pattern) ) {
+foreach (sort glob("\"$pattern\"") ) {
&read_config($_);
}
@@ -2332,7 +2332,7 @@ sub run_dofile
foreach (@templates) {
die "Can't open $_, $!" unless -f $_;
}
- my $cmd = "$config{perl} \"-I.\" \"-Mconfigdata\" $dofile -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
+ my $cmd = "$config{perl} \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
#print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
system($cmd);
exit 1 if $? != 0;
diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
index 8e01d5f..cd42687 100644
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -24,17 +24,17 @@ rmtree("demoCA", { safe => 0 });
plan tests => 4;
SKIP: {
- $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "CAss.cnf");
+ $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"';
skip "failed creating CA structure", 3
if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
'creating CA structure');
- $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "Uss.cnf");
+ $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
skip "failed creating new certificate request", 2
if !ok(run(perlapp(["CA.pl","-newreq"])),
'creating CA structure');
- $ENV{OPENSSL_CONFIG} = "-config ".$std_openssl_cnf;
+ $ENV{OPENSSL_CONFIG} = '-config "'.$std_openssl_cnf.'"';
skip "failed to sign certificate request", 1
if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
'signing certificate request');
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 5cafb9f..07f1291 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -20,7 +20,7 @@ setup("test_ssl_new");
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in"));
+my @conf_srcs = glob('"'.srctop_file("test", "ssl-tests", "*.conf.in").'"');
map { s/;.*// } @conf_srcs if $^O eq "VMS";
my @conf_files = map { basename($_) } @conf_srcs;
map { s/\.in// } @conf_files;
diff --git a/test/run_tests.pl b/test/run_tests.pl
index 158eaf9..6ce1521 100644
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
@@ -42,13 +42,13 @@ my $list_mode = scalar(grep /^list$/, @tests) != 0;
if (grep /^(alltests|list)$/, @tests) {
@tests = grep {
basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
- } glob(catfile($recipesdir,"*.t"));
+ } glob('"'.catfile($recipesdir,"*.t").'"');
} else {
my @t = ();
foreach (@tests) {
push @t, grep {
basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
- } glob(catfile($recipesdir,"*-$_.t"));
+ } glob('"'.catfile($recipesdir,"*-$_.t").'"');
}
@tests = @t;
}
diff --git a/util/process_docs.pl b/util/process_docs.pl
index c2c35ee..efc4ef5 100644
--- a/util/process_docs.pl
+++ b/util/process_docs.pl
@@ -72,9 +72,9 @@ my $symlink_exists = eval { symlink("",""); 1 };
foreach my $subdir (keys %{$options{subdir}}) {
my $section = $options{subdir}->{$subdir};
my $podsourcedir = catfile($options{sourcedir}, $subdir);
- my $podglob = catfile($podsourcedir, "*.pod");
+ my $podglob = '"'.catfile($podsourcedir, "*.pod").'"';
- foreach my $podfile (glob "$podglob") {
+ foreach my $podfile (glob $podglob) {
my $podname = basename($podfile, ".pod");
my $podpath = catfile($podfile);
my %podinfo = ( section => $section );
Richard Levitte
May 27, 2016, 11:49:01 AM5/27/16
to
The branch master has been updated
via 230c691a5218f355a63ff12cd72ce99178378c64 (commit)
from ac1a998d04a66e69ad36141a0254cf8baf3aa5d0 (commit)
- Log -----------------------------------------------------------------
commit 230c691a5218f355a63ff12cd72ce99178378c64
Author: Richard Levitte <lev...@openssl.org>
Date: Sat May 21 03:46:43 2016 +0200
Fix fmtstr for BIO_printf() et al
- If we have a maximum amount of characters permitted to be printed
(for example "%.2s", which allows for a maximum of 2 chars), we
minimize the number of characters from the string to printed to
that size.
- If there is space for padding and there is a maximum amount of
characters to print (for example "%3.2s", which shall give at
least a 1 space padding), the amount of characters to pad with
gets added to the maximum so the minimum field size (3 in this
example) gets filled out.
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index d52ad7c..545c469 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -10,7 +10,7 @@
#include <stdio.h>
#include <string.h>
#include <ctype.h>
-#include <limits.h>
#include <string.h>
#include <ctype.h>
+#include "internal/numbers.h"
#include "internal/cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
@@ -385,28 +385,29 @@ fmtstr(char **sbuffer,
if (value == 0)
value = "<NULL>";
- strln = strlen(value);
- if (strln > INT_MAX)
- strln = INT_MAX;
+ strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
padlen = min - strln;
if (min < 0 || padlen < 0)
padlen = 0;
+ if (max >= 0)
+ max += padlen; /* The maximum output including padding */
if (flags & DP_F_MINUS)
padlen = -padlen;
- while ((padlen > 0) && (cnt < max)) {
+ while ((padlen > 0) && (max < 0 || cnt < max)) {
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
--padlen;
++cnt;
}
- while (*value && (cnt < max)) {
+ while (strln > 0 && (max < 0 || cnt < max)) {
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
return 0;
+ --strln;
++cnt;
}
- while ((padlen < 0) && (cnt < max)) {
+ while ((padlen < 0) && (max < 0 || cnt < max)) {
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
++padlen;
Matt Caswell
May 27, 2016, 12:21:45 PM5/27/16
to
The branch master has been updated
via 4379d5ce782d4cc83840db7b7b66e18d325dfd3e (commit)
from 230c691a5218f355a63ff12cd72ce99178378c64 (commit)
- Log -----------------------------------------------------------------
commit 4379d5ce782d4cc83840db7b7b66e18d325dfd3e
Author: Todd Short <tsh...@akamai.com>
Date: Wed May 25 20:56:48 2016 -0400
Fix ssl_cert_set0_chain invalid pointer
When setting the certificate chain, if a certificate doesn't pass
security checks, then chain may point to a freed STACK_OF(X509)
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_cert.c | 2 +-
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 7481705..d668afa 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -267,7 +267,6 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
if (!cpk)
return 0;
- sk_X509_pop_free(cpk->chain, X509_free);
for (i = 0; i < sk_X509_num(chain); i++) {
r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
if (r != 1) {
@@ -275,6 +274,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
return 0;
}
}
+ sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = chain;
return 1;
Kurt Roeckx
May 27, 2016, 3:05:33 PM5/27/16
to
The branch master has been updated
via 369e93398b68b8a328e6c1d766222b2d281ef016 (commit)
from 4379d5ce782d4cc83840db7b7b66e18d325dfd3e (commit)
- Log -----------------------------------------------------------------
commit 369e93398b68b8a328e6c1d766222b2d281ef016
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Thu May 26 18:40:32 2016 +0200
Avoid calling memcpy with lenght of 0
We can call memcpy() with a pointer 1 past the last allocated byte and length
of 0 and you can argue that that's undefined behaviour.
Reported by tis-interpreter
Reviewed-by: Rich Salz <rs...@openssl.org>
GH: #1132
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_bitstr.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 2f0d8f8..33be907 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -66,10 +66,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
*(p++) = (unsigned char)bits;
d = a->data;
- memcpy(p, d, len);
- p += len;
- if (len > 0)
+ if (len > 0) {
+ memcpy(p, d, len);
+ p += len;
p[-1] &= (0xff << bits);
+ }
*pp = p;
return (ret);
Andy Polyakov
May 27, 2016, 4:57:33 PM5/27/16
to
The branch master has been updated
via dae9e15d74df2f216b277c8887afe2976cba9c6e (commit)
from 369e93398b68b8a328e6c1d766222b2d281ef016 (commit)
- Log -----------------------------------------------------------------
commit dae9e15d74df2f216b277c8887afe2976cba9c6e
Author: Andy Polyakov <ap...@openssl.org>
Date: Sun May 22 09:47:15 2016 +0200
bf/build.info: engage assembly module.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/bf/build.info b/crypto/bf/build.info
index b8f9820..37a004e 100644
--- a/crypto/bf/build.info
+++ b/crypto/bf/build.info
@@ -1,5 +1,6 @@
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
+SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c \
+ {- $target{bf_asm_src} -}
GENERATE[bf-586.s]=asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
Andy Polyakov
May 27, 2016, 4:59:23 PM5/27/16
to
The branch master has been updated
via bb83c8796b9e708a881f7c49a2af7921e73b2298 (commit)
from dae9e15d74df2f216b277c8887afe2976cba9c6e (commit)
- Log -----------------------------------------------------------------
commit bb83c8796b9e708a881f7c49a2af7921e73b2298
Author: Andy Polyakov <ap...@openssl.org>
Date: Thu May 26 21:40:09 2016 +0200
bn/bn_exp.c: explain 'volatile' in MOD_EXP_CTIME_COPY_FROM_PREBUF.
Reviewed-by: Tim Hudson <t...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 8 insertions(+)
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 25c05fa..d334cf7 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -527,6 +527,14 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
{
int i, j;
int width = 1 << window;
+ /*
+ * We declare table 'volatile' in order to discourage compiler
+ * from reordering loads from the table. Concern is that if
+ * reordered in specific manner loads might give away the
+ * information we are trying to conceal. Some would argue that
+ * compiler can reorder them anyway, but it can as well be
+ * argued that doing so would be violation of standard...
+ */
volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
if (bn_wexpand(b, top) == NULL)
Andy Polyakov
May 27, 2016, 5:03:41 PM5/27/16
to
The branch master has been updated
via efdb2d6c797112e58e304d3e5300f169dbb16e95 (commit)
via 43c4116cd7413b3c4ffc8d409eeac5b0262c4358 (commit)
from bb83c8796b9e708a881f7c49a2af7921e73b2298 (commit)
- Log -----------------------------------------------------------------
commit efdb2d6c797112e58e304d3e5300f169dbb16e95
Author: Andy Polyakov <ap...@openssl.org>
Date: Fri May 27 12:04:09 2016 +0200
crypto/o_str.c: add _GNU_SOURCE strerror_r case.
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit 43c4116cd7413b3c4ffc8d409eeac5b0262c4358
Author: Andy Polyakov <ap...@openssl.org>
Date: Thu May 26 23:00:21 2016 +0200
crypto/o_str.c: strerror_s is provided by specific compiler run-time,
not by OS [as was implied by guarding #if condition].
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/crypto/o_str.c b/crypto/o_str.c
index 98eb163..b0e7524 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -261,11 +261,11 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
int openssl_strerror_r(int errnum, char *buf, size_t buflen)
{
-#if defined(OPENSSL_SYS_WINDOWS)
- if (strerror_s(buf, buflen, errnum) == EINVAL)
- return 0;
- return 1;
-#elif (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) && !_GNU_SOURCE
+#if defined(_MSC_VER) && _MSC_VER>=1400
+ return !strerror_s(buf, buflen, errnum);
+#elif defined(_GNU_SOURCE)
+ return strerror_r(errnum, buf, buflen) != NULL;
+#elif (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)
/*
* We can use "real" strerror_r. The OpenSSL version differs in that it
* gives 1 on success and 0 on failure for consistency with other OpenSSL
Andy Polyakov
May 27, 2016, 5:06:02 PM5/27/16
to
The branch master has been updated
via 90edbfcce3b84287332ac77f19993cbc18effdef (commit)
from efdb2d6c797112e58e304d3e5300f169dbb16e95 (commit)
- Log -----------------------------------------------------------------
commit 90edbfcce3b84287332ac77f19993cbc18effdef
Author: Andy Polyakov <ap...@openssl.org>
Date: Thu May 26 23:10:56 2016 +0200
include/openssl/e_os2.h: fix 'noreturn' pre-processor logic.
Newer gcc still recognizes e.g. -std=c9x in which case it wouldn't
have used 'noreturn' at all with original logic.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index eee6323..e0a5e46 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -293,10 +293,10 @@ typedef unsigned __int64 uint64_t;
# define ossl_inline inline
# endif
-# if defined(__GNUC__) && (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 7))
-# define ossl_noreturn __attribute__((noreturn))
-# elif defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
# define ossl_noreturn _Noreturn
+# elif defined(__GNUC__) && __GNUC__ >= 2
+# define ossl_noreturn __attribute__((noreturn))
# else
# define ossl_noreturn
# endif
Richard Levitte
May 27, 2016, 8:15:32 PM5/27/16
to
The branch master has been updated
via 38e19eb96f2fa9c97f7786dcb988bf4b91c98149 (commit)
via da32e04b5e879e433f8e7a584af999ed804be7d9 (commit)
via 7233bea26350d0541909a2fe30e87a95327fb065 (commit)
from 90edbfcce3b84287332ac77f19993cbc18effdef (commit)
- Log -----------------------------------------------------------------
commit 38e19eb96f2fa9c97f7786dcb988bf4b91c98149
Author: Richard Levitte <lev...@openssl.org>
Date: Fri May 27 10:46:42 2016 +0200
Change a call of OPENSSL_strcasecmp to strcasecmp
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
commit da32e04b5e879e433f8e7a584af999ed804be7d9
Author: Richard Levitte <lev...@openssl.org>
Date: Fri May 27 10:17:42 2016 +0200
make update
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
commit 7233bea26350d0541909a2fe30e87a95327fb065
Author: Richard Levitte <lev...@openssl.org>
Date: Fri May 27 10:12:58 2016 +0200
Remove internal functions OPENSSL_strcasecmp and OPENSSL_strncasecmp
Their only reason to exist was that they didn't exist in VMS before
version 7.0. We do not support such old versions any more.
However, for the benefit of systems that don't get strings.h included
by string.h, we include the former in e_os.h.
RT#4458
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/o_str.c | 43 -------------------------------------------
crypto/x509v3/v3_tlsf.c | 2 +-
e_os.h | 8 ++------
include/internal/o_str.h | 2 --
util/libcrypto.num | 4 ++--
5 files changed, 5 insertions(+), 54 deletions(-)
diff --git a/crypto/o_str.c b/crypto/o_str.c
index b0e7524..29c324f 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -14,49 +14,6 @@
#include "internal/cryptlib.h"
#include "internal/o_str.h"
-#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
- !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_WINCE) && \
- !defined(NETWARE_CLIB)
-# include <strings.h>
-#endif
-
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
-{
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
- while (*str1 && *str2 && n) {
- int res = toupper(*str1) - toupper(*str2);
- if (res)
- return res < 0 ? -1 : 1;
- str1++;
- str2++;
- n--;
- }
- if (n == 0)
- return 0;
- if (*str1)
- return 1;
- if (*str2)
- return -1;
- return 0;
-#else
- /*
- * Recursion hazard warning! Whenever strncasecmp is #defined as
- * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as
- * well.
- */
- return strncasecmp(str1, str2, n);
-#endif
-}
-
-int OPENSSL_strcasecmp(const char *str1, const char *str2)
-{
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
- return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
-#else
- return strcasecmp(str1, str2);
-#endif
-}
-
int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
{
const unsigned char *c1 = v1, *c2 = v2;
diff --git a/crypto/x509v3/v3_tlsf.c b/crypto/x509v3/v3_tlsf.c
index ffcb5b7..fec6724 100644
--- a/crypto/x509v3/v3_tlsf.c
+++ b/crypto/x509v3/v3_tlsf.c
@@ -107,7 +107,7 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
extval = val->name;
for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
- if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0)
+ if (strcasecmp(extval, tls_feature_tbl[j].name) == 0)
break;
if (j < OSSL_NELEM(tls_feature_tbl))
tlsextid = tls_feature_tbl[j].num;
diff --git a/e_os.h b/e_os.h
index 53e0ecf..700d7d0 100644
--- a/e_os.h
+++ b/e_os.h
@@ -476,12 +476,8 @@ struct servent *PASCAL getservbyname(const char *, const char *);
# define strdup _strdup
# define unlink _unlink
# endif
-# elif defined(OPENSSL_SYS_VMS)
-/* VMS below version 7.0 doesn't have strcasecmp() */
-# include "internal/o_str.h"
-# define strcasecmp OPENSSL_strcasecmp
-# define strncasecmp OPENSSL_strncasecmp
-# define OPENSSL_IMPLEMENTS_strncasecmp
+# else
+# include <strings.h>
# endif
/* vxworks */
diff --git a/include/internal/o_str.h b/include/internal/o_str.h
index c1bf7ef..86403c9 100644
--- a/include/internal/o_str.h
+++ b/include/internal/o_str.h
@@ -12,8 +12,6 @@
# include <stddef.h> /* to get size_t */
-int OPENSSL_strcasecmp(const char *str1, const char *str2);
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
#endif
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 7583e07..32c36d9 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -258,7 +258,7 @@ ENGINE_register_all_ciphers 254 1_1_0 EXIST::FUNCTION:ENGINE
SXNET_new 255 1_1_0 EXIST::FUNCTION:
EVP_camellia_256_ctr 256 1_1_0 EXIST::FUNCTION:CAMELLIA
d2i_PKCS8_PRIV_KEY_INFO 257 1_1_0 EXIST::FUNCTION:
-OPENSSL_strncasecmp 258 1_1_0 EXIST::FUNCTION:
+OPENSSL_strncasecmp 258 1_1_0 NOEXIST::FUNCTION:
EVP_md2 259 1_1_0 EXIST::FUNCTION:MD2
RC2_ecb_encrypt 260 1_1_0 EXIST::FUNCTION:RC2
ENGINE_register_DH 261 1_1_0 EXIST::FUNCTION:ENGINE
@@ -2256,7 +2256,7 @@ CMS_RecipientInfo_kari_orig_id_cmp 2184 1_1_0 EXIST::FUNCTION:CMS
NETSCAPE_SPKI_b64_encode 2185 1_1_0 EXIST::FUNCTION:
d2i_PrivateKey 2186 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_new 2187 1_1_0 EXIST::FUNCTION:
-OPENSSL_strcasecmp 2188 1_1_0 EXIST::FUNCTION:
+OPENSSL_strcasecmp 2188 1_1_0 NOEXIST::FUNCTION:
X509_get0_tbs_sigalg 2189 1_1_0 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_new 2190 1_1_0 EXIST::FUNCTION:
d2i_ECDSA_SIG 2191 1_1_0 EXIST::FUNCTION:EC
Andy Polyakov
May 28, 2016, 4:15:51 PM5/28/16
to
The branch master has been updated
via ff823ee89b678a92a6f74898609f73f51dae38a7 (commit)
from 38e19eb96f2fa9c97f7786dcb988bf4b91c98149 (commit)
- Log -----------------------------------------------------------------
commit ff823ee89b678a92a6f74898609f73f51dae38a7
Author: Andy Polyakov <ap...@openssl.org>
Date: Fri May 27 22:13:16 2016 +0200
SPARC assembly pack: add missing .type directives.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/asm/ecp_nistz256-sparcv9.pl | 35 +++++++++++++++++++++++++++++++++
crypto/poly1305/asm/poly1305-sparcv9.pl | 7 +++++++
3 files changed, 46 insertions(+)
diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl
index 1483a68..c72f865 100755
--- a/crypto/aes/asm/aesfx-sparcv9.pl
+++ b/crypto/aes/asm/aesfx-sparcv9.pl
@@ -103,6 +103,7 @@ aes_fx_encrypt:
orn %g0, $mask, $mask
retl
stda %f8, [$out + $mask]0xc0 ! partial store
+.type aes_fx_encrypt,#function
.size aes_fx_encrypt,.-aes_fx_encrypt
.globl aes_fx_decrypt
@@ -180,6 +181,7 @@ aes_fx_decrypt:
orn %g0, $mask, $mask
retl
stda %f8, [$out + $mask]0xc0 ! partial store
+.type aes_fx_decrypt,#function
.size aes_fx_decrypt,.-aes_fx_decrypt
___
}
@@ -193,6 +195,7 @@ aes_fx_set_decrypt_key:
mov -1, $inc
retl
nop
+.type aes_fx_set_decrypt_key,#function
.size aes_fx_set_decrypt_key,.-aes_fx_set_decrypt_key
.globl aes_fx_set_encrypt_key
@@ -329,6 +332,7 @@ $code.=<<___;
std %f2, [$out + 8]
retl
xor %o0, %o0, %o0 ! return 0
+.type aes_fx_set_encrypt_key,#function
.size aes_fx_set_encrypt_key,.-aes_fx_set_encrypt_key
___
}
diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
index ed95b20..3f39088 100755
--- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl
+++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -101,6 +101,7 @@ my ($bi,$a0,$mask,$carry)=(map("%i$_",(3..5)),"%g1");
my ($rp_real,$ap_real)=("%g2","%g3");
$code.=<<___;
+.type ecp_nistz256_precomputed,#object
.size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
.align 64
.LRR: ! 2^512 mod P precomputed for NIST P256 polynomial
@@ -122,6 +123,7 @@ ecp_nistz256_to_mont:
nop
ret
restore
+.type ecp_nistz256_to_mont,#function
.size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
! void ecp_nistz256_from_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
@@ -136,6 +138,7 @@ ecp_nistz256_from_mont:
nop
ret
restore
+.type ecp_nistz256_from_mont,#function
.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
! void ecp_nistz256_mul_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8],
@@ -149,6 +152,7 @@ ecp_nistz256_mul_mont:
nop
ret
restore
+.type ecp_nistz256_mul_mont,#function
.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
! void ecp_nistz256_sqr_mont(BN_ULONG %i0[8],const BN_ULONG %i2[8]);
@@ -161,6 +165,7 @@ ecp_nistz256_sqr_mont:
nop
ret
restore
+.type ecp_nistz256_sqr_mont,#function
.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
___
@@ -360,6 +365,7 @@ $code.=<<___;
st @acc[6],[$rp+24]
retl
st @acc[7],[$rp+28]
+.type __ecp_nistz256_mul_mont,#function
.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
! void ecp_nistz256_add(BN_ULONG %i0[8],const BN_ULONG %i1[8],
@@ -379,6 +385,7 @@ ecp_nistz256_add:
ld [$ap+28],@acc[7]
ret
restore
+.type ecp_nistz256_add,#function
.size ecp_nistz256_add,.-ecp_nistz256_add
.align 32
@@ -429,6 +436,7 @@ __ecp_nistz256_add:
st @acc[6],[$rp+24]
retl
st @acc[7],[$rp+28]
+.type __ecp_nistz256_add,#function
.size __ecp_nistz256_add,.-__ecp_nistz256_add
! void ecp_nistz256_mul_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
@@ -447,6 +455,7 @@ ecp_nistz256_mul_by_2:
ld [$ap+28],@acc[7]
ret
restore
+.type ecp_nistz256_mul_by_2,#function
.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
.align 32
@@ -461,6 +470,7 @@ __ecp_nistz256_mul_by_2:
addccc @acc[7],@acc[7],@acc[7]
b .Lreduce_by_sub
subc %g0,%g0,$carry ! broadcast carry bit
+.type __ecp_nistz256_mul_by_2,#function
.size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2
! void ecp_nistz256_mul_by_3(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
@@ -479,6 +489,7 @@ ecp_nistz256_mul_by_3:
ld [$ap+28],@acc[7]
ret
restore
+.type ecp_nistz256_mul_by_3,#function
.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
.align 32
@@ -513,6 +524,7 @@ __ecp_nistz256_mul_by_3:
addccc $t7,@acc[7],@acc[7]
b .Lreduce_by_sub
subc %g0,%g0,$carry ! broadcast carry bit
+.type __ecp_nistz256_mul_by_3,#function
.size __ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3
! void ecp_nistz256_sub(BN_ULONG %i0[8],const BN_ULONG %i1[8],
@@ -532,6 +544,7 @@ ecp_nistz256_sub:
ld [$ap+28],@acc[7]
ret
restore
+.type ecp_nistz256_sub,#function
.size ecp_nistz256_sub,.-ecp_nistz256_sub
! void ecp_nistz256_neg(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
@@ -551,6 +564,7 @@ ecp_nistz256_neg:
mov 0,@acc[7]
ret
restore
+.type ecp_nistz256_neg,#function
.size ecp_nistz256_neg,.-ecp_nistz256_neg
.align 32
@@ -601,6 +615,7 @@ __ecp_nistz256_sub_from:
st @acc[6],[$rp+24]
retl
st @acc[7],[$rp+28]
+.type __ecp_nistz256_sub_from,#function
.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
.align 32
@@ -623,6 +638,7 @@ __ecp_nistz256_sub_morf:
subccc $t7,@acc[7],@acc[7]
b .Lreduce_by_add
subc %g0,%g0,$carry ! broadcast borrow bit
+.type __ecp_nistz256_sub_morf,#function
.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
! void ecp_nistz256_div_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
@@ -641,6 +657,7 @@ ecp_nistz256_div_by_2:
ld [$ap+28],@acc[7]
ret
restore
+.type ecp_nistz256_div_by_2,#function
.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
.align 32
@@ -694,6 +711,7 @@ __ecp_nistz256_div_by_2:
st @acc[6],[$rp+24]
retl
st @acc[7],[$rp+28]
+.type __ecp_nistz256_div_by_2,#function
.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
___
@@ -823,6 +841,7 @@ ecp_nistz256_point_double:
ret
restore
+.type ecp_nistz256_point_double,#function
.size ecp_nistz256_point_double,.-ecp_nistz256_point_double
___
}
@@ -1125,6 +1144,7 @@ $code.=<<___;
.Ladd_done:
ret
restore
+.type ecp_nistz256_point_add,#function
.size ecp_nistz256_point_add,.-ecp_nistz256_point_add
___
}
@@ -1348,6 +1368,7 @@ ___
$code.=<<___;
ret
restore
+.type ecp_nistz256_point_add_affine,#function
.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
___
} }}}
@@ -1423,6 +1444,7 @@ ecp_nistz256_scatter_w5:
ret
restore
+.type ecp_nistz256_scatter_w5,#function
.size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
! void ecp_nistz256_gather_w5(P256_POINT *%i0,const void *%i1,
@@ -1520,6 +1542,7 @@ ecp_nistz256_gather_w5:
ret
restore
+.type ecp_nistz256_gather_w5,#function
.size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
! void ecp_nistz256_scatter_w7(void *%i0,const P256_POINT_AFFINE *%i1,
@@ -1547,6 +1570,7 @@ ecp_nistz256_scatter_w7:
ret
restore
+.type ecp_nistz256_scatter_w7,#function
.size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
! void ecp_nistz256_gather_w7(P256_POINT_AFFINE *%i0,const void *%i1,
@@ -1587,6 +1611,7 @@ ecp_nistz256_gather_w7:
ret
restore
+.type ecp_nistz256_gather_w7,#function
.size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
___
}}}
@@ -1614,6 +1639,7 @@ __ecp_nistz256_mul_by_2_vis3:
addxccc $acc3,$acc3,$acc3
b .Lreduce_by_sub_vis3
addxc %g0,%g0,$acc4 ! did it carry?
+.type __ecp_nistz256_mul_by_2_vis3,#function
.size __ecp_nistz256_mul_by_2_vis3,.-__ecp_nistz256_mul_by_2_vis3
.align 32
@@ -1647,6 +1673,7 @@ __ecp_nistz256_add_noload_vis3:
stx $acc2,[$rp+16]
retl
stx $acc3,[$rp+24]
+.type __ecp_nistz256_add_vis3,#function
.size __ecp_nistz256_add_vis3,.-__ecp_nistz256_add_vis3
! Trouble with subtraction is that there is no subtraction with 64-bit
@@ -1693,6 +1720,7 @@ __ecp_nistz256_sub_from_vis3:
subc %g0,%g0,$acc4 ! did it borrow?
b .Lreduce_by_add_vis3
or $acc3,$acc5,$acc3
+.type __ecp_nistz256_sub_from_vis3,#function
.size __ecp_nistz256_sub_from_vis3,.-__ecp_nistz256_sub_from_vis3
.align 32
@@ -1751,6 +1779,7 @@ __ecp_nistz256_sub_morf_vis3:
stx $acc2,[$rp+16]
retl
stx $acc3,[$rp+24]
+.type __ecp_nistz256_sub_morf_vis3,#function
.size __ecp_nistz256_sub_morf_vis3,.-__ecp_nistz256_sub_morf_vis3
.align 32
@@ -1791,6 +1820,7 @@ __ecp_nistz256_div_by_2_vis3:
stx $acc2,[$rp+16]
retl
stx $acc3,[$rp+24]
+.type __ecp_nistz256_div_by_2_vis3,#function
.size __ecp_nistz256_div_by_2_vis3,.-__ecp_nistz256_div_by_2_vis3
! compared to __ecp_nistz256_mul_mont it's almost 4x smaller and
@@ -1888,6 +1918,7 @@ $code.=<<___;
addxccc $acc4,$t3,$acc3
b .Lmul_final_vis3 ! see below
addxc $acc5,%g0,$acc4
+.type __ecp_nistz256_mul_mont_vis3,#function
.size __ecp_nistz256_mul_mont_vis3,.-__ecp_nistz256_mul_mont_vis3
! compared to above __ecp_nistz256_mul_mont_vis3 it's 21% less
@@ -2012,6 +2043,7 @@ $code.=<<___;
stx $acc2,[$rp+16]
retl
stx $acc3,[$rp+24]
+.type __ecp_nistz256_sqr_mont_vis3,#function
.size __ecp_nistz256_sqr_mont_vis3,.-__ecp_nistz256_sqr_mont_vis3
___
@@ -2275,6 +2307,7 @@ ecp_nistz256_point_double_vis3:
ret
restore
+.type ecp_nistz256_point_double_vis3,#function
.size ecp_nistz256_point_double_vis3,.-ecp_nistz256_point_double_vis3
___
}
@@ -2695,6 +2728,7 @@ $code.=<<___;
.Ladd_done_vis3:
ret
restore
+.type ecp_nistz256_point_add_vis3,#function
.size ecp_nistz256_point_add_vis3,.-ecp_nistz256_point_add_vis3
___
}
@@ -3013,6 +3047,7 @@ ___
$code.=<<___;
ret
restore
+.type ecp_nistz256_point_add_affine_vis3,#function
.size ecp_nistz256_point_add_affine_vis3,.-ecp_nistz256_point_add_affine_vis3
.align 64
.Lone_mont_vis3:
diff --git a/crypto/poly1305/asm/poly1305-sparcv9.pl b/crypto/poly1305/asm/poly1305-sparcv9.pl
index 460c863..c22735a 100755
--- a/crypto/poly1305/asm/poly1305-sparcv9.pl
+++ b/crypto/poly1305/asm/poly1305-sparcv9.pl
@@ -139,6 +139,7 @@ poly1305_init:
.Lno_key:
ret
restore %g0,%g0,%o0 ! return 0
+.type poly1305_init,#function
.size poly1305_init,.-poly1305_init
.globl poly1305_blocks
@@ -271,6 +272,7 @@ poly1305_blocks:
.Lno_data:
ret
restore
+.type poly1305_blocks,#function
.size poly1305_blocks,.-poly1305_blocks
___
########################################################################
@@ -361,6 +363,7 @@ poly1305_blocks_vis3:
ret
restore
+.type poly1305_blocks_vis3,#function
.size poly1305_blocks_vis3,.-poly1305_blocks_vis3
___
}
@@ -433,6 +436,7 @@ poly1305_emit:
ret
restore
+.type poly1305_emit,#function
.size poly1305_emit,.-poly1305_emit
___
@@ -598,6 +602,7 @@ poly1305_init_fma:
.Lno_key_fma:
ret
restore %g0,%g0,%o0 ! return 0
+.type poly1305_init_fma,#function
.size poly1305_init_fma,.-poly1305_init_fma
.align 32
@@ -905,6 +910,7 @@ poly1305_blocks_fma:
.Labort:
ret
restore
+.type poly1305_blocks_fma,#function
.size poly1305_blocks_fma,.-poly1305_blocks_fma
___
{
@@ -1011,6 +1017,7 @@ poly1305_emit_fma:
ret
restore
+.type poly1305_emit_fma,#function
.size poly1305_emit_fma,.-poly1305_emit_fma
___
Andy Polyakov
May 28, 2016, 4:18:39 PM5/28/16
to
The branch master has been updated
via 8640f21093ae02c838e183f04ea52f781b5c98d6 (commit)
from ff823ee89b678a92a6f74898609f73f51dae38a7 (commit)
- Log -----------------------------------------------------------------
commit 8640f21093ae02c838e183f04ea52f781b5c98d6
Author: Andy Polyakov <ap...@openssl.org>
Date: Fri May 27 21:50:49 2016 +0200
poly1305/asm/poly1305-mips.pl: adhere to standard frame layout.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 24 insertions(+), 20 deletions(-)
diff --git a/crypto/poly1305/asm/poly1305-mips.pl b/crypto/poly1305/asm/poly1305-mips.pl
index b5bce47..d2b3e90 100755
--- a/crypto/poly1305/asm/poly1305-mips.pl
+++ b/crypto/poly1305/asm/poly1305-mips.pl
@@ -170,20 +170,27 @@ $code.=<<___;
poly1305_blocks:
.set noreorder
dsrl $len,4 # number of complete blocks
- beqz $len,.Lno_data
+ bnez $len,poly1305_blocks_internal
nop
+ jr $ra
+ nop
+.end poly1305_blocks
- .frame $sp,8*8,$ra
+.align 5
+.ent poly1305_blocks_internal
+poly1305_blocks_internal:
+ .frame $sp,6*8,$ra
.mask $SAVED_REGS_MASK,-8
- dsub $sp,8*8
- sd $s5,0($sp)
- sd $s4,8($sp)
+ .set noreorder
+ dsub $sp,6*8
+ sd $s5,40($sp)
+ sd $s4,32($sp)
___
$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
- sd $s3,16($sp)
- sd $s2,24($sp)
- sd $s1,32($sp)
- sd $s0,40($sp)
+ sd $s3,24($sp)
+ sd $s2,16($sp)
+ sd $s1,8($sp)
+ sd $s0,0($sp)
___
$code.=<<___;
.set reorder
@@ -311,22 +318,19 @@ $code.=<<___;
sd $h2,16($ctx)
.set noreorder
- ld $s5,0($sp) # epilogue
- ld $s4,8($sp)
+ ld $s5,40($sp) # epilogue
+ ld $s4,32($sp)
___
$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi epilogue
- ld $s3,16($sp)
- ld $s2,24($sp)
- ld $s1,32($sp)
- ld $s0,40($sp)
+ ld $s3,24($sp)
+ ld $s2,16($sp)
+ ld $s1,8($sp)
+ ld $s0,0($sp)
___
$code.=<<___;
- dadd $sp,8*8
-
-.Lno_data:
jr $ra
- nop
-.end poly1305_blocks
+ dadd $sp,6*8
+.end poly1305_blocks_internal
Rich Salz
May 28, 2016, 10:39:43 PM5/28/16
to
The branch master has been updated
via f59f23c38331e3adf58c0317caf319a7bfd82dd1 (commit)
via 8e89e85f556f549f05d3b49f5408a217ac5e3700 (commit)
from 8640f21093ae02c838e183f04ea52f781b5c98d6 (commit)
- Log -----------------------------------------------------------------
commit f59f23c38331e3adf58c0317caf319a7bfd82dd1
Author: FdaSilvaYY <fdasi...@gmail.com>
Date: Sun Mar 6 21:40:58 2016 +0100
Add more zalloc
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/997)
commit 8e89e85f556f549f05d3b49f5408a217ac5e3700
Author: FdaSilvaYY <fdasi...@gmail.com>
Date: Sun Mar 6 21:26:46 2016 +0100
Fix some missing inits
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/997)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_strnid.c | 3 +--
crypto/asn1/bio_asn1.c | 10 ++--------
crypto/asn1/bio_ndef.c | 8 ++++----
crypto/asn1/tasn_scn.c | 4 ++--
crypto/bio/bss_bio.c | 5 +----
5 files changed, 10 insertions(+), 20 deletions(-)
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index 118e0cb..53832c8 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -199,7 +199,7 @@ static ASN1_STRING_TABLE *stable_get(int nid)
tmp = ASN1_STRING_TABLE_get(nid);
if (tmp && tmp->flags & STABLE_FLAGS_MALLOC)
return tmp;
- rv = OPENSSL_malloc(sizeof(*rv));
+ rv = OPENSSL_zalloc(sizeof(*rv));
if (rv == NULL)
return NULL;
if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
@@ -215,7 +215,6 @@ static ASN1_STRING_TABLE *stable_get(int nid)
} else {
rv->minsize = -1;
rv->maxsize = -1;
- rv->mask = 0;
rv->flags = STABLE_FLAGS_MALLOC;
}
return rv;
diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
index 664b682..400effa 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -95,8 +95,8 @@ const BIO_METHOD *BIO_f_asn1(void)
static int asn1_bio_new(BIO *b)
{
- BIO_ASN1_BUF_CTX *ctx;
- ctx = OPENSSL_malloc(sizeof(*ctx));
+ BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
if (ctx == NULL)
return 0;
if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) {
@@ -115,14 +115,8 @@ static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
if (ctx->buf == NULL)
return 0;
ctx->bufsize = size;
- ctx->bufpos = 0;
- ctx->buflen = 0;
- ctx->copylen = 0;
ctx->asn1_class = V_ASN1_UNIVERSAL;
ctx->asn1_tag = V_ASN1_OCTET_STRING;
- ctx->ex_buf = 0;
- ctx->ex_pos = 0;
- ctx->ex_len = 0;
ctx->state = ASN1_STATE_START;
return 1;
}
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index beeda9f..0f206b2 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -60,14 +60,14 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
return NULL;
}
- ndef_aux = OPENSSL_malloc(sizeof(*ndef_aux));
+ ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux));
asn_bio = BIO_new(BIO_f_asn1());
+ if (ndef_aux == NULL || asn_bio == NULL)
+ goto err;
/* ASN1 bio needs to be next to output BIO */
-
out = BIO_push(asn_bio, out);
-
- if (ndef_aux == NULL || asn_bio == NULL || !out)
+ if (out == NULL)
goto err;
BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c
index 1bdd2df..e1df2cf 100644
--- a/crypto/asn1/tasn_scn.c
+++ b/crypto/asn1/tasn_scn.c
@@ -24,8 +24,8 @@
ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx))
{
- ASN1_SCTX *ret;
- ret = OPENSSL_malloc(sizeof(*ret));
+ ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret));
+
if (ret == NULL) {
ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
index 394080d..de34f6b 100644
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -74,16 +74,13 @@ struct bio_bio_st {
static int bio_new(BIO *bio)
{
- struct bio_bio_st *b;
+ struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b));
- b = OPENSSL_malloc(sizeof(*b));
if (b == NULL)
return 0;
- b->peer = NULL;
/* enough for one TLS record (just a default) */
b->size = 17 * 1024;
- b->buf = NULL;
bio->ptr = b;
return 1;
Andy Polyakov
May 29, 2016, 8:13:50 AM5/29/16
to
The branch master has been updated
via cfe1d9929ee7d58e9e290d20b14b309b327d8a8f (commit)
via 97855556161155d87635787aca341a6a86b2f9e4 (commit)
from f59f23c38331e3adf58c0317caf319a7bfd82dd1 (commit)
- Log -----------------------------------------------------------------
commit cfe1d9929ee7d58e9e290d20b14b309b327d8a8f
Author: Andy Polyakov <ap...@openssl.org>
Date: Sat May 28 16:25:38 2016 +0200
x86_64 assembly pack: tolerate spaces in source directory name.
[as it is now quoting $output is not required, but done just in case]
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 97855556161155d87635787aca341a6a86b2f9e4
Author: Andy Polyakov <ap...@openssl.org>
Date: Sat May 28 16:11:01 2016 +0200
Configure,test/recipes: "pin" glob to File::Glob::glob.
As it turns out default glob's behaviour for quoted argument varies
from version to version, making it impossible to Configure or run
tests in some cases. The reason for quoting globs was to accommodate
source path with spaces in its name, which was treated by default glob
as multiple paths. File::Glob::glob on the other hand doesn't consider
spaces as delimiters and therefore works with unquoted patterns.
[Unfortunaltely File::Glob::glob, being too csh-ly, doesn't work
on VMS, hence the "pinning" is conditional.]
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/aes/asm/aes-x86_64.pl | 2 +-
crypto/aes/asm/aesni-mb-x86_64.pl | 2 +-
crypto/aes/asm/aesni-sha1-x86_64.pl | 2 +-
crypto/aes/asm/aesni-sha256-x86_64.pl | 2 +-
crypto/aes/asm/aesni-x86_64.pl | 2 +-
crypto/aes/asm/bsaes-x86_64.pl | 2 +-
crypto/aes/asm/vpaes-x86_64.pl | 2 +-
crypto/bn/asm/rsaz-avx2.pl | 2 +-
crypto/bn/asm/rsaz-x86_64.pl | 2 +-
crypto/bn/asm/x86_64-gf2m.pl | 2 +-
crypto/bn/asm/x86_64-mont.pl | 2 +-
crypto/bn/asm/x86_64-mont5.pl | 2 +-
crypto/camellia/asm/cmll-x86_64.pl | 2 +-
crypto/chacha/asm/chacha-x86_64.pl | 2 +-
crypto/ec/asm/ecp_nistz256-x86_64.pl | 2 +-
crypto/md5/asm/md5-x86_64.pl | 2 +-
crypto/modes/asm/aesni-gcm-x86_64.pl | 2 +-
crypto/modes/asm/ghash-x86_64.pl | 2 +-
crypto/poly1305/asm/poly1305-x86_64.pl | 2 +-
crypto/rc4/asm/rc4-md5-x86_64.pl | 2 +-
crypto/rc4/asm/rc4-x86_64.pl | 2 +-
crypto/sha/asm/sha1-mb-x86_64.pl | 2 +-
crypto/sha/asm/sha1-x86_64.pl | 2 +-
crypto/sha/asm/sha256-mb-x86_64.pl | 2 +-
crypto/sha/asm/sha512-x86_64.pl | 2 +-
crypto/whrlpool/asm/wp-x86_64.pl | 2 +-
crypto/x86_64cpuid.pl | 2 +-
engines/asm/e_padlock-x86_64.pl | 2 +-
ms/uplink-x86_64.pl | 2 +-
test/recipes/40-test_rehash.t | 9 ++++++---
test/recipes/80-test_ssl_new.t | 5 ++++-
test/run_tests.pl | 7 +++++--
util/process_docs.pl | 5 ++++-
34 files changed, 53 insertions(+), 38 deletions(-)
diff --git a/Configure b/Configure
index 0c87cd1..9e58fc1 100755
--- a/Configure
+++ b/Configure
@@ -14,6 +14,9 @@ use strict;
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
+if ($^O ne "VMS") {
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
+ use File::Glob qw/glob/;
+}
# see INSTALL for instructions.
# Collect target configurations
my $pattern = catfile(dirname($0), "Configurations", "*.conf");
-foreach (sort glob("\"$pattern\"") ) {
my $pattern = catfile(dirname($0), "Configurations", "*.conf");
+foreach (sort glob($pattern)) {
&read_config($_);
}
@@ -223,7 +226,7 @@ if (defined $ENV{$local_config_envname}) {
$pattern = catfile($ENV{$local_config_envname}, '*.conf');
}
- foreach (sort glob($pattern) ) {
+ foreach (sort glob($pattern)) {
&read_config($_);
}
}
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
index aef440f..ce4ca30 100755
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -44,7 +44,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$verticalspin=1; # unlike 32-bit version $verticalspin performs
diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl
index b12e535..aa2735e 100644
--- a/crypto/aes/asm/aesni-mb-x86_64.pl
+++ b/crypto/aes/asm/aesni-mb-x86_64.pl
@@ -74,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$avx = ($2>=3.0) + ($2>3.0);
}
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
# void aesni_multi_cbc_encrypt (
diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl
index 873b2b3..4b979a7 100644
--- a/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha1-x86_64.pl
@@ -109,7 +109,7 @@ $shaext=1; ### set to zero if compiling for 1.0.1
$stitched_decrypt=0;
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
# void aesni_cbc_sha1_enc(const void *inp,
diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl
index 12e53e7..e9ad24f 100644
--- a/crypto/aes/asm/aesni-sha256-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha256-x86_64.pl
@@ -74,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$shaext=$avx; ### set to zero if compiling for 1.0.1
$avx=1 if (!$shaext && $avx);
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$func="aesni_cbc_sha256_enc";
diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl
index 7b68d5b..a03da20 100644
--- a/crypto/aes/asm/aesni-x86_64.pl
+++ b/crypto/aes/asm/aesni-x86_64.pl
@@ -200,7 +200,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$movkey = $PREFIX eq "aesni" ? "movups" : "movups";
diff --git a/crypto/aes/asm/bsaes-x86_64.pl b/crypto/aes/asm/bsaes-x86_64.pl
index 73d1b2e..6b14a51 100644
--- a/crypto/aes/asm/bsaes-x86_64.pl
+++ b/crypto/aes/asm/bsaes-x86_64.pl
@@ -106,7 +106,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");
diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl
index 6039582..265b6aa 100644
--- a/crypto/aes/asm/vpaes-x86_64.pl
+++ b/crypto/aes/asm/vpaes-x86_64.pl
@@ -64,7 +64,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$PREFIX="vpaes";
diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl
index 1b9f85f..0c1b236 100755
--- a/crypto/bn/asm/rsaz-avx2.pl
+++ b/crypto/bn/asm/rsaz-avx2.pl
@@ -110,7 +110,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-
$addx = ($ver>=3.03);
}
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT = *OUT;
if ($avx>1) {{{
diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
index 0589f42..6f3b664 100755
--- a/crypto/bn/asm/rsaz-x86_64.pl
+++ b/crypto/bn/asm/rsaz-x86_64.pl
@@ -102,7 +102,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl
index 7842311..d962f62 100644
--- a/crypto/bn/asm/x86_64-gf2m.pl
+++ b/crypto/bn/asm/x86_64-gf2m.pl
@@ -38,7 +38,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
($lo,$hi)=("%rax","%rdx"); $a=$lo;
diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl
index d44cfae..3a2511f 100755
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@@ -57,7 +57,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
index 7a7a2e6..2a7972d 100755
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@@ -42,7 +42,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl
index 86ea9e7..da5ad7b 100644
--- a/crypto/camellia/asm/cmll-x86_64.pl
+++ b/crypto/camellia/asm/cmll-x86_64.pl
@@ -47,7 +47,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl
index 8d46522..4b1750c 100755
--- a/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/chacha/asm/chacha-x86_64.pl
@@ -74,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$avx = ($2>=3.0) + ($2>3.0);
}
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
# input parameter block
diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl
index b87211d..cce92b9 100755
--- a/crypto/ec/asm/ecp_nistz256-x86_64.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl
@@ -67,7 +67,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
diff --git a/crypto/md5/asm/md5-x86_64.pl b/crypto/md5/asm/md5-x86_64.pl
index be5e879..3f656dc 100755
--- a/crypto/md5/asm/md5-x86_64.pl
+++ b/crypto/md5/asm/md5-x86_64.pl
@@ -130,7 +130,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$code .= <<EOF;
diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl
index 921f44e..810876c 100644
--- a/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -68,7 +68,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$avx = ($2>=3.0) + ($2>3.0);
}
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
if ($avx>1) {{{
diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl
index a5633e4..b4a8ddb 100644
--- a/crypto/modes/asm/ghash-x86_64.pl
+++ b/crypto/modes/asm/ghash-x86_64.pl
@@ -117,7 +117,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$avx = ($2>=3.0) + ($2>3.0);
}
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$do4xaggr=1;
diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl
index 8804a99..784ff4b 100755
--- a/crypto/poly1305/asm/poly1305-x86_64.pl
+++ b/crypto/poly1305/asm/poly1305-x86_64.pl
@@ -72,7 +72,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$avx = ($2>=3.0) + ($2>3.0);
}
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
my ($ctx,$inp,$len,$padbit)=("%rdi","%rsi","%rdx","%rcx");
diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl
index 642e2b8..890161b 100644
--- a/crypto/rc4/asm/rc4-md5-x86_64.pl
+++ b/crypto/rc4/asm/rc4-md5-x86_64.pl
@@ -64,7 +64,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl
index 900d209..5ae0c6d 100755
--- a/crypto/rc4/asm/rc4-x86_64.pl
+++ b/crypto/rc4/asm/rc4-x86_64.pl
@@ -122,7 +122,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$dat="%rdi"; # arg1
diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl
index 5ea2206..51c73c0 100644
--- a/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/crypto/sha/asm/sha1-mb-x86_64.pl
@@ -70,7 +70,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$avx = ($2>=3.0) + ($2>3.0);
}
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
# void sha1_multi_block (
diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl
index 4cefc45..e8f61ab 100755
--- a/crypto/sha/asm/sha1-x86_64.pl
+++ b/crypto/sha/asm/sha1-x86_64.pl
@@ -122,7 +122,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$shaext=1; ### set to zero if compiling for 1.0.1
$avx=1 if (!$shaext && $avx);
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$ctx="%rdi"; # 1st arg
diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl
index acdffbd..fbcd29f 100644
--- a/crypto/sha/asm/sha256-mb-x86_64.pl
+++ b/crypto/sha/asm/sha256-mb-x86_64.pl
@@ -71,7 +71,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$avx = ($2>=3.0) + ($2>3.0);
}
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
# void sha256_multi_block (
diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl
index 431383b..3dbb23a 100755
--- a/crypto/sha/asm/sha512-x86_64.pl
+++ b/crypto/sha/asm/sha512-x86_64.pl
@@ -139,7 +139,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
$shaext=1; ### set to zero if compiling for 1.0.1
$avx=1 if (!$shaext && $avx);
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
if ($output =~ /512/) {
diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl
index a52f0b9..c0b21d1 100644
--- a/crypto/whrlpool/asm/wp-x86_64.pl
+++ b/crypto/whrlpool/asm/wp-x86_64.pl
@@ -48,7 +48,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
sub L() { $code.=".byte ".join(',',@_)."\n"; }
diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl
index 4946688..285ad1b 100644
--- a/crypto/x86_64cpuid.pl
+++ b/crypto/x86_64cpuid.pl
@@ -18,7 +18,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
diff --git a/engines/asm/e_padlock-x86_64.pl b/engines/asm/e_padlock-x86_64.pl
index bf57da7..da285ab 100644
--- a/engines/asm/e_padlock-x86_64.pl
+++ b/engines/asm/e_padlock-x86_64.pl
@@ -30,7 +30,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$code=".text\n";
diff --git a/ms/uplink-x86_64.pl b/ms/uplink-x86_64.pl
index 03500fe..1f24450 100755
--- a/ms/uplink-x86_64.pl
+++ b/ms/uplink-x86_64.pl
@@ -8,7 +8,7 @@
$output=pop;
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-open OUT,"| \"$^X\" ${dir}../crypto/perlasm/x86_64-xlate.pl $output";
+open OUT,"| \"$^X\" \"${dir}../crypto/perlasm/x86_64-xlate.pl\" \"$output\"";
*STDOUT=*OUT;
push(@INC,"${dir}.");
diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t
index c5c90e0..201d1ad 100644
--- a/test/recipes/40-test_rehash.t
+++ b/test/recipes/40-test_rehash.t
@@ -13,6 +13,9 @@ use warnings;
use File::Spec::Functions;
use File::Copy;
use File::Basename;
+if ($^O ne "VMS") {
+ use File::Glob qw/glob/;
+}
use OpenSSL::Test qw/:DEFAULT bldtop_file/;
setup("test_rehash");
@@ -59,9 +62,9 @@ indir "rehash.$$" => sub {
sub prepare {
my @sourcefiles =
sort map { glob(bldtop_file('certs', 'demo', "*.$_")) } ('pem',
- 'crt',
- 'cer',
- 'crl');
+ 'crt',
+ 'cer',
+ 'crl');
my @destfiles = ();
foreach (@sourcefiles) {
copy($_, curdir());
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 07f1291..b9f3fa8 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -12,6 +12,9 @@ use warnings;
use File::Basename;
use File::Compare qw/compare_text/;
+if ($^O ne "VMS") {
+ use File::Glob qw/glob/;
+}
use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
@@ -20,7 +23,7 @@ setup("test_ssl_new");
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
+my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in"));
map { s/;.*// } @conf_srcs if $^O eq "VMS";
my @conf_files = map { basename($_) } @conf_srcs;
map { s/\.in// } @conf_files;
diff --git a/test/run_tests.pl b/test/run_tests.pl
index 6ce1521..b108413 100644
my @conf_files = map { basename($_) } @conf_srcs;
map { s/\.in// } @conf_files;
diff --git a/test/run_tests.pl b/test/run_tests.pl
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
@@ -16,6 +16,9 @@ BEGIN {
use File::Spec::Functions qw/catdir catfile curdir abs2rel rel2abs/;
use File::Basename;
+if ($^O ne "VMS") {
+ use File::Glob qw/glob/;
+}
use Test::Harness qw/runtests $switches/;
my $srctop = $ENV{SRCTOP} || $ENV{TOP};
@@ -42,13 +45,13 @@ my $list_mode = scalar(grep /^list$/, @tests) != 0;
if (grep /^(alltests|list)$/, @tests) {
@tests = grep {
basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
- } glob('"'.catfile($recipesdir,"*.t").'"');
@tests = grep {
basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
+ } glob(catfile($recipesdir,"*.t"));
} else {
my @t = ();
foreach (@tests) {
push @t, grep {
basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
- } glob('"'.catfile($recipesdir,"*-$_.t").'"');
my @t = ();
foreach (@tests) {
push @t, grep {
basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
+ } glob(catfile($recipesdir,"*-$_.t"));
index efc4ef5..cf1d326 100644
--- a/util/process_docs.pl
+++ b/util/process_docs.pl
@@ -13,6 +13,9 @@ use File::Spec::Functions;
use File::Basename;
use File::Copy;
use File::Path;
+if ($^O ne "VMS") {
+ use File::Glob qw/glob/;
+}
use Getopt::Long;
use Pod::Usage;
@@ -72,7 +75,7 @@ my $symlink_exists = eval { symlink("",""); 1 };
foreach my $subdir (keys %{$options{subdir}}) {
my $section = $options{subdir}->{$subdir};
my $podsourcedir = catfile($options{sourcedir}, $subdir);
- my $podglob = '"'.catfile($podsourcedir, "*.pod").'"';
my $section = $options{subdir}->{$subdir};
my $podsourcedir = catfile($options{sourcedir}, $subdir);
+ my $podglob = catfile($podsourcedir, "*.pod");
foreach my $podfile (glob $podglob) {
my $podname = basename($podfile, ".pod");
Rich Salz
May 29, 2016, 1:38:57 PM5/29/16
to
The branch master has been updated
via 6378809b226a765a0c6d7e3cb375bac12ebb54cd (commit)via d407fd2c87aab12d6e2139f3aa79880a75efdd56 (commit)
via 1931a04c66f839bbf991297de6a24a0bff74bead (commit)
via 2ff3b693e7aac5de51d64beae2595e5fcfbbfa04 (commit)
via 73241290bc15d708bb9ec8bb48891df1e5485e3e (commit)
via ad0f926c9c556b5369ce98aa128e4db4463ac12d (commit)
via 151a4376bcd0c4743a8da6249484f4cc911ede64 (commit)
via 6f0cc2a6f8a7da5b68e5665589f307683a9a85f4 (commit)
via 42af747925f6c40b2b5313d136c02ec8506e6470 (commit)
via 75dcf70a990d751f4bfe7844bcb7480fc1de3c84 (commit)
via 888db7f224fec4ead34c32e82fa591dea61d14a2 (commit)
via 4447d829de82ac2e26e2a8b3c8e2b248b09f5ac2 (commit)
via 1cd02c699f888ad5a0ed943148db38eef0366445 (commit)
via 1150999e04ab826a9e8607e87db7fdd72f688ec4 (commit)
via eb9b92ec8efd81abf4642b65c34cc542197a545a (commit)
from cfe1d9929ee7d58e9e290d20b14b309b327d8a8f (commit)
- Log -----------------------------------------------------------------
commit 6378809b226a765a0c6d7e3cb375bac12ebb54cd
Author: Joey Yandle <xol...@gmail.com>
Date: Tue May 17 13:42:52 2016 -0700
set RAND_event and RAND_screen to deprecated in 1.1.0 in librypto.num
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit d407fd2c87aab12d6e2139f3aa79880a75efdd56
Author: Joey Yandle <xol...@gmail.com>
Date: Mon May 16 12:51:40 2016 -0700
fix deprecation version number in docs
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 1931a04c66f839bbf991297de6a24a0bff74bead
Author: Joey Yandle <xol...@gmail.com>
Date: Mon May 16 12:46:48 2016 -0700
update docs with descriptions and deprecation
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 2ff3b693e7aac5de51d64beae2595e5fcfbbfa04
Author: Joey Yandle <xol...@gmail.com>
Date: Mon May 16 12:41:02 2016 -0700
fix return value in docs
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 73241290bc15d708bb9ec8bb48891df1e5485e3e
Author: Joey Yandle <xol...@gmail.com>
Date: Mon May 16 12:30:41 2016 -0700
add removed functions back as deprecated
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit ad0f926c9c556b5369ce98aa128e4db4463ac12d
Author: Joey Yandle <xol...@gmail.com>
Date: Wed Jan 13 11:15:51 2016 -0800
get rid of now empty #if
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 151a4376bcd0c4743a8da6249484f4cc911ede64
Author: Joey Yandle <xol...@gmail.com>
Date: Wed Jan 13 10:11:06 2016 -0800
remove winrand.c entirely, nothing seems to reference it
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 6f0cc2a6f8a7da5b68e5665589f307683a9a85f4
Author: Joey Yandle <xol...@gmail.com>
Date: Tue Jan 12 21:27:27 2016 -0800
cherry pick pr-512 changes
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 42af747925f6c40b2b5313d136c02ec8506e6470
Author: Joey Yandle <xol...@gmail.com>
Date: Tue Jan 12 21:16:42 2016 -0800
get rid of unnecessary include
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 75dcf70a990d751f4bfe7844bcb7480fc1de3c84
Author: Joey Yandle <dra...@dancingdragon.be>
Date: Tue Jan 12 20:18:59 2016 -0800
remove RAND_screen and friends
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 888db7f224fec4ead34c32e82fa591dea61d14a2
Author: Joey Yandle <dra...@dancingdragon.be>
Date: Tue Jan 12 11:53:16 2016 -0800
cherry pick pr-512 changes
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 4447d829de82ac2e26e2a8b3c8e2b248b09f5ac2
Author: Joey Yandle <dra...@dancingdragon.be>
Date: Wed Dec 23 10:39:09 2015 -0800
OR flags with CRYPT_SILENT to really make sure no UI pops up
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 1cd02c699f888ad5a0ed943148db38eef0366445
Author: Joey Yandle <xol...@gmail.com>
Date: Sun Dec 20 18:44:11 2015 -0800
fix endif comment
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit 1150999e04ab826a9e8607e87db7fdd72f688ec4
Author: Joey Yandle <xol...@gmail.com>
Date: Sun Dec 20 18:37:56 2015 -0800
remove all WINCE ifdefs
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
commit eb9b92ec8efd81abf4642b65c34cc542197a545a
Author: Joey Yandle <dra...@dancingdragon.be>
Date: Fri Dec 11 17:53:03 2015 -0800
- remove insane heap walk and kernel loading code; clean up style and calling conventions
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
-----------------------------------------------------------------------
Summary of changes:
apps/app_rand.c | 4 -
apps/winrand.c | 100 ---------
crypto/rand/rand_win.c | 554 ++----------------------------------------------
doc/crypto/RAND_add.pod | 27 ++-
doc/crypto/rand.pod | 12 +-
include/openssl/rand.h | 10 +-
util/libcrypto.num | 4 +-
7 files changed, 44 insertions(+), 667 deletions(-)
delete mode 100644 apps/winrand.c
diff --git a/apps/app_rand.c b/apps/app_rand.c
index 8163d99..0d44af9 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -19,10 +19,6 @@ int app_RAND_load_file(const char *file, int dont_warn)
int consider_randfile = (file == NULL);
char buffer[200];
-#ifdef OPENSSL_SYS_WINDOWS
- RAND_screen();
-#endif
-
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
#ifndef OPENSSL_NO_EGD
diff --git a/apps/winrand.c b/apps/winrand.c
deleted file mode 100644
index e65605e..0000000
--- a/apps/winrand.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*-
- * Usage: winrand [filename]
- *
- * Collects entropy from mouse movements and other events and writes
- * random data to filename or .rnd
- */
-
-#include <windows.h>
-#include <openssl/opensslv.h>
-#include <openssl/rand.h>
-
-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
-const char *filename;
-
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
- PSTR cmdline, int iCmdShow)
-{
- static char appname[] = "OpenSSL";
- HWND hwnd;
- MSG msg;
- WNDCLASSEX wndclass;
- char buffer[200];
-
- if (cmdline[0] == '\0')
- filename = RAND_file_name(buffer, sizeof buffer);
- else
- filename = cmdline;
-
- RAND_load_file(filename, -1);
-
- wndclass.cbSize = sizeof(wndclass);
- wndclass.style = CS_HREDRAW | CS_VREDRAW;
- wndclass.lpfnWndProc = WndProc;
- wndclass.cbClsExtra = 0;
- wndclass.cbWndExtra = 0;
- wndclass.hInstance = hInstance;
- wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
- wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
- wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
- wndclass.lpszMenuName = NULL;
- wndclass.lpszClassName = appname;
- wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
- RegisterClassEx(&wndclass);
-
- hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
- WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
- CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
- NULL);
-
- ShowWindow(hwnd, iCmdShow);
- UpdateWindow(hwnd);
-
- while (GetMessage(&msg, NULL, 0, 0)) {
- TranslateMessage(&msg);
- DispatchMessage(&msg);
- }
-
- return msg.wParam;
-}
-
-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
-{
- HDC hdc;
- PAINTSTRUCT ps;
- RECT rect;
- static int seeded = 0;
-
- switch (iMsg) {
- case WM_PAINT:
- hdc = BeginPaint(hwnd, &ps);
- GetClientRect(hwnd, &rect);
- DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
- &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
- EndPaint(hwnd, &ps);
- return 0;
-
- case WM_DESTROY:
- PostQuitMessage(0);
- return 0;
- }
-
- if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
- seeded = 1;
- if (RAND_write_file(filename) <= 0)
- MessageBox(hwnd, "Couldn't write random file!",
- "OpenSSL", MB_OK | MB_ICONERROR);
- PostQuitMessage(0);
- }
-
- return DefWindowProc(hwnd, iMsg, wParam, lParam);
-}
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index cb0c1ed..46cbe14 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -17,14 +17,6 @@
# define _WIN32_WINNT 0x0400
# endif
# include <wincrypt.h>
-# include <tlhelp32.h>
-
-/*
- * Limit the time spent walking through the heap, processes, threads and
- * modules to a maximum of 1000 milliseconds each, unless CryptoGenRandom
- * failed
- */
-# define MAXDELAY 1000
/*
* Intel hardware RNG CSP -- available from
@@ -34,423 +26,30 @@
# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
static void readtimer(void);
-static void readscreen(void);
-
-/*
- * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
- * when WINVER is 0x0500 and up, which currently only happens on Win2000.
- * Unfortunately, those are typedefs, so they're a little bit difficult to
- * detect properly. On the other hand, the macro CURSOR_SHOWING is defined
- * within the same conditional, so it can be use to detect the absence of
- * said typedefs.
- */
-
-# ifndef CURSOR_SHOWING
-/*
- * Information about the global cursor.
- */
-typedef struct tagCURSORINFO {
- DWORD cbSize;
- DWORD flags;
- HCURSOR hCursor;
- POINT ptScreenPos;
-} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
-
-# define CURSOR_SHOWING 0x00000001
-# endif /* CURSOR_SHOWING */
-
-# if !defined(OPENSSL_SYS_WINCE)
-typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR,
- DWORD, DWORD);
-typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *);
-typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD);
-
-typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID);
-typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO);
-typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT);
-
-typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
-typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
-typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t);
-typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32);
-typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32);
-typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32);
-typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32);
-typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32);
-
-# include <lmcons.h>
-# include <lmstats.h>
-/*
- * The NET API is Unicode only. It requires the use of the UNICODE macro.
- * When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was was added to the
- * Platform SDK to allow the NET API to be used in non-Unicode applications
- * provided that Unicode strings were still used for input. LMSTR is defined
- * as LPWSTR.
- */
-typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET)
- (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *);
-typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
-# endif /* !OPENSSL_SYS_WINCE */
int RAND_poll(void)
{
MEMORYSTATUS mst;
HCRYPTPROV hProvider = 0;
DWORD w;
- int good = 0;
+ BYTE buf[64];
-# if defined(OPENSSL_SYS_WINCE)
-# if defined(_WIN32_WCE) && _WIN32_WCE>=300
- /*
- * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
- * in commonly available implementations prior 300...
- */
- {
- BYTE buf[64];
- /* poll the CryptoAPI PRNG */
- /* The CryptoAPI returns sizeof(buf) bytes of randomness */
- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT)) {
- if (CryptGenRandom(hProvider, sizeof(buf), buf))
- RAND_add(buf, sizeof(buf), sizeof(buf));
- CryptReleaseContext(hProvider, 0);
+ /* poll the CryptoAPI PRNG */
+ /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
+ if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+ RAND_add(buf, sizeof(buf), sizeof(buf));
}
+ CryptReleaseContext(hProvider, 0);
}
-# endif
-# else /* OPENSSL_SYS_WINCE */
- /*
- * None of below libraries are present on Windows CE, which is
- * why we #ifndef the whole section. This also excuses us from
- * handling the GetProcAddress issue. The trouble is that in
- * real Win32 API GetProcAddress is available in ANSI flavor
- * only. In WinCE on the other hand GetProcAddress is a macro
- * most commonly defined as GetProcAddressW, which accepts
- * Unicode argument. If we were to call GetProcAddress under
- * WinCE, I'd recommend to either redefine GetProcAddress as
- * GetProcAddressA (there seem to be one in common CE spec) or
- * implement own shim routine, which would accept ANSI argument
- * and expand it to Unicode.
- */
- {
- /* load functions dynamically - not available on all systems */
- HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
- HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
- HMODULE user = NULL;
- HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
- CRYPTACQUIRECONTEXTW acquire = NULL;
- CRYPTGENRANDOM gen = NULL;
- CRYPTRELEASECONTEXT release = NULL;
- NETSTATGET netstatget = NULL;
- NETFREE netfree = NULL;
- BYTE buf[64];
-
- if (netapi) {
- netstatget =
- (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet");
- netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree");
- }
-
- if (netstatget && netfree) {
- LPBYTE outbuf;
- /*
- * NetStatisticsGet() is a Unicode only function
- * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
- * contains 17 fields. We treat each field as a source of one
- * byte of entropy.
- */
-
- if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) {
- RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
- netfree(outbuf);
- }
- if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) {
- RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
- netfree(outbuf);
- }
- }
-
- if (netapi)
- FreeLibrary(netapi);
-
- /*
- * It appears like this can cause an exception deep within
- * ADVAPI32.DLL at random times on Windows 2000. Reported by Jeffrey
- * Altman. Only use it on NT.
- */
-
- if (advapi) {
- /*
- * If it's available, then it's available in both ANSI
- * and UNICODE flavors even in Win9x, documentation says.
- * We favor Unicode...
- */
- acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
- "CryptAcquireContextW");
- gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom");
- release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
- "CryptReleaseContext");
- }
-
- if (acquire && gen && release) {
- /* poll the CryptoAPI PRNG */
- /* The CryptoAPI returns sizeof(buf) bytes of randomness */
- if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT)) {
- if (gen(hProvider, sizeof(buf), buf) != 0) {
- RAND_add(buf, sizeof(buf), 0);
- good = 1;
- }
- release(hProvider, 0);
- }
-
- /* poll the Pentium PRG with CryptoAPI */
- if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) {
- if (gen(hProvider, sizeof(buf), buf) != 0) {
- RAND_add(buf, sizeof(buf), sizeof(buf));
- good = 1;
- }
- release(hProvider, 0);
- }
- }
-
- if (advapi)
- FreeLibrary(advapi);
-
- if ((!check_winnt() ||
- !OPENSSL_isservice()) &&
- (user = LoadLibrary(TEXT("USER32.DLL")))) {
- GETCURSORINFO cursor;
- GETFOREGROUNDWINDOW win;
- GETQUEUESTATUS queue;
-
- win =
- (GETFOREGROUNDWINDOW) GetProcAddress(user,
- "GetForegroundWindow");
- cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
- queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
-
- if (win) {
- /* window handle */
- HWND h = win();
- RAND_add(&h, sizeof(h), 0);
- }
- if (cursor) {
- /*
- * unfortunately, its not safe to call GetCursorInfo() on NT4
- * even though it exists in SP3 (or SP6) and higher.
- */
- if (check_winnt() && !check_win_minplat(5))
- cursor = 0;
- }
- if (cursor) {
- /* cursor position */
- /* assume 2 bytes of entropy */
- CURSORINFO ci;
- ci.cbSize = sizeof(CURSORINFO);
- if (cursor(&ci))
- RAND_add(&ci, ci.cbSize, 2);
- }
-
- if (queue) {
- /* message queue status */
- /* assume 1 byte of entropy */
- w = queue(QS_ALLEVENTS);
- RAND_add(&w, sizeof(w), 1);
- }
-
- FreeLibrary(user);
- }
-
- /*-
- * Toolhelp32 snapshot: enumerate processes, threads, modules and heap
- * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
- * (Win 9x and 2000 only, not available on NT)
- *
- * This seeding method was proposed in Peter Gutmann, Software
- * Generation of Practically Strong Random Numbers,
- * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
- * (The assignment of entropy estimates below is arbitrary, but based
- * on Peter's analysis the full poll appears to be safe. Additional
- * interactive seeding is encouraged.)
- */
-
- if (kernel) {
- CREATETOOLHELP32SNAPSHOT snap;
- CLOSETOOLHELP32SNAPSHOT close_snap;
- HANDLE handle;
-
- HEAP32FIRST heap_first;
- HEAP32NEXT heap_next;
- HEAP32LIST heaplist_first, heaplist_next;
- PROCESS32 process_first, process_next;
- THREAD32 thread_first, thread_next;
- MODULE32 module_first, module_next;
-
- HEAPLIST32 hlist;
- HEAPENTRY32 hentry;
- PROCESSENTRY32 p;
- THREADENTRY32 t;
- MODULEENTRY32 m;
- DWORD starttime = 0;
-
- snap = (CREATETOOLHELP32SNAPSHOT)
- GetProcAddress(kernel, "CreateToolhelp32Snapshot");
- close_snap = (CLOSETOOLHELP32SNAPSHOT)
- GetProcAddress(kernel, "CloseToolhelp32Snapshot");
- heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
- heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
- heaplist_first =
- (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
- heaplist_next =
- (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
- process_first =
- (PROCESS32) GetProcAddress(kernel, "Process32First");
- process_next =
- (PROCESS32) GetProcAddress(kernel, "Process32Next");
- thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
- thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
- module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
- module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
- if (snap && heap_first && heap_next && heaplist_first &&
- heaplist_next && process_first && process_next &&
- thread_first && thread_next && module_first &&
- module_next && (handle = snap(TH32CS_SNAPALL, 0))
- != INVALID_HANDLE_VALUE) {
- /* heap list and heap walking */
- /*
- * HEAPLIST32 contains 3 fields that will change with each
- * entry. Consider each field a source of 1 byte of entropy.
- * HEAPENTRY32 contains 5 fields that will change with each
- * entry. Consider each field a source of 1 byte of entropy.
- */
- ZeroMemory(&hlist, sizeof(HEAPLIST32));
- hlist.dwSize = sizeof(HEAPLIST32);
- if (good)
- starttime = GetTickCount();
-# ifdef _MSC_VER
- if (heaplist_first(handle, &hlist)) {
- /*
- * following discussion on dev ML, exception on WinCE (or
- * other Win platform) is theoretically of unknown
- * origin; prevent infinite loop here when this
- * theoretical case occurs; otherwise cope with the
- * expected (MSDN documented) exception-throwing
- * behaviour of Heap32Next() on WinCE.
- *
- * based on patch in original message by Tanguy Fautré
- * (2009/03/02) Subject: RAND_poll() and
- * CreateToolhelp32Snapshot() stability
- */
- int ex_cnt_limit = 42;
- do {
- RAND_add(&hlist, hlist.dwSize, 3);
- __try {
- ZeroMemory(&hentry, sizeof(HEAPENTRY32));
- hentry.dwSize = sizeof(HEAPENTRY32);
- if (heap_first(&hentry,
- hlist.th32ProcessID,
- hlist.th32HeapID)) {
- int entrycnt = 80;
- do
- RAND_add(&hentry, hentry.dwSize, 5);
- while (heap_next(&hentry)
- && (!good
- || (GetTickCount() - starttime) <
- MAXDELAY)
- && --entrycnt > 0);
- }
- }
- __except(EXCEPTION_EXECUTE_HANDLER) {
- /*
- * ignore access violations when walking the heap
- * list
- */
- ex_cnt_limit--;
- }
- } while (heaplist_next(handle, &hlist)
- && (!good
- || (GetTickCount() - starttime) < MAXDELAY)
- && ex_cnt_limit > 0);
- }
-# else
- if (heaplist_first(handle, &hlist)) {
- do {
- RAND_add(&hlist, hlist.dwSize, 3);
- hentry.dwSize = sizeof(HEAPENTRY32);
- if (heap_first(&hentry,
- hlist.th32ProcessID,
- hlist.th32HeapID)) {
- int entrycnt = 80;
- do
- RAND_add(&hentry, hentry.dwSize, 5);
- while (heap_next(&hentry)
- && --entrycnt > 0);
- }
- } while (heaplist_next(handle, &hlist)
- && (!good
- || (GetTickCount() - starttime) < MAXDELAY));
- }
-# endif
-
- /* process walking */
- /*
- * PROCESSENTRY32 contains 9 fields that will change with
- * each entry. Consider each field a source of 1 byte of
- * entropy.
- */
- p.dwSize = sizeof(PROCESSENTRY32);
-
- if (good)
- starttime = GetTickCount();
- if (process_first(handle, &p))
- do
- RAND_add(&p, p.dwSize, 9);
- while (process_next(handle, &p)
- && (!good
- || (GetTickCount() - starttime) < MAXDELAY));
-
- /* thread walking */
- /*
- * THREADENTRY32 contains 6 fields that will change with each
- * entry. Consider each field a source of 1 byte of entropy.
- */
- t.dwSize = sizeof(THREADENTRY32);
- if (good)
- starttime = GetTickCount();
- if (thread_first(handle, &t))
- do
- RAND_add(&t, t.dwSize, 6);
- while (thread_next(handle, &t)
- && (!good
- || (GetTickCount() - starttime) < MAXDELAY));
-
- /* module walking */
- /*
- * MODULEENTRY32 contains 9 fields that will change with each
- * entry. Consider each field a source of 1 byte of entropy.
- */
- m.dwSize = sizeof(MODULEENTRY32);
- if (good)
- starttime = GetTickCount();
- if (module_first(handle, &m))
- do
- RAND_add(&m, m.dwSize, 9);
- while (module_next(handle, &m)
- && (!good
- || (GetTickCount() - starttime) < MAXDELAY));
- if (close_snap)
- close_snap(handle);
- else
- CloseHandle(handle);
-
- }
-
- FreeLibrary(kernel);
+ /* poll the Pentium PRG with CryptoAPI */
+ if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
+ if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+ RAND_add(buf, sizeof(buf), sizeof(buf));
}
+ CryptReleaseContext(hProvider, 0);
}
-# endif /* !OPENSSL_SYS_WINCE */
/* timer data */
readtimer();
@@ -466,50 +65,18 @@ int RAND_poll(void)
return (1);
}
+#if OPENSSL_API_COMPAT < 0x00101000L
int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
{
- double add_entropy = 0;
-
- switch (iMsg) {
- case WM_KEYDOWN:
- {
- static WPARAM key;
- if (key != wParam)
- add_entropy = 0.05;
- key = wParam;
- }
- break;
- case WM_MOUSEMOVE:
- {
- static int lastx, lasty, lastdx, lastdy;
- int x, y, dx, dy;
-
- x = LOWORD(lParam);
- y = HIWORD(lParam);
- dx = lastx - x;
- dy = lasty - y;
- if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0)
- add_entropy = .2;
- lastx = x, lasty = y;
- lastdx = dx, lastdy = dy;
- }
- break;
- }
-
- readtimer();
- RAND_add(&iMsg, sizeof(iMsg), add_entropy);
- RAND_add(&wParam, sizeof(wParam), 0);
- RAND_add(&lParam, sizeof(lParam), 0);
-
- return (RAND_status());
+ RAND_poll();
+ return RAND_status();
}
void RAND_screen(void)
-{ /* function available for backward
- * compatibility */
+{
RAND_poll();
- readscreen();
}
+#endif
/* feed timing information to the PRNG */
static void readtimer(void)
@@ -548,91 +115,4 @@ static void readtimer(void)
}
}
-/* feed screen contents to PRNG */
-/*****************************************************************************
- *
- * Created 960901 by Gertjan van Oosten, ger...@West.NL, West Consulting B.V.
- *
- * Code adapted from
- * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
- * the original copyright message is:
- *
- * (C) Copyright Microsoft Corp. 1993. All rights reserved.
- *
- * You have a royalty-free right to use, modify, reproduce and
- * distribute the Sample Files (and/or any modified version) in
- * any way you find useful, provided that you agree that
- * Microsoft has no warranty obligations or liability for any
- * Sample Application Files which are modified.
- */
-
-static void readscreen(void)
-{
-# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
- HDC hScrDC; /* screen DC */
- HBITMAP hBitmap; /* handle for our bitmap */
- BITMAP bm; /* bitmap properties */
- unsigned int size; /* size of bitmap */
- char *bmbits; /* contents of bitmap */
- int w; /* screen width */
- int h; /* screen height */
- int y; /* y-coordinate of screen lines to grab */
- int n = 16; /* number of screen lines to grab at a time */
- BITMAPINFOHEADER bi; /* info about the bitmap */
-
- if (check_winnt() && OPENSSL_isservice() > 0)
- return;
-
- /* Get a reference to the screen DC */
- hScrDC = GetDC(NULL);
-
- /* Get screen resolution */
- w = GetDeviceCaps(hScrDC, HORZRES);
- h = GetDeviceCaps(hScrDC, VERTRES);
-
- /* Create a bitmap compatible with the screen DC */
- hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
-
- /* Get bitmap properties */
- GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm);
- size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
-
- bi.biSize = sizeof(BITMAPINFOHEADER);
- bi.biWidth = bm.bmWidth;
- bi.biHeight = bm.bmHeight;
- bi.biPlanes = bm.bmPlanes;
- bi.biBitCount = bm.bmBitsPixel;
- bi.biCompression = BI_RGB;
- bi.biSizeImage = 0;
- bi.biXPelsPerMeter = 0;
- bi.biYPelsPerMeter = 0;
- bi.biClrUsed = 0;
- bi.biClrImportant = 0;
-
- bmbits = OPENSSL_malloc(size);
- if (bmbits != NULL) {
- /* Now go through the whole screen, repeatedly grabbing n lines */
- for (y = 0; y < h - n; y += n) {
- unsigned char md[MD_DIGEST_LENGTH];
-
- /* Copy the bits of the current line range into the buffer */
- GetDIBits(hScrDC, hBitmap, y, n,
- bmbits, (BITMAPINFO *) & bi, DIB_RGB_COLORS);
-
- /* Get the hash of the bitmap */
- MD(bmbits, size, md);
-
- /* Seed the random generator with the hash value */
- RAND_add(md, MD_DIGEST_LENGTH, 0);
- }
-
- OPENSSL_free(bmbits);
- }
-
- /* Clean up */
- DeleteObject(hBitmap);
- ReleaseDC(NULL, hScrDC);
-# endif /* !OPENSSL_SYS_WINCE */
-}
-
#endif
diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod
index 9561c2a..46de165 100644
--- a/doc/crypto/RAND_add.pod
+++ b/doc/crypto/RAND_add.pod
@@ -15,8 +15,10 @@ entropy to the PRNG
int RAND_status(void);
+ #if OPENSSL_API_COMPAT < 0x10100000L
int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
void RAND_screen(void);
+ #endif
=head1 DESCRIPTION
@@ -42,27 +44,24 @@ or L<RAND_load_file(3)>.
RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
-RAND_event() collects the entropy from Windows events such as mouse
-movements and other user interaction. It should be called with the
-B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
-the window procedure. It will estimate the entropy contained in the
-event message (if any), and add it to the PRNG. The program can then
-process the messages as usual.
-
-The RAND_screen() function is available for the convenience of Windows
-programmers. It adds the current contents of the screen to the PRNG.
-For applications that can catch Windows events, seeding the PRNG by
-calling RAND_event() is a significantly better source of
-randomness. It should be noted that both methods cannot be used on
-servers that run without user interaction.
+RAND_event() and RAND_screen() are deprecated and should not be called.
=head1 RETURN VALUES
-RAND_status() and RAND_event() return 1 if the PRNG has been seeded
+RAND_status() returns 1 if the PRNG has been seeded
with enough data, 0 otherwise.
+RAND_event() calls RAND_poll() and returns RAND_status().
+
+RAND_screen calls RAND_poll().
+
The other functions do not return values.
+=head1 HISTORY
+
+RAND_event() and RAND_screen() are deprecated since OpenSSL
+1.1.0. Use the functions described above instead.
+
=head1 SEE ALSO
L<rand(3)>, L<RAND_egd(3)>,
diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
index 45a6d6b..76ec0b6 100644
--- a/doc/crypto/rand.pod
+++ b/doc/crypto/rand.pod
@@ -27,16 +27,20 @@ rand - pseudo-random number generator
const RAND_METHOD *RAND_get_rand_method(void);
RAND_METHOD *RAND_OpenSSL(void);
- /* For Win32 only */
- void RAND_screen(void);
- int RAND_event(UINT, WPARAM, LPARAM);
-
Deprecated:
#if OPENSSL_API_COMPAT < 0x10100000L
void RAND_cleanup(void)
#endif
+/* For Win32 only */
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void RAND_screen(void);
+ int RAND_event(UINT, WPARAM, LPARAM);
+ #endif
+
+
=head1 DESCRIPTION
Since the introduction of the ENGINE API, the recommended way of controlling
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 679cf09..d0f8eab 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -65,12 +65,10 @@ int RAND_egd_bytes(const char *path, int bytes);
# endif
int RAND_poll(void);
-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-
-void RAND_screen(void);
-int RAND_event(UINT, WPARAM, LPARAM);
-
-# endif
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+DEPRECATEDIN_1_1_0(void RAND_screen(void))
+DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
+#endif
/* BEGIN ERROR CODES */
/*
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 32c36d9..40d6e0d 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1355,7 +1355,7 @@ BN_BLINDING_set_flags 1314 1_1_0 EXIST::FUNCTION:
ERR_peek_last_error 1315 1_1_0 EXIST::FUNCTION:
ENGINE_set_cmd_defns 1316 1_1_0 EXIST::FUNCTION:ENGINE
d2i_ASN1_NULL 1317 1_1_0 EXIST::FUNCTION:
-RAND_event 1318 1_1_0 EXIST:WIN32:FUNCTION:
+RAND_event 1318 1_1_0 EXIST:WIN32:FUNCTION:DEPRECATEDIN_1_1_0
i2d_PKCS12_fp 1319 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_init 1320 1_1_0 EXIST::FUNCTION:
X509_check_trust 1321 1_1_0 EXIST::FUNCTION:
@@ -1853,7 +1853,7 @@ OCSP_SINGLERESP_get_ext_by_NID 1800 1_1_0 EXIST::FUNCTION:OCSP
a2i_IPADDRESS_NC 1801 1_1_0 EXIST::FUNCTION:
CTLOG_STORE_load_default_file 1802 1_1_0 EXIST::FUNCTION:CT
PKCS12_SAFEBAG_create_pkcs8_encrypt 1803 1_1_0 EXIST::FUNCTION:
-RAND_screen 1804 1_1_0 EXIST:WIN32:FUNCTION:
+RAND_screen 1804 1_1_0 EXIST:WIN32:FUNCTION:DEPRECATEDIN_1_1_0
CONF_get_string 1805 1_1_0 EXIST::FUNCTION:
X509_cmp_current_time 1806 1_1_0 EXIST::FUNCTION:
i2d_DSAPrivateKey 1807 1_1_0 EXIST::FUNCTION:DSA
Richard Levitte
May 30, 2016, 5:27:31 AM5/30/16
to
The branch master has been updated
via 453fc7a0185dcd046a8ab2b029e0807a073f93c2 (commit)
from 6378809b226a765a0c6d7e3cb375bac12ebb54cd (commit)
- Log -----------------------------------------------------------------
commit 453fc7a0185dcd046a8ab2b029e0807a073f93c2
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 30 05:41:57 2016 +0200
Make sure max in fmtstr() doesn't overflow into negativity
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 545c469..1b70bac 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -390,8 +390,16 @@ fmtstr(char **sbuffer,
padlen = min - strln;
if (min < 0 || padlen < 0)
padlen = 0;
- if (max >= 0)
if (min < 0 || padlen < 0)
padlen = 0;
- max += padlen; /* The maximum output including padding */
+ if (max >= 0) {
+ /*
+ * Calculate the maximum output including padding.
+ * Make sure max doesn't overflow into negativity
+ */
+ if (max < INT_MAX - padlen)
+ max += padlen;
+ else
+ max = INT_MAX;
+ }
if (flags & DP_F_MINUS)
padlen = -padlen;
padlen = -padlen;
Richard Levitte
May 30, 2016, 5:56:28 AM5/30/16
to
The branch master has been updated
via 23049aa52e2b4f12c2c2d7c7d80f5b1876a1b8ba (commit)
from 453fc7a0185dcd046a8ab2b029e0807a073f93c2 (commit)
- Log -----------------------------------------------------------------
commit 23049aa52e2b4f12c2c2d7c7d80f5b1876a1b8ba
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 30 11:20:37 2016 +0200
perl: use the 'if' module to conditionally load File::Glob
Trying to use normal perl conditions to conditionally 'use' a perl
module didn't quite work. Using the 'if' module to do so does work.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configure | 4 +---
test/recipes/40-test_rehash.t | 4 +---
test/recipes/80-test_ssl_new.t | 4 +---
test/run_tests.pl | 4 +---
util/process_docs.pl | 4 +---
5 files changed, 5 insertions(+), 15 deletions(-)
diff --git a/Configure b/Configure
index 9e58fc1..020f2a1 100755
--- a/Configure
+++ b/Configure
@@ -14,9 +14,7 @@ use strict;
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
-if ($^O ne "VMS") {
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
- use File::Glob qw/glob/;
-}
+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
# see INSTALL for instructions.
index 201d1ad..fa05ca0 100644
--- a/test/recipes/40-test_rehash.t
+++ b/test/recipes/40-test_rehash.t
@@ -13,9 +13,7 @@ use warnings;
use File::Spec::Functions;
use File::Copy;
use File::Basename;
-if ($^O ne "VMS") {
use File::Copy;
use File::Basename;
- use File::Glob qw/glob/;
-}
+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
use OpenSSL::Test qw/:DEFAULT bldtop_file/;
setup("test_rehash");
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
setup("test_rehash");
index b9f3fa8..2bce02a 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -12,9 +12,7 @@ use warnings;
use File::Basename;
use File::Compare qw/compare_text/;
- use File::Glob qw/glob/;
-}
+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
index b108413..6550e0b 100644
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
@@ -16,9 +16,7 @@ BEGIN {
use File::Spec::Functions qw/catdir catfile curdir abs2rel rel2abs/;
use File::Basename;
- use File::Glob qw/glob/;
-}
+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
use Test::Harness qw/runtests $switches/;
my $srctop = $ENV{SRCTOP} || $ENV{TOP};
diff --git a/util/process_docs.pl b/util/process_docs.pl
my $srctop = $ENV{SRCTOP} || $ENV{TOP};
index cf1d326..fe8589b 100644
--- a/util/process_docs.pl
+++ b/util/process_docs.pl
@@ -13,9 +13,7 @@ use File::Spec::Functions;
use File::Basename;
use File::Copy;
use File::Path;
-if ($^O ne "VMS") {
use File::Copy;
use File::Path;
- use File::Glob qw/glob/;
-}
+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
use Getopt::Long;
use Pod::Usage;
use Pod::Usage;
Rich Salz
May 30, 2016, 9:52:28 AM5/30/16
to
The branch master has been updated
via 8d95ca36e66a5183e1f2c6c7a74044ee3793abc4 (commit)
from 23049aa52e2b4f12c2c2d7c7d80f5b1876a1b8ba (commit)
- Log -----------------------------------------------------------------
commit 8d95ca36e66a5183e1f2c6c7a74044ee3793abc4
Author: Mat <mberc...@gmail.com>
Date: Fri May 27 19:35:12 2016 +0200
Fix strdup macro redefinition
This fixes the following error when the CRT debug heap (crtdbg.h) is used:
e_os.h(476): warning C4005: 'strdup': macro redefinition
C:\Program Files (x86)\Windows Kits\10\Include\10.0.10586.0\ucrt\crtdbg.h(319): note: see previous definition of 'strdup'
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1137)
-----------------------------------------------------------------------
Summary of changes:
e_os.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/e_os.h b/e_os.h
index 700d7d0..4951335 100644
--- a/e_os.h
+++ b/e_os.h
@@ -473,7 +473,9 @@ struct servent *PASCAL getservbyname(const char *, const char *);
# define open _open
# define fdopen _fdopen
# define close _close
-# define strdup _strdup
+# ifndef strdup
+# define strdup _strdup
+# endif
# define unlink _unlink
# endif
# else
# endif
Emilia Kasper
May 30, 2016, 12:48:33 PM5/30/16
to
The branch master has been updated
via a7cbe963c3c486e336babf224f68f294c55489cf (commit)
from 8d95ca36e66a5183e1f2c6c7a74044ee3793abc4 (commit)
- Log -----------------------------------------------------------------
commit a7cbe963c3c486e336babf224f68f294c55489cf
Author: Emilia Kasper <emi...@openssl.org>
Date: Thu May 12 20:00:14 2016 +0200
Travis: update sanitizer configs
- Use the new enable-ubsan and enable-asan configuration options.
- Separate ubsan and asan runs.
- In addition, run shared ubsan tests to get more coverage.
(Shared asan tests need a bit more thought to get them working.)
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 78cee30..d3f67f9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -33,16 +33,16 @@ matrix:
include:
- os: linux
compiler: clang-3.6
- env: CONFIG_OPTS="-fsanitize=address no-shared"
+ env: CONFIG_OPTS="no-shared enable-asan"
- os: linux
compiler: clang-3.6
- env: CONFIG_OPTS="no-shared no-asm -fno-sanitize-recover -fsanitize=address -fsanitize=undefined enable-rc5 enable-md2 -fno-sanitize=alignment"
+ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -fno-sanitize=alignment"
- os: linux
compiler: gcc-5
- env: CONFIG_OPTS="no-shared -fsanitize=address"
+ env: CONFIG_OPTS="no-shared no-asm enable-asan enable-rc5 enable-md2"
- os: linux
compiler: gcc-5
- env: CONFIG_OPTS="no-shared no-asm -fno-sanitize-recover -DPEDANTIC -fsanitize=address -fsanitize=undefined enable-rc5 enable-md2"
+ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
- os: linux
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic"
Dr. Stephen Henson
May 31, 2016, 8:09:28 AM5/31/16
to
The branch master has been updated
via f72f00d49549c6620d7101f5e9bf7963da6df9ee (commit)
via cc7113e8def99702ed59594e9eb7fea0bd1db518 (commit)
from a7cbe963c3c486e336babf224f68f294c55489cf (commit)
- Log -----------------------------------------------------------------
commit f72f00d49549c6620d7101f5e9bf7963da6df9ee
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Fri May 27 14:18:40 2016 +0100
Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.
If key type is not initialised return missing parameters
RT#4149
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit cc7113e8def99702ed59594e9eb7fea0bd1db518
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Fri May 27 13:37:11 2016 +0100
return error in ct_move_scts()
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_ameth.c | 2 +-
crypto/ec/ec_ameth.c | 2 +-
crypto/evp/p_lib.c | 8 ++++++++
doc/crypto/EVP_PKEY_cmp.pod | 4 +++-
ssl/ssl_lib.c | 2 +-
6 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 222cb20..b7b3717 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -437,7 +437,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
static int dh_missing_parameters(const EVP_PKEY *a)
{
- if (!a->pkey.dh->p || !a->pkey.dh->g)
+ if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
return 1;
return 0;
}
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 1bb11a9..a53247c 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -266,7 +266,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey)
{
DSA *dsa;
dsa = pkey->pkey.dsa;
- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
return 1;
return 0;
}
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 684da95..6567a2f 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -292,7 +292,7 @@ static int ec_security_bits(const EVP_PKEY *pkey)
static int ec_missing_parameters(const EVP_PKEY *pkey)
{
- if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+ if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
return 1;
return 0;
}
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 0b7884f..0b50d32 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -84,6 +84,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
goto err;
}
+
+ if (!EVP_PKEY_missing_parameters(to)) {
+ if (EVP_PKEY_cmp_parameters(to, from) == 1)
+ return 1;
+ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
+ return 0;
+ }
+
if (from->ameth && from->ameth->param_copy)
+ }
+
return from->ameth->param_copy(to, from);
err:
diff --git a/doc/crypto/EVP_PKEY_cmp.pod b/doc/crypto/EVP_PKEY_cmp.pod
index 4e1f78b..7c9e582 100644
--- a/doc/crypto/EVP_PKEY_cmp.pod
+++ b/doc/crypto/EVP_PKEY_cmp.pod
@@ -21,7 +21,9 @@ parameters of B<pkey> are missing and 0 if they are present or the algorithm
doesn't use parameters.
The function EVP_PKEY_copy_parameters() copies the parameters from key
-B<from> to key B<to>.
+B<from> to key B<to>. An error is returned if the parameters are missing in
+B<from> or present in both B<from> and B<to> and mismatch. If the parameters
+in B<from> and B<to> are both present and match this function has no effect.
The function EVP_PKEY_cmp_parameters() compares the parameters of keys
B<a> and B<b>.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 83ad9ef..3799db1 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3853,7 +3853,7 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t or
err:
if (sct != NULL)
sk_SCT_push(src, sct); /* Put the SCT back */
- return scts_moved;
+ return -1;
}
/*
Rich Salz
May 31, 2016, 10:15:05 AM5/31/16
to
The branch master has been updated
via dab1f5fe4be0ca49b3aa382f0bfdcbf8c8855903 (commit)
from f72f00d49549c6620d7101f5e9bf7963da6df9ee (commit)
- Log -----------------------------------------------------------------
commit dab1f5fe4be0ca49b3aa382f0bfdcbf8c8855903
Author: Cristian Stoica <cristia...@nxp.com>
Date: Tue May 17 18:40:14 2016 +0300
speed.c: fix segfault with unrecognized algorithms
When an unrecognized algorithm is given on command line together with
-async_jobs, speed_main will jump to clean-up and run
ASYNC_cleanup_thread without calling ASYNC_init_thread first.
Example:
openssl speed -async_jobs 4 ras2048
Signed-off-by: Cristian Stoica <cristia...@nxp.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1084)
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/apps/speed.c b/apps/speed.c
index 139295c..3b162e1 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1192,6 +1192,7 @@ static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_
int speed_main(int argc, char **argv)
{
loopargs_t *loopargs = NULL;
+ int async_init = 0;
int loopargs_len = 0;
char *prog;
const EVP_CIPHER *evp_cipher = NULL;
@@ -1518,7 +1519,8 @@ int speed_main(int argc, char **argv)
/* Initialize the job pool if async mode is enabled */
if (async_jobs > 0) {
- if (!ASYNC_init_thread(async_jobs, async_jobs)) {
+ async_init = ASYNC_init_thread(async_jobs, async_jobs);
+ if (!async_init) {
BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
goto end;
}
@@ -2799,7 +2801,9 @@ int speed_main(int argc, char **argv)
if (async_jobs > 0) {
for (i = 0; i < loopargs_len; i++)
ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
+ }
+ if (async_init) {
ASYNC_cleanup_thread();
}
OPENSSL_free(loopargs);
Rich Salz
May 31, 2016, 1:55:51 PM5/31/16
to
The branch master has been updated
via 6d1e7709c67fa258527e58b797dc581c4e236f20 (commit)
from dab1f5fe4be0ca49b3aa382f0bfdcbf8c8855903 (commit)
- Log -----------------------------------------------------------------
commit 6d1e7709c67fa258527e58b797dc581c4e236f20
Author: Rich Salz <rs...@openssl.org>
Date: Tue May 31 13:44:25 2016 -0400
RT4539: Add section for renamed ciphers.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 7 insertions(+)
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index a8a7c87..19067cd 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -664,6 +664,13 @@ Note: these ciphers can also be used in SSL v3.
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305
TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305
+=head2 Older names used by OpenSSL
+
+The following names are accepted by older releases:
+
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
+
=head1 NOTES
Some compiled versions of OpenSSL may not include all the ciphers
Rich Salz
May 31, 2016, 5:16:58 PM5/31/16
to
The branch master has been updated
via 80c630f6574a33b1c633815a174110d10ec37c60 (commit)
via 73271290fe2fe47f122a80f7b67fde556d873a47 (commit)
via bd01f6498c2c5007df64ba88c5d88ff15b0376cb (commit)
from 6d1e7709c67fa258527e58b797dc581c4e236f20 (commit)
- Log -----------------------------------------------------------------
commit 80c630f6574a33b1c633815a174110d10ec37c60
Author: TJ Saunders <t...@castaglia.org>
Date: Tue May 31 14:09:17 2016 -0700
Remove null check, per review feedback. Note this in the docs.
(Merged from https://github.com/openssl/openssl/pull/1135)
commit 73271290fe2fe47f122a80f7b67fde556d873a47
Author: TJ Saunders <t...@castaglia.org>
Date: Fri May 27 10:22:17 2016 -0700
Add requested HISTORY section, remove copy/pastos, per review feedback.
(Merged from https://github.com/openssl/openssl/pull/1135)
commit bd01f6498c2c5007df64ba88c5d88ff15b0376cb
Author: TJ Saunders <t...@castaglia.org>
Date: Thu May 26 15:40:13 2016 -0700
Add an SSL_SESSION accessor for obtaining the protocol version number, with
accompanying documentation.
(Merged from https://github.com/openssl/openssl/pull/1135)
-----------------------------------------------------------------------
Summary of changes:
doc/ssl/SSL_SESSION_get_protocol_version.pod | 44 ++++++++++++++++++++++++++++
include/openssl/ssl.h | 1 +
ssl/ssl_sess.c | 5 ++++
3 files changed, 50 insertions(+)
create mode 100644 doc/ssl/SSL_SESSION_get_protocol_version.pod
diff --git a/doc/ssl/SSL_SESSION_get_protocol_version.pod b/doc/ssl/SSL_SESSION_get_protocol_version.pod
new file mode 100644
index 0000000..a033fdd
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_get_protocol_version.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get_protocol_version - retrieve session protocol version
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get_protocol_version() returns the protocol version number used
+by session B<s>.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_get_protocol_version() returns a number indicating the protocol
+version used for the session; this number matches the constants I<e.g.>
+B<TLS1_VERSION> or B<TLS1_2_VERSION>.
+
+Note that the SSL_SESSION_get_protocol_version() function
+does B<not> perform a null check on the provided session B<s> pointer.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f019f64..c6c3576 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1376,6 +1376,7 @@ __owur long SSL_SESSION_get_time(const SSL_SESSION *s);
__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index f168900..f13e466 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -828,6 +828,11 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
return (t);
}
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
+{
+ return s->ssl_version;
+}
+
const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
{
return s->tlsext_hostname;
Rich Salz
May 31, 2016, 5:45:34 PM5/31/16
to
The branch master has been updated
via af9895cb8c00cb383c0417bda1163001946681bd (commit)
via b01e1644d7f7a0d750340540385e93db7d180fd6 (commit)
from 80c630f6574a33b1c633815a174110d10ec37c60 (commit)
- Log -----------------------------------------------------------------
commit af9895cb8c00cb383c0417bda1163001946681bd
Author: Mat <mberc...@gmail.com>
Date: Tue May 10 15:51:28 2016 +0200
Updates from review
commit b01e1644d7f7a0d750340540385e93db7d180fd6
Author: Mat <mberc...@gmail.com>
Date: Mon May 9 21:36:39 2016 +0200
Fix: PEM_read_bio_PrivateKey with no-ui / no-stdio
If openssl is compiled with no-ui or no-stdio, then PEM_read_bio_PrivateKey fails if a password but no callback is provided.
The reason is that the premature return in the PEM_def_callback implementation when OPENSSL_NO_STDIO or OPENSSL_NO_UI is defined, comes too early.
This patch moves the ifdef block to the correct place.
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pem_lib.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 42b46dc..90893f1 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -31,21 +31,23 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
int PEM_def_callback(char *buf, int num, int w, void *key)
{
#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
- /*
- * We should not ever call the default callback routine from windows.
- */
- PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (-1);
+ int i;
#else
int i, j;
const char *prompt;
+#endif
+
if (key) {
i = strlen(key);
i = (i > num) ? num : i;
memcpy(buf, key, i);
- return (i);
+ return i;
}
+#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
+ PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+#else
prompt = EVP_get_pw_prompt();
if (prompt == NULL)
prompt = "Enter PEM pass phrase:";
@@ -61,7 +63,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
if (i != 0) {
PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)num);
- return (-1);
+ return -1;
}
j = strlen(buf);
if (min_len && j < min_len) {
@@ -71,7 +73,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
} else
break;
}
- return (j);
+ return j;
#endif
Matt Caswell
May 31, 2016, 7:20:21 PM5/31/16
to
The branch master has been updated
via befe31cd3839a7bf9d62b279ace71a0efbdd39b0 (commit)
from af9895cb8c00cb383c0417bda1163001946681bd (commit)
- Log -----------------------------------------------------------------
commit befe31cd3839a7bf9d62b279ace71a0efbdd39b0
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 31 23:03:54 2016 +0100
make update
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 1 insertion(+)
diff --git a/util/libssl.num b/util/libssl.num
index 8af95d1..c64d155 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -395,3 +395,4 @@ SSL_CTX_enable_ct 394 1_1_0 EXIST::FUNCTION:CT
SSL_CTX_get_ciphers 395 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_hostname 396 1_1_0 EXIST::FUNCTION:
SSL_client_version 397 1_1_0 EXIST::FUNCTION:
+SSL_SESSION_get_protocol_version 398 1_1_0 EXIST::FUNCTION:
Matt Caswell
Jun 1, 2016, 5:56:04 AM6/1/16
to
The branch master has been updated
via e51329d3815df95bf0ff66925c3961794f4c66d1 (commit)
from befe31cd3839a7bf9d62b279ace71a0efbdd39b0 (commit)
- Log -----------------------------------------------------------------
commit e51329d3815df95bf0ff66925c3961794f4c66d1
Author: Matt Caswell <ma...@openssl.org>
Date: Wed May 11 11:18:57 2016 +0100
OpenBSD doesn't have ucontext.h so don't try and include it
On OpenBSD we turn off async capabilities due to no ucontext.h.
RT#4379
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h
index e0099c3..0d9245e 100644
--- a/crypto/async/arch/async_posix.h
+++ b/crypto/async/arch/async_posix.h
@@ -11,7 +11,9 @@
#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
#include <openssl/e_os2.h>
-#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) && !defined(__ANDROID__)
+#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) \
+ && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
+ && !defined(__ANDROID__) && !defined(__OpenBSD__)
# include <unistd.h>
Matt Caswell
Jun 1, 2016, 8:11:07 AM6/1/16
to
The branch master has been updated
via 57358a83a401ef469353b7ebdae0cf3b870a4d5e (commit)
from e51329d3815df95bf0ff66925c3961794f4c66d1 (commit)
- Log -----------------------------------------------------------------
commit 57358a83a401ef469353b7ebdae0cf3b870a4d5e
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jun 1 10:48:36 2016 +0100
req command incorrectly displays the bits for an EC key
When the "req" command is used to generate a new EC key using the -newkey
option it will incorrectly display:
Generating a 2048 bit EC private key
This commit fixes the message to not display the bit length for EC keys
because we don't currently support getting that during generation.
GitHub Issue #1068
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index aaca43a..ca8a9af 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -499,8 +499,12 @@ int req_main(int argc, char **argv)
}
}
- BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
- newkey, keyalgstr);
+ if (pkey_type == EVP_PKEY_EC) {
+ BIO_printf(bio_err, "Generating an EC private key\n");
+ } else {
+ BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
+ newkey, keyalgstr);
+ }
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(genctx, bio_err);
Matt Caswell
Jun 1, 2016, 8:17:56 AM6/1/16
to
The branch master has been updated
via b2b361f6afb55c501bedef664c1fdc0d71a91d4b (commit)
from 57358a83a401ef469353b7ebdae0cf3b870a4d5e (commit)
- Log -----------------------------------------------------------------
commit b2b361f6afb55c501bedef664c1fdc0d71a91d4b
Author: FdaSilvaYY <fdasi...@gmail.com>
Date: Sat Apr 30 16:23:33 2016 +0200
Raise an Err when CRYPTO_THREAD_lock_new fails
Add missing error raise call, as it is done everywhere else.
and as CRYPTO_THREAD_lock_new don't do it internally.
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/tasn_utl.c | 5 ++++-
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_lib.c | 1 +
crypto/dsa/dsa_lib.c | 1 +
crypto/dso/dso_lib.c | 1 +
engines/e_chil.c | 8 ++++++--
engines/e_chil_err.h | 2 ++
6 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index cb24593..f03f9e9 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -50,6 +50,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
* then the count is incremented. If op is 0 count is set to 1. If op is -1
* count is decremented and the return value is the current reference count
* or 0 if no reference count exists.
+ * FIXME: return and manage any error from inside this method
*/
int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
@@ -68,8 +69,10 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
if (op == 0) {
*lck = 1;
*lock = CRYPTO_THREAD_lock_new();
- if (*lock == NULL)
+ if (*lock == NULL) {
+ /* FIXME: should report an error (-1) at this point */
return 0;
+ }
return 1;
}
CRYPTO_atomic_add(lck, op, &ret, *lock);
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 8645b67..6a59f7f 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -64,6 +64,7 @@ DH *DH_new_method(ENGINE *engine)
ret->references = 1;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ret);
return NULL;
}
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 9294594..14cb35f 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -73,6 +73,7 @@ DSA *DSA_new_method(ENGINE *engine)
ret->references = 1;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
+ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ret);
return NULL;
}
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index 6bb9f5f..bea8776 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -39,6 +39,7 @@ static DSO *DSO_new_method(DSO_METHOD *meth)
ret->references = 1;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
+ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
sk_void_free(ret->meth_data);
OPENSSL_free(ret);
return NULL;
diff --git a/engines/e_chil.c b/engines/e_chil.c
index 0fb7aa4..c660aa9 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -309,8 +309,10 @@ static int bind_helper(ENGINE *e)
# endif
chil_lock = CRYPTO_THREAD_lock_new();
- if (chil_lock == NULL)
+ if (chil_lock == NULL) {
+ HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE);
return 0;
+ }
if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
!ENGINE_set_name(e, engine_hwcrhk_name) ||
@@ -1092,8 +1094,10 @@ static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
HWCryptoHook_CallerContext * cactx)
{
mt->lock = CRYPTO_THREAD_lock_new();
- if (mt->lock == NULL)
+ if (mt->lock == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE);
return 1; /* failure */
+ }
return 0; /* success */
}
diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h
index 42fdd19..b0f0dd9 100644
--- a/engines/e_chil_err.h
+++ b/engines/e_chil_err.h
@@ -39,6 +39,8 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
# define HWCRHK_F_HWCRHK_MOD_EXP 107
# define HWCRHK_F_HWCRHK_RAND_BYTES 108
# define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
+# define HWCRHK_F_BIND_HELPER 110
+# define HWCRHK_F_HWCRHK_MUTEX_INIT 111
/* Reason codes. */
# define HWCRHK_R_ALREADY_LOADED 100
Matt Caswell
Jun 1, 2016, 8:20:41 AM6/1/16
to
The branch master has been updated
via 1d54ef340864507c1b6e86238183ab4cbc7423aa (commit)
via eeb21772effdd385e44eed547d717f171487987e (commit)
from b2b361f6afb55c501bedef664c1fdc0d71a91d4b (commit)
- Log -----------------------------------------------------------------
commit 1d54ef340864507c1b6e86238183ab4cbc7423aa
Author: Matt Caswell <ma...@openssl.org>
Date: Fri May 27 13:55:47 2016 +0100
Fix printing of DH Parameters
The -text argument to dhparam is broken, because the DHparams_print()
function always returns an error. The problem is that always expects a
public or private key to be present, even though that is never the case
with parameters.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit eeb21772effdd385e44eed547d717f171487987e
Author: Matt Caswell <ma...@openssl.org>
Date: Fri May 27 13:26:03 2016 +0100
Add dhparam sanity check and update DH_check documentation
The -check argument to dhparam should never identify any problems if we
have just generated the parameters. Add a sanity check for this and print
an error and fail if necessary.
Also updates the documentation for the -check argument, and the DH_check()
function.
RT#4244
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_ameth.c | 3 ++-
doc/apps/dhparam.pod | 3 ++-
doc/crypto/DH_generate_parameters.pod | 46 ++++++++++++++++++++++++++---------
4 files changed, 59 insertions(+), 18 deletions(-)
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 350dd28..f86e315 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -270,15 +270,30 @@ int dhparam_main(int argc, char **argv)
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
- printf("p value is not prime\n");
+ BIO_printf(bio_err, "WARNING: p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- printf("p value is not a safe prime\n");
+ BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
+ if (i & DH_CHECK_Q_NOT_PRIME)
+ BIO_printf(bio_err, "WARNING: q value is not a prime\n");
+ if (i & DH_CHECK_INVALID_Q_VALUE)
+ BIO_printf(bio_err, "WARNING: q value is invalid\n");
+ if (i & DH_CHECK_INVALID_J_VALUE)
+ BIO_printf(bio_err, "WARNING: j value is invalid\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- printf("unable to check the generator value\n");
+ BIO_printf(bio_err,
+ "WARNING: unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
- printf("the g value is not a generator\n");
+ BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
if (i == 0)
- printf("DH parameters appear to be ok.\n");
+ BIO_printf(bio_err, "DH parameters appear to be ok.\n");
+ if (num != 0 && i != 0) {
+ /*
+ * We have generated parameters but DH_check() indicates they are
+ * invalid! This should never happen!
+ */
+ BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
+ goto end;
+ }
}
if (C) {
unsigned char *data;
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index b7b3717..78aea36 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -280,7 +280,8 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
else
pub_key = NULL;
- if (priv_key == NULL && pub_key == NULL) {
+ if (x->p == NULL || (ptype == 2 && priv_key == NULL)
+ || (ptype > 0 && pub_key == NULL)) {
reason = ERR_R_PASSED_NULL_PARAMETER;
goto err;
}
diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod
index 63cc0d3..addd88a 100644
--- a/doc/apps/dhparam.pod
+++ b/doc/apps/dhparam.pod
@@ -72,7 +72,8 @@ avoid small-subgroup attacks that may be possible otherwise.
=item B<-check>
-check if the parameters are valid primes and generator.
+Performs numerous checks to see if the supplied parameters are valid and
+displays a warning if not.
=item B<-2>, B<-5>
diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod
index 71fa436..8970aae 100644
--- a/doc/crypto/DH_generate_parameters.pod
+++ b/doc/crypto/DH_generate_parameters.pod
@@ -37,12 +37,41 @@ number is generated, and when a prime has been found, B<BN_GENCB_call(cb, 3, 0)>
is called. See L<BN_generate_prime(3)> for information on
the BN_GENCB_call() function.
-DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
-a safe prime, and that B<g> is a suitable generator. In the case of an
-error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
-DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
-DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
-checked, i.e. it does not equal 2 or 5.
+DH_check() confirms that the Diffie-Hellman parameters B<dh> are valid. The
+value of B<*codes> is updated with any problems found. If B<*codes> is zero then
+no problems were found, otherwise the following bits may be set:
+
+=over 4
+
+=item DH_CHECK_P_NOT_PRIME
+
+The parameter B<p> is not prime.
+
+=item DH_CHECK_P_NOT_SAFE_PRIME
+
+The parameter B<p> is not a safe prime and no B<q> value is present.
+
+=item DH_UNABLE_TO_CHECK_GENERATOR
+
+The generator B<g> cannot be checked for suitability.
+
+=item DH_NOT_SUITABLE_GENERATOR
+
+The generator B<g> is not suitable.
+
+=item DH_CHECK_Q_NOT_PRIME
+
+The parameter B<q> is not prime.
+
+=item DH_CHECK_INVALID_Q_VALUE
+
+The parameter B<q> is invalid.
+
+=item DH_CHECK_INVALID_J_VALUE
+
+The parameter B<j> is invalid.
+
+=back
=head1 RETURN VALUES
@@ -62,11 +91,6 @@ hours before finding a suitable prime.
The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters()
are not to be used in signature schemes.
-=head1 BUGS
-
-If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
-a usable generator.
-
=head1 SEE ALSO
L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>,
Rich Salz
Jun 1, 2016, 9:29:19 AM6/1/16
to
The branch master has been updated
via 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 (commit)
from 1d54ef340864507c1b6e86238183ab4cbc7423aa (commit)
- Log -----------------------------------------------------------------
commit 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242
Author: Rich Salz <rs...@openssl.org>
Date: Tue May 31 23:05:48 2016 -0400
RT4337: Crash in DES
Salt must be two ASCII characters. Add tests to check for that,
and a test to test the checks.
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/des.pod | 17 +++++++++++------
test/destest.c | 21 +++++++++++++++++----
3 files changed, 46 insertions(+), 43 deletions(-)
diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
index b52f486..5215ad3 100644
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -66,27 +66,23 @@ char *DES_crypt(const char *buf, const char *salt)
char e_buf[32 + 1]; /* replace 32 by 8 ? */
char *ret;
- /* Copy at most 2 chars of salt */
- if ((e_salt[0] = salt[0]) != '\0')
- e_salt[1] = salt[1];
+ if (salt[0] == '\0' || salt[1] == '\0')
+ return NULL;
- /* Copy at most 32 chars of password */
- strncpy(e_buf, buf, sizeof(e_buf));
+ /* Copy salt, convert to ASCII. */
+ e_salt[0] = salt[0];
+ e_salt[1] = salt[1];
+ e_salt[2] = '\0';
+ ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
- /* Make sure we have a delimiter */
- e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
-
- /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
- ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
-
- /* Convert the cleartext password to ASCII */
+ /* Convert password to ASCII. */
+ OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
- /* Encrypt it (from/to ASCII) */
+ /* Encrypt it (from/to ASCII); if it worked, convert back. */
ret = DES_fcrypt(e_buf, e_salt, buff);
-
- /* Convert the result back to EBCDIC */
- ascii2ebcdic(ret, ret, strlen(ret));
+ if (ret != NULL)
+ ascii2ebcdic(ret, ret, strlen(ret));
return ret;
#endif
@@ -103,25 +99,14 @@ char *DES_fcrypt(const char *buf, const char *salt, char *ret)
unsigned char *b = bb;
unsigned char c, u;
- /*
- * eay 25/08/92 If you call crypt("pwd","*") as often happens when you
- * have * as the pwd field in /etc/passwd, the function returns
- * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would
- * crypt to "*". This was found when replacing the crypt in our shared
- * libraries. People found that the disabled accounts effectively had no
- * passwd :-(.
- */
-#ifndef CHARSET_EBCDIC
- x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
+ x = ret[0] = salt[0];
+ if (x == 0 || x >= sizeof(con_salt))
+ return NULL;
Eswap0 = con_salt[x] << 2;
- x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
+ x = ret[1] = salt[1];
+ if (x == 0 || x >= sizeof(con_salt))
+ return NULL;
Eswap1 = con_salt[x] << 6;
-#else
- x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]);
- Eswap0 = con_salt[x] << 2;
- x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]);
- Eswap1 = con_salt[x] << 6;
-#endif
/*
* EAY r=strlen(buf); r=(r+7)/8;
diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod
index 7ccadbc..0131093 100644
--- a/doc/crypto/des.pod
+++ b/doc/crypto/des.pod
@@ -240,8 +240,9 @@ is thread safe, unlike the normal crypt.
DES_crypt() is a faster replacement for the normal system crypt().
This function calls DES_fcrypt() with a static array passed as the
-third parameter. This emulates the normal non-thread safe semantics
+third parameter. This mostly emulates the normal non-thread-safe semantics
of crypt(3).
+The B<salt> must be two ASCII characters.
DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
@@ -272,15 +273,11 @@ DES_string_to_key() is available for backward compatibility with the
MIT library. New applications should use a cryptographic hash function.
The same applies for DES_string_to_2key().
-=head1 CONFORMING TO
-
-ANSI X3.106
+=head1 NOTES
The B<des> library was written to be source code compatible with
the MIT Kerberos library.
-=head1 NOTES
-
Applications should use the higher level functions
L<EVP_EncryptInit(3)> etc. instead of calling these
functions directly.
@@ -288,6 +285,14 @@ functions directly.
Single-key DES is insecure due to its short key size. ECB mode is
not suitable for most applications; see L<des_modes(7)>.
+=head1 HISTORY
+
+The requirement that the B<salt> parameter to DES_crypt() and DES_fcrypt()
+be two ASCII characters was first enforced in
+OpenSSL 1.1.0. Previous versions tried to use the letter uppercase B<A>
+if both character were not present, and could crash when given non-ASCII
+on some platforms.
+
=head1 SEE ALSO
L<des_modes(7)>,
diff --git a/test/destest.c b/test/destest.c
index 389d0c8..877f71d 100644
--- a/test/destest.c
+++ b/test/destest.c
@@ -35,8 +35,6 @@ int main(int argc, char *argv[])
#else
# include <openssl/des.h>
-# define crypt(c,s) (DES_crypt((c),(s)))
-
/* tisk tisk - the test keys don't all have odd parity :-( */
/* test data */
# define NUM_TESTS 34
@@ -660,16 +658,31 @@ int main(int argc, char *argv[])
}
printf("\n");
printf("fast crypt test ");
- str = crypt("testing", "ef");
+ str = DES_crypt("testing", "ef");
if (strcmp("efGnQx2725bI2", str) != 0) {
printf("fast crypt error, %s should be efGnQx2725bI2\n", str);
err = 1;
}
- str = crypt("bca76;23", "yA");
+ str = DES_crypt("bca76;23", "yA");
if (strcmp("yA1Rp/1hZXIJk", str) != 0) {
printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n", str);
err = 1;
}
+ str = DES_crypt("testing", "y\202");
+ if (str != NULL) {
+ printf("salt error only usascii are accepted\n");
+ err = 1;
+ }
+ str = DES_crypt("testing", "\0A");
+ if (str != NULL) {
+ printf("salt error cannot contain null terminator\n");
+ err = 1;
+ }
+ str = DES_crypt("testing", "A");
+ if (str != NULL) {
+ printf("salt error must be at least 2\n");
+ err = 1;
+ }
printf("\n");
return (err);
Matt Caswell
Jun 1, 2016, 10:01:48 AM6/1/16
to
The branch master has been updated
via f83b85fb0f46f7a3e92651f1e5eb7b1081fb8650 (commit)
via 7b0ee1353d0e3ece7986e12c6684f1aac7483cea (commit)
via a3768e0c9b8b80fadcab06afed77a9d27ed1b6dd (commit)
via 5bf7c7725b9cb44813dc78cf143c5c1d5aada02c (commit)
via fe2b7dfdf446088d5c1cc9dc9d49d131cc4ef7f9 (commit)
via 0461b7ea7bd1112c4fa357545fc8a456138ed3af (commit)
from 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 (commit)
- Log -----------------------------------------------------------------
commit f83b85fb0f46f7a3e92651f1e5eb7b1081fb8650
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Apr 26 18:45:46 2016 +0100
Ensure an ASN1_OBJECT is freed in error paths
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 7b0ee1353d0e3ece7986e12c6684f1aac7483cea
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Apr 26 18:37:58 2016 +0100
Free allocated password strings on exit
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit a3768e0c9b8b80fadcab06afed77a9d27ed1b6dd
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Apr 26 18:33:03 2016 +0100
Free a BIO_ADDR if DTLSv1_listen return <=0
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 5bf7c7725b9cb44813dc78cf143c5c1d5aada02c
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Apr 26 18:29:49 2016 +0100
Ensure BIGNUM is freed in an error path
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit fe2b7dfdf446088d5c1cc9dc9d49d131cc4ef7f9
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Apr 26 18:28:03 2016 +0100
Free an X509_CRL in an error path
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 0461b7ea7bd1112c4fa357545fc8a456138ed3af
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Apr 26 18:25:39 2016 +0100
Don't leak X509_OBJECT in an error path
Swap the ordering of some code to avoid a leak in an error path.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/prime.c | 3 +--
apps/s_server.c | 8 +++++---
apps/srp.c | 2 ++
apps/x509.c | 7 ++++++-
5 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index a3e1794..fca3775 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1984,8 +1984,10 @@ static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
- if (!crl)
+ if (!crl) {
+ sk_X509_CRL_free(crls);
return NULL;
+ }
sk_X509_CRL_push(crls, crl);
/* Try to download delta CRL */
crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
diff --git a/apps/prime.c b/apps/prime.c
index 940fd45..b0f5969 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -119,9 +119,8 @@ int prime_main(int argc, char **argv)
}
}
- BN_free(bn);
-
ret = 0;
end:
+ BN_free(bn);
return ret;
}
diff --git a/apps/s_server.c b/apps/s_server.c
index 08753c3..dce02f0 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -576,13 +576,13 @@ static int cert_status_cb(SSL *s, void *arg)
BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
goto done;
}
- req = OCSP_REQUEST_new();
- if (req == NULL)
- goto err;
id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
X509_OBJECT_free(obj);
if (!id)
goto err;
+ req = OCSP_REQUEST_new();
+ if (req == NULL)
+ goto err;
if (!OCSP_request_add0_id(req, id))
goto err;
id = NULL;
@@ -2481,6 +2481,8 @@ static int init_ssl_connection(SSL *con)
BIO_ADDR_free(client);
dtlslisten = 0;
i = SSL_accept(con);
+ } else {
+ BIO_ADDR_free(client);
}
} else
#endif
diff --git a/apps/srp.c b/apps/srp.c
index d81346d..5ba9375 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -597,6 +597,8 @@ int srp_main(int argc, char **argv)
if (verbose)
BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
+ OPENSSL_free(passin);
+ OPENSSL_free(passout);
if (ret)
ERR_print_errors(bio_err);
if (randfile)
diff --git a/apps/x509.c b/apps/x509.c
index 56c6fcc..6419766 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -145,7 +145,7 @@ OPTIONS x509_options[] = {
int x509_main(int argc, char **argv)
{
ASN1_INTEGER *sno = NULL;
- ASN1_OBJECT *objtmp;
+ ASN1_OBJECT *objtmp = NULL;
BIO *out = NULL;
CONF *extconf = NULL;
EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL;
@@ -277,6 +277,7 @@ int x509_main(int argc, char **argv)
if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
goto end;
sk_ASN1_OBJECT_push(trust, objtmp);
+ objtmp = NULL;
trustout = 1;
break;
case OPT_ADDREJECT:
@@ -290,6 +291,7 @@ int x509_main(int argc, char **argv)
&& (reject = sk_ASN1_OBJECT_new_null()) == NULL)
goto end;
sk_ASN1_OBJECT_push(reject, objtmp);
+ objtmp = NULL;
trustout = 1;
break;
case OPT_SETALIAS:
@@ -590,6 +592,7 @@ int x509_main(int argc, char **argv)
objtmp = sk_ASN1_OBJECT_value(trust, i);
X509_add1_trust_object(x, objtmp);
}
+ objtmp = NULL;
}
if (reject) {
@@ -597,6 +600,7 @@ int x509_main(int argc, char **argv)
objtmp = sk_ASN1_OBJECT_value(reject, i);
X509_add1_reject_object(x, objtmp);
}
+ objtmp = NULL;
}
if (num) {
@@ -885,6 +889,7 @@ int x509_main(int argc, char **argv)
ASN1_INTEGER_free(sno);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+ ASN1_OBJECT_free(objtmp);
OPENSSL_free(passin);
return (ret);
Rich Salz
Jun 1, 2016, 10:46:05 AM6/1/16
to
The branch master has been updated
via 0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c (commit)
from f83b85fb0f46f7a3e92651f1e5eb7b1081fb8650 (commit)
- Log -----------------------------------------------------------------
commit 0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c
Author: Rich Salz <rs...@openssl.org>
Date: Sun May 29 14:11:44 2016 -0400
Fix some RAND bugs
RT2630 -- segfault for int overlow
RT2877 -- check return values in apps/rand
Update CHANGES file for previous "windows rand" changes.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/rand.c | 16 ++++++++++------
crypto/rand/md_rand.c | 6 +++---
3 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/CHANGES b/CHANGES
index 541efc3..c64d677 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
Changes between 1.0.2h and 1.1.0 [xx XXX 2016]
+ *) Windows RAND implementation was simplified to only get entropy by
+ calling CryptGenRandom(). Various other RAND-related tickets
+ were also closed.
+ [Joseph Wylie Yandle, Rich Salz]
+
*) The stack and lhash API's were renamed to start with OPENSSL_SK_
and OPENSSL_LH_, respectively. The old names are available
with API compatibility. They new names are now completely documented.
diff --git a/apps/rand.c b/apps/rand.c
index 89a23a2..d60f1ec 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -105,22 +105,26 @@ int rand_main(int argc, char **argv)
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto end;
- if (format != FORMAT_TEXT) /* hex */
- BIO_write(out, buf, chunk);
- else {
+ if (format != FORMAT_TEXT) {
+ if (BIO_write(out, buf, chunk) != chunk)
+ goto end;
+ } else {
for (i = 0; i < chunk; i++)
- BIO_printf(out, "%02x", buf[i]);
+ if (BIO_printf(out, "%02x", buf[i]) != 2)
+ goto end;
}
num -= chunk;
}
if (format == FORMAT_TEXT)
BIO_puts(out, "\n");
- (void)BIO_flush(out);
+ if (BIO_flush(out) <= 0 || !app_RAND_write_file(NULL))
+ goto end;
- app_RAND_write_file(NULL);
ret = 0;
end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
BIO_free_all(out);
return (ret);
}
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 4b874e3..137851f 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -38,7 +38,7 @@
/* #define PREDICT 1 */
#define STATE_SIZE 1023
-static int state_num = 0, state_index = 0;
+static size_t state_num = 0, state_index = 0;
static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2] = { 0, 0 };
@@ -268,8 +268,8 @@ static int rand_seed(const void *buf, int num)
static int rand_bytes(unsigned char *buf, int num, int pseudo)
{
static volatile int stirred_pool = 0;
- int i, j, k, st_num, st_idx;
- int num_ceil;
+ int i, j, k;
+ size_t num_ceil, st_idx, st_num;
int ok;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
Rich Salz
Jun 1, 2016, 11:28:06 AM6/1/16
to
The branch master has been updated
via 44c8a5e2b9af8909844cc002c53049311634b314 (commit)
from 0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c (commit)
- Log -----------------------------------------------------------------
commit 44c8a5e2b9af8909844cc002c53049311634b314
Author: Rich Salz <rs...@openssl.org>
Date: Wed Jun 1 11:26:40 2016 -0400
Add final(?) set of copyrights.
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/tsget.in | 13 +++++++++----
config | 26 ++++++++------------------
config.com | 6 ++++++
crypto/aes/asm/aes-ia64.S | 7 +++++++
crypto/bn/asm/bn-c64xplus.asm | 7 +++++++
crypto/bn/asm/ia64.S | 7 +++++++
crypto/bn/asm/pa-risc2.s | 6 ++++++
crypto/bn/asm/pa-risc2W.s | 7 +++++++
crypto/bn/asm/s390x.S | 10 +++++-----
crypto/bn/asm/sparcv8.S | 10 +++++-----
crypto/bn/asm/sparcv8plus.S | 10 +++++-----
crypto/des/asm/des_enc.m4 | 27 +++++----------------------
crypto/ia64cpuid.S | 6 ++++++
crypto/md5/asm/md5-ia64.S | 10 ++++++++++
crypto/s390xcpuid.S | 6 ++++++
crypto/sparccpuid.S | 7 +++++++
engines/vendor_defns/hwcryptohook.h | 11 +++++++++--
fuzz/helper.py | 7 +++++++
ms/applink.c | 9 +++++++++
ms/uplink.c | 9 +++++++++
ms/uplink.h | 9 +++++++++
test/danetest.in | 8 ++++++++
test/evptests.txt | 9 +++++++++
test/recipes/80-test_cipherlist.t | 8 ++++++++
test/smime-certs/mksmime-certs.sh | 7 +++++++
test/ssl-tests/01-simple.conf.in | 7 +++++++
test/ssl-tests/02-protocol-version.conf.in | 7 +++++++
test/ssl-tests/03-custom_verify.conf.in | 7 +++++++
tools/c_rehash.in | 6 ++++++
util/openssl-format-source | 8 ++++++++
31 files changed, 216 insertions(+), 63 deletions(-)
diff --git a/Configure b/Configure
index 020f2a1..e8fc933 100755
--- a/Configure
+++ b/Configure
@@ -1970,8 +1970,6 @@ my %builders = (
unixmake => sub {
build_Makefile();
- run_dofile("util/domd", "util/domd.in");
- chmod 0755, "util/domd";
},
);
diff --git a/apps/tsget.in b/apps/tsget.in
index fe029f3..7067111 100644
--- a/apps/tsget.in
+++ b/apps/tsget.in
@@ -1,7 +1,11 @@
#!{- $config{perl} -}
-# Written by Zoltan Glozik <zgl...@stones.com>.
-# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
-$::version = '$Id: tsget,v 1.3 2009/09/07 17:57:18 steve Exp $';
+# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
use strict;
use IO::Handle;
@@ -42,7 +46,8 @@ sub create_curl {
# Error-handling related options.
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
$curl->setopt(CURLOPT_FAILONERROR, 1);
- $curl->setopt(CURLOPT_USERAGENT, "OpenTSA tsget.pl/" . (split / /, $::version)[2]);
+ $curl->setopt(CURLOPT_USERAGENT,
+ "OpenTSA tsget.pl/openssl-{- $config{version} -}");
# Options for POST method.
$curl->setopt(CURLOPT_UPLOAD, 1);
diff --git a/config b/config
index dfdca4d..2e02ae3 100755
--- a/config
+++ b/config
@@ -1,25 +1,15 @@
#!/bin/sh
+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
# OpenSSL config: determine the operating system and run ./Configure
+# Derived from minarch and GuessOS from Apache.
#
-# "config -h" for usage information.
-#
-# this is a merge of minarch and GuessOS from the Apache Group.
-# Originally written by Tim Hudson <t...@cryptsoft.com>.
-
-# Original Apache Group comments on GuessOS
-
-# Simple OS/Platform guesser. Similar to config.guess but
-# much, much smaller. Since it was developed for use with
-# Apache, it follows under Apache's regular licensing
-# with one specific addition: Any changes or additions
-# to this script should be Emailed to the Apache
-# group (apa...@apache.org) in general and to
-# Jim Jagielski (j...@jaguNET.com) in specific.
-#
-# Be as similar to the output of config.guess/config.sub
-# as possible.
-
+# Do "config -h" for usage information.
SUFFIX=""
TEST="false"
EXE=""
diff --git a/config.com b/config.com
index 4151a88..015de51 100644
--- a/config.com
+++ b/config.com
@@ -1,4 +1,10 @@
$ ! OpenSSL config: determine the architecture and run Configure
+$ ! Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+$ !
+$ ! Licensed under the OpenSSL license (the "License"). You may not use
+$ ! this file except in compliance with the License. You can obtain a
+$ ! copy in the file LICENSE in the source distribution or at
+$ ! https://www.openssl.org/source/license.html
$ !
$ ! Very simple for the moment, it will take the following arguments:
$ !
diff --git a/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S
index 7f6c4c3..ef44f7c 100644
--- a/crypto/aes/asm/aes-ia64.S
+++ b/crypto/aes/asm/aes-ia64.S
@@ -1,3 +1,10 @@
+// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License"). You may not use
+// this file except in compliance with the License. You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+//
// ====================================================================
// Written by Andy Polyakov <ap...@fy.chalmers.se> for the OpenSSL
// project. Rights for redistribution and usage in source and binary
diff --git a/crypto/bn/asm/bn-c64xplus.asm b/crypto/bn/asm/bn-c64xplus.asm
index 7b72bff..de6d377 100644
--- a/crypto/bn/asm/bn-c64xplus.asm
+++ b/crypto/bn/asm/bn-c64xplus.asm
@@ -1,3 +1,10 @@
+;; Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+;;
+;; Licensed under the OpenSSL license (the "License"). You may not use
+;; this file except in compliance with the License. You can obtain a copy
+;; in the file LICENSE in the source distribution or at
+;; https://www.openssl.org/source/license.html
+;;
;;====================================================================
;; Written by Andy Polyakov <ap...@openssl.org> for the OpenSSL
;; project.
diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S
index 9e090ab..2fdf5bb 100644
--- a/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
@@ -3,6 +3,13 @@
.ident "ia64.S, Version 2.1"
.ident "IA-64 ISA artwork by Andy Polyakov <ap...@fy.chalmers.se>"
+// Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License"). You may not use
+// this file except in compliance with the License. You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+
//
// ====================================================================
// Written by Andy Polyakov <ap...@fy.chalmers.se> for the OpenSSL
diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
index f3b1629..413eac7 100644
--- a/crypto/bn/asm/pa-risc2.s
+++ b/crypto/bn/asm/pa-risc2.s
@@ -1,3 +1,9 @@
+; Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+;
+; Licensed under the OpenSSL license (the "License"). You may not use
+; this file except in compliance with the License. You can obtain a copy
+; in the file LICENSE in the source distribution or at
+; https://www.openssl.org/source/license.html
;
; PA-RISC 2.0 implementation of bn_asm code, based on the
; 64-bit version of the code. This code is effectively the
diff --git a/crypto/bn/asm/pa-risc2W.s b/crypto/bn/asm/pa-risc2W.s
index a995457..9738117 100644
--- a/crypto/bn/asm/pa-risc2W.s
+++ b/crypto/bn/asm/pa-risc2W.s
@@ -1,3 +1,10 @@
+; Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+;
+; Licensed under the OpenSSL license (the "License"). You may not use
+; this file except in compliance with the License. You can obtain a copy
+; in the file LICENSE in the source distribution or at
+; https://www.openssl.org/source/license.html
+
;
; PA-RISC 64-bit implementation of bn_asm code
;
diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S
index f5eebe4..292a7a9 100755
--- a/crypto/bn/asm/s390x.S
+++ b/crypto/bn/asm/s390x.S
@@ -1,11 +1,11 @@
.ident "s390x.S, version 1.1"
// ====================================================================
-// Written by Andy Polyakov <ap...@fy.chalmers.se> for the OpenSSL
-// project.
+// Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
//
-// Rights for redistribution and usage in source and binary forms are
-// granted according to the OpenSSL license. Warranty of any kind is
-// disclaimed.
+// Licensed under the OpenSSL license (the "License"). You may not use
+// this file except in compliance with the License. You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
// ====================================================================
.text
diff --git a/crypto/bn/asm/sparcv8.S b/crypto/bn/asm/sparcv8.S
index 88c5dc4..9c31073 100644
--- a/crypto/bn/asm/sparcv8.S
+++ b/crypto/bn/asm/sparcv8.S
@@ -3,12 +3,12 @@
/*
* ====================================================================
- * Written by Andy Polyakov <ap...@fy.chalmers.se> for the OpenSSL
- * project.
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
* ====================================================================
*/
diff --git a/crypto/bn/asm/sparcv8plus.S b/crypto/bn/asm/sparcv8plus.S
index 915a4e7..e77e67a 100644
--- a/crypto/bn/asm/sparcv8plus.S
+++ b/crypto/bn/asm/sparcv8plus.S
@@ -3,12 +3,12 @@
/*
* ====================================================================
- * Written by Andy Polyakov <ap...@fy.chalmers.se> for the OpenSSL
- * project.
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
* ====================================================================
*/
diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4
index 3efe246..2d794d3 100644
--- a/crypto/des/asm/des_enc.m4
+++ b/crypto/des/asm/des_enc.m4
@@ -1,26 +1,9 @@
-! des_enc.m4
-! des_enc.S (generated from des_enc.m4)
+! Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
!
-! UltraSPARC assembler version of the LibDES/SSLeay/OpenSSL des_enc.c file.
-!
-! Version 1.0. 32-bit version.
-!
-! June 8, 2000.
-!
-! Version 2.0. 32/64-bit, PIC-ification, blended CPU adaptation
-! by Andy Polyakov.
-!
-! January 1, 2003.
-!
-! Assembler version: Copyright Svend Olaf Mikkelsen.
-!
-! Original C code: Copyright Eric A. Young.
-!
-! This code can be freely used by LibDES/SSLeay/OpenSSL users.
-!
-! The LibDES/SSLeay/OpenSSL copyright notices must be respected.
-!
-! This version can be redistributed.
+! Licensed under the OpenSSL license (the "License"). You may not use
+! this file except in compliance with the License. You can obtain a copy
+! in the file LICENSE in the source distribution or at
+! https://www.openssl.org/source/license.html
!
! To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S
!
diff --git a/crypto/ia64cpuid.S b/crypto/ia64cpuid.S
index f942648..ffd6d6c 100644
--- a/crypto/ia64cpuid.S
+++ b/crypto/ia64cpuid.S
@@ -1,3 +1,9 @@
+// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License"). You may not use
+// this file except in compliance with the License. You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
// Works on all IA-64 platforms: Linux, HP-UX, Win64i...
// On Win64i compile with ias.exe.
.text
diff --git a/crypto/md5/asm/md5-ia64.S b/crypto/md5/asm/md5-ia64.S
index e7de08d..c20467b 100644
--- a/crypto/md5/asm/md5-ia64.S
+++ b/crypto/md5/asm/md5-ia64.S
@@ -1,3 +1,13 @@
+/*
+ *
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
Permission is hereby granted, free of charge, to any person obtaining
diff --git a/crypto/s390xcpuid.S b/crypto/s390xcpuid.S
index df7b35a..61ef0eb 100644
--- a/crypto/s390xcpuid.S
+++ b/crypto/s390xcpuid.S
@@ -1,4 +1,10 @@
.text
+// Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License"). You may not use
+// this file except in compliance with the License. You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
.globl OPENSSL_s390x_facilities
.type OPENSSL_s390x_facilities,@function
diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S
index f48d860..4c394fa 100644
--- a/crypto/sparccpuid.S
+++ b/crypto/sparccpuid.S
@@ -1,3 +1,10 @@
+! Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+!
+! Licensed under the OpenSSL license (the "License"). You may not use
+! this file except in compliance with the License. You can obtain a copy
+! in the file LICENSE in the source distribution or at
+! https://www.openssl.org/source/license.html
+
#ifdef OPENSSL_FIPSCANISTER
#include <openssl/fipssyms.h>
#endif
diff --git a/engines/vendor_defns/hwcryptohook.h b/engines/vendor_defns/hwcryptohook.h
index 2bafffe..c3dcd56 100644
--- a/engines/vendor_defns/hwcryptohook.h
+++ b/engines/vendor_defns/hwcryptohook.h
@@ -1,3 +1,12 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
/*-
* ModExp / RSA (with/without KM) plugin API
*
@@ -64,8 +73,6 @@
* library files; if you received the library files without a licence,
* please contact nCipher.
*
- *
- * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
*/
#ifndef HWCRYPTOHOOK_H
diff --git a/fuzz/helper.py b/fuzz/helper.py
index 75a9e12..f5f9d77 100755
--- a/fuzz/helper.py
+++ b/fuzz/helper.py
@@ -1,4 +1,11 @@
#!/usr/bin/python
+#
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
"""Fuzzing helper, creates and uses corpus/crash directories.
diff --git a/ms/applink.c b/ms/applink.c
index 8328723..238dbff 100644
--- a/ms/applink.c
+++ b/ms/applink.c
@@ -1,3 +1,12 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
#define APPLINK_STDIN 1
#define APPLINK_STDOUT 2
#define APPLINK_STDERR 3
diff --git a/ms/uplink.c b/ms/uplink.c
index 6a5091b..7f7abfb 100644
--- a/ms/uplink.c
+++ b/ms/uplink.c
@@ -1,3 +1,12 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
#if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
# define UNICODE
#endif
diff --git a/ms/uplink.h b/ms/uplink.h
index 4881ba7..f6cd038 100644
--- a/ms/uplink.h
+++ b/ms/uplink.h
@@ -1,3 +1,12 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
#define APPMACROS_ONLY
#include "applink.c"
diff --git a/test/danetest.in b/test/danetest.in
index 7db0400..485c986 100644
--- a/test/danetest.in
+++ b/test/danetest.in
@@ -1,4 +1,12 @@
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
# Blank and comment lines ignored.
+#
# The first line in each block takes the form:
#
# <TLSA-count> <cert-count> <desired-verify-result> <desired-match-depth>
diff --git a/test/evptests.txt b/test/evptests.txt
index fb94416..93199b9 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -1,3 +1,12 @@
+#!/bin/sh
+#
+# Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
#aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt)
#digest:::input:output
diff --git a/test/recipes/80-test_cipherlist.t b/test/recipes/80-test_cipherlist.t
index af9ac33..98d537e 100644
--- a/test/recipes/80-test_cipherlist.t
+++ b/test/recipes/80-test_cipherlist.t
@@ -1,4 +1,12 @@
#! /usr/bin/perl
+#
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
use strict;
use warnings;
diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
index f01f664..89963ec 100644
--- a/test/smime-certs/mksmime-certs.sh
+++ b/test/smime-certs/mksmime-certs.sh
@@ -1,4 +1,11 @@
#!/bin/sh
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
# Utility to recreate S/MIME certificates
diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in
index a152f66..e3a6330 100644
--- a/test/ssl-tests/01-simple.conf.in
+++ b/test/ssl-tests/01-simple.conf.in
@@ -1,4 +1,11 @@
# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
## SSL test configurations
diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.conf.in
index 99b1dc0..22e1f36 100644
--- a/test/ssl-tests/02-protocol-version.conf.in
+++ b/test/ssl-tests/02-protocol-version.conf.in
@@ -1,4 +1,11 @@
# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
## Test version negotiation
diff --git a/test/ssl-tests/03-custom_verify.conf.in b/test/ssl-tests/03-custom_verify.conf.in
index e2f9dc7..1cd4273 100644
--- a/test/ssl-tests/03-custom_verify.conf.in
+++ b/test/ssl-tests/03-custom_verify.conf.in
@@ -1,4 +1,11 @@
# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
## SSL test configurations
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
index dc66a9d..a23a8f3 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -1,6 +1,12 @@
#!{- $config{perl} -}
# {- join("\n# ", @autowarntext) -}
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
# Perl c_rehash script, scan all files in a directory
# and add symbolic links to their hash values.
diff --git a/util/openssl-format-source b/util/openssl-format-source
index 7258836..36ea432 100755
--- a/util/openssl-format-source
+++ b/util/openssl-format-source
@@ -1,5 +1,13 @@
#!/bin/sh
#
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
# openssl-format-source
# - format source tree according to OpenSSL coding style using indent
#
Rich Salz
Jun 1, 2016, 11:30:43 AM6/1/16
to
The branch master has been updated
via b8a9af68819f1cc51155cdeabe8bbf8242e8b3ee (commit)
from 44c8a5e2b9af8909844cc002c53049311634b314 (commit)
- Log -----------------------------------------------------------------
commit b8a9af68819f1cc51155cdeabe8bbf8242e8b3ee
Author: Rich Salz <rs...@openssl.org>
Date: Fri May 20 16:16:07 2016 -0400
Remove/rename some old files.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/bf/COPYRIGHT | 46 -------
crypto/bf/INSTALL | 14 --
crypto/bf/VERSION | 6 -
crypto/bf/bfs.cpp | 67 ---------
crypto/cast/casts.cpp | 70 ----------
crypto/des/COPYRIGHT | 50 -------
crypto/des/asm/readme | 131 ------------------
crypto/dh/example | 50 -------
crypto/dh/generate | 65 ---------
crypto/dsa/fips186a.txt | 122 -----------------
crypto/dso/README | 22 ---
crypto/idea/version | 12 --
crypto/md4/md4s.cpp | 78 -----------
crypto/md5/md5s.cpp | 78 -----------
crypto/objects/{objects.README => README} | 0
crypto/pem/message | 16 ---
crypto/pem/pkcs7.lis | 22 ---
crypto/perlasm/{readme => README} | 0
crypto/rc2/rrc2.doc | 219 ------------------------------
crypto/rc2/version | 22 ---
crypto/rc5/rc5s.cpp | 70 ----------
crypto/sha/asm/README | 1 -
engines/capierr.bat | 1 -
test/test_aesni | 68 ----------
test/test_padlock | 64 ---------
test/test_t4 | 70 ----------
test/times | 113 ---------------
tools/c_hash | 9 --
tools/c_info | 12 --
tools/c_issuer | 10 --
tools/c_name | 10 --
tools/primes.py | 21 ---
util/domd.in | 26 ----
util/install.sh | 108 ---------------
util/toutf8.sh | 17 ---
36 files changed, 1 insertion(+), 1693 deletions(-)
delete mode 100644 crypto/bf/COPYRIGHT
delete mode 100644 crypto/bf/INSTALL
delete mode 100644 crypto/bf/VERSION
delete mode 100644 crypto/bf/bfs.cpp
delete mode 100644 crypto/cast/casts.cpp
delete mode 100644 crypto/des/COPYRIGHT
delete mode 100644 crypto/des/asm/readme
delete mode 100644 crypto/dh/example
delete mode 100644 crypto/dh/generate
delete mode 100644 crypto/dsa/fips186a.txt
delete mode 100644 crypto/dso/README
delete mode 100644 crypto/idea/version
delete mode 100644 crypto/md4/md4s.cpp
delete mode 100644 crypto/md5/md5s.cpp
rename crypto/objects/{objects.README => README} (100%)
delete mode 100644 crypto/pem/message
delete mode 100644 crypto/pem/pkcs7.lis
rename crypto/perlasm/{readme => README} (100%)
delete mode 100644 crypto/rc2/rrc2.doc
delete mode 100644 crypto/rc2/version
delete mode 100644 crypto/rc5/rc5s.cpp
delete mode 100644 crypto/sha/asm/README
delete mode 100644 engines/capierr.bat
delete mode 100755 test/test_aesni
delete mode 100755 test/test_padlock
delete mode 100755 test/test_t4
delete mode 100644 test/times
delete mode 100644 tools/c_hash
delete mode 100644 tools/c_info
delete mode 100644 tools/c_issuer
delete mode 100644 tools/c_name
delete mode 100644 tools/primes.py
delete mode 100755 util/domd.in
delete mode 100755 util/install.sh
delete mode 100644 util/toutf8.sh
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index e20b632..7cdad23 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -93,9 +93,7 @@ GENERATED={- join(" ",
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
-MISC_SCRIPTS=$(SRCDIR)/tools/c_hash $(SRCDIR)/tools/c_info \
- $(SRCDIR)/tools/c_issuer $(SRCDIR)/tools/c_name \
- $(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
+MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
{- output_on() if $disabled{apps}; "" -}
SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
diff --git a/crypto/bf/COPYRIGHT b/crypto/bf/COPYRIGHT
deleted file mode 100644
index 6857223..0000000
--- a/crypto/bf/COPYRIGHT
+++ /dev/null
@@ -1,46 +0,0 @@
-Copyright (C) 1995-1997 Eric Young (e...@cryptsoft.com)
-All rights reserved.
-
-This package is an Blowfish implementation written
-by Eric Young (e...@cryptsoft.com).
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to. The following conditions
-apply to all code found in this distribution.
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
- notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by Eric Young (e...@cryptsoft.com)
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The license and distribution terms for any publically available version or
-derivative of this code cannot be changed. i.e. this code cannot simply be
-copied and put under another distrubution license
-[including the GNU Public License.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
diff --git a/crypto/bf/INSTALL b/crypto/bf/INSTALL
deleted file mode 100644
index 3b25923..0000000
--- a/crypto/bf/INSTALL
+++ /dev/null
@@ -1,14 +0,0 @@
-This Eric Young's blowfish implementation, taken from his SSLeay library
-and made available as a separate library.
-
-The version number (0.7.2m) is the SSLeay version that this library was
-taken from.
-
-To build, just unpack and type make.
-If you are not using gcc, edit the Makefile.
-If you are compiling for an x86 box, try the assembler (it needs improving).
-There are also some compile time options that can improve performance,
-these are documented in the Makefile.
-
-eric 15-Apr-1997
-
diff --git a/crypto/bf/VERSION b/crypto/bf/VERSION
deleted file mode 100644
index be99585..0000000
--- a/crypto/bf/VERSION
+++ /dev/null
@@ -1,6 +0,0 @@
-The version numbers will follow my SSL implementation
-
-0.7.2r - Some reasonable default compiler options from
- Peter Gutman <pgu...@cs.auckland.ac.nz>
-
-0.7.2m - the first release
diff --git a/crypto/bf/bfs.cpp b/crypto/bf/bfs.cpp
deleted file mode 100644
index d74c457..0000000
--- a/crypto/bf/bfs.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (ja...@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/blowfish.h>
-
-void main(int argc,char *argv[])
- {
- BF_KEY key;
- unsigned long s1,s2,e1,e2;
- unsigned long data[2];
- int i,j;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<1000; i++) /**/
- {
- BF_encrypt(&data[0],&key);
- GetTSC(s1);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- GetTSC(e1);
- GetTSC(s2);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- GetTSC(e2);
- BF_encrypt(&data[0],&key);
- }
-
- printf("blowfish %d %d (%d)\n",
- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
- }
- }
-
diff --git a/crypto/cast/casts.cpp b/crypto/cast/casts.cpp
deleted file mode 100644
index 8d7bd46..0000000
--- a/crypto/cast/casts.cpp
+++ /dev/null
@@ -1,70 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (ja...@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/cast.h>
-
-void main(int argc,char *argv[])
- {
- CAST_KEY key;
- unsigned long s1,s2,e1,e2;
- unsigned long data[2];
- int i,j;
- static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
-
- CAST_set_key(&key, 16,d);
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<1000; i++) /**/
- {
- CAST_encrypt(&data[0],&key);
- GetTSC(s1);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- GetTSC(e1);
- GetTSC(s2);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- GetTSC(e2);
- CAST_encrypt(&data[0],&key);
- }
-
- printf("cast %d %d (%d)\n",
- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
- }
- }
-
diff --git a/crypto/des/COPYRIGHT b/crypto/des/COPYRIGHT
deleted file mode 100644
index 5469e1e..0000000
--- a/crypto/des/COPYRIGHT
+++ /dev/null
@@ -1,50 +0,0 @@
-Copyright (C) 1995-1997 Eric Young (e...@cryptsoft.com)
-All rights reserved.
-
-This package is an DES implementation written by Eric Young (e...@cryptsoft.com).
-The implementation was written so as to conform with MIT's libdes.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to. The following conditions
-apply to all code found in this distribution.
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of that the SSL library. This can be in the form of a textual
-message at program startup or in documentation (online or textual) provided
-with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
- notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by Eric Young (e...@cryptsoft.com)
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The license and distribution terms for any publically available version or
-derivative of this code cannot be changed. i.e. this code cannot simply be
-copied and put under another distrubution license
-[including the GNU Public License.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme
deleted file mode 100644
index 1beafe2..0000000
--- a/crypto/des/asm/readme
+++ /dev/null
@@ -1,131 +0,0 @@
-First up, let me say I don't like writing in assembler. It is not portable,
-dependant on the particular CPU architecture release and is generally a pig
-to debug and get right. Having said that, the x86 architecture is probably
-the most important for speed due to number of boxes and since
-it appears to be the worst architecture to to get
-good C compilers for. So due to this, I have lowered myself to do
-assembler for the inner DES routines in libdes :-).
-
-The file to implement in assembler is des_enc.c. Replace the following
-4 functions
-des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
-des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
-des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
-des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
-
-They encrypt/decrypt the 64 bits held in 'data' using
-the 'ks' key schedules. The only difference between the 4 functions is that
-des_encrypt2() does not perform IP() or FP() on the data (this is an
-optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
-perform triple des. The triple DES routines are in here because it does
-make a big difference to have them located near the des_encrypt2 function
-at link time..
-
-Now as we all know, there are lots of different operating systems running on
-x86 boxes, and unfortunately they normally try to make sure their assembler
-formating is not the same as the other peoples.
-The 4 main formats I know of are
-Microsoft Windows 95/Windows NT
-Elf Includes Linux and FreeBSD(?).
-a.out The older Linux.
-Solaris Same as Elf but different comments :-(.
-
-Now I was not overly keen to write 4 different copies of the same code,
-so I wrote a few perl routines to output the correct assembler, given
-a target assembler type. This code is ugly and is just a hack.
-The libraries are x86unix.pl and x86ms.pl.
-des586.pl, des686.pl and des-som[23].pl are the programs to actually
-generate the assembler.
-
-So to generate elf assembler
-perl des-som3.pl elf >dx86-elf.s
-For Windows 95/NT
-perl des-som2.pl win32 >win32.asm
-
-[ update 4 Jan 1996 ]
-I have added another way to do things.
-perl des-som3.pl cpp >dx86-cpp.s
-generates a file that will be included by dx86unix.cpp when it is compiled.
-To build for elf, a.out, solaris, bsdi etc,
-cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
-cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
-cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
-cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
-This was done to cut down the number of files in the distribution.
-
-Now the ugly part. I acquired my copy of Intels
-"Optimization's For Intel's 32-Bit Processors" and found a few interesting
-things. First, the aim of the exersize is to 'extract' one byte at a time
-from a word and do an array lookup. This involves getting the byte from
-the 4 locations in the word and moving it to a new word and doing the lookup.
-The most obvious way to do this is
-xor eax, eax # clear word
-movb al, cl # get low byte
-xor edi DWORD PTR 0x100+des_SP[eax] # xor in word
-movb al, ch # get next byte
-xor edi DWORD PTR 0x300+des_SP[eax] # xor in word
-shr ecx 16
-which seems ok. For the pentium, this system appears to be the best.
-One has to do instruction interleaving to keep both functional units
-operating, but it is basically very efficient.
-
-Now the crunch. When a full register is used after a partial write, eg.
-mov al, cl
-xor edi, DWORD PTR 0x100+des_SP[eax]
-386 - 1 cycle stall
-486 - 1 cycle stall
-586 - 0 cycle stall
-686 - at least 7 cycle stall (page 22 of the above mentioned document).
-
-So the technique that produces the best results on a pentium, according to
-the documentation, will produce hideous results on a pentium pro.
-
-To get around this, des686.pl will generate code that is not as fast on
-a pentium, should be very good on a pentium pro.
-mov eax, ecx # copy word
-shr ecx, 8 # line up next byte
-and eax, 0fch # mask byte
-xor edi DWORD PTR 0x100+des_SP[eax] # xor in array lookup
-mov eax, ecx # get word
-shr ecx 8 # line up next byte
-and eax, 0fch # mask byte
-xor edi DWORD PTR 0x300+des_SP[eax] # xor in array lookup
-
-Due to the execution units in the pentium, this actually works quite well.
-For a pentium pro it should be very good. This is the type of output
-Visual C++ generates.
-
-There is a third option. instead of using
-mov al, ch
-which is bad on the pentium pro, one may be able to use
-movzx eax, ch
-which may not incur the partial write penalty. On the pentium,
-this instruction takes 4 cycles so is not worth using but on the
-pentium pro it appears it may be worth while. I need access to one to
-experiment :-).
-
-eric (20 Oct 1996)
-
-22 Nov 1996 - I have asked people to run the 2 different version on pentium
-pros and it appears that the intel documentation is wrong. The
-mov al,bh is still faster on a pentium pro, so just use the des586.pl
-install des686.pl
-
-3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
-functions into des_enc.c because it does make a massive performance
-difference on some boxes to have the functions code located close to
-the des_encrypt2() function.
-
-9 Jan 1997 - des-som2.pl is now the correct perl script to use for
-pentiums. It contains an inner loop from
-Svend Olaf Mikkelsen <svo...@inet.uni-c.dk> which does raw ecb DES calls at
-273,000 per second. He had a previous version at 250,000 and the best
-I was able to get was 203,000. The content has not changed, this is all
-due to instruction sequencing (and actual instructions choice) which is able
-to keep both functional units of the pentium going.
-We may have lost the ugly register usage restrictions when x86 went 32 bit
-but for the pentium it has been replaced by evil instruction ordering tricks.
-
-13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
-raw DES at 281,000 per second on a pentium 100.
-
diff --git a/crypto/dh/example b/crypto/dh/example
deleted file mode 100644
index 16a33d2..0000000
--- a/crypto/dh/example
+++ /dev/null
@@ -1,50 +0,0 @@
-From owner-cy...@toad.com Mon Sep 25 10:50:51 1995
-Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
- (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
-Received: by minbne.mincom.oz.au id AA19958
- (5.65c/IDA-1.4.4 for e...@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
-Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
- Wed, 27 Sep 1995 19:13:05 +1000
-Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
- Wed, 27 Sep 1995 04:48:46 -0400
-Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
-Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
-Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14])
- by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442
- for <cyphe...@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
-Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1)
- id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
-Date: Mon, 25 Sep 1995 17:50:51 -0700
-From: Phil Karn <ka...@qualcomm.com>
-Message-Id: <1995092600...@servo.qualcomm.com>
-To: cyphe...@toad.com, ipse...@eit.com
-Subject: Primality verification needed
-Sender: owner-cy...@toad.com
-Precedence: bulk
-Status: RO
-X-Status:
-
-Hi. I've generated a 2047-bit "strong" prime number that I would like to
-use with Diffie-Hellman key exchange. I assert that not only is this number
-'p' prime, but so is (p-1)/2.
-
-I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
-1.3.2 to test this number. This function uses the Miller-Rabin primality test.
-However, to increase my confidence that this number really is a strong prime,
-I'd like to ask others to confirm it with other tests. Here's the number in hex:
-
-72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
-fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
-a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
-fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
-3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
-ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
-56a05180c3bec7ddd5ef6fe76b1f717b
-
-The generator, g, for this prime is 2.
-
-Thanks!
-
-Phil Karn
-
-
diff --git a/crypto/dh/generate b/crypto/dh/generate
deleted file mode 100644
index 5d40723..0000000
--- a/crypto/dh/generate
+++ /dev/null
@@ -1,65 +0,0 @@
-From: stew...@ix.netcom.com (Bill Stewart)
-Newsgroups: sci.crypt
-Subject: Re: Diffie-Hellman key exchange
-Date: Wed, 11 Oct 1995 23:08:28 GMT
-Organization: Freelance Information Architect
-Lines: 32
-Message-ID: <45hir2$7...@ixnews7.ix.netcom.com>
-References: <458rhn$76m$1...@mhadf.production.compuserve.com>
-NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
-X-NETCOM-Date: Wed Oct 11 4:09:22 PM PDT 1995
-X-Newsreader: Forte Free Agent 1.0.82
-
-Kent Briggs <72124...@CompuServe.COM> wrote:
-
->I have a copy of the 1976 IEEE article describing the
->Diffie-Hellman public key exchange algorithm: y=a^x mod q. I'm
->looking for sources that give examples of secure a,q pairs and
->possible some source code that I could examine.
-
-q should be prime, and ideally should be a "strong prime",
-which means it's of the form 2n+1 where n is also prime.
-q also needs to be long enough to prevent the attacks LaMacchia and
-Odlyzko described (some variant on a factoring attack which generates
-a large pile of simultaneous equations and then solves them);
-long enough is about the same size as factoring, so 512 bits may not
-be secure enough for most applications. (The 192 bits used by
-"secure NFS" was certainly not long enough.)
-
-a should be a generator for q, which means it needs to be
-relatively prime to q-1. Usually a small prime like 2, 3 or 5 will
-work.
-
-....
-
-Date: Tue, 26 Sep 1995 13:52:36 MST
-From: "Richard Schroeppel" <r...@cs.arizona.edu>
-To: karn
-Cc: h...@cs.arizona.edu
-Subject: random large primes
-
-Since your prime is really random, proving it is hard.
-My personal limit on rigorously proved primes is ~350 digits.
-If you really want a proof, we should talk to Francois Morain,
-or the Australian group.
-
-If you want 2 to be a generator (mod P), then you need it
-to be a non-square. If (P-1)/2 is also prime, then
-non-square == primitive-root for bases << P.
-
-In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
-If you want this, you should restrict your sieve accordingly.
-
-3 is a generator iff P = 5 (mod 12).
-
-5 is a generator iff P = 3 or 7 (mod 10).
-
-2 is perfectly usable as a base even if it's a non-generator, since
-it still covers half the space of possible residues. And an
-eavesdropper can always determine the low-bit of your exponent for
-a generator anyway.
-
-Rich r...@cs.arizona.edu
-
-
-
diff --git a/crypto/dsa/fips186a.txt b/crypto/dsa/fips186a.txt
deleted file mode 100644
index 974f255..0000000
--- a/crypto/dsa/fips186a.txt
+++ /dev/null
@@ -1,122 +0,0 @@
-The original FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
-examples. This is an updated version that uses SHA-1 (FIPS 180-1)
-supplied to me by Wei Dai
---
- APPENDIX 5. EXAMPLE OF THE DSA
-
-
-This appendix is for informational purposes only and is not required to meet
-the standard.
-
-Let L = 512 (size of p). The values in this example are expressed in
-hexadecimal notation. The p and q given here were generated by the prime
-generation standard described in appendix 2 using the 160-bit SEED:
-
- d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
-
-With this SEED, the algorithm found p and q when the counter was at 105.
-
-x was generated by the algorithm described in appendix 3, section 3.1, using
-the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
-
-XSEED =
-
- bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
-
-t =
- 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
-
-x = G(t,XSEED) mod q
-
-k was generated by the algorithm described in appendix 3, section 3.2, using
-the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
-
-KSEED =
-
- 687a66d9 0648f993 867e121f 4ddf9ddb 01205584
-
-t =
- EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
-
-k = G(t,KSEED) mod q
-
-Finally:
-
-h = 2
-
-p =
- 8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
- cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
- 49693dfb f83724c2 ec0736ee 31c80291
-
-
-q =
- c773218c 737ec8ee 993b4f2d ed30f48e dace915f
-
-
-g =
- 626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
- 3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
- c42e9f6f 464b088c c572af53 e6d78802
-
-
-x =
- 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
-
-
-k =
- 358dad57 1462710f 50e254cf 1a376b2b deaadfbf
-
-
-kinv =
-
- 0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
-
-M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
-
-SHA(M) =
-
- a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
-
-
-y =
-
- 19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85
- 9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
- 858fba33 f44c0669 9630a76b 030ee333
-
-
-r =
- 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
-
-s =
- 41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
-
-
-w =
- 9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
-
-
-u1 =
- bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
-
-
-u2 =
- 821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
-
-
-gu1 mod p =
-
- 51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
- 9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
- 6f96662a 1987a21b e4ec1071 010b6069
-
-
-yu2 mod p =
-
- 8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
- 5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67
- c19441f4 22bf3c34 08aeba1f 0a4dbec7
-
-v =
- 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
diff --git a/crypto/dso/README b/crypto/dso/README
deleted file mode 100644
index d0bc9a8..0000000
--- a/crypto/dso/README
+++ /dev/null
@@ -1,22 +0,0 @@
-NOTES
------
-
-I've checked out HPUX (well, version 11 at least) and shl_t is
-a pointer type so it's safe to use in the way it has been in
-dso_dl.c. On the other hand, HPUX11 support dlfcn too and
-according to their man page, prefer developers to move to that.
-I'll leave Richard's changes there as I guess dso_dl is needed
-for HPUX10.20.
-
-There is now a callback scheme in place where filename conversion can
-(a) be turned off altogether through the use of the
- DSO_FLAG_NO_NAME_TRANSLATION flag,
-(b) be handled by default using the default DSO_METHOD's converter
-(c) overriden per-DSO by setting the override callback
-(d) a mix of (b) and (c) - eg. implement an override callback that;
- (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
- and if so, convert "blah" into "blah32.dll" (the default is
- otherwise to make it "blah.dll").
- (ii) default to the normal behaviour - we're not on win32, eg.
- finish with (return dso->meth->dso_name_converter(dso,NULL)).
-
diff --git a/crypto/idea/version b/crypto/idea/version
deleted file mode 100644
index 3f22293..0000000
--- a/crypto/idea/version
+++ /dev/null
@@ -1,12 +0,0 @@
-1.1 07/12/95 - eay
- Many thanks to Rhys Weatherley <rwea...@us.oracle.com>
- for pointing out that I was assuming little endian byte
- order for all quantities what idea actually used
- bigendian. No where in the spec does it mention
- this, it is all in terms of 16 bit numbers and even the example
- does not use byte streams for the input example :-(.
- If you byte swap each pair of input, keys and iv, the functions
- would produce the output as the old version :-(.
-
-1.0 ??/??/95 - eay
- First version.
diff --git a/crypto/md4/md4s.cpp b/crypto/md4/md4s.cpp
deleted file mode 100644
index c0ec97f..0000000
--- a/crypto/md4/md4s.cpp
+++ /dev/null
@@ -1,78 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (ja...@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md4.h>
-
-extern "C" {
-void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
-}
-
-void main(int argc,char *argv[])
- {
- unsigned char buffer[64*256];
- MD4_CTX ctx;
- unsigned long s1,s2,e1,e2;
- unsigned char k[16];
- unsigned long data[2];
- unsigned char iv[8];
- int i,num=0,numm;
- int j=0;
-
- if (argc >= 2)
- num=atoi(argv[1]);
-
- if (num == 0) num=16;
- if (num > 250) num=16;
- numm=num+2;
- num*=64;
- numm*=64;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<10; i++) /**/
- {
- md4_block_x86(&ctx,buffer,numm);
- GetTSC(s1);
- md4_block_x86(&ctx,buffer,numm);
- GetTSC(e1);
- GetTSC(s2);
- md4_block_x86(&ctx,buffer,num);
- GetTSC(e2);
- md4_block_x86(&ctx,buffer,num);
- }
- printf("md4 (%d bytes) %d %d (%.2f)\n",num,
- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
- }
- }
-
diff --git a/crypto/md5/md5s.cpp b/crypto/md5/md5s.cpp
deleted file mode 100644
index dd343fd..0000000
--- a/crypto/md5/md5s.cpp
+++ /dev/null
@@ -1,78 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (ja...@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md5.h>
-
-extern "C" {
-void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
-}
-
-void main(int argc,char *argv[])
- {
- unsigned char buffer[64*256];
- MD5_CTX ctx;
- unsigned long s1,s2,e1,e2;
- unsigned char k[16];
- unsigned long data[2];
- unsigned char iv[8];
- int i,num=0,numm;
- int j=0;
-
- if (argc >= 2)
- num=atoi(argv[1]);
-
- if (num == 0) num=16;
- if (num > 250) num=16;
- numm=num+2;
- num*=64;
- numm*=64;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<10; i++) /**/
- {
- md5_block_x86(&ctx,buffer,numm);
- GetTSC(s1);
- md5_block_x86(&ctx,buffer,numm);
- GetTSC(e1);
- GetTSC(s2);
- md5_block_x86(&ctx,buffer,num);
- GetTSC(e2);
- md5_block_x86(&ctx,buffer,num);
- }
- printf("md5 (%d bytes) %d %d (%.2f)\n",num,
- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
- }
- }
-
diff --git a/crypto/objects/objects.README b/crypto/objects/README
similarity index 100%
rename from crypto/objects/objects.README
rename to crypto/objects/README
diff --git a/crypto/pem/message b/crypto/pem/message
deleted file mode 100644
index e8bf9d7..0000000
--- a/crypto/pem/message
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PRIVACY-ENHANCED MESSAGE-----
-Proc-Type: 4,ENCRYPTED
-Proc-Type: 4,MIC-ONLY
-Proc-Type: 4,MIC-CLEAR
-Content-Domain: RFC822
-DEK-Info: DES-CBC,0123456789abcdef
-Originator-Certificate
- xxxx
-Issuer-Certificate
- xxxx
-MIC-Info: RSA-MD5,RSA,
- xxxx
-
-
------END PRIVACY-ENHANCED MESSAGE-----
-
diff --git a/crypto/pem/pkcs7.lis b/crypto/pem/pkcs7.lis
deleted file mode 100644
index be90c5d..0000000
--- a/crypto/pem/pkcs7.lis
+++ /dev/null
@@ -1,22 +0,0 @@
-21 0:d=0 hl=2 l= 0 cons: univ: SEQUENCE
- 00 2:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
- 21 13:d=0 hl=2 l= 0 cons: cont: 00 # explicit tag
- 21 15:d=0 hl=2 l= 0 cons: univ: SEQUENCE
- 00 17:d=0 hl=2 l= 1 prim: univ: INTEGER # version
- 20 20:d=0 hl=2 l= 0 cons: univ: SET
- 21 22:d=0 hl=2 l= 0 cons: univ: SEQUENCE
- 00 24:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
- 00 35:d=0 hl=2 l= 0 prim: univ: EOC
- 21 37:d=0 hl=2 l= 0 cons: cont: 00 # cert tag
- 20 39:d=0 hl=4 l=545 cons: univ: SEQUENCE
- 20 588:d=0 hl=4 l=524 cons: univ: SEQUENCE
- 00 1116:d=0 hl=2 l= 0 prim: univ: EOC
- 21 1118:d=0 hl=2 l= 0 cons: cont: 01 # crl tag
- 20 1120:d=0 hl=4 l=653 cons: univ: SEQUENCE
- 20 1777:d=0 hl=4 l=285 cons: univ: SEQUENCE
- 00 2066:d=0 hl=2 l= 0 prim: univ: EOC
- 21 2068:d=0 hl=2 l= 0 cons: univ: SET # signers
- 00 2070:d=0 hl=2 l= 0 prim: univ: EOC
- 00 2072:d=0 hl=2 l= 0 prim: univ: EOC
- 00 2074:d=0 hl=2 l= 0 prim: univ: EOC
-00 2076:d=0 hl=2 l= 0 prim: univ: EOC
diff --git a/crypto/perlasm/readme b/crypto/perlasm/README
similarity index 100%
rename from crypto/perlasm/readme
rename to crypto/perlasm/README
diff --git a/crypto/rc2/rrc2.doc b/crypto/rc2/rrc2.doc
deleted file mode 100644
index f93ee00..0000000
--- a/crypto/rc2/rrc2.doc
+++ /dev/null
@@ -1,219 +0,0 @@
->From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
-Article 23601 of sci.crypt:
-Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
->From: pgu...@cs.auckland.ac.nz (Peter Gutmann)
-Newsgroups: sci.crypt
-Subject: Specification for Ron Rivests Cipher No.2
-Date: 11 Feb 1996 06:45:03 GMT
-Organization: University of Auckland
-Lines: 203
-Sender: pgu...@cs.auckland.ac.nz (Peter Gutmann)
-Message-ID: <4fk39f$f...@net.auckland.ac.nz>
-NNTP-Posting-Host: cs26.cs.auckland.ac.nz
-X-Newsreader: NN version 6.5.0 #3 (NOV)
-
-
-
-
- Ron Rivest's Cipher No.2
- ------------------------
-
-Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
-refer to it by other names) is word oriented, operating on a block of 64 bits
-divided into four 16-bit words, with a key table of 64 words. All data units
-are little-endian. This functional description of the algorithm is based in
-the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
-the same general layout, terminology, and pseudocode style.
-
-
-Notation and RRC.2 Primitive Operations
-
-RRC.2 uses the following primitive operations:
-
-1. Two's-complement addition of words, denoted by "+". The inverse operation,
- subtraction, is denoted by "-".
-2. Bitwise exclusive OR, denoted by "^".
-3. Bitwise AND, denoted by "&".
-4. Bitwise NOT, denoted by "~".
-5. A left-rotation of words; the rotation of word x left by y is denoted
- x <<< y. The inverse operation, right-rotation, is denoted x >>> y.
-
-These operations are directly and efficiently supported by most processors.
-
-
-The RRC.2 Algorithm
-
-RRC.2 consists of three components, a *key expansion* algorithm, an
-*encryption* algorithm, and a *decryption* algorithm.
-
-
-Key Expansion
-
-The purpose of the key-expansion routine is to expand the user's key K to fill
-the expanded key array S, so S resembles an array of random binary words
-determined by the user's secret key K.
-
-Initialising the S-box
-
-RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
-Beale Cipher No.1 XOR'd with a one-time pad. The Beale Ciphers predate modern
-cryptography by enough time that there should be no concerns about trapdoors
-hidden in the data. They have been published widely, and the S-box can be
-easily recreated from the one-time pad values and the Beale Cipher data taken
-from a standard source. To initialise the S-box:
-
- for i = 0 to 255 do
- sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
-
-The contents of Beale Cipher No.1 and the necessary one-time pad are given as
-an appendix at the end of this document. For efficiency, implementors may wish
-to skip the Beale Cipher expansion and store the sBox table directly.
-
-Expanding the Secret Key to 128 Bytes
-
-The secret key is first expanded to fill 128 bytes (64 words). The expansion
-consists of taking the sum of the first and last bytes in the user key, looking
-up the sum (modulo 256) in the S-box, and appending the result to the key. The
-operation is repeated with the second byte and new last byte of the key until
-all 128 bytes have been generated. Note that the following pseudocode treats
-the S array as an array of 128 bytes rather than 64 words.
-
- for j = 0 to length-1 do
- S[ j ] = K[ j ]
- for j = length to 127 do
- s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
-
-At this point it is possible to perform a truncation of the effective key
-length to ease the creation of espionage-enabled software products. However
-since the author cannot conceive why anyone would want to do this, it will not
-be considered further.
-
-The final phase of the key expansion involves replacing the first byte of S
-with the entry selected from the S-box:
-
- S[ 0 ] = sBox[ S[ 0 ] ]
-
-
-Encryption
-
-The cipher has 16 full rounds, each divided into 4 subrounds. Two of the full
-rounds perform an additional transformation on the data. Note that the
-following pseudocode treats the S array as an array of 64 words rather than 128
-bytes.
-
- for i = 0 to 15 do
- j = i * 4;
- word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
- word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
- word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
- word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
-
-In addition the fifth and eleventh rounds add the contents of the S-box indexed
-by one of the data words to another of the data words following the four
-subrounds as follows:
-
- word0 = word0 + S[ word3 & 63 ];
- word1 = word1 + S[ word0 & 63 ];
- word2 = word2 + S[ word1 & 63 ];
- word3 = word3 + S[ word2 & 63 ];
-
-
-Decryption
-
-The decryption operation is simply the inverse of the encryption operation.
-Note that the following pseudocode treats the S array as an array of 64 words
-rather than 128 bytes.
-
- for i = 15 downto 0 do
- j = i * 4;
- word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
- word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
- word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
- word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
-
-In addition the fifth and eleventh rounds subtract the contents of the S-box
-indexed by one of the data words from another one of the data words following
-the four subrounds as follows:
-
- word3 = word3 - S[ word2 & 63 ]
- word2 = word2 - S[ word1 & 63 ]
- word1 = word1 - S[ word0 & 63 ]
- word0 = word0 - S[ word3 & 63 ]
-
-
-Test Vectors
-
-The following test vectors may be used to test the correctness of an RRC.2
-implementation:
-
- Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- Cipher: 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
-
- Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
- Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- Cipher: 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
-
- Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- Plain: 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
- Cipher: 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
-
- Key: 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- Cipher: 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
-
-
-Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
- Creating the S-Box
-
-Beale Cipher No.1.
-
- 71, 194, 38,1701, 89, 76, 11, 83,1629, 48, 94, 63, 132, 16, 111, 95,
- 84, 341, 975, 14, 40, 64, 27, 81, 139, 213, 63, 90,1120, 8, 15, 3,
- 126,2018, 40, 74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
- 124, 211, 486, 225, 401, 370, 11, 101, 305, 139, 189, 17, 33, 88, 208, 193,
- 145, 1, 94, 73, 416, 918, 263, 28, 500, 538, 356, 117, 136, 219, 27, 176,
- 130, 10, 460, 25, 485, 18, 436, 65, 84, 200, 283, 118, 320, 138, 36, 416,
- 280, 15, 71, 224, 961, 44, 16, 401, 39, 88, 61, 304, 12, 21, 24, 283,
- 134, 92, 63, 246, 486, 682, 7, 219, 184, 360, 780, 18, 64, 463, 474, 131,
- 160, 79, 73, 440, 95, 18, 64, 581, 34, 69, 128, 367, 460, 17, 81, 12,
- 103, 820, 62, 110, 97, 103, 862, 70, 60,1317, 471, 540, 208, 121, 890, 346,
- 36, 150, 59, 568, 614, 13, 120, 63, 219, 812,2160,1780, 99, 35, 18, 21,
- 136, 872, 15, 28, 170, 88, 4, 30, 44, 112, 18, 147, 436, 195, 320, 37,
- 122, 113, 6, 140, 8, 120, 305, 42, 58, 461, 44, 106, 301, 13, 408, 680,
- 93, 86, 116, 530, 82, 568, 9, 102, 38, 416, 89, 71, 216, 728, 965, 818,
- 2, 38, 121, 195, 14, 326, 148, 234, 18, 55, 131, 234, 361, 824, 5, 81,
- 623, 48, 961, 19, 26, 33, 10,1101, 365, 92, 88, 181, 275, 346, 201, 206
-
-One-time Pad.
-
- 158, 186, 223, 97, 64, 145, 190, 190, 117, 217, 163, 70, 206, 176, 183, 194,
- 146, 43, 248, 141, 3, 54, 72, 223, 233, 153, 91, 210, 36, 131, 244, 161,
- 105, 120, 113, 191, 113, 86, 19, 245, 213, 221, 43, 27, 242, 157, 73, 213,
- 193, 92, 166, 10, 23, 197, 112, 110, 193, 30, 156, 51, 125, 51, 158, 67,
- 197, 215, 59, 218, 110, 246, 181, 0, 135, 76, 164, 97, 47, 87, 234, 108,
- 144, 127, 6, 6, 222, 172, 80, 144, 22, 245, 207, 70, 227, 182, 146, 134,
- 119, 176, 73, 58, 135, 69, 23, 198, 0, 170, 32, 171, 176, 129, 91, 24,
- 126, 77, 248, 0, 118, 69, 57, 60, 190, 171, 217, 61, 136, 169, 196, 84,
- 168, 167, 163, 102, 223, 64, 174, 178, 166, 239, 242, 195, 249, 92, 59, 38,
- 241, 46, 236, 31, 59, 114, 23, 50, 119, 186, 7, 66, 212, 97, 222, 182,
- 230, 118, 122, 86, 105, 92, 179, 243, 255, 189, 223, 164, 194, 215, 98, 44,
- 17, 20, 53, 153, 137, 224, 176, 100, 208, 114, 36, 200, 145, 150, 215, 20,
- 87, 44, 252, 20, 235, 242, 163, 132, 63, 18, 5, 122, 74, 97, 34, 97,
- 142, 86, 146, 221, 179, 166, 161, 74, 69, 182, 88, 120, 128, 58, 76, 155,
- 15, 30, 77, 216, 165, 117, 107, 90, 169, 127, 143, 181, 208, 137, 200, 127,
- 170, 195, 26, 84, 255, 132, 150, 58, 103, 250, 120, 221, 237, 37, 8, 99
-
-
-Implementation
-
-A non-US based programmer who has never seen any encryption code before will
-shortly be implementing RRC.2 based solely on this specification and not on
-knowledge of any other encryption algorithms. Stand by.
-
-
-
diff --git a/crypto/rc2/version b/crypto/rc2/version
deleted file mode 100644
index 9db8954..0000000
--- a/crypto/rc2/version
+++ /dev/null
@@ -1,22 +0,0 @@
-1.1 23/08/96 - eay
- Changed RC2_set_key() so it now takes another argument. Many
- thanks to Peter Gutmann <pgu...@cs.auckland.ac.nz> for the
- clarification and original specification of RC2. BSAFE uses
- this last parameter, 'bits'. It the key is 128 bits, BSAFE
- also sets this parameter to 128. The old behaviour can be
- duplicated by setting this parameter to 1024.
-
-1.0 08/04/96 - eay
- First version of SSLeay with rc2. This has been written from the spec
- posted sci.crypt. It is in this directory under rrc2.doc
- I have no test values for any mode other than ecb, my wrappers for the
- other modes should be ok since they are basically the same as
- the ones taken from idea and des :-). I have implemented them as
- little-endian operators.
- While rc2 is included because it is used with SSL, I don't know how
- far I trust it. It is about the same speed as IDEA and DES.
- So if you are paranoid, used Tripple DES, else IDEA. If RC2
- does get used more, perhaps more people will look for weaknesses in
- it.
-
-
diff --git a/crypto/rc5/rc5s.cpp b/crypto/rc5/rc5s.cpp
deleted file mode 100644
index 1c5518b..0000000
--- a/crypto/rc5/rc5s.cpp
+++ /dev/null
@@ -1,70 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (ja...@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/rc5.h>
-
-void main(int argc,char *argv[])
- {
- RC5_32_KEY key;
- unsigned long s1,s2,e1,e2;
- unsigned long data[2];
- int i,j;
- static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
-
- RC5_32_set_key(&key, 16,d,12);
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<1000; i++) /**/
- {
- RC5_32_encrypt(&data[0],&key);
- GetTSC(s1);
- RC5_32_encrypt(&data[0],&key);
- RC5_32_encrypt(&data[0],&key);
- RC5_32_encrypt(&data[0],&key);
- GetTSC(e1);
- GetTSC(s2);
- RC5_32_encrypt(&data[0],&key);
- RC5_32_encrypt(&data[0],&key);
- RC5_32_encrypt(&data[0],&key);
- RC5_32_encrypt(&data[0],&key);
- GetTSC(e2);
- RC5_32_encrypt(&data[0],&key);
- }
-
- printf("cast %d %d (%d)\n",
- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
- }
- }
-
diff --git a/crypto/sha/asm/README b/crypto/sha/asm/README
deleted file mode 100644
index b7e7557..0000000
--- a/crypto/sha/asm/README
+++ /dev/null
@@ -1 +0,0 @@
-C2.pl works
diff --git a/engines/capierr.bat b/engines/capierr.bat
deleted file mode 100644
index 274ffac..0000000
--- a/engines/capierr.bat
+++ /dev/null
@@ -1 +0,0 @@
-perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c
diff --git a/test/test_aesni b/test/test_aesni
deleted file mode 100755
index 3929c75..0000000
--- a/test/test_aesni
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/sh
-
-PROG=$1
-
-if [ -x $PROG ]; then
- if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
- :
- else
- echo "$PROG is not OpenSSL executable"
- exit 1
- fi
-else
- echo "$PROG is not executable"
- exit 1;
-fi
-
-if [ 1 ]; then
-
- HASH=`cat $PROG | $PROG dgst -hex`
-
- AES_ALGS=" aes-128-ctr aes-128-ecb aes-128-cbc aes-128-cfb aes-128-ofb \
- aes-192-ctr aes-192-ecb aes-192-cbc aes-192-cfb aes-192-ofb \
- aes-256-ctr aes-256-ecb aes-256-cbc aes-256-cfb aes-256-ofb"
- BUFSIZE="16 32 48 64 80 96 128 144 999"
-
- nerr=0
-
- for alg in $AES_ALGS; do
- echo $alg
- for bufsize in $BUFSIZE; do
- TEST=`( cat $PROG | \
- $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
- env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -d -k "$HASH" -$alg | \
- $PROG dgst -hex ) 2>/dev/null`
- if [ "$TEST" != "$HASH" ]; then
- echo "-$alg/$bufsize encrypt test failed"
- nerr=`expr $nerr + 1`
- fi
- done
- for bufsize in $BUFSIZE; do
- TEST=`( cat $PROG | \
- env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -e -k "$HASH" -$alg | \
- $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
- $PROG dgst -hex ) 2>/dev/null`
- if [ "$TEST" != "$HASH" ]; then
- echo "-$alg/$bufsize decrypt test failed"
- nerr=`expr $nerr + 1`
- fi
- done
- TEST=`( cat $PROG | \
- $PROG enc -e -k "$HASH" -$alg | \
- $PROG enc -d -k "$HASH" -$alg | \
- $PROG dgst -hex ) 2>/dev/null`
- if [ "$TEST" != "$HASH" ]; then
- echo "-$alg en/decrypt test failed"
- nerr=`expr $nerr + 1`
- fi
- done
-
- if [ $nerr -gt 0 ]; then
- echo "AESNI engine test failed."
- exit 1;
- fi
-else
- echo "AESNI engine is not available"
-fi
-
-exit 0
diff --git a/test/test_padlock b/test/test_padlock
deleted file mode 100755
index 5c0f210..0000000
--- a/test/test_padlock
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/sh
-
-PROG=$1
-
-if [ -x $PROG ]; then
- if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
- :
- else
- echo "$PROG is not OpenSSL executable"
- exit 1
- fi
-else
- echo "$PROG is not executable"
- exit 1;
-fi
-
-if $PROG engine padlock | grep -v no-ACE; then
-
- HASH=`cat $PROG | $PROG dgst -hex`
-
- ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
- aes-128-cbc aes-192-cbc aes-256-cbc \
- aes-128-cfb aes-192-cfb aes-256-cfb \
- aes-128-ofb aes-192-ofb aes-256-ofb"
-
- nerr=0
-
- for alg in $ACE_ALGS; do
- echo $alg
- TEST=`( cat $PROG | \
- $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
- $PROG enc -d -k "$HASH" -$alg | \
- $PROG dgst -hex ) 2>/dev/null`
- if [ "$TEST" != "$HASH" ]; then
- echo "-$alg encrypt test failed"
- nerr=`expr $nerr + 1`
- fi
- TEST=`( cat $PROG | \
- $PROG enc -e -k "$HASH" -$alg | \
- $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
- $PROG dgst -hex ) 2>/dev/null`
- if [ "$TEST" != "$HASH" ]; then
- echo "-$alg decrypt test failed"
- nerr=`expr $nerr + 1`
- fi
- TEST=`( cat $PROG | \
- $PROG enc -e -k "$HASH" -$alg -engine padlock | \
- $PROG enc -d -k "$HASH" -$alg -engine padlock | \
- $PROG dgst -hex ) 2>/dev/null`
- if [ "$TEST" != "$HASH" ]; then
- echo "-$alg en/decrypt test failed"
- nerr=`expr $nerr + 1`
- fi
- done
-
- if [ $nerr -gt 0 ]; then
- echo "PadLock ACE test failed."
- exit 1;
- fi
-else
- echo "PadLock ACE is not available"
-fi
-
-exit 0
diff --git a/test/test_t4 b/test/test_t4
deleted file mode 100755
index 5cecb56..0000000
--- a/test/test_t4
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/sh
-
-PROG=$1
-
-if [ -x $PROG ]; then
- if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
- :
- else
- echo "$PROG is not OpenSSL executable"
- exit 1
- fi
-else
- echo "$PROG is not executable"
- exit 1;
-fi
-
-if [ 1 ]; then
-
- HASH=`cat $PROG | $PROG dgst -hex`
-
- AES_ALGS=" des-cbc des-ede-cbc des-ede3-cbc \
- camellia-128-cbc camellia-128-cfb \
- camellia-192-cbc camellia-192-cfb \
- camellia-256-cbc camellia-256-cfb \
- aes-128-ctr aes-128-cbc aes-128-cfb aes-128-ofb \
- aes-192-ctr aes-192-cbc aes-192-cfb aes-192-ofb \
- aes-256-ctr aes-256-cbc aes-256-cfb aes-256-ofb"
- BUFSIZE="16 32 48 999"
-
- nerr=0
-
- for alg in $AES_ALGS; do
- echo $alg
- for bufsize in $BUFSIZE; do
- TEST=`( cat $PROG | \
- $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
- env OPENSSL_sparcv9cap=0 $PROG enc -d -k "$HASH" -$alg | \
- $PROG dgst -hex ) 2>/dev/null`
- if [ "$TEST" != "$HASH" ]; then
- echo "-$alg/$bufsize encrypt test failed"
- nerr=`expr $nerr + 1`
- fi
- done
- for bufsize in $BUFSIZE; do
- TEST=`( cat $PROG | \
- env OPENSSL_sparcv9cap=0 $PROG enc -e -k "$HASH" -$alg | \
- $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
- $PROG dgst -hex ) 2>/dev/null`
- if [ "$TEST" != "$HASH" ]; then
- echo "-$alg/$bufsize decrypt test failed"
- nerr=`expr $nerr + 1`
- fi
- done
- TEST=`( cat $PROG | \
- $PROG enc -e -k "$HASH" -$alg | \
- $PROG enc -d -k "$HASH" -$alg | \
- $PROG dgst -hex ) 2>/dev/null`
- if [ "$TEST" != "$HASH" ]; then
- echo "-$alg en/decrypt test failed"
- nerr=`expr $nerr + 1`
- fi
- done
-
- if [ $nerr -gt 0 ]; then
- echo "SPARC T4 test failed."
- exit 1
- fi
-fi
-
-exit 0
diff --git a/test/times b/test/times
deleted file mode 100644
index 6b66eb3..0000000
--- a/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
-
-More number for the questions about SSL overheads....
-
-The following numbers were generated on a Pentium pro 200, running Linux.
-They give an indication of the SSL protocol and encryption overheads.
-
-The program that generated them is an unreleased version of ssl/ssltest.c
-which is the SSLeay ssl protocol testing program. It is a single process that
-talks both sides of the SSL protocol via a non-blocking memory buffer
-interface.
-
-How do I read this? The protocol and cipher are reasonable obvious.
-The next number is the number of connections being made. The next is the
-number of bytes exchanged between the client and server side of the protocol.
-This is the number of bytes that the client sends to the server, and then
-the server sends back. Because this is all happening in one process,
-the data is being encrypted, decrypted, encrypted and then decrypted again.
-It is a round trip of that many bytes. Because the one process performs
-both the client and server sides of the protocol and it sends this many bytes
-each direction, multiply this number by 4 to generate the number
-of bytes encrypted/decrypted/MACed. The first time value is how many seconds
-elapsed doing a full SSL handshake, the second is the cost of one
-full handshake and the rest being session-id reuse.
-
-SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
-SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
-SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
-SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
-SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
-SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
-SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
-
-SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
-SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
-SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
-SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
-SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
-SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
-
-SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
-SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
-SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
-SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
-SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
-SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
-SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
-
-SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
-SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
-SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
-SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
-SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
-SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
-SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
-
-What does this all mean? Well for a server, with no session-id reuse, with
-a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
-a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
-about 49 connections a second. Reality will be quite different :-).
-
-Remember the first number is 1000 full ssl handshakes, the second is
-1 full and 999 with session-id reuse. The RSA overheads for each exchange
-would be one public and one private operation, but the protocol/MAC/cipher
-cost would be quite similar in both the client and server.
-
-eric (adding numbers to speculation)
-
---- Appendix ---
-- The time measured is user time but these number a very rough.
-- Remember this is the cost of both client and server sides of the protocol.
-- The TCP/kernel overhead of connection establishment is normally the
- killer in SSL. Often delays in the TCP protocol will make session-id
- reuse look slower that new sessions, but this would not be the case on
- a loaded server.
-- The TCP round trip latencies, while slowing individual connections,
- would have minimal impact on throughput.
-- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
-- the required number of bytes are processed.
-- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
-- A 512bit server key was being used except where noted.
-- No server key verification was being performed on the client side of the
- protocol. This would slow things down very little.
-- The library being used is SSLeay 0.8.x.
-- The normal measuring system was commands of the form
- time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
- This modified version of ssltest should be in the next public release of
- SSLeay.
-
-The general cipher performance number for this platform are
-
-SSLeay 0.8.2a 04-Sep-1997
-built on Fri Sep 5 17:37:05 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 131.02k 368.41k 500.57k 549.21k 566.09k
-mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
-md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
-sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
-sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
-rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
-des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
-des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
-idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
-rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
-blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
- sign verify
-rsa 512 bits 0.0100s 0.0011s
-rsa 1024 bits 0.0451s 0.0012s
-rsa 2048 bits 0.2605s 0.0086s
-rsa 4096 bits 1.6883s 0.0302s
-
diff --git a/tools/c_hash b/tools/c_hash
deleted file mode 100644
index 5e0a908..0000000
--- a/tools/c_hash
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-# print out the hash values
-#
-
-for i in $*
-do
- h=`openssl x509 -hash -noout -in $i`
- echo "$h.0 => $i"
-done
diff --git a/tools/c_info b/tools/c_info
deleted file mode 100644
index 0e1e633..0000000
--- a/tools/c_info
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-# print the subject
-#
-
-for i in $*
-do
- n=`openssl x509 -subject -issuer -enddate -noout -in $i`
- echo "$i"
- echo "$n"
- echo "--------"
-done
diff --git a/tools/c_issuer b/tools/c_issuer
deleted file mode 100644
index 55821ab..0000000
--- a/tools/c_issuer
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-#
-# print out the issuer
-#
-
-for i in $*
-do
- n=`openssl x509 -issuer -noout -in $i`
- echo "$i $n"
-done
diff --git a/tools/c_name b/tools/c_name
deleted file mode 100644
index 28800c0..0000000
--- a/tools/c_name
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-#
-# print the subject
-#
-
-for i in $*
-do
- n=`openssl x509 -subject -noout -in $i`
- echo "$i $n"
-done
diff --git a/tools/primes.py b/tools/primes.py
deleted file mode 100644
index 61de99f..0000000
--- a/tools/primes.py
+++ /dev/null
@@ -1,21 +0,0 @@
-primes = [2, 3, 5, 7, 11]
-safe = False # Not sure if the period's right on safe primes.
-
-muliplier = 1 if not safe else 2
-for p in primes:
- muliplier *= p
-
-offsets = []
-for x in range(3, muliplier + 3, 2):
- prime = True
- for p in primes:
- if not x % p or (safe and not ((x - 1) / 2) % p):
- prime = False
- break
-
- if prime:
- offsets.append(x)
-
-print(offsets)
-print(len(offsets))
-print(muliplier)
diff --git a/util/domd.in b/util/domd.in
deleted file mode 100755
index 1569c35..0000000
--- a/util/domd.in
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh
-## Wrapper to portably run makedepend or equivalent compiler built-in.
-## Runs on Makefile.in, generates Makefile
-## {- join("\n## ", @autowarntext) -}
-
-{- "MAKEDEPEND=" . quotify1($config{makedepprog}) -}
-
-case "${MAKEDEPEND}" in
-cat)
- ;;
-makedepend)
- ${MAKEDEPEND} $@ || exit 1
- ;;
-*)
- args="-Werror -MM"
- while [ $# -gt 0 ]; do
- if [ "$1" != '--' ] ; then
- args="$args $1"
- fi
- shift
- done
- sed -e '/DO NOT DELETE THIS LINE/q' Makefile >Makefile.tmp
- ${MAKEDEPEND} $args >>Makefile.tmp || exit 1
- mv Makefile.tmp Makefile
- ;;
-esac
diff --git a/util/install.sh b/util/install.sh
deleted file mode 100755
index e1d0c98..0000000
--- a/util/install.sh
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/bin/sh
-#
-# install - install a program, script, or datafile
-# This comes from X11R5; it is not part of GNU.
-#
-# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.
-#
-
-
-# set DOITPROG to echo to test this script
-
-doit="${DOITPROG:-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG:-mv}"
-cpprog="${CPPROG:-cp}"
-chmodprog="${CHMODPROG:-chmod}"
-chownprog="${CHOWNPROG:-chown}"
-chgrpprog="${CHGRPPROG:-chgrp}"
-stripprog="${STRIPPROG:-strip}"
-rmprog="${RMPROG:-rm}"
-
-instcmd="$mvprog"
-chmodcmd=""
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-src=""
-dst=""
-
-while [ x"$1" != x ]; do
- case $1 in
- -c) instcmd="$cpprog"
- shift
- continue;;
-
- -m) chmodcmd="$chmodprog $2"
- shift
- shift
- continue;;
-
- -o) chowncmd="$chownprog $2"
- shift
- shift
- continue;;
-
- -g) chgrpcmd="$chgrpprog $2"
- shift
- shift
- continue;;
-
- -s) stripcmd="$stripprog"
- shift
- continue;;
-
- *) if [ x"$src" = x ]
- then
- src=$1
- else
- dst=$1
- fi
- shift
- continue;;
- esac
-done
-
-if [ x"$src" = x ]
-then
- echo "install: no input file specified"
- exit 1
-fi
-
-if [ x"$dst" = x ]
-then
- echo "install: no destination specified"
- exit 1
-fi
-
-
-# if destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-if [ -d $dst ]
-then
- dst="$dst"/`basename $src`
-fi
-
-
-# get rid of the old one and mode the new one in
-
-$doit $rmcmd $dst
-$doit $instcmd $src $dst
-
-
-# and set any options; do chmod last to preserve setuid bits
-
-if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
-if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
-if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
-if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
-
-exit 0
diff --git a/util/toutf8.sh b/util/toutf8.sh
deleted file mode 100644
index 8a4254b..0000000
--- a/util/toutf8.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#! /bin/sh
-#
-# Very simple script to detect and convert files that we want to re-encode to UTF8
-
-git ls-tree -r --name-only HEAD | \
- while read F; do
- charset=`file -bi "$F" | sed -e 's|.*charset=||'`
- if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then
- iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \
- ( cmp -s "$F" "$F.utf8" || \
- ( echo "$F"
- mv "$F" "$F.iso-8859-1"
- mv "$F.utf8" "$F"
- )
- )
- fi
- done
Rich Salz
Jun 1, 2016, 11:35:06 AM6/1/16
to
The branch master has been updated
via ff3bb913cfe47104293138a17014d3bde9db5e32 (commit)
via 0634424f7c65d76e342eee4e3359f48d3fe2fa9a (commit)
from b8a9af68819f1cc51155cdeabe8bbf8242e8b3ee (commit)
- Log -----------------------------------------------------------------
commit ff3bb913cfe47104293138a17014d3bde9db5e32
Author: Rich Salz <rs...@openssl.org>
Date: Tue May 31 12:20:08 2016 -0400
Fix nits in crypto.pod,ssl.pod
After this merge, the only things left (from doc-nit-check) is
74 pages without a "RETURN VALUES" section.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 0634424f7c65d76e342eee4e3359f48d3fe2fa9a
Author: Rich Salz <rs...@openssl.org>
Date: Wed May 25 14:29:57 2016 -0400
Fix various doc nits.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
doc/apps/errstr.pod | 4 ++
doc/apps/ocsp.pod | 9 +++-
doc/apps/openssl.pod | 17 ++++++-
doc/apps/sess_id.pod | 2 +
doc/apps/verify.pod | 126 +++++++++++++++++++++++++-------------------------
doc/crypto/crypto.pod | 12 +++--
doc/ssl/ssl.pod | 8 ++++
8 files changed, 109 insertions(+), 71 deletions(-)
diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
index cd7eda3..8dfac01 100644
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -61,7 +61,7 @@ and their status.
The options descriptions will be divided into each purpose.
-=head1 CA OPTIONS
+=head1 COMMAND OPTIONS
=over 4
diff --git a/doc/apps/errstr.pod b/doc/apps/errstr.pod
index 5c6ecd3..5ec7b2e 100644
--- a/doc/apps/errstr.pod
+++ b/doc/apps/errstr.pod
@@ -15,6 +15,10 @@ numerical forms will be available. The B<errstr> utility can be used to
display the meaning of the hex code. The hex code is the hex digits after the
second colon.
+=head1 COMMAND OPTIONS
+
+None.
+
=head1 EXAMPLE
The error code:
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 50fb4fa..75273a9 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -95,7 +95,12 @@ The B<ocsp> command performs many common OCSP tasks. It can be used
to print out requests and responses, create requests and send queries
to an OCSP responder and behave like a mini OCSP server itself.
-=head1 OCSP CLIENT OPTIONS
+=head1 COMMAND OPTIONS
+
+This command operates as either a client or a server.
+The options are described below, divided into those two modes.
+
+=head2 OCSP Client Options
=over 4
@@ -288,7 +293,7 @@ digest used by subsequent certificate identifiers.
=back
-=head1 OCSP SERVER OPTIONS
+=head2 OCSP Server Options
=over 4
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
index b63754b..bc260e9 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -350,7 +350,22 @@ RC5 Cipher
=back
-=head1 PASS PHRASE ARGUMENTS
+=head1 COMMAND OPTIONS
+
+Details of which options are available depend on the specific command.
+This section desribes some common options with common behavior.
+
+=head2 Common Options
+
+=over 10
+
+=item B<-help>
+
+Provides a terse summary of all options.
+
+=back
+
+=head2 Pass Phrase Options
Several commands accept password arguments, typically using B<-passin>
and B<-passout> for input and output passwords respectively. These allow
diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod
index b3b77b7..b098528 100644
--- a/doc/apps/sess_id.pod
+++ b/doc/apps/sess_id.pod
@@ -24,6 +24,8 @@ master key) in human readable format. Since this is a diagnostic tool that
needs some knowledge of the SSL protocol to use properly, most users will
not need to use it.
+=head1 COMMAND OPTIONS
+
=over 4
=item B<-help>
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index 5d3467e..2abc70e 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -395,147 +395,147 @@ as "unused".
=over 4
-=item B<0 X509_V_OK: ok>
+=item B<X509_V_OK>
-the operation was successful.
+The operation was successful.
-=item B<1 X509_V_ERR_UNSPECIFIED: unspecified certificate verification error>
+=item B<X509_V_ERR_UNSPECIFIED>
-unspecified error, should not happen.
+Unspecified error; should not happen.
-=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT>
-the issuer certificate of a looked up certificate could not be found. This
+The issuer certificate of a looked up certificate could not be found. This
normally means the list of trusted certificates is not complete.
-=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
+=item B<X509_V_ERR_UNABLE_TO_GET_CRL>
-the CRL of a certificate could not be found.
+The CRL of a certificate could not be found.
-=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE>
-the certificate signature could not be decrypted. This means that the actual signature value
+The certificate signature could not be decrypted. This means that the actual signature value
could not be determined rather than it not matching the expected value, this is only
meaningful for RSA keys.
-=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE>
-the CRL signature could not be decrypted: this means that the actual signature value
+The CRL signature could not be decrypted: this means that the actual signature value
could not be determined rather than it not matching the expected value. Unused.
-=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
+=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY>
-the public key in the certificate SubjectPublicKeyInfo could not be read.
+The public key in the certificate SubjectPublicKeyInfo could not be read.
-=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
+=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE>
-the signature of the certificate is invalid.
+The signature of the certificate is invalid.
-=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
+=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE>
-the signature of the certificate is invalid.
+The signature of the certificate is invalid.
-=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
+=item B<X509_V_ERR_CERT_NOT_YET_VALID>
-the certificate is not yet valid: the notBefore date is after the current time.
+The certificate is not yet valid: the notBefore date is after the current time.
-=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
+=item B<X509_V_ERR_CERT_HAS_EXPIRED>
-the certificate has expired: that is the notAfter date is before the current time.
+The certificate has expired: that is the notAfter date is before the current time.
-=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+=item B<X509_V_ERR_CRL_NOT_YET_VALID>
-the CRL is not yet valid.
+The CRL is not yet valid.
-=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+=item B<X509_V_ERR_CRL_HAS_EXPIRED>
-the CRL has expired.
+The CRL has expired.
-=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD>
-the certificate notBefore field contains an invalid time.
+The certificate notBefore field contains an invalid time.
-=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD>
-the certificate notAfter field contains an invalid time.
+The certificate notAfter field contains an invalid time.
-=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
+=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD>
-the CRL lastUpdate field contains an invalid time.
+The CRL lastUpdate field contains an invalid time.
-=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
+=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD>
-the CRL nextUpdate field contains an invalid time.
+The CRL nextUpdate field contains an invalid time.
-=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
+=item B<X509_V_ERR_OUT_OF_MEM>
-an error occurred trying to allocate memory. This should never happen.
+An error occurred trying to allocate memory. This should never happen.
-=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
+=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT>
-the passed certificate is self signed and the same certificate cannot be found in the list of
+The passed certificate is self signed and the same certificate cannot be found in the list of
trusted certificates.
-=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
+=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN>
-the certificate chain could be built up using the untrusted certificates but the root could not
+The certificate chain could be built up using the untrusted certificates but the root could not
be found locally.
-=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY>
-the issuer certificate could not be found: this occurs if the issuer
+The issuer certificate could not be found: this occurs if the issuer
certificate of an untrusted certificate cannot be found.
-=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
+=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE>
-no signatures could be verified because the chain contains only one certificate and it is not
+No signatures could be verified because the chain contains only one certificate and it is not
self signed.
-=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
+=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG>
-the certificate chain length is greater than the supplied maximum depth. Unused.
+The certificate chain length is greater than the supplied maximum depth. Unused.
-=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
+=item B<X509_V_ERR_CERT_REVOKED>
-the certificate has been revoked.
+The certificate has been revoked.
-=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
+=item B<X509_V_ERR_INVALID_CA>
-a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
+A CA certificate is invalid. Either it is not a CA or its extensions are not consistent
with the supplied purpose.
-=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
+=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED>
-the basicConstraints pathlength parameter has been exceeded.
+The basicConstraints pathlength parameter has been exceeded.
-=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+=item B<X509_V_ERR_INVALID_PURPOSE>
-the supplied certificate cannot be used for the specified purpose.
+The supplied certificate cannot be used for the specified purpose.
-=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
+=item B<X509_V_ERR_CERT_UNTRUSTED>
the root CA is not marked as trusted for the specified purpose.
-=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
+=item B<X509_V_ERR_CERT_REJECTED>
-the root CA is marked to reject the specified purpose.
+The root CA is marked to reject the specified purpose.
-=item B<29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
+=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH>
-Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
+not used as of OpenSSL 1.1.0 as a result of the deprecation of the
B<-issuer_checks> option.
-=item B<30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
+=item B<X509_V_ERR_AKID_SKID_MISMATCH>
Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
B<-issuer_checks> option.
-=item B<31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
+=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH>
Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
B<-issuer_checks> option.
-=item B<32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN: key usage does not include certificate signing>
+=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN>
Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
B<-issuer_checks> option.
@@ -689,7 +689,7 @@ mishandled them.
Previous versions of this documentation swapped the meaning of the
B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and
-B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
+B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
=head1 SEE ALSO
diff --git a/doc/crypto/crypto.pod b/doc/crypto/crypto.pod
index 7870fb8..819cc89 100644
--- a/doc/crypto/crypto.pod
+++ b/doc/crypto/crypto.pod
@@ -4,6 +4,10 @@
crypto - OpenSSL cryptographic library
+=head1 SYNOPSIS
+
+See the individual manual pages for details.
+
=head1 DESCRIPTION
The OpenSSL B<crypto> library implements a wide range of cryptographic
@@ -12,8 +16,6 @@ by this library are used by the OpenSSL implementations of SSL, TLS
and S/MIME, and they have also been used to implement SSH, OpenPGP, and
other cryptographic standards.
-=head1 OVERVIEW
-
B<libcrypto> consists of a number of sub-libraries that implement the
individual algorithms.
@@ -22,8 +24,6 @@ cryptography and key agreement, certificate handling, cryptographic
hash functions, cryptographic pseudo-random number generator, and
various utilities.
-See the individual manual pages for details.
-
=head1 NOTES
Some of the newer functions follow a naming convention using the numbers
@@ -40,6 +40,10 @@ The B<1> function uses a copy of the supplied structure pointer
(or in some cases increases its link count) in the parent and
so both (B<x> and B<obj> above) should be freed up.
+=head1 RETURN VALUES
+
+See the individual manual pages for details.
+
=head1 SEE ALSO
L<openssl(1)>, L<ssl(3)>
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index ee14781..9a95019 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -4,6 +4,10 @@
SSL - OpenSSL SSL/TLS library
+=head1 SYNOPSIS
+
+See the individual manual pages for details.
+
=head1 DESCRIPTION
The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
@@ -718,6 +722,10 @@ Returns the current handshake state.
=back
+=head1 RETURN VALUES
+
+See the individual manual pages for details.
+
=head1 SEE ALSO
L<openssl(1)>, L<crypto(3)>,
Matt Caswell
Jun 1, 2016, 1:03:07 PM6/1/16
to
The branch master has been updated
via 723412d4d8c8466b1d90b8f348c2c8f24c692f59 (commit)
via 137e5555bd3d1dc4486619bc524502c55682a6f4 (commit)
via 423281001ce96d731361152f8f6c52a1fefc2660 (commit)
via 69e2bd32efb756b59cea75af22d869679c448e91 (commit)
via fe71bb3ad97ed01ccf92812891cc2bc3ef3dce76 (commit)
via 379a8ed1ffdbb0c8dbf89b2777b1b710f968db6e (commit)
via 6eb311eea6fca45495b3a48c396f5aa8e8f7e714 (commit)
via 97323d57cd6dbbd0c06383dea3cc1b90d11f2557 (commit)
via 1c422164d8343688b8356fcb26f6b7e06921433b (commit)
via a855d1a155dd88aaf136bdc1deb88e68558b94fd (commit)
via b0cb22b07c71c13412c633c816afb5afccdb84b7 (commit)
via 6e4ab54b93a161bed3d668315b13359b883caca4 (commit)
via 0e9eb1a57bd2e12eda7939f053240499f6169d74 (commit)
from ff3bb913cfe47104293138a17014d3bde9db5e32 (commit)
- Log -----------------------------------------------------------------
commit 723412d4d8c8466b1d90b8f348c2c8f24c692f59
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Apr 28 14:00:10 2016 +0100
Don't leak memory on set_reasons() error path
The set_reasons() function in v3_crld.c leaks a STACK_OF(CONF_VALUE)
object on an error path.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 137e5555bd3d1dc4486619bc524502c55682a6f4
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Apr 28 13:53:52 2016 +0100
Don't leak memory on int X509_PURPOSE_add() error path
The int X509_PURPOSE_add() function was leaking an X509_PURPOSE object
on error.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 423281001ce96d731361152f8f6c52a1fefc2660
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Apr 28 13:46:31 2016 +0100
Don't leak memory on X509_TRUST_add() error path
The X509_TRUST_add() function was leaking an X509_TRUST object on error.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 69e2bd32efb756b59cea75af22d869679c448e91
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 17:19:01 2016 +0100
Don't leak memory on ASN1_item_pack() error path
The ASN1_item_pack() function was leaking an ASN1_STRING object on error
paths.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit fe71bb3ad97ed01ccf92812891cc2bc3ef3dce76
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 16:59:49 2016 +0100
Don't leak memory on ASN1_GENERALIZEDTIME_adj() error path
The ASN1_GENERALIZEDTIME_adj() function leaks an ASN1_GENERALIZEDTIME
object on an error path.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 379a8ed1ffdbb0c8dbf89b2777b1b710f968db6e
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 16:50:14 2016 +0100
Don't leak memory in v2i_POLICY_MAPPINGS() on error path
The v2i_POLICY_MAPPINGS() function leaked ASN1_OBJECT pointers on error
paths.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 6eb311eea6fca45495b3a48c396f5aa8e8f7e714
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 16:41:43 2016 +0100
Don't leak memory from notice_section function on error path
The notice_section() function allocates a STACK_OF(CONF_VALUE) but
then fails to free it on an error path.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 97323d57cd6dbbd0c06383dea3cc1b90d11f2557
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 15:03:26 2016 +0100
Don't leak memory in v2i_AUTHORITY_KEYID
The v2i_AUTHORITY_KEYID() function can leak memory under an error
condition.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 1c422164d8343688b8356fcb26f6b7e06921433b
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 14:59:35 2016 +0100
Fix memory leak in crl2pkcs7 app
The crl2pkcs7 app leaks a stack of OPENSSL_STRINGs in error paths.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit a855d1a155dd88aaf136bdc1deb88e68558b94fd
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 14:54:58 2016 +0100
Free a temporary buffer used by dsaparam application
The dsaparam application allocates a temporary buffer but then doesn't
free it.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit b0cb22b07c71c13412c633c816afb5afccdb84b7
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 14:50:32 2016 +0100
Free buffer on error in a2i_ASN1_INTEGER()
The function a2i_ASN1_INTEGER() allocates a buffer |s| but then fails
to free it on error paths.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 6e4ab54b93a161bed3d668315b13359b883caca4
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 14:46:09 2016 +0100
Free memory on error in cms app
The make_receipt_request() function in the cms app can leak memory on
an error condition.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 0e9eb1a57bd2e12eda7939f053240499f6169d74
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Apr 27 14:38:44 2016 +0100
Free tempory data on error in ec_wNAF_mul()
The ec_wNAF_mul() function allocates some temporary storage that it
doesn't always free on an error condition.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/crl2p7.c | 3 +--
apps/dsaparam.c | 1 +
crypto/asn1/a_gentm.c | 35 +++++++++++++++++++++--------------
crypto/asn1/asn_pack.c | 21 ++++++++++++++-------
crypto/asn1/f_int.c | 1 +
crypto/ec/ec_mult.c | 2 ++
crypto/x509/x509_trs.c | 12 +++++++++---
crypto/x509v3/v3_akey.c | 4 ++++
crypto/x509v3/v3_cpols.c | 1 +
crypto/x509v3/v3_crld.c | 6 +++---
crypto/x509v3/v3_pmaps.c | 21 ++++++++++++---------
crypto/x509v3/v3_purp.c | 13 ++++++++++---
13 files changed, 81 insertions(+), 42 deletions(-)
diff --git a/apps/cms.c b/apps/cms.c
index 3a9b7af..ad771d2 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1240,7 +1240,7 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
*rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
*rr_from)
{
- STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
+ STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
CMS_ReceiptRequest *rr;
rct_to = make_names_stack(rr_to);
if (!rct_to)
@@ -1255,6 +1255,7 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
rct_to);
return rr;
err:
+ sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
return NULL;
}
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 73e6270..1631258 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -143,8 +143,6 @@ int crl2pkcs7_main(int argc, char **argv)
}
}
- sk_OPENSSL_STRING_free(certflst);
-
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
@@ -160,6 +158,7 @@ int crl2pkcs7_main(int argc, char **argv)
}
ret = 0;
end:
+ sk_OPENSSL_STRING_free(certflst);
BIO_free(in);
BIO_free_all(out);
PKCS7_free(p7);
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index c12bd70..cd2ca4c 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -244,6 +244,7 @@ int dsaparam_main(int argc, char **argv)
" return NULL;\n"
" }\n"
" return(dsa);\n}\n");
+ OPENSSL_free(data);
}
if (!noout) {
diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index 2f60d6c..8d43ee5 100644
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -172,41 +172,48 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
struct tm *ts;
struct tm data;
size_t len = 20;
+ ASN1_GENERALIZEDTIME *tmps = NULL;
if (s == NULL)
- s = ASN1_GENERALIZEDTIME_new();
- if (s == NULL)
- return (NULL);
+ tmps = ASN1_GENERALIZEDTIME_new();
+ else
+ tmps = s;
+ if (tmps == NULL)
+ return NULL;
ts = OPENSSL_gmtime(&t, &data);
if (ts == NULL)
- return (NULL);
+ goto err;
if (offset_day || offset_sec) {
if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
- return NULL;
+ goto err;
}
- p = (char *)s->data;
- if ((p == NULL) || ((size_t)s->length < len)) {
+ p = (char *)tmps->data;
+ if ((p == NULL) || ((size_t)tmps->length < len)) {
p = OPENSSL_malloc(len);
if (p == NULL) {
ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ goto err;
}
- OPENSSL_free(s->data);
- s->data = (unsigned char *)p;
+ OPENSSL_free(tmps->data);
+ tmps->data = (unsigned char *)p;
}
BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
ts->tm_sec);
- s->length = strlen(p);
- s->type = V_ASN1_GENERALIZEDTIME;
+ tmps->length = strlen(p);
+ tmps->type = V_ASN1_GENERALIZEDTIME;
#ifdef CHARSET_EBCDIC_not
- ebcdic2ascii(s->data, s->data, s->length);
+ ebcdic2ascii(tmps->data, tmps->data, tmps->length);
#endif
- return (s);
+ return tmps;
+ err:
+ if (s == NULL)
+ ASN1_GENERALIZEDTIME_free(tmps);
+ return NULL;
}
const char *_asn1_mon[12] = {
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
index 7c30202..1f5be53 100644
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -17,28 +17,35 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
{
ASN1_STRING *octmp;
- if (oct == NULL|| *oct== NULL) {
+ if (oct == NULL || *oct == NULL) {
if ((octmp = ASN1_STRING_new()) == NULL) {
ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
return NULL;
}
- if (oct)
- *oct = octmp;
- } else
+ } else {
octmp = *oct;
+ }
OPENSSL_free(octmp->data);
octmp->data = NULL;
if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
- return NULL;
+ goto err;
}
- if (!octmp->data) {
+ if (octmp->data == NULL) {
ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
+
+ if (oct != NULL && *oct == NULL)
+ *oct = octmp;
+
return octmp;
+ err:
+ if (oct == NULL || *oct == NULL)
+ ASN1_STRING_free(octmp);
+ return NULL;
}
/* Extract an ASN1 object from an ASN1_STRING */
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
index 15aece9..0f16ac0 100644
--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
@@ -148,6 +148,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
return 1;
err:
ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
+ OPENSSL_free(s);
return 0;
}
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 4215dc7..036cdde 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -312,6 +312,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
numblocks = (tmp_len + blocksize - 1) / blocksize;
if (numblocks > pre_comp->numblocks) {
ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+ OPENSSL_free(tmp_wNAF);
goto err;
}
totalnum = num + numblocks;
@@ -326,6 +327,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
wNAF_len[i] = blocksize;
if (tmp_len < blocksize) {
ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+ OPENSSL_free(tmp_wNAF);
goto err;
}
tmp_len -= blocksize;
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index db0024f..d736418 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -148,7 +148,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
/* dup supplied name */
if ((trtmp->name = OPENSSL_strdup(name)) == NULL) {
X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
/* Keep the dynamic flag of existing entry */
trtmp->flags &= X509_TRUST_DYNAMIC;
@@ -165,14 +165,20 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
if (trtable == NULL
&& (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;;
}
if (!sk_X509_TRUST_push(trtable, trtmp)) {
X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
}
return 1;
+ err:
+ if (idx == -1) {
+ OPENSSL_free(trtmp->name);
+ OPENSSL_free(trtmp);
+ }
+ return 0;
}
static void trtable_free(X509_TRUST *p)
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index a7d0b29..d9f7704 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -143,12 +143,16 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
}
akeyid->issuer = gens;
+ gen = NULL;
+ gens = NULL;
akeyid->serial = serial;
akeyid->keyid = ikeyid;
return akeyid;
err:
+ sk_GENERAL_NAME_free(gens);
+ GENERAL_NAME_free(gen);
X509_NAME_free(isname);
ASN1_INTEGER_free(serial);
ASN1_OCTET_STRING_free(ikeyid);
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index fe722b1..81d0d99 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -295,6 +295,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
if (!nos || !sk_CONF_VALUE_num(nos)) {
X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
X509V3_conf_err(cnf);
+ sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
goto err;
}
ret = nref_nos(nref->noticenos, nos);
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index 221eedf..c4c77f1 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -150,10 +150,10 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value)
const char *bnam;
int i, ret = 0;
rsk = X509V3_parse_list(value);
- if (!rsk)
- return 0;
- if (*preas)
+ if (rsk == NULL)
return 0;
+ if (*preas != NULL)
+ goto err;
for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
bnam = sk_CONF_VALUE_value(rsk, i)->name;
if (*preas == NULL) {
diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c
index 959b678..73f4ec2 100644
--- a/crypto/x509v3/v3_pmaps.c
+++ b/crypto/x509v3/v3_pmaps.c
@@ -64,9 +64,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
- POLICY_MAPPINGS *pmaps;
- POLICY_MAPPING *pmap;
- ASN1_OBJECT *obj1, *obj2;
+ POLICY_MAPPINGS *pmaps = NULL;
+ POLICY_MAPPING *pmap = NULL;
+ ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
CONF_VALUE *val;
int i;
@@ -78,30 +78,33 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
if (!val->value || !val->name) {
- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
X509V3_R_INVALID_OBJECT_IDENTIFIER);
X509V3_conf_err(val);
- return NULL;
+ goto err;
}
obj1 = OBJ_txt2obj(val->name, 0);
obj2 = OBJ_txt2obj(val->value, 0);
if (!obj1 || !obj2) {
- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
X509V3_R_INVALID_OBJECT_IDENTIFIER);
X509V3_conf_err(val);
- return NULL;
+ goto err;
}
pmap = POLICY_MAPPING_new();
if (pmap == NULL) {
- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
pmap->issuerDomainPolicy = obj1;
pmap->subjectDomainPolicy = obj2;
+ obj1 = obj2 = NULL;
sk_POLICY_MAPPING_push(pmaps, pmap);
}
return pmaps;
+ err:
+ ASN1_OBJECT_free(obj1);
+ ASN1_OBJECT_free(obj2);
+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+ return NULL;
}
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index b757d8e..b0d40ed 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -180,7 +180,7 @@ int X509_PURPOSE_add(int id, int trust, int flags,
ptmp->sname = OPENSSL_strdup(sname);
if (!ptmp->name || !ptmp->sname) {
X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
/* Keep the dynamic flag of existing entry */
ptmp->flags &= X509_PURPOSE_DYNAMIC;
@@ -197,14 +197,21 @@ int X509_PURPOSE_add(int id, int trust, int flags,
if (xptable == NULL
&& (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {
X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
}
return 1;
+ err:
+ if (idx == -1) {
+ OPENSSL_free(ptmp->name);
+ OPENSSL_free(ptmp->sname);
+ OPENSSL_free(ptmp);
+ }
+ return 0;
}
static void xptable_free(X509_PURPOSE *p)
Rich Salz
Jun 1, 2016, 1:08:22 PM6/1/16
to
The branch master has been updated
via ade82832cd4b9d990dfdcbfea82e8f2fdd65f45a (commit)
from 723412d4d8c8466b1d90b8f348c2c8f24c692f59 (commit)
- Log -----------------------------------------------------------------
commit ade82832cd4b9d990dfdcbfea82e8f2fdd65f45a
Author: Rich Salz <rs...@openssl.org>
Date: Wed Jun 1 11:49:36 2016 -0400
Remove NOEXIST entries
checkpoint before release.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
util/libssl.num | 1 -
2 files changed, 68 deletions(-)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 40d6e0d..8c659c5 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -18,7 +18,6 @@ PKCS12_it 16 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FU
i2d_ASN1_OCTET_STRING 17 1_1_0 EXIST::FUNCTION:
EC_KEY_set_private_key 18 1_1_0 EXIST::FUNCTION:EC
SRP_VBASE_get_by_user 19 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
-CONF_modules_free 20 1_1_0 NOEXIST::FUNCTION:
Camellia_cfb128_encrypt 21 1_1_0 EXIST::FUNCTION:CAMELLIA
DES_ncbc_encrypt 22 1_1_0 EXIST::FUNCTION:DES
TS_REQ_get_ext_count 23 1_1_0 EXIST::FUNCTION:TS
@@ -45,7 +44,6 @@ PKCS7_ISSUER_AND_SERIAL_it 43 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:V
PKCS7_ISSUER_AND_SERIAL_it 43 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EC_GROUP_method_of 44 1_1_0 EXIST::FUNCTION:EC
RSA_blinding_on 45 1_1_0 EXIST::FUNCTION:RSA
-CRYPTO_set_dynlock_lock_callback 46 1_1_0 NOEXIST::FUNCTION:
X509_get0_signature 47 1_1_0 EXIST::FUNCTION:
X509_REVOKED_get0_extensions 48 1_1_0 EXIST::FUNCTION:
NETSCAPE_SPKI_verify 49 1_1_0 EXIST::FUNCTION:
@@ -138,7 +136,6 @@ X509v3_add_ext 135 1_1_0 EXIST::FUNCTION:
X509v3_addr_subset 136 1_1_0 EXIST::FUNCTION:RFC3779
CRYPTO_strndup 137 1_1_0 EXIST::FUNCTION:
OCSP_REQ_CTX_free 138 1_1_0 EXIST::FUNCTION:OCSP
-DSO_METHOD_dlfcn 139 1_1_0 NOEXIST::FUNCTION:
X509_STORE_new 140 1_1_0 EXIST::FUNCTION:
ASN1_TYPE_free 141 1_1_0 EXIST::FUNCTION:
PKCS12_BAGS_new 142 1_1_0 EXIST::FUNCTION:
@@ -168,7 +165,6 @@ CT_POLICY_EVAL_CTX_free 165 1_1_0 EXIST::FUNCTION:CT
CMS_RecipientInfo_kari_get0_ctx 166 1_1_0 EXIST::FUNCTION:CMS
PKCS7_set_attributes 167 1_1_0 EXIST::FUNCTION:
d2i_POLICYQUALINFO 168 1_1_0 EXIST::FUNCTION:
-CRYPTO_add_lock 169 1_1_0 NOEXIST::FUNCTION:
EVP_MD_type 170 1_1_0 EXIST::FUNCTION:
EVP_PKCS82PKEY 171 1_1_0 EXIST::FUNCTION:
BN_generate_prime_ex 172 1_1_0 EXIST::FUNCTION:
@@ -258,7 +254,6 @@ ENGINE_register_all_ciphers 254 1_1_0 EXIST::FUNCTION:ENGINE
SXNET_new 255 1_1_0 EXIST::FUNCTION:
EVP_camellia_256_ctr 256 1_1_0 EXIST::FUNCTION:CAMELLIA
d2i_PKCS8_PRIV_KEY_INFO 257 1_1_0 EXIST::FUNCTION:
-OPENSSL_strncasecmp 258 1_1_0 NOEXIST::FUNCTION:
EVP_md2 259 1_1_0 EXIST::FUNCTION:MD2
RC2_ecb_encrypt 260 1_1_0 EXIST::FUNCTION:RC2
ENGINE_register_DH 261 1_1_0 EXIST::FUNCTION:ENGINE
@@ -354,7 +349,6 @@ ASN1_SEQUENCE_it 348 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:
ASN1_SEQUENCE_it 348 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
TS_RESP_CTX_get_tst_info 349 1_1_0 EXIST::FUNCTION:TS
RC4 350 1_1_0 EXIST::FUNCTION:RC4
-DSO_get_loaded_filename 351 1_1_0 NOEXIST::FUNCTION:
PKCS7_stream 352 1_1_0 EXIST::FUNCTION:
i2t_ASN1_OBJECT 353 1_1_0 EXIST::FUNCTION:
EC_GROUP_get0_generator 354 1_1_0 EXIST::FUNCTION:EC
@@ -390,7 +384,6 @@ X509_VERIFY_PARAM_get0_peername 382 1_1_0 EXIST::FUNCTION:
ASN1_PCTX_get_oid_flags 383 1_1_0 EXIST::FUNCTION:
CONF_free 384 1_1_0 EXIST::FUNCTION:
DSO_get_filename 385 1_1_0 EXIST::FUNCTION:
-CRYPTO_set_id_callback 386 1_1_0 NOEXIST::FUNCTION:
i2d_ASN1_SEQUENCE_ANY 387 1_1_0 EXIST::FUNCTION:
OPENSSL_strlcpy 388 1_1_0 EXIST::FUNCTION:
BIO_get_port 389 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
@@ -455,7 +448,6 @@ X509_get_default_private_dir 447 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_set0_dane 448 1_1_0 EXIST::FUNCTION:
EVP_des_ecb 449 1_1_0 EXIST::FUNCTION:DES
OCSP_resp_get0 450 1_1_0 EXIST::FUNCTION:OCSP
-CRYPTO_get_new_lockid 451 1_1_0 NOEXIST::FUNCTION:
RSA_X931_generate_key_ex 452 1_1_0 EXIST::FUNCTION:RSA
X509_get_serialNumber 453 1_1_0 EXIST::FUNCTION:
BIO_sock_should_retry 454 1_1_0 EXIST::FUNCTION:SOCK
@@ -476,7 +468,6 @@ DSO_set_filename 468 1_1_0 EXIST::FUNCTION:
DH_new 469 1_1_0 EXIST::FUNCTION:DH
OCSP_RESPID_free 470 1_1_0 EXIST::FUNCTION:OCSP
PKCS5_pbe2_set 471 1_1_0 EXIST::FUNCTION:
-CRYPTO_THREADID_get_callback 472 1_1_0 NOEXIST::FUNCTION:
SCT_set_signature_nid 473 1_1_0 EXIST::FUNCTION:CT
i2d_RSA_PUBKEY_fp 474 1_1_0 EXIST::FUNCTION:RSA,STDIO
PKCS12_BAGS_it 475 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -517,7 +508,6 @@ X509_TRUST_get_trust 506 1_1_0 EXIST::FUNCTION:
DES_string_to_key 507 1_1_0 EXIST::FUNCTION:DES
ERR_error_string 508 1_1_0 EXIST::FUNCTION:
BIO_new_connect 509 1_1_0 EXIST::FUNCTION:SOCK
-CRYPTO_get_lock_name 510 1_1_0 NOEXIST::FUNCTION:
DSA_new_method 511 1_1_0 EXIST::FUNCTION:DSA
OCSP_CERTID_new 512 1_1_0 EXIST::FUNCTION:OCSP
X509_CRL_get_signature_nid 513 1_1_0 EXIST::FUNCTION:
@@ -527,7 +517,6 @@ X509V3_add1_i2d 516 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_set_serial 517 1_1_0 EXIST::FUNCTION:TS
OCSP_RESPBYTES_new 518 1_1_0 EXIST::FUNCTION:OCSP
OCSP_SINGLERESP_delete_ext 519 1_1_0 EXIST::FUNCTION:OCSP
-CRYPTO_get_dynlock_lock_callback 520 1_1_0 NOEXIST::FUNCTION:
EVP_MD_CTX_test_flags 521 1_1_0 EXIST::FUNCTION:
X509v3_addr_validate_path 522 1_1_0 EXIST::FUNCTION:RFC3779
BIO_new_fp 523 1_1_0 EXIST::FUNCTION:STDIO
@@ -586,7 +575,6 @@ d2i_X509 574 1_1_0 EXIST::FUNCTION:
a2i_ASN1_STRING 575 1_1_0 EXIST::FUNCTION:
EC_GROUP_get_mont_data 576 1_1_0 EXIST::FUNCTION:EC
CMAC_CTX_copy 577 1_1_0 EXIST::FUNCTION:CMAC
-CRYPTO_set_add_lock_callback 578 1_1_0 NOEXIST::FUNCTION:
EVP_camellia_128_cfb128 579 1_1_0 EXIST::FUNCTION:CAMELLIA
DH_compute_key_padded 580 1_1_0 EXIST::FUNCTION:DH
ERR_load_CONF_strings 581 1_1_0 EXIST::FUNCTION:
@@ -643,7 +631,6 @@ PKCS12_set_mac 628 1_1_0 EXIST::FUNCTION:
UI_get0_result_string 629 1_1_0 EXIST::FUNCTION:UI
TS_RESP_CTX_add_policy 630 1_1_0 EXIST::FUNCTION:TS
X509_REQ_dup 631 1_1_0 EXIST::FUNCTION:
-CRYPTO_get_add_lock_callback 632 1_1_0 NOEXIST::FUNCTION:
d2i_DSA_PUBKEY_fp 633 1_1_0 EXIST::FUNCTION:DSA,STDIO
OCSP_REQ_CTX_nbio_d2i 634 1_1_0 EXIST::FUNCTION:OCSP
d2i_X509_REQ_fp 635 1_1_0 EXIST::FUNCTION:STDIO
@@ -663,7 +650,6 @@ CRYPTO_ccm128_encrypt_ccm64 647 1_1_0 EXIST::FUNCTION:
CRYPTO_secure_malloc_init 648 1_1_0 EXIST::FUNCTION:
DSAparams_dup 649 1_1_0 EXIST::FUNCTION:DSA
PKCS8_PRIV_KEY_INFO_new 650 1_1_0 EXIST::FUNCTION:
-CRYPTO_THREADID_hash 651 1_1_0 NOEXIST::FUNCTION:
TS_RESP_verify_token 652 1_1_0 EXIST::FUNCTION:TS
PEM_read_bio_CMS 653 1_1_0 EXIST::FUNCTION:CMS
PEM_get_EVP_CIPHER_INFO 654 1_1_0 EXIST::FUNCTION:
@@ -727,7 +713,6 @@ i2s_ASN1_OCTET_STRING 709 1_1_0 EXIST::FUNCTION:
X509_add1_reject_object 710 1_1_0 EXIST::FUNCTION:
ERR_set_mark 711 1_1_0 EXIST::FUNCTION:
d2i_ASN1_VISIBLESTRING 712 1_1_0 EXIST::FUNCTION:
-CRYPTO_set_dynlock_create_callback 713 1_1_0 NOEXIST::FUNCTION:
X509_NAME_ENTRY_dup 714 1_1_0 EXIST::FUNCTION:
X509_certificate_type 715 1_1_0 EXIST::FUNCTION:
PKCS7_add_signature 716 1_1_0 EXIST::FUNCTION:
@@ -810,7 +795,6 @@ CRYPTO_ocb128_encrypt 791 1_1_0 EXIST::FUNCTION:OCB
EXTENDED_KEY_USAGE_new 792 1_1_0 EXIST::FUNCTION:
EVP_EncryptFinal 793 1_1_0 EXIST::FUNCTION:
PEM_write_ECPrivateKey 794 1_1_0 EXIST::FUNCTION:EC
-DSO_bind_var 795 1_1_0 NOEXIST::FUNCTION:
EVP_CIPHER_meth_set_get_asn1_params 796 1_1_0 EXIST::FUNCTION:
PKCS7_dataInit 797 1_1_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_app_data 798 1_1_0 EXIST::FUNCTION:
@@ -867,7 +851,6 @@ DES_ecb_encrypt 846 1_1_0 EXIST::FUNCTION:DES
EVP_camellia_256_ecb 847 1_1_0 EXIST::FUNCTION:CAMELLIA
PEM_read_RSA_PUBKEY 848 1_1_0 EXIST::FUNCTION:RSA
d2i_NETSCAPE_SPKAC 849 1_1_0 EXIST::FUNCTION:
-DSO_set_default_method 850 1_1_0 NOEXIST::FUNCTION:
ASN1_TIME_check 851 1_1_0 EXIST::FUNCTION:
PKCS7_DIGEST_new 852 1_1_0 EXIST::FUNCTION:
i2d_TS_TST_INFO_fp 853 1_1_0 EXIST::FUNCTION:STDIO,TS
@@ -901,7 +884,6 @@ X509_REQ_INFO_free 878 1_1_0 EXIST::FUNCTION:
CMS_ReceiptRequest_create0 879 1_1_0 EXIST::FUNCTION:CMS
EVP_MD_meth_set_cleanup 880 1_1_0 EXIST::FUNCTION:
EVP_aes_128_xts 881 1_1_0 EXIST::FUNCTION:
-CRYPTO_set_dynlock_destroy_callback 882 1_1_0 NOEXIST::FUNCTION:
TS_RESP_verify_signature 883 1_1_0 EXIST::FUNCTION:TS
ENGINE_set_pkey_meths 884 1_1_0 EXIST::FUNCTION:ENGINE
CMS_EncryptedData_decrypt 885 1_1_0 EXIST::FUNCTION:CMS
@@ -943,7 +925,6 @@ CT_POLICY_EVAL_CTX_get0_log_store 919 1_1_0 EXIST::FUNCTION:CT
CONF_set_default_method 920 1_1_0 EXIST::FUNCTION:
ASN1_PCTX_get_nm_flags 921 1_1_0 EXIST::FUNCTION:
X509_add1_ext_i2d 922 1_1_0 EXIST::FUNCTION:
-CRYPTO_THREADID_set_pointer 923 1_1_0 NOEXIST::FUNCTION:
i2d_PKCS7_RECIP_INFO 924 1_1_0 EXIST::FUNCTION:
PKCS1_MGF1 925 1_1_0 EXIST::FUNCTION:RSA
BIO_vsnprintf 926 1_1_0 EXIST::FUNCTION:
@@ -965,7 +946,6 @@ PKCS7_get0_signers 940 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_set_ex_data 941 1_1_0 EXIST::FUNCTION:
TS_VERIFY_CTS_set_certs 942 1_1_0 EXIST::FUNCTION:TS
BN_MONT_CTX_copy 943 1_1_0 EXIST::FUNCTION:
-CRYPTO_cleanup_all_ex_data 944 1_1_0 NOEXIST::FUNCTION:
OPENSSL_INIT_new 945 1_1_0 EXIST::FUNCTION:
TS_ACCURACY_dup 946 1_1_0 EXIST::FUNCTION:TS
i2d_ECPrivateKey 947 1_1_0 EXIST::FUNCTION:EC
@@ -1001,7 +981,6 @@ ENGINE_get_name 973 1_1_0 EXIST::FUNCTION:ENGINE
CRYPTO_THREAD_read_lock 974 1_1_0 EXIST::FUNCTION:
ASIdentifierChoice_free 975 1_1_0 EXIST::FUNCTION:RFC3779
BIO_dgram_sctp_msg_waiting 976 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
-CRYPTO_get_dynlock_value 977 1_1_0 NOEXIST::FUNCTION:
BN_is_bit_set 978 1_1_0 EXIST::FUNCTION:
AES_ofb128_encrypt 979 1_1_0 EXIST::FUNCTION:
X509_STORE_add_lookup 980 1_1_0 EXIST::FUNCTION:
@@ -1045,7 +1024,6 @@ X509at_get_attr_by_OBJ 1015 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_copy_ex 1016 1_1_0 EXIST::FUNCTION:
UI_dup_error_string 1017 1_1_0 EXIST::FUNCTION:UI
OPENSSL_LH_num_items 1018 1_1_0 EXIST::FUNCTION:
-ERR_get_err_state_table 1019 1_1_0 NOEXIST::FUNCTION:
ASN1_INTEGER_cmp 1020 1_1_0 EXIST::FUNCTION:
X509_NAME_entry_count 1021 1_1_0 EXIST::FUNCTION:
UI_method_set_closer 1022 1_1_0 EXIST::FUNCTION:UI
@@ -1069,7 +1047,6 @@ TS_REQ_set_msg_imprint 1037 1_1_0 EXIST::FUNCTION:TS
BN_mod_sub_quick 1038 1_1_0 EXIST::FUNCTION:
SMIME_write_CMS 1039 1_1_0 EXIST::FUNCTION:CMS
i2d_DSAPublicKey 1040 1_1_0 EXIST::FUNCTION:DSA
-DES_enc_write 1041 1_1_0 NOEXIST::FUNCTION:
SMIME_text 1042 1_1_0 EXIST::FUNCTION:
PKCS7_add_recipient_info 1043 1_1_0 EXIST::FUNCTION:
BN_get_word 1044 1_1_0 EXIST::FUNCTION:
@@ -1281,7 +1258,6 @@ X509_CRL_cmp 1243 1_1_0 EXIST::FUNCTION:
DSO_METHOD_openssl 1244 1_1_0 EXIST::FUNCTION:
d2i_PrivateKey_fp 1245 1_1_0 EXIST::FUNCTION:STDIO
i2d_NETSCAPE_CERT_SEQUENCE 1246 1_1_0 EXIST::FUNCTION:
-COMP_zlib_cleanup 1247 1_1_0 NOEXIST::FUNCTION:
EC_POINT_oct2point 1248 1_1_0 EXIST::FUNCTION:EC
EVP_CIPHER_CTX_buf_noconst 1249 1_1_0 EXIST::FUNCTION:
OPENSSL_DIR_read 1250 1_1_0 EXIST::FUNCTION:
@@ -1298,7 +1274,6 @@ i2d_X509_REVOKED 1260 1_1_0 EXIST::FUNCTION:
CMS_sign 1261 1_1_0 EXIST::FUNCTION:CMS
X509_STORE_add_cert 1262 1_1_0 EXIST::FUNCTION:
EC_GROUP_precompute_mult 1263 1_1_0 EXIST::FUNCTION:EC
-SCT_LIST_set_source 1264 1_1_0 NOEXIST::FUNCTION:
d2i_DISPLAYTEXT 1265 1_1_0 EXIST::FUNCTION:
HMAC_CTX_copy 1266 1_1_0 EXIST::FUNCTION:
CRYPTO_gcm128_init 1267 1_1_0 EXIST::FUNCTION:
@@ -1397,7 +1372,6 @@ i2v_GENERAL_NAME 1355 1_1_0 EXIST::FUNCTION:
PKCS7_ENC_CONTENT_new 1356 1_1_0 EXIST::FUNCTION:
CRYPTO_realloc 1357 1_1_0 EXIST::FUNCTION:
BIO_ctrl_pending 1358 1_1_0 EXIST::FUNCTION:
-DSO_set_method 1359 1_1_0 NOEXIST::FUNCTION:
EVP_MD_meth_new 1360 1_1_0 EXIST::FUNCTION:
X509_sign_ctx 1361 1_1_0 EXIST::FUNCTION:
BN_is_odd 1362 1_1_0 EXIST::FUNCTION:
@@ -1407,7 +1381,6 @@ ASN1_SCTX_get_app_data 1365 1_1_0 EXIST::FUNCTION:
X509_get_default_cert_file_env 1366 1_1_0 EXIST::FUNCTION:
X509v3_addr_validate_resource_set 1367 1_1_0 EXIST::FUNCTION:RFC3779
d2i_X509_VAL 1368 1_1_0 EXIST::FUNCTION:
-_shadow_DES_rw_mode 1369 1_1_0 NOEXIST::FUNCTION:
CRYPTO_gcm128_decrypt_ctr32 1370 1_1_0 EXIST::FUNCTION:
DHparams_print 1371 1_1_0 EXIST::FUNCTION:DH
OPENSSL_sk_unshift 1372 1_1_0 EXIST::FUNCTION:
@@ -1431,7 +1404,6 @@ EVP_PKEY_meth_set_cleanup 1388 1_1_0 EXIST::FUNCTION:
PROXY_CERT_INFO_EXTENSION_free 1389 1_1_0 EXIST::FUNCTION:
X509_dup 1390 1_1_0 EXIST::FUNCTION:
EDIPARTYNAME_free 1391 1_1_0 EXIST::FUNCTION:
-DSO_new_method 1392 1_1_0 NOEXIST::FUNCTION:
X509_CRL_add0_revoked 1393 1_1_0 EXIST::FUNCTION:
GENERAL_NAME_set0_value 1394 1_1_0 EXIST::FUNCTION:
X509_ATTRIBUTE_dup 1395 1_1_0 EXIST::FUNCTION:
@@ -1489,7 +1461,6 @@ EVP_CIPHER_CTX_set_padding 1444 1_1_0 EXIST::FUNCTION:
CTLOG_new_from_base64 1445 1_1_0 EXIST::FUNCTION:CT
AES_bi_ige_encrypt 1446 1_1_0 EXIST::FUNCTION:
ERR_pop_to_mark 1447 1_1_0 EXIST::FUNCTION:
-DSO_METHOD_win32 1448 1_1_0 NOEXIST::FUNCTION:
CRL_DIST_POINTS_new 1449 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get0_asn1 1450 1_1_0 EXIST::FUNCTION:
EVP_camellia_192_ctr 1451 1_1_0 EXIST::FUNCTION:CAMELLIA
@@ -1625,7 +1596,6 @@ PEM_write_X509_REQ_NEW 1579 1_1_0 EXIST::FUNCTION:
CONF_imodule_set_usr_data 1580 1_1_0 EXIST::FUNCTION:
d2i_TS_RESP_fp 1581 1_1_0 EXIST::FUNCTION:STDIO,TS
X509_policy_tree_get0_user_policies 1582 1_1_0 EXIST::FUNCTION:
-SCT_LIST_set0_logs 1583 1_1_0 NOEXIST::FUNCTION:
DSA_do_sign 1584 1_1_0 EXIST::FUNCTION:DSA
EVP_CIPHER_CTX_reset 1585 1_1_0 EXIST::FUNCTION:
OCSP_REVOKEDINFO_new 1586 1_1_0 EXIST::FUNCTION:OCSP
@@ -1641,7 +1611,6 @@ ASN1_TBOOLEAN_it 1594 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
RC2_set_key 1595 1_1_0 EXIST::FUNCTION:RC2
X509_REVOKED_get_ext_by_NID 1596 1_1_0 EXIST::FUNCTION:
RSA_padding_add_none 1597 1_1_0 EXIST::FUNCTION:RSA
-CRYPTO_THREADID_cmp 1598 1_1_0 NOEXIST::FUNCTION:
EVP_rc5_32_12_16_cbc 1599 1_1_0 EXIST::FUNCTION:RC5
PEM_dek_info 1600 1_1_0 EXIST::FUNCTION:
ASN1_SCTX_get_template 1601 1_1_0 EXIST::FUNCTION:
@@ -1654,7 +1623,6 @@ TS_ext_print_bio 1607 1_1_0 EXIST::FUNCTION:TS
SCT_set1_log_id 1608 1_1_0 EXIST::FUNCTION:CT
X509_get0_pubkey_bitstr 1609 1_1_0 EXIST::FUNCTION:
ENGINE_register_all_RAND 1610 1_1_0 EXIST::FUNCTION:ENGINE
-BN_BLINDING_thread_id 1611 1_1_0 NOEXIST::FUNCTION:
EVP_MD_meth_get_result_size 1612 1_1_0 EXIST::FUNCTION:
BIO_ADDRINFO_address 1613 1_1_0 EXIST::FUNCTION:SOCK
ASN1_STRING_print_ex 1614 1_1_0 EXIST::FUNCTION:
@@ -1696,7 +1664,6 @@ BN_lshift1 1648 1_1_0 EXIST::FUNCTION:
i2d_EDIPARTYNAME 1649 1_1_0 EXIST::FUNCTION:
X509_policy_tree_get0_policies 1650 1_1_0 EXIST::FUNCTION:
X509at_add1_attr 1651 1_1_0 EXIST::FUNCTION:
-CRYPTO_num_locks 1652 1_1_0 NOEXIST::FUNCTION:
X509_get_ex_data 1653 1_1_0 EXIST::FUNCTION:
RSA_set_method 1654 1_1_0 EXIST::FUNCTION:RSA
X509_REVOKED_dup 1655 1_1_0 EXIST::FUNCTION:
@@ -1710,7 +1677,6 @@ BIO_asn1_get_suffix 1662 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_clear_flags 1663 1_1_0 EXIST::FUNCTION:
X509_NAME_add_entry_by_txt 1664 1_1_0 EXIST::FUNCTION:
DES_ede3_cfb_encrypt 1665 1_1_0 EXIST::FUNCTION:DES
-CRYPTO_destroy_dynlockid 1666 1_1_0 NOEXIST::FUNCTION:
i2d_CMS_bio_stream 1667 1_1_0 EXIST::FUNCTION:CMS
DES_quad_cksum 1668 1_1_0 EXIST::FUNCTION:DES
X509_ATTRIBUTE_create_by_NID 1669 1_1_0 EXIST::FUNCTION:
@@ -1821,8 +1787,6 @@ ASN1_OCTET_STRING_free 1770 1_1_0 EXIST::FUNCTION:
PKCS7_RECIP_INFO_free 1771 1_1_0 EXIST::FUNCTION:
ASN1_tag2bit 1772 1_1_0 EXIST::FUNCTION:
TS_REQ_add_ext 1773 1_1_0 EXIST::FUNCTION:TS
-CRYPTO_get_new_dynlockid 1774 1_1_0 NOEXIST::FUNCTION:
-RAND_cleanup 1775 1_1_0 NOEXIST::FUNCTION:
X509_digest 1776 1_1_0 EXIST::FUNCTION:
CRYPTO_THREAD_cleanup_local 1777 1_1_0 EXIST::FUNCTION:
NETSCAPE_CERT_SEQUENCE_it 1778 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -1885,7 +1849,6 @@ ASN1_VISIBLESTRING_it 1831 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
ASN1_VISIBLESTRING_it 1831 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509V3_EXT_REQ_add_conf 1832 1_1_0 EXIST::FUNCTION:
ASN1_STRING_to_UTF8 1833 1_1_0 EXIST::FUNCTION:
-DSO_METHOD_null 1834 1_1_0 NOEXIST::FUNCTION:
EVP_MD_meth_set_update 1835 1_1_0 EXIST::FUNCTION:
EVP_camellia_192_cbc 1836 1_1_0 EXIST::FUNCTION:CAMELLIA
OPENSSL_LH_stats_bio 1837 1_1_0 EXIST::FUNCTION:
@@ -1958,7 +1921,6 @@ UI_UTIL_read_pw_string 1900 1_1_0 EXIST::FUNCTION:UI
NOTICEREF_free 1901 1_1_0 EXIST::FUNCTION:
AES_cfb1_encrypt 1902 1_1_0 EXIST::FUNCTION:
X509v3_get_ext 1903 1_1_0 EXIST::FUNCTION:
-BN_BLINDING_set_thread_id 1904 1_1_0 NOEXIST::FUNCTION:
CRYPTO_gcm128_encrypt_ctr32 1905 1_1_0 EXIST::FUNCTION:
SCT_set1_signature 1906 1_1_0 EXIST::FUNCTION:CT
CONF_imodule_get_module 1907 1_1_0 EXIST::FUNCTION:
@@ -2245,7 +2207,6 @@ TS_RESP_CTX_set_accuracy 2174 1_1_0 EXIST::FUNCTION:TS
NETSCAPE_SPKI_get_pubkey 2175 1_1_0 EXIST::FUNCTION:
ECDSA_do_sign_ex 2176 1_1_0 EXIST::FUNCTION:EC
OCSP_ONEREQ_get_ext 2177 1_1_0 EXIST::FUNCTION:OCSP
-DES_read_password 2178 1_1_0 NOEXIST::FUNCTION:
BN_get_rfc3526_prime_4096 2179 1_1_0 EXIST::FUNCTION:
d2i_PKCS7_fp 2180 1_1_0 EXIST::FUNCTION:STDIO
PEM_write_bio_NETSCAPE_CERT_SEQUENCE 2181 1_1_0 EXIST::FUNCTION:
@@ -2256,7 +2217,6 @@ CMS_RecipientInfo_kari_orig_id_cmp 2184 1_1_0 EXIST::FUNCTION:CMS
NETSCAPE_SPKI_b64_encode 2185 1_1_0 EXIST::FUNCTION:
d2i_PrivateKey 2186 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_new 2187 1_1_0 EXIST::FUNCTION:
-OPENSSL_strcasecmp 2188 1_1_0 NOEXIST::FUNCTION:
X509_get0_tbs_sigalg 2189 1_1_0 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_new 2190 1_1_0 EXIST::FUNCTION:
d2i_ECDSA_SIG 2191 1_1_0 EXIST::FUNCTION:EC
@@ -2399,7 +2359,6 @@ PEM_read_PKCS7 2324 1_1_0 EXIST::FUNCTION:
DH_get_2048_256 2325 1_1_0 EXIST::FUNCTION:DH
X509at_delete_attr 2326 1_1_0 EXIST::FUNCTION:
PEM_write_bio 2327 1_1_0 EXIST::FUNCTION:
-CRYPTO_get_locking_callback 2328 1_1_0 NOEXIST::FUNCTION:
CMS_signed_get_attr_by_OBJ 2329 1_1_0 EXIST::FUNCTION:CMS
X509_REVOKED_add_ext 2330 1_1_0 EXIST::FUNCTION:
EVP_CipherUpdate 2331 1_1_0 EXIST::FUNCTION:
@@ -2471,7 +2430,6 @@ TS_TST_INFO_set_time 2394 1_1_0 EXIST::FUNCTION:TS
OPENSSL_die 2395 1_1_0 EXIST::FUNCTION:
X509_LOOKUP_by_alias 2396 1_1_0 EXIST::FUNCTION:
EC_KEY_set_conv_form 2397 1_1_0 EXIST::FUNCTION:EC
-CRYPTO_lock 2398 1_1_0 NOEXIST::FUNCTION:
X509_TRUST_get_count 2399 1_1_0 EXIST::FUNCTION:
IPAddressOrRange_free 2400 1_1_0 EXIST::FUNCTION:RFC3779
RSA_padding_add_PKCS1_OAEP 2401 1_1_0 EXIST::FUNCTION:RSA
@@ -2489,7 +2447,6 @@ EVP_MD_CTX_md_data 2412 1_1_0 EXIST::FUNCTION:
ASN1_PCTX_set_nm_flags 2413 1_1_0 EXIST::FUNCTION:
BIO_ctrl 2414 1_1_0 EXIST::FUNCTION:
X509_CRL_set_default_method 2415 1_1_0 EXIST::FUNCTION:
-DSO_pathbyaddr 2416 1_1_0 NOEXIST::FUNCTION:
d2i_RSAPublicKey_fp 2417 1_1_0 EXIST::FUNCTION:RSA,STDIO
UI_method_get_flusher 2418 1_1_0 EXIST::FUNCTION:UI
EC_POINT_dbl 2419 1_1_0 EXIST::FUNCTION:EC
@@ -2608,7 +2565,6 @@ BN_get_rfc3526_prime_1536 2526 1_1_0 EXIST::FUNCTION:
DSA_sign 2527 1_1_0 EXIST::FUNCTION:DSA
RAND_egd 2528 1_1_0 EXIST::FUNCTION:EGD
ASN1_d2i_bio 2529 1_1_0 EXIST::FUNCTION:
-CRYPTO_THREADID_current 2530 1_1_0 NOEXIST::FUNCTION:
X509_REQ_digest 2531 1_1_0 EXIST::FUNCTION:
X509_set_notAfter 2532 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_type 2533 1_1_0 EXIST::FUNCTION:
@@ -2727,7 +2683,6 @@ d2i_PBKDF2PARAM 2640 1_1_0 EXIST::FUNCTION:
ERR_load_COMP_strings 2641 1_1_0 EXIST::FUNCTION:COMP
EVP_PKEY_meth_add0 2642 1_1_0 EXIST::FUNCTION:
EVP_rc4_40 2643 1_1_0 EXIST::FUNCTION:RC4
-BN_BLINDING_get_thread_id 2644 1_1_0 NOEXIST::FUNCTION:
RSA_bits 2645 1_1_0 EXIST::FUNCTION:RSA
ASN1_item_dup 2646 1_1_0 EXIST::FUNCTION:
GENERAL_NAMES_it 2647 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2750,7 +2705,6 @@ EVP_PKEY_assign 2662 1_1_0 EXIST::FUNCTION:
EVP_aes_128_ofb 2663 1_1_0 EXIST::FUNCTION:
CMS_data 2664 1_1_0 EXIST::FUNCTION:CMS
X509_load_cert_file 2665 1_1_0 EXIST::FUNCTION:
-CRYPTO_THREADID_cpy 2666 1_1_0 NOEXIST::FUNCTION:
EC_GFp_nistp521_method 2667 1_1_0 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128
ECDSA_SIG_free 2668 1_1_0 EXIST::FUNCTION:EC
d2i_PKCS12_BAGS 2669 1_1_0 EXIST::FUNCTION:
@@ -2871,7 +2825,6 @@ RSAPrivateKey_it 2777 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
RSAPrivateKey_it 2777 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
X509_NAME_ENTRY_free 2778 1_1_0 EXIST::FUNCTION:
BIO_new_fd 2779 1_1_0 EXIST::FUNCTION:
-ENGINE_cleanup 2780 1_1_0 NOEXIST::FUNCTION:
OPENSSL_sk_value 2781 1_1_0 EXIST::FUNCTION:
NCONF_get_section 2782 1_1_0 EXIST::FUNCTION:
PKCS12_MAC_DATA_it 2783 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2921,7 +2874,6 @@ SCT_free 2824 1_1_0 EXIST::FUNCTION:CT
TS_TST_INFO_get_msg_imprint 2825 1_1_0 EXIST::FUNCTION:TS
X509v3_addr_add_range 2826 1_1_0 EXIST::FUNCTION:RFC3779
PKCS12_get_friendlyname 2827 1_1_0 EXIST::FUNCTION:
-CRYPTO_get_id_callback 2828 1_1_0 NOEXIST::FUNCTION:
X509_CRL_add_ext 2829 1_1_0 EXIST::FUNCTION:
X509_REQ_get_signature_nid 2830 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_get_ext 2831 1_1_0 EXIST::FUNCTION:TS
@@ -2953,7 +2905,6 @@ PEM_write_bio_PrivateKey 2855 1_1_0 EXIST::FUNCTION:
ASN1_UTCTIME_check 2856 1_1_0 EXIST::FUNCTION:
ACCESS_DESCRIPTION_it 2857 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ACCESS_DESCRIPTION_it 2857 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-check_defer 2858 1_1_0 NOEXIST::FUNCTION:
TS_MSG_IMPRINT_get_msg 2859 1_1_0 EXIST::FUNCTION:TS
PKCS8_add_keyusage 2860 1_1_0 EXIST::FUNCTION:
X509_EXTENSION_dup 2861 1_1_0 EXIST::FUNCTION:
@@ -3043,7 +2994,6 @@ EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:EC
ASYNC_block_pause 2941 1_1_0 EXIST::FUNCTION:
OCSP_SINGLERESP_get_ext 2942 1_1_0 EXIST::FUNCTION:OCSP
CRYPTO_strdup 2943 1_1_0 EXIST::FUNCTION:
-DSO_get_default_method 2944 1_1_0 NOEXIST::FUNCTION:
i2d_X509_CRL_bio 2945 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_item 2946 1_1_0 EXIST::FUNCTION:
CRYPTO_ccm128_encrypt 2947 1_1_0 EXIST::FUNCTION:
@@ -3113,14 +3063,12 @@ PEM_read_bio_RSAPublicKey 3009 1_1_0 EXIST::FUNCTION:RSA
EVP_PKEY_asn1_set_private 3010 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get0_RSA 3011 1_1_0 EXIST::FUNCTION:RSA
DES_ede3_cfb64_encrypt 3012 1_1_0 EXIST::FUNCTION:DES
-DSO_METHOD_vms 3013 1_1_0 NOEXIST::FUNCTION:
POLICY_MAPPING_free 3014 1_1_0 EXIST::FUNCTION:
EVP_aes_128_gcm 3015 1_1_0 EXIST::FUNCTION:
BIO_dgram_non_fatal_error 3016 1_1_0 EXIST::FUNCTION:DGRAM
OCSP_request_is_signed 3017 1_1_0 EXIST::FUNCTION:OCSP
i2d_BASIC_CONSTRAINTS 3018 1_1_0 EXIST::FUNCTION:
EC_KEY_get_method 3019 1_1_0 EXIST::FUNCTION:EC
-CRYPTO_get_dynlock_destroy_callback 3020 1_1_0 NOEXIST::FUNCTION:
EC_POINT_bn2point 3021 1_1_0 EXIST::FUNCTION:EC
PBE2PARAM_it 3022 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PBE2PARAM_it 3022 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -3281,7 +3229,6 @@ HMAC_Init 3173 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_
EVP_MD_CTX_update_fn 3174 1_1_0 EXIST::FUNCTION:
EVP_aes_128_ecb 3175 1_1_0 EXIST::FUNCTION:
i2d_PKCS7_bio_stream 3176 1_1_0 EXIST::FUNCTION:
-CRYPTO_get_dynlock_create_callback 3177 1_1_0 NOEXIST::FUNCTION:
i2a_ACCESS_DESCRIPTION 3178 1_1_0 EXIST::FUNCTION:
EC_KEY_set_enc_flags 3179 1_1_0 EXIST::FUNCTION:EC
i2d_PUBKEY_fp 3180 1_1_0 EXIST::FUNCTION:STDIO
@@ -3379,7 +3326,6 @@ PKCS7_set0_type_other 3270 1_1_0 EXIST::FUNCTION:
OCSP_REQUEST_new 3271 1_1_0 EXIST::FUNCTION:OCSP
BIO_lookup 3272 1_1_0 EXIST::FUNCTION:SOCK
EC_GROUP_get0_cofactor 3273 1_1_0 EXIST::FUNCTION:EC
-CRYPTO_THREADID_set_numeric 3274 1_1_0 NOEXIST::FUNCTION:
SCT_print 3275 1_1_0 EXIST::FUNCTION:CT
X509_PUBKEY_set 3276 1_1_0 EXIST::FUNCTION:
POLICY_CONSTRAINTS_free 3277 1_1_0 EXIST::FUNCTION:
@@ -3435,7 +3381,6 @@ CTLOG_free 3325 1_1_0 EXIST::FUNCTION:CT
EVP_CIPHER_meth_dup 3326 1_1_0 EXIST::FUNCTION:
CMS_get1_crls 3327 1_1_0 EXIST::FUNCTION:CMS
X509_aux_print 3328 1_1_0 EXIST::FUNCTION:
-DSO_set_name_converter 3329 1_1_0 NOEXIST::FUNCTION:
OPENSSL_thread_stop 3330 1_1_0 EXIST::FUNCTION:
X509_policy_node_get0_parent 3331 1_1_0 EXIST::FUNCTION:
X509_PKEY_free 3332 1_1_0 EXIST::FUNCTION:
@@ -3495,14 +3440,12 @@ X509_CINF_new 3382 1_1_0 EXIST::FUNCTION:
EVP_PKEY_keygen_init 3383 1_1_0 EXIST::FUNCTION:
EVP_aes_192_ocb 3384 1_1_0 EXIST::FUNCTION:OCB
EVP_camellia_256_cfb1 3385 1_1_0 EXIST::FUNCTION:CAMELLIA
-DES_read_2passwords 3386 1_1_0 NOEXIST::FUNCTION:
CRYPTO_secure_actual_size 3387 1_1_0 EXIST::FUNCTION:
COMP_CTX_free 3388 1_1_0 EXIST::FUNCTION:COMP
i2d_PBE2PARAM 3389 1_1_0 EXIST::FUNCTION:
EC_POINT_make_affine 3390 1_1_0 EXIST::FUNCTION:EC
DSA_generate_parameters 3391 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,DSA
ASN1_BIT_STRING_num_asc 3392 1_1_0 EXIST::FUNCTION:
-ERR_release_err_state_table 3393 1_1_0 NOEXIST::FUNCTION:
X509_INFO_free 3394 1_1_0 EXIST::FUNCTION:
d2i_PKCS8_PRIV_KEY_INFO_fp 3395 1_1_0 EXIST::FUNCTION:STDIO
X509_OBJECT_retrieve_match 3396 1_1_0 EXIST::FUNCTION:
@@ -3662,7 +3605,6 @@ BN_dec2bn 3549 1_1_0 EXIST::FUNCTION:
CMS_decrypt 3550 1_1_0 EXIST::FUNCTION:CMS
BN_mpi2bn 3551 1_1_0 EXIST::FUNCTION:
EVP_aes_128_cfb128 3552 1_1_0 EXIST::FUNCTION:
-EVP_cleanup 3553 1_1_0 NOEXIST::FUNCTION:
RC5_32_ecb_encrypt 3554 1_1_0 EXIST::FUNCTION:RC5
EVP_CIPHER_meth_new 3555 1_1_0 EXIST::FUNCTION:
i2d_RSA_OAEP_PARAMS 3556 1_1_0 EXIST::FUNCTION:RSA
@@ -3670,11 +3612,9 @@ SXNET_get_id_ulong 3557 1_1_0 EXIST::FUNCTION:
BIO_get_callback_arg 3558 1_1_0 EXIST::FUNCTION:
ENGINE_register_RSA 3559 1_1_0 EXIST::FUNCTION:ENGINE
i2v_GENERAL_NAMES 3560 1_1_0 EXIST::FUNCTION:
-EVP_CIPHER_CTX_cipher_data 3561 1_1_0 NOEXIST::FUNCTION:
PKCS7_decrypt 3562 1_1_0 EXIST::FUNCTION:
X509_STORE_set1_param 3563 1_1_0 EXIST::FUNCTION:
RAND_file_name 3564 1_1_0 EXIST::FUNCTION:
-DSO_METHOD_dl 3565 1_1_0 NOEXIST::FUNCTION:
EVP_CipherInit_ex 3566 1_1_0 EXIST::FUNCTION:
BIO_dgram_sctp_notification_cb 3567 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
ERR_load_RAND_strings 3568 1_1_0 EXIST::FUNCTION:
@@ -3705,7 +3645,6 @@ X509_issuer_and_serial_cmp 3590 1_1_0 EXIST::FUNCTION:
OCSP_response_create 3591 1_1_0 EXIST::FUNCTION:OCSP
SHA224 3592 1_1_0 EXIST::FUNCTION:
MD2_options 3593 1_1_0 EXIST::FUNCTION:MD2
-CRYPTO_set_locking_callback 3594 1_1_0 NOEXIST::FUNCTION:
X509_REQ_it 3595 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_REQ_it 3595 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
RAND_bytes 3596 1_1_0 EXIST::FUNCTION:
@@ -3739,7 +3678,6 @@ UI_method_get_closer 3623 1_1_0 EXIST::FUNCTION:UI
ENGINE_get_ex_data 3624 1_1_0 EXIST::FUNCTION:ENGINE
BN_print_fp 3625 1_1_0 EXIST::FUNCTION:STDIO
MD2_Update 3626 1_1_0 EXIST::FUNCTION:MD2
-CRYPTO_THREADID_set_callback 3627 1_1_0 NOEXIST::FUNCTION:
ENGINE_free 3628 1_1_0 EXIST::FUNCTION:ENGINE
d2i_X509_ATTRIBUTE 3629 1_1_0 EXIST::FUNCTION:
TS_RESP_free 3630 1_1_0 EXIST::FUNCTION:TS
@@ -3780,7 +3718,6 @@ ERR_load_DH_strings 3664 1_1_0 EXIST::FUNCTION:DH
EVP_MD_block_size 3665 1_1_0 EXIST::FUNCTION:
TS_X509_ALGOR_print_bio 3666 1_1_0 EXIST::FUNCTION:TS
d2i_PKCS7_ENVELOPE 3667 1_1_0 EXIST::FUNCTION:
-OBJ_cleanup 3668 1_1_0 NOEXIST::FUNCTION:
ESS_CERT_ID_new 3669 1_1_0 EXIST::FUNCTION:TS
EC_POINT_invert 3670 1_1_0 EXIST::FUNCTION:EC
CAST_set_key 3671 1_1_0 EXIST::FUNCTION:CAST
@@ -3884,7 +3821,6 @@ BIO_ADDRINFO_family 3766 1_1_0 EXIST::FUNCTION:SOCK
PEM_write_DHxparams 3767 1_1_0 EXIST::FUNCTION:DH
BN_mod_exp2_mont 3768 1_1_0 EXIST::FUNCTION:
ASN1_PRINTABLE_free 3769 1_1_0 EXIST::FUNCTION:
-CRYPTO_thread_id 3770 1_1_0 NOEXIST::FUNCTION:
PKCS7_ATTR_SIGN_it 3771 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ATTR_SIGN_it 3771 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EVP_MD_CTX_copy 3772 1_1_0 EXIST::FUNCTION:
@@ -3930,7 +3866,6 @@ USERNOTICE_it 3809 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
PKEY_USAGE_PERIOD_it 3810 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKEY_USAGE_PERIOD_it 3810 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BN_mul_word 3811 1_1_0 EXIST::FUNCTION:
-DES_enc_read 3812 1_1_0 NOEXIST::FUNCTION:
i2d_IPAddressRange 3813 1_1_0 EXIST::FUNCTION:RFC3779
CMS_unsigned_add1_attr_by_txt 3814 1_1_0 EXIST::FUNCTION:CMS
d2i_RSA_PUBKEY 3815 1_1_0 EXIST::FUNCTION:RSA
@@ -3998,7 +3933,6 @@ BN_bn2mpi 3872 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_cleanup 3873 1_1_0 EXIST::FUNCTION:
OCSP_onereq_get0_id 3874 1_1_0 EXIST::FUNCTION:OCSP
X509_get_default_cert_dir 3875 1_1_0 EXIST::FUNCTION:
-DSO_get_method 3876 1_1_0 NOEXIST::FUNCTION:
PROXY_POLICY_free 3877 1_1_0 EXIST::FUNCTION:
PEM_write_DSAPrivateKey 3878 1_1_0 EXIST::FUNCTION:DSA
OPENSSL_sk_delete_ptr 3879 1_1_0 EXIST::FUNCTION:
@@ -4006,7 +3940,6 @@ CMS_add0_RevocationInfoChoice 3880 1_1_0 EXIST::FUNCTION:CMS
ASN1_PCTX_get_flags 3881 1_1_0 EXIST::FUNCTION:
EVP_MD_meth_set_result_size 3882 1_1_0 EXIST::FUNCTION:
i2d_X509_CRL 3883 1_1_0 EXIST::FUNCTION:
-BIO_sock_cleanup 3884 1_1_0 NOEXIST::FUNCTION:
ASN1_INTEGER_it 3885 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_INTEGER_it 3885 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
TS_ACCURACY_new 3886 1_1_0 EXIST::FUNCTION:TS
diff --git a/util/libssl.num b/util/libssl.num
index c64d155..9ea918c 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -7,7 +7,6 @@ SSL_copy_session_id 6 1_1_0 EXIST::FUNCTION:
SSL_CTX_set_srp_password 7 1_1_0 EXIST::FUNCTION:SRP
SSL_shutdown 8 1_1_0 EXIST::FUNCTION:
SSL_CTX_set_msg_callback 9 1_1_0 EXIST::FUNCTION:
-SSL_COMP_free_compression_methods 10 1_1_0 NOEXIST::FUNCTION:
SSL_SESSION_get0_ticket 11 1_1_0 EXIST::FUNCTION:
SSL_get1_supported_ciphers 12 1_1_0 EXIST::FUNCTION:
SSL_state_string_long 13 1_1_0 EXIST::FUNCTION:
Richard Levitte
Jun 1, 2016, 9:12:27 PM6/1/16
to
The branch master has been updated
via a182e546c74aff8ce1a15c7b626fbb428bf0d0f4 (commit)
from ade82832cd4b9d990dfdcbfea82e8f2fdd65f45a (commit)
- Log -----------------------------------------------------------------
commit a182e546c74aff8ce1a15c7b626fbb428bf0d0f4
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jun 2 02:06:25 2016 +0200
Testing symbol presence: also take note of small objects
The S symbol class wasn't checked.
Notified by Sebastian Andrzej Siewior
Reviewed-by: Tim Hudson <t...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
test/recipes/01-test_symbol_presence.t | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
index 619519c..32827f5 100644
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
@@ -57,7 +57,7 @@ foreach my $libname (@libnames) {
note "Number of lines in \@def_lines before massaging: ", scalar @def_lines;
# Massage the nm output to only contain defined symbols
- @nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDT] .*|, @nm_lines);
+ @nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDST] .*|, @nm_lines);
# Massage the mkdef.pl output to only contain global symbols
# The output we got is in Unix .map format, which has a global
Richard Levitte
Jun 2, 2016, 7:01:41 AM6/2/16
to
The branch master has been updated
via 8d054a5530defa35ad9a337c23968f8bdef9a6c7 (commit)
from a182e546c74aff8ce1a15c7b626fbb428bf0d0f4 (commit)
- Log -----------------------------------------------------------------
commit 8d054a5530defa35ad9a337c23968f8bdef9a6c7
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jun 2 12:14:52 2016 +0200
Add a warning about using enable-crypto-mdebug-backtrace
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 7 insertions(+)
diff --git a/INSTALL b/INSTALL
index ab35353..901a5c0 100644
--- a/INSTALL
+++ b/INSTALL
@@ -147,6 +147,13 @@
enable-crypto-mdebug-backtrace
As for crypto-mdebug, but additionally provide backtrace
information for allocated memory.
+ TO BE USED WITH CARE: this uses GNU C functionality, and
+ is therefore not usable for non-GNU config targets. If
+ your build complains about the use of '-rdynamic' or the
+ lack of header file execinfo.h, this option is not for you.
+ ALSO NOTE that even though execinfo.h is available on your
+ system (through Gnulib), the functions might just be stubs
+ that do nothing.
no-ct
Don't build support for Certificate Transparency.
Richard Levitte
Jun 2, 2016, 10:03:11 AM6/2/16
to
The branch master has been updated
via ee2c1a253d558dc64a9d4d5b09dc083a4cff395a (commit)
from 8d054a5530defa35ad9a337c23968f8bdef9a6c7 (commit)
- Log -----------------------------------------------------------------
commit ee2c1a253d558dc64a9d4d5b09dc083a4cff395a
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jun 2 15:38:16 2016 +0200
perl: refactor .pod name section extractor into its own module
Adapt util/process_docs.pl
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
util/process_docs.pl | 47 +++----------
2 files changed, 167 insertions(+), 38 deletions(-)
create mode 100644 util/perl/OpenSSL/Util/Pod.pm
diff --git a/util/perl/OpenSSL/Util/Pod.pm b/util/perl/OpenSSL/Util/Pod.pm
new file mode 100644
index 0000000..5c0af95
--- /dev/null
+++ b/util/perl/OpenSSL/Util/Pod.pm
@@ -0,0 +1,158 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+package OpenSSL::Util::Pod;
+
+use strict;
+use warnings;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+$VERSION = "0.1";
+@ISA = qw(Exporter);
+@EXPORT = qw(extract_pod_info);
+@EXPORT_OK = qw();
+
+=head1 NAME
+
+OpenSSL::Util::Pod - utilities to manipulate .pod files
+
+=head1 SYNOPSIS
+
+ use OpenSSL::Util::Pod;
+
+ my %podinfo = extract_pod_info("foo.pod");
+
+ # or if the file is already opened... Note that this consumes the
+ # remainder of the file.
+
+ my %podinfo = extract_pod_info(\*STDIN);
+
+=head1 DESCRIPTION
+
+=over
+
+=item B<extract_pod_info "FILENAME", HASHREF>
+
+=item B<extract_pod_info "FILENAME">
+
+=item B<extract_pod_info GLOB, HASHREF>
+
+=item B<extract_pod_info GLOB>
+
+Extracts information from a .pod file, given a STRING (file name) or a
+GLOB (a file handle). The result is given back as a hash table.
+
+The additional hash is for extra parameters:
+
+=over
+
+=item B<section =E<gt> N>
+
+The value MUST be a number, and will be the default man section number
+to be used with the given .pod file. This number can be altered if
+the .pod file has a line like this:
+
+ =for comment openssl_manual_section: 4
+
+=item B<debug =E<gt> 0|1>
+
+If set to 1, extra debug text will be printed on STDERR
+
+=back
+
+=back
+
+=head1 RETURN VALUES
+
+=over
+=head1 RETURN VALUES
+
+
+=item B<extract_pod_info> returns a hash table with the following
+items:
+
+=over
+
+=item B<section =E<gt> N>
+
+The man section number this .pod file belongs to. Often the same as
+was given as input.
+
+=item B<names =E<gt> [ "name", ... ]>
+
+All the names extracted from the NAME section.
+
+=back
+
+=back
+
+=cut
+
+sub extract_pod_info {
+ my $input = shift;
+ my $defaults_ref = shift || {};
+ my %defaults = ( debug => 0, section => 0, %$defaults_ref );
+ my $fh = undef;
+ my $filename = undef;
+
+ # If not a file handle, then it's assume to be a file path (a string)
+ unless (ref $input eq "GLOB") {
+ $filename = $input;
+ open $fh, $input or die "Trying to read $filename: $!\n";
+ print STDERR "DEBUG: Reading $input\n" if $defaults{debug};
+ $input = $fh;
+ }
+
+ my %podinfo = ( section => $defaults{section});
+ while(<$input>) {
+ s|\R$||;
+ if (m|^=for\s+comment\s+openssl_manual_section:\s*([0-9])\s*$|) {
+ print STDERR "DEBUG: Found man section number $1\n"
+ if $defaults{debug};
+ $podinfo{section} = $1;
+ }
+
+ # Stop reading when we have reached past the NAME section.
+ last if (m|^=head1|
+ && defined $podinfo{lastsect}
+ && $podinfo{lastsect} eq "NAME");
+
+ # Collect the section name
+ if (m|^=head1\s*(.*)|) {
+ $podinfo{lastsect} = $1;
+ $podinfo{lastsect} =~ s/\s+$//;
+ print STDERR "DEBUG: Found new pod section $1\n"
+ if $defaults{debug};
+ print STDERR "DEBUG: Clearing pod section text\n"
+ if $defaults{debug};
+ $podinfo{lastsecttext} = "";
+ }
+
+ next if (m|^=| || m|^\s*$|);
+
+ # Collect the section text
+ print STDERR "DEBUG: accumulating pod section text \"$_\"\n"
+ if $defaults{debug};
+ $podinfo{lastsecttext} .= " " if $podinfo{lastsecttext};
+ $podinfo{lastsecttext} .= $_;
+ }
+
+
+ if (defined $fh) {
+ close $fh;
+ print STDERR "DEBUG: Done reading $filename\n" if $defaults{debug};
+ }
+
+ $podinfo{lastsecttext} =~ s| - .*$||;
+
+ my @names =
+ map { s|\s+||g; $_ }
+ split(m|,|, $podinfo{lastsecttext});
+
+ return ( section => $podinfo{section}, names => [ @names ] );
+}
+
+1;
diff --git a/util/process_docs.pl b/util/process_docs.pl
index fe8589b..8b8de81 100644
--- a/util/process_docs.pl
+++ b/util/process_docs.pl
@@ -20,6 +20,11 @@ use Pod::Usage;
use lib '.';
use configdata;
+# We know we are in the 'util' directory and that our perl modules are
+# in util/perl
+use lib catdir(dirname($0), "perl");
+use OpenSSL::Util::Pod;
+
my %options = ();
GetOptions(\%options,
'sourcedir=s', # Source directory
@@ -78,44 +83,10 @@ foreach my $subdir (keys %{$options{subdir}}) {
foreach my $podfile (glob $podglob) {
my $podname = basename($podfile, ".pod");
my $podpath = catfile($podfile);
- my %podinfo = ( section => $section );
-
- print STDERR "DEBUG: Reading $podpath\n" if $options{debug};
- open my $pod_fh, $podpath or die "Trying to read $podpath: $!\n";
- while (<$pod_fh>) {
- s|\R$||;
- if (m|^=for\s+comment\s+openssl_manual_section:\s*([0-9])\s*$|) {
- print STDERR "DEBUG: Found man section number $1\n"
- if $options{debug};
- $podinfo{section} = $1;
- }
- last if (m|^=head1|
- && defined $podinfo{lastsect}
- && $podinfo{lastsect} eq "NAME");
- if (m|^=head1\s*(.*)|) {
- $podinfo{lastsect} = $1;
- $podinfo{lastsect} =~ s/\s+$//;
- print STDERR "DEBUG: Found new pod section $1\n"
- if $options{debug};
- print STDERR "DEBUG: Clearing pod section text\n"
- if $options{debug};
- $podinfo{lastsecttext} = "";
- }
- next if (m|^=| || m|^\s*$|);
- print STDERR "DEBUG: accumulating pod section text \"$_\"\n"
- if $options{debug};
- $podinfo{lastsecttext} .= " " if $podinfo{lastsecttext};
- $podinfo{lastsecttext} .= $_;
- }
- close $pod_fh;
- print STDERR "DEBUG: Done reading $podpath\n" if $options{debug};
- $podinfo{lastsecttext} =~ s| - .*$||;
- print STDERR "DEBUG: Done reading $podpath\n" if $options{debug};
-
- my @podfiles =
- grep { $_ ne $podname }
- map { s|\s+||g; $_ }
- split(m|,|, $podinfo{lastsecttext});
+ my %podinfo = extract_pod_info($podpath,
+ { debug => $options{debug},
+ section => $section });
+ my @podfiles = grep { $_ ne $podname } @{$podinfo{names}};
my $updir = updir();
my $name = uc $podname;
Dr. Stephen Henson
Jun 2, 2016, 10:32:14 AM6/2/16
to
The branch master has been updated
via 03b89819f58b100c1e13ca2661a70f2403a187d1 (commit)
from ee2c1a253d558dc64a9d4d5b09dc083a4cff395a (commit)
- Log -----------------------------------------------------------------
commit 03b89819f58b100c1e13ca2661a70f2403a187d1
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu May 26 16:57:25 2016 +0100
Tidy up OCSP print handling.
Also fixes -Wstrict-oveflow warning on this file.
RT#4474 (partial)
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index 51b4364..5605812 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -11,6 +11,7 @@
#include <openssl/err.h>
#include <openssl/ocsp.h>
#include "ocsp_lcl.h"
+#include "internal/cryptlib.h"
#include <openssl/pem.h>
static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
@@ -34,15 +35,17 @@ typedef struct {
const char *m;
} OCSP_TBLSTR;
-static const char *table2string(long s, const OCSP_TBLSTR *ts, int len)
+static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len)
{
- const OCSP_TBLSTR *p;
- for (p = ts; p < ts + len; p++)
- if (p->t == s)
- return p->m;
+ size_t i;
+ for (i = 0; i < len; i++, ts++)
+ if (ts->t == s)
+ return ts->m;
return "(UNKNOWN)";
}
+#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl))
+
const char *OCSP_response_status_str(long s)
{
static const OCSP_TBLSTR rstat_tbl[] = {
@@ -53,7 +56,7 @@ const char *OCSP_response_status_str(long s)
{OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
{OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
};
- return table2string(s, rstat_tbl, 6);
+ return table2string(s, rstat_tbl);
}
const char *OCSP_cert_status_str(long s)
@@ -63,7 +66,7 @@ const char *OCSP_cert_status_str(long s)
{V_OCSP_CERTSTATUS_REVOKED, "revoked"},
{V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
};
- return table2string(s, cstat_tbl, 3);
+ return table2string(s, cstat_tbl);
}
const char *OCSP_crl_reason_str(long s)
@@ -78,7 +81,7 @@ const char *OCSP_crl_reason_str(long s)
{OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
{OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
};
- return table2string(s, reason_tbl, 8);
+ return table2string(s, reason_tbl);
}
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
Matt Caswell
Jun 2, 2016, 10:42:51 AM6/2/16
to
The branch master has been updated
via 02d6070430de33cf09e1db6b77a6aa43390c62a8 (commit)
from 03b89819f58b100c1e13ca2661a70f2403a187d1 (commit)
- Log -----------------------------------------------------------------
commit 02d6070430de33cf09e1db6b77a6aa43390c62a8
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 2 13:53:49 2016 +0100
Fix test failures when using enable-ubsan
Numerous test failures were occuring when Configured with enable-ubsan
although they could all be traced back to one issue.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c
index 3398cce..1a70f6c 100644
--- a/crypto/bn/rsaz_exp.c
+++ b/crypto/bn/rsaz_exp.c
@@ -253,7 +253,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
rsaz_1024_sqr_avx2(result, result, m, k0, 5);
- wvalue = *((unsigned short *)&p_str[index / 8]);
+ wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8];
wvalue = (wvalue >> (index % 8)) & 31;
index -= 5;
Richard Levitte
Jun 2, 2016, 3:11:23 PM6/2/16
to
The branch master has been updated
via 6616429d4cdeb946fe8eb0fe6823d5b3b7793ef5 (commit)
from 02d6070430de33cf09e1db6b77a6aa43390c62a8 (commit)
- Log -----------------------------------------------------------------
commit 6616429d4cdeb946fe8eb0fe6823d5b3b7793ef5
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jun 2 20:44:11 2016 +0200
Build the 'openssl rehash' command on VMS version 8.3 and up
Include a note in INSTALL that tests must be run from an unprivileged
process.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/rehash.c | 8 ++++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/INSTALL b/INSTALL
index 901a5c0..ff134f2 100644
--- a/INSTALL
+++ b/INSTALL
@@ -495,6 +495,9 @@
$ mms test ! OpenVMS
$ nmake test # Windows
+ NOTE: you MUST run the tests from an unprivileged account (or
+ disable your privileges temporarly if your platform allows it).
+
If some tests fail, look at the output. There may be reasons for
the failure that isn't a problem in OpenSSL itself (like a
malfunction with Perl). You may want increased verbosity, that
diff --git a/apps/rehash.c b/apps/rehash.c
index 7337942..417b91e 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -15,7 +15,8 @@
#include "apps.h"
-#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__)
+#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
+ (defined(__VMS) && defined(__DECC) && __CTRL_VER >= 80300000)
# include <unistd.h>
# include <stdio.h>
# include <limits.h>
@@ -30,6 +31,9 @@
# include <openssl/x509.h>
+# ifndef PATH_MAX
+# define PATH_MAX 4096
+# endif
# ifndef NAME_MAX
# define NAME_MAX 255
# endif
@@ -159,7 +163,7 @@ static int handle_symlink(const char *filename, const char *fullpath)
int i, type, id;
unsigned char ch;
char linktarget[PATH_MAX], *endptr;
- ssize_t n;
+ ossl_ssize_t n;
for (i = 0; i < 8; i++) {
ch = filename[i];
Rich Salz
Jun 2, 2016, 3:16:45 PM6/2/16
to
The branch master has been updated
via b1ffe8dbeef2e233707a78847494769cbe305821 (commit)
from 6616429d4cdeb946fe8eb0fe6823d5b3b7793ef5 (commit)
- Log -----------------------------------------------------------------
commit b1ffe8dbeef2e233707a78847494769cbe305821
Author: Rich Salz <rs...@openssl.org>
Date: Wed May 25 08:59:10 2016 -0400
GH1123: sort dir before rehash
This is needed to generate stable output names/symlinks.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
tools/c_rehash.in | 2 +-
2 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/apps/rehash.c b/apps/rehash.c
index 417b91e..4686b53 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -260,6 +260,11 @@ end:
return errs;
}
+static void str_free(char *s)
+{
+ OPENSSL_free(s);
+}
+
/*
* Process a directory; return number of errors found.
*/
@@ -270,11 +275,12 @@ static int do_dir(const char *dirname, enum Hash h)
OPENSSL_DIR_CTX *d = NULL;
struct stat st;
unsigned char idmask[MAX_COLLISIONS / 8];
- int n, nextid, buflen, errs = 0;
+ int n, numfiles, nextid, buflen, errs = 0;
size_t i;
const char *pathsep;
const char *filename;
- char *buf;
+ char *buf, *copy;
+ STACK_OF(OPENSSL_STRING) *files = NULL;
if (app_access(dirname, W_OK) < 0) {
BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
@@ -288,7 +294,23 @@ static int do_dir(const char *dirname, enum Hash h)
if (verbose)
BIO_printf(bio_out, "Doing %s\n", dirname);
+ if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
+ BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
+ exit(1);
+ }
while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
+ if ((copy = strdup(filename)) == NULL
+ || sk_OPENSSL_STRING_push(files, copy) == 0) {
+ BIO_puts(bio_err, "out of memory\n");
+ exit(1);
+ }
+ }
+ OPENSSL_DIR_end(&d);
+ sk_OPENSSL_STRING_sort(files);
+
+ numfiles = sk_OPENSSL_STRING_num(files);
+ for (n = 0; n < numfiles; ++n) {
+ filename = sk_OPENSSL_STRING_value(files, n);
if (snprintf(buf, buflen, "%s%s%s",
dirname, pathsep, filename) >= buflen)
continue;
@@ -298,7 +320,7 @@ static int do_dir(const char *dirname, enum Hash h)
continue;
errs += do_file(filename, buf, h);
}
- OPENSSL_DIR_end(&d);
+ sk_OPENSSL_STRING_pop_free(files, str_free);
for (i = 0; i < OSSL_NELEM(hash_table); i++) {
for (bp = hash_table[i]; bp; bp = nextbp) {
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
index a23a8f3..949e44f 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -109,7 +109,7 @@ sub hash_dir {
print "Doing $_[0]\n";
chdir $_[0];
opendir(DIR, ".");
- my @flist = readdir(DIR);
+ my @flist = sort readdir(DIR);
closedir DIR;
if ( $removelinks ) {
# Delete any existing symbolic links
Andy Polyakov
Jun 3, 2016, 4:24:31 AM6/3/16
to
The branch master has been updated
via 66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4 (commit)
from b1ffe8dbeef2e233707a78847494769cbe305821 (commit)
- Log -----------------------------------------------------------------
commit 66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4
Author: Andy Polyakov <ap...@openssl.org>
Date: Wed Apr 27 15:07:32 2016 +0200
chacha/chacha_enc.c: harmonize counter width with subroutine name.
_ctr32 in function name refers to 32-bit counter, but it was implementing
64-bit one. This didn't pose problem to EVP, but 64-bit counter was just
misleading.
RT#4512
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c
index 13720d0..239f68a 100644
--- a/crypto/chacha/chacha_enc.c
+++ b/crypto/chacha/chacha_enc.c
@@ -110,8 +110,12 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
inp += todo;
len -= todo;
- /* advance counter */
- if (++input[12] == 0)
- input[13]++;
+ /*
+ * Advance 32-bit counter. Note that as subroutine is so to
+ * say nonce-agnostic, this limited counter width doesn't
+ * prevent caller from implementing wider counter. It would
+ * simply take two calls split on counter overflow...
+ */
+ input[12]++;
Emilia Kasper
Jun 3, 2016, 6:03:50 AM6/3/16
to
The branch master has been updated
via 63936115e8e70ac36fc865ea32830dc93a7a5157 (commit)
from 66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4 (commit)
- Log -----------------------------------------------------------------
commit 63936115e8e70ac36fc865ea32830dc93a7a5157
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue May 31 16:42:58 2016 +0200
Update client authentication tests
Port client auth tests to the new framework, add coverage. The old tests
were only testing success, and only for some protocol versions; the new
tests add all protocol versions and various failure modes.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
test/recipes/80-test_ssl_new.t | 2 +-
test/recipes/80-test_ssl_old.t | 89 ++--
test/ssl-tests/04-client_auth.conf | 602 ++++++++++++++++++++++
test/ssl-tests/04-client_auth.conf.in | 109 ++++
5 files changed, 759 insertions(+), 61 deletions(-)
copy test/certs/{ee-client.pem => ee-client-chain.pem} (51%)
create mode 100644 test/ssl-tests/04-client_auth.conf
create mode 100644 test/ssl-tests/04-client_auth.conf.in
diff --git a/test/certs/ee-client.pem b/test/certs/ee-client-chain.pem
similarity index 51%
copy from test/certs/ee-client.pem
copy to test/certs/ee-client-chain.pem
index a6105b2..27652fa 100644
--- a/test/certs/ee-client.pem
+++ b/test/certs/ee-client-chain.pem
@@ -17,3 +17,21 @@ A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF
VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws
n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdx
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4=
+-----END CERTIFICATE-----
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 2bce02a..d432d1a 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -42,7 +42,7 @@ foreach my $conf (@conf_files) {
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
-plan tests => 3; # = scalar @conf_srcs
+plan tests => 4; # = scalar @conf_srcs
sub test_conf {
plan tests => 3;
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index b41e67a..74d4360 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -311,11 +311,8 @@ sub testss {
}
sub testssl {
- my $key = shift || bldtop_file("apps","server.pem");
- my $cert = shift || bldtop_file("apps","server.pem");
- my $CAtmp = shift;
+ my ($key, $cert, $CAtmp) = @_;
my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
- my @extra = @_;
my @ssltest = ("ssltest_old",
"-s_key", $key, "-s_cert", $cert,
@@ -334,47 +331,19 @@ sub testssl {
subtest 'standard SSL tests' => sub {
######################################################################
- plan tests => 29;
+ plan tests => 21;
SKIP: {
skip "SSLv3 is not supported by this OpenSSL build", 4
if disabled("ssl3");
- ok(run(test([@ssltest, "-ssl3", @extra])),
- 'test sslv3');
- ok(run(test([@ssltest, "-ssl3", "-server_auth", @CA, @extra])),
- 'test sslv3 with server authentication');
- ok(run(test([@ssltest, "-ssl3", "-client_auth", @CA, @extra])),
- 'test sslv3 with client authentication');
- ok(run(test([@ssltest, "-ssl3", "-server_auth", "-client_auth", @CA, @extra])),
- 'test sslv3 with both server and client authentication');
- }
-
- SKIP: {
- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 4
- if $no_anytls;
-
- ok(run(test([@ssltest, @extra])),
- 'test sslv2/sslv3');
- ok(run(test([@ssltest, "-server_auth", @CA, @extra])),
- 'test sslv2/sslv3 with server authentication');
- ok(run(test([@ssltest, "-client_auth", @CA, @extra])),
- 'test sslv2/sslv3 with client authentication');
- ok(run(test([@ssltest, "-server_auth", "-client_auth", @CA, @extra])),
- 'test sslv2/sslv3 with both server and client authentication');
- }
-
- SKIP: {
- skip "SSLv3 is not supported by this OpenSSL build", 4
- if disabled("ssl3");
-
- ok(run(test([@ssltest, "-bio_pair", "-ssl3", @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-ssl3"])),
'test sslv3 via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])),
'test sslv3 with server authentication via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])),
'test sslv3 with client authentication via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])),
'test sslv3 with both server and client authentication via BIO pair');
}
@@ -382,7 +351,7 @@ sub testssl {
skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1
if $no_anytls;
- ok(run(test([@ssltest, "-bio_pair", @extra])),
+ ok(run(test([@ssltest, "-bio_pair"])),
'test sslv2/sslv3 via BIO pair');
}
@@ -390,13 +359,13 @@ sub testssl {
skip "DTLSv1 is not supported by this OpenSSL build", 4
if disabled("dtls1");
- ok(run(test([@ssltest, "-dtls1", @extra])),
+ ok(run(test([@ssltest, "-dtls1"])),
'test dtlsv1');
- ok(run(test([@ssltest, "-dtls1", "-server_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-dtls1", "-server_auth", @CA])),
'test dtlsv1 with server authentication');
- ok(run(test([@ssltest, "-dtls1", "-client_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-dtls1", "-client_auth", @CA])),
'test dtlsv1 with client authentication');
- ok(run(test([@ssltest, "-dtls1", "-server_auth", "-client_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-dtls1", "-server_auth", "-client_auth", @CA])),
'test dtlsv1 with both server and client authentication');
}
@@ -404,13 +373,13 @@ sub testssl {
skip "DTLSv1.2 is not supported by this OpenSSL build", 4
if disabled("dtls1_2");
- ok(run(test([@ssltest, "-dtls12", @extra])),
+ ok(run(test([@ssltest, "-dtls12"])),
'test dtlsv1.2');
- ok(run(test([@ssltest, "-dtls12", "-server_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-dtls12", "-server_auth", @CA])),
'test dtlsv1.2 with server authentication');
- ok(run(test([@ssltest, "-dtls12", "-client_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-dtls12", "-client_auth", @CA])),
'test dtlsv1.2 with client authentication');
- ok(run(test([@ssltest, "-dtls12", "-server_auth", "-client_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-dtls12", "-server_auth", "-client_auth", @CA])),
'test dtlsv1.2 with both server and client authentication');
}
@@ -421,32 +390,32 @@ sub testssl {
SKIP: {
skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert;
- ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe", @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])),
'test sslv2/sslv3 w/o (EC)DHE via BIO pair');
}
- ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v", @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
'test sslv2/sslv3 with 1024bit DHE via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
'test sslv2/sslv3 with server authentication');
- ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
'test sslv2/sslv3 with client authentication via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA, @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])),
'test sslv2/sslv3 with both client and server authentication via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA, @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify');
SKIP: {
skip "No IPv4 available on this machine", 1
unless !disabled("sock") && have_IPv4();
- ok(run(test([@ssltest, "-ipv4", @extra])),
+ ok(run(test([@ssltest, "-ipv4"])),
'test TLS via IPv4');
}
SKIP: {
skip "No IPv6 available on this machine", 1
unless !disabled("sock") && have_IPv6();
- ok(run(test([@ssltest, "-ipv6", @extra])),
+ ok(run(test([@ssltest, "-ipv6"])),
'test TLS via IPv6');
}
}
@@ -525,7 +494,7 @@ sub testssl {
skip "skipping anonymous DH tests", 1
if ($no_dh);
- ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time", @extra])),
+ ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time"])),
'test tlsv1 with 1024bit anonymous DH, multiple handshakes');
}
@@ -533,13 +502,13 @@ sub testssl {
skip "skipping RSA tests", 2
if $no_rsa;
- ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time", @extra])),
+ ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time"])),
'test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes');
skip "skipping RSA+DHE tests", 1
if $no_dh;
- ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time", @extra])),
+ ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time"])),
'test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes');
}
@@ -547,10 +516,10 @@ sub testssl {
skip "skipping PSK tests", 2
if ($no_psk);
- ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123", @extra])),
+ ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
'test tls1 with PSK');
- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123", @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
'test tls1 with PSK via BIO pair');
}
}
@@ -702,7 +671,7 @@ sub testssl {
if $no_anytls;
skip "skipping multi-buffer tests", 2
- if @extra || (POSIX::uname())[4] ne "x86_64";
+ if (POSIX::uname())[4] ne "x86_64";
ok(run(test([@ssltest, "-cipher", "AES128-SHA", "-bytes", "8m"])));
diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf
new file mode 100644
index 0000000..191d666
--- /dev/null
+++ b/test/ssl-tests/04-client_auth.conf
@@ -0,0 +1,602 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 20
+
+test-0 = 0-server-auth-flex
+test-1 = 1-client-auth-flex-request
+test-2 = 2-client-auth-flex-require-fail
+test-3 = 3-client-auth-flex-require
+test-4 = 4-client-auth-flex-noroot
+test-5 = 5-server-auth-TLSv1
+test-6 = 6-client-auth-TLSv1-request
+test-7 = 7-client-auth-TLSv1-require-fail
+test-8 = 8-client-auth-TLSv1-require
+test-9 = 9-client-auth-TLSv1-noroot
+test-10 = 10-server-auth-TLSv1.1
+test-11 = 11-client-auth-TLSv1.1-request
+test-12 = 12-client-auth-TLSv1.1-require-fail
+test-13 = 13-client-auth-TLSv1.1-require
+test-14 = 14-client-auth-TLSv1.1-noroot
+test-15 = 15-server-auth-TLSv1.2
+test-16 = 16-client-auth-TLSv1.2-request
+test-17 = 17-client-auth-TLSv1.2-require-fail
+test-18 = 18-client-auth-TLSv1.2-require
+test-19 = 19-client-auth-TLSv1.2-noroot
+# ===========================================================
+
+[0-server-auth-flex]
+ssl_conf = 0-server-auth-flex-ssl
+
+[0-server-auth-flex-ssl]
+server = 0-server-auth-flex-server
+client = 0-server-auth-flex-client
+
+[0-server-auth-flex-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[0-server-auth-flex-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-client-auth-flex-request]
+ssl_conf = 1-client-auth-flex-request-ssl
+
+[1-client-auth-flex-request-ssl]
+server = 1-client-auth-flex-request-server
+client = 1-client-auth-flex-request-client
+
+[1-client-auth-flex-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+
+[1-client-auth-flex-request-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-client-auth-flex-require-fail]
+ssl_conf = 2-client-auth-flex-require-fail-ssl
+
+[2-client-auth-flex-require-fail-ssl]
+server = 2-client-auth-flex-require-fail-server
+client = 2-client-auth-flex-require-fail-client
+
+[2-client-auth-flex-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+
+[2-client-auth-flex-require-fail-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-2]
+ExpectedResult = ServerFail
+ServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[3-client-auth-flex-require]
+ssl_conf = 3-client-auth-flex-require-ssl
+
+[3-client-auth-flex-require-ssl]
+server = 3-client-auth-flex-require-server
+client = 3-client-auth-flex-require-client
+
+[3-client-auth-flex-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+
+[3-client-auth-flex-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-3]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-client-auth-flex-noroot]
+ssl_conf = 4-client-auth-flex-noroot-ssl
+
+[4-client-auth-flex-noroot-ssl]
+server = 4-client-auth-flex-noroot-server
+client = 4-client-auth-flex-noroot-client
+
+[4-client-auth-flex-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+
+[4-client-auth-flex-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-4]
+ExpectedResult = ServerFail
+ServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[5-server-auth-TLSv1]
+ssl_conf = 5-server-auth-TLSv1-ssl
+
+[5-server-auth-TLSv1-ssl]
+server = 5-server-auth-TLSv1-server
+client = 5-server-auth-TLSv1-client
+
+[5-server-auth-TLSv1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1
+
+
+[5-server-auth-TLSv1-client]
+CipherString = DEFAULT
+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-5]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[6-client-auth-TLSv1-request]
+ssl_conf = 6-client-auth-TLSv1-request-ssl
+
+[6-client-auth-TLSv1-request-ssl]
+server = 6-client-auth-TLSv1-request-server
+client = 6-client-auth-TLSv1-request-client
+
+[6-client-auth-TLSv1-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1
+VerifyMode = Request
+
+
+[6-client-auth-TLSv1-request-client]
+CipherString = DEFAULT
+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-6]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[7-client-auth-TLSv1-require-fail]
+ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
+
+[7-client-auth-TLSv1-require-fail-ssl]
+server = 7-client-auth-TLSv1-require-fail-server
+client = 7-client-auth-TLSv1-require-fail-client
+
+[7-client-auth-TLSv1-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+
+[7-client-auth-TLSv1-require-fail-client]
+CipherString = DEFAULT
+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-7]
+ExpectedResult = ServerFail
+ServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[8-client-auth-TLSv1-require]
+ssl_conf = 8-client-auth-TLSv1-require-ssl
+
+[8-client-auth-TLSv1-require-ssl]
+server = 8-client-auth-TLSv1-require-server
+client = 8-client-auth-TLSv1-require-client
+
+[8-client-auth-TLSv1-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+
+[8-client-auth-TLSv1-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-8]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[9-client-auth-TLSv1-noroot]
+ssl_conf = 9-client-auth-TLSv1-noroot-ssl
+
+[9-client-auth-TLSv1-noroot-ssl]
+server = 9-client-auth-TLSv1-noroot-server
+client = 9-client-auth-TLSv1-noroot-client
+
+[9-client-auth-TLSv1-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1
+VerifyMode = Require
+
+
+[9-client-auth-TLSv1-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-9]
+ExpectedResult = ServerFail
+ServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[10-server-auth-TLSv1.1]
+ssl_conf = 10-server-auth-TLSv1.1-ssl
+
+[10-server-auth-TLSv1.1-ssl]
+server = 10-server-auth-TLSv1.1-server
+client = 10-server-auth-TLSv1.1-client
+
+[10-server-auth-TLSv1.1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.1
+
+
+[10-server-auth-TLSv1.1-client]
+CipherString = DEFAULT
+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-10]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[11-client-auth-TLSv1.1-request]
+ssl_conf = 11-client-auth-TLSv1.1-request-ssl
+
+[11-client-auth-TLSv1.1-request-ssl]
+server = 11-client-auth-TLSv1.1-request-server
+client = 11-client-auth-TLSv1.1-request-client
+
+[11-client-auth-TLSv1.1-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.1
+VerifyMode = Request
+
+
+[11-client-auth-TLSv1.1-request-client]
+CipherString = DEFAULT
+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-11]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[12-client-auth-TLSv1.1-require-fail]
+ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
+
+[12-client-auth-TLSv1.1-require-fail-ssl]
+server = 12-client-auth-TLSv1.1-require-fail-server
+client = 12-client-auth-TLSv1.1-require-fail-client
+
+[12-client-auth-TLSv1.1-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+
+[12-client-auth-TLSv1.1-require-fail-client]
+CipherString = DEFAULT
+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-12]
+ExpectedResult = ServerFail
+ServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[13-client-auth-TLSv1.1-require]
+ssl_conf = 13-client-auth-TLSv1.1-require-ssl
+
+[13-client-auth-TLSv1.1-require-ssl]
+server = 13-client-auth-TLSv1.1-require-server
+client = 13-client-auth-TLSv1.1-require-client
+
+[13-client-auth-TLSv1.1-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+
+[13-client-auth-TLSv1.1-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-13]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[14-client-auth-TLSv1.1-noroot]
+ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
+
+[14-client-auth-TLSv1.1-noroot-ssl]
+server = 14-client-auth-TLSv1.1-noroot-server
+client = 14-client-auth-TLSv1.1-noroot-client
+
+[14-client-auth-TLSv1.1-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.1
+VerifyMode = Require
+
+
+[14-client-auth-TLSv1.1-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-14]
+ExpectedResult = ServerFail
+ServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[15-server-auth-TLSv1.2]
+ssl_conf = 15-server-auth-TLSv1.2-ssl
+
+[15-server-auth-TLSv1.2-ssl]
+server = 15-server-auth-TLSv1.2-server
+client = 15-server-auth-TLSv1.2-client
+
+[15-server-auth-TLSv1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.2
+
+
+[15-server-auth-TLSv1.2-client]
+CipherString = DEFAULT
+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-15]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[16-client-auth-TLSv1.2-request]
+ssl_conf = 16-client-auth-TLSv1.2-request-ssl
+
+[16-client-auth-TLSv1.2-request-ssl]
+server = 16-client-auth-TLSv1.2-request-server
+client = 16-client-auth-TLSv1.2-request-client
+
+[16-client-auth-TLSv1.2-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.2
+VerifyMode = Request
+
+
+[16-client-auth-TLSv1.2-request-client]
+CipherString = DEFAULT
+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-16]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[17-client-auth-TLSv1.2-require-fail]
+ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
+
+[17-client-auth-TLSv1.2-require-fail-ssl]
+server = 17-client-auth-TLSv1.2-require-fail-server
+client = 17-client-auth-TLSv1.2-require-fail-client
+
+[17-client-auth-TLSv1.2-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+
+[17-client-auth-TLSv1.2-require-fail-client]
+CipherString = DEFAULT
+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-17]
+ExpectedResult = ServerFail
+ServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[18-client-auth-TLSv1.2-require]
+ssl_conf = 18-client-auth-TLSv1.2-require-ssl
+
+[18-client-auth-TLSv1.2-require-ssl]
+server = 18-client-auth-TLSv1.2-require-server
+client = 18-client-auth-TLSv1.2-require-client
+
+[18-client-auth-TLSv1.2-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+
+[18-client-auth-TLSv1.2-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-18]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[19-client-auth-TLSv1.2-noroot]
+ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
+
+[19-client-auth-TLSv1.2-noroot-ssl]
+server = 19-client-auth-TLSv1.2-noroot-server
+client = 19-client-auth-TLSv1.2-noroot-client
+
+[19-client-auth-TLSv1.2-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+Protocol = TLSv1.2
+VerifyMode = Require
+
+
+[19-client-auth-TLSv1.2-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-19]
+ExpectedResult = ServerFail
+ServerAlert = UnknownCA
+
+
diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in
new file mode 100644
index 0000000..36d13df
--- /dev/null
+++ b/test/ssl-tests/04-client_auth.conf.in
@@ -0,0 +1,109 @@
+# -*- mode: perl; -*-
+
+## SSL test configurations
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use OpenSSL::Test;
+use strict;
+use warnings;
+
+use OpenSSL::Test::Utils qw(anydisabled);
+setup("no_test_here");
+
+# We test version-flexible negotiation (undef) and each protocol version.
+my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+
+my @is_disabled = (0);
+push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+
+our @tests = ();
+
+my $dir_sep = $^O ne "VMS" ? "/" : "";
+
+sub generate_tests() {
+
+ foreach (0..$#protocols) {
+ my $protocol = $protocols[$_];
+ my $protocol_name = $protocol || "flex";
+ if (!$is_disabled[$_]) {
+ # Sanity-check simple handshake.
+ push @tests, {
+ name => "server-auth-${protocol_name}",
+ server => {
+ "Protocol" => $protocol
+ },
+ client => {
+ "Protocol" => $protocol
+ },
+ test => { "ExpectedResult" => "Success" },
+ };
+
+ # Handshake with client cert requested but not required or received.
+ push @tests, {
+ name => "client-auth-${protocol_name}-request",
+ server => {
+ "Protocol" => $protocol,
+ "VerifyMode" => "Request",
+ },
+ client => {
+ "Protocol" => $protocol
+ },
+ test => { "ExpectedResult" => "Success" },
+ };
+
+ # Handshake with client cert required but not present.
+ push @tests, {
+ name => "client-auth-${protocol_name}-require-fail",
+ server => {
+ "Protocol" => $protocol,
+ "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyMode" => "Require",
+ },
+ client => {
+ "Protocol" => $protocol,
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "ServerAlert" => "HandshakeFailure",
+ },
+ };
+
+ # Successful handshake with client authentication.
+ push @tests, {
+ name => "client-auth-${protocol_name}-require",
+ server => {
+ "Protocol" => $protocol,
+ "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyMode" => "Request",
+ },
+ client => {
+ "Protocol" => $protocol,
+ "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+ "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+ },
+ test => { "ExpectedResult" => "Success" },
+ };
+
+ # Handshake with client authentication but without the root certificate.
+ push @tests, {
+ name => "client-auth-${protocol_name}-noroot",
+ server => {
+ "Protocol" => $protocol,
+ "VerifyMode" => "Require",
+ },
+ client => {
+ "Protocol" => $protocol,
+ "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+ "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "ServerAlert" => "UnknownCA",
+ },
+ };
+ }
+ }
+}
+
+generate_tests();
Ben Laurie
Jun 3, 2016, 6:41:15 AM6/3/16
to
The branch master has been updated
via 4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a (commit)
via 75a112295d615ec6baa9e4da6eb4e82a4ce8b40b (commit)
via e298cb10feab3115b6da189a0f569e24b4f6c2a9 (commit)
via e78fadede267e3627ac85b3707a773b3b51e8f46 (commit)
from 63936115e8e70ac36fc865ea32830dc93a7a5157 (commit)
- Log -----------------------------------------------------------------
commit 4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a
Author: Ben Laurie <b...@links.org>
Date: Fri Jun 3 11:07:42 2016 +0100
Add ct fuzzer.
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 75a112295d615ec6baa9e4da6eb4e82a4ce8b40b
Author: Ben Laurie <b...@links.org>
Date: Thu May 12 10:39:43 2016 +0100
Linkify libfuzzer.
Reviewed-by: Rich Salz <rs...@openssl.org>
commit e298cb10feab3115b6da189a0f569e24b4f6c2a9
Author: Ben Laurie <b...@links.org>
Date: Wed May 11 16:07:14 2016 +0100
Fuzz everything with every input.
Reviewed-by: Rich Salz <rs...@openssl.org>
commit e78fadede267e3627ac85b3707a773b3b51e8f46
Author: Ben Laurie <b...@links.org>
Date: Sat May 7 18:58:44 2016 +0100
Sort.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
fuzz/README.md | 2 +-
fuzz/asn1.c | 92 ++++++++++++++++++++++------------------------------
fuzz/build.info | 26 ++++++++-------
fuzz/{cms.c => ct.c} | 14 ++++----
5 files changed, 62 insertions(+), 74 deletions(-)
copy fuzz/{cms.c => ct.c} (63%)
diff --git a/.gitignore b/.gitignore
index 2f99952..508fe0b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -63,6 +63,7 @@ Makefile
/fuzz/bndiv
/fuzz/conf
/fuzz/cms
+/fuzz/ct
/fuzz/server
/fuzz/x509
/test/sha256t
@@ -85,6 +86,7 @@ Makefile
*.dylib*
*.dll*
*.exe
+*.pyc
# Exceptions
!/test/bctest
!/crypto/des/times/486-50.sol
diff --git a/fuzz/README.md b/fuzz/README.md
index 948590d..9b6d7d7 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -1,6 +1,6 @@
# I Can Haz Fuzz?
-Or, how to fuzz OpenSSL with libfuzzer.
+Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html).
Starting from a vanilla+OpenSSH server Ubuntu install.
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index fc129a8..fdf4c5e 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -26,61 +26,45 @@
#include <openssl/x509v3.h>
#include "fuzzer.h"
-static const ASN1_ITEM *item_type;
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
- const char *cmd;
- OPENSSL_assert(*argc > 1);
-
- cmd = (*argv)[1];
- (*argv)[1] = (*argv)[0];
- ++*argv;
- --*argc;
-
- // TODO: make this work like d2i_test.c does, once its decided what the
- // common scheme is!
-#define Y(t) if (!strcmp(cmd, #t)) item_type = ASN1_ITEM_rptr(t)
-#define X(t) else Y(t)
-
- Y(ASN1_SEQUENCE);
- X(AUTHORITY_INFO_ACCESS);
- X(BIGNUM);
- X(ECPARAMETERS);
- X(ECPKPARAMETERS);
- X(GENERAL_NAME);
- X(GENERAL_SUBTREE);
- X(NAME_CONSTRAINTS);
- X(OCSP_BASICRESP);
- X(OCSP_RESPONSE);
- X(PKCS12);
- X(PKCS12_AUTHSAFES);
- X(PKCS12_SAFEBAGS);
- X(PKCS7);
- X(PKCS7_ATTR_SIGN);
- X(PKCS7_ATTR_VERIFY);
- X(PKCS7_DIGEST);
- X(PKCS7_ENC_CONTENT);
- X(PKCS7_ENCRYPT);
- X(PKCS7_ENVELOPE);
- X(PKCS7_RECIP_INFO);
- X(PKCS7_SIGN_ENVELOPE);
- X(PKCS7_SIGNED);
- X(PKCS7_SIGNER_INFO);
- X(POLICY_CONSTRAINTS);
- X(POLICY_MAPPINGS);
- X(SXNET);
- //X(TS_RESP); want to do this, but type is hidden, however d2i exists...
- X(X509);
- X(X509_CRL);
- else
- OPENSSL_assert(!"Bad type");
-
- return 0;
-}
+static const ASN1_ITEM *item_type[] = {
+ ASN1_ITEM_rptr(ASN1_SEQUENCE),
+ ASN1_ITEM_rptr(AUTHORITY_INFO_ACCESS),
+ ASN1_ITEM_rptr(BIGNUM),
+ ASN1_ITEM_rptr(ECPARAMETERS),
+ ASN1_ITEM_rptr(ECPKPARAMETERS),
+ ASN1_ITEM_rptr(GENERAL_NAME),
+ ASN1_ITEM_rptr(GENERAL_SUBTREE),
+ ASN1_ITEM_rptr(NAME_CONSTRAINTS),
+ ASN1_ITEM_rptr(OCSP_BASICRESP),
+ ASN1_ITEM_rptr(OCSP_RESPONSE),
+ ASN1_ITEM_rptr(PKCS12),
+ ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+ ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+ ASN1_ITEM_rptr(PKCS7),
+ ASN1_ITEM_rptr(PKCS7_ATTR_SIGN),
+ ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY),
+ ASN1_ITEM_rptr(PKCS7_DIGEST),
+ ASN1_ITEM_rptr(PKCS7_ENC_CONTENT),
+ ASN1_ITEM_rptr(PKCS7_ENCRYPT),
+ ASN1_ITEM_rptr(PKCS7_ENVELOPE),
+ ASN1_ITEM_rptr(PKCS7_RECIP_INFO),
+ ASN1_ITEM_rptr(PKCS7_SIGN_ENVELOPE),
+ ASN1_ITEM_rptr(PKCS7_SIGNED),
+ ASN1_ITEM_rptr(PKCS7_SIGNER_INFO),
+ ASN1_ITEM_rptr(POLICY_CONSTRAINTS),
+ ASN1_ITEM_rptr(POLICY_MAPPINGS),
+ ASN1_ITEM_rptr(SXNET),
+ //ASN1_ITEM_rptr(TS_RESP), want to do this, but type is hidden, however d2i exists...
+ ASN1_ITEM_rptr(X509),
+ ASN1_ITEM_rptr(X509_CRL),
+ NULL
+};
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
- const uint8_t *b = buf;
- ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type);
- ASN1_item_free(o, item_type);
+ for (int n = 0; item_type[n] != NULL; ++n) {
+ const uint8_t *b = buf;
+ ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type[n]);
+ ASN1_item_free(o, item_type[n]);
+ }
return 0;
}
diff --git a/fuzz/build.info b/fuzz/build.info
index 29d14b3..3569418 100644
--- a/fuzz/build.info
+++ b/fuzz/build.info
@@ -1,8 +1,4 @@
-PROGRAMS=server asn1 asn1parse cms conf bignum bndiv
-
-SOURCE[server]=server.c
-INCLUDE[server]=../include ../../../svn-work/Fuzzer
-DEPEND[server]=../libcrypto ../libssl ../../../svn-work/Fuzzer/libFuzzer
+PROGRAMS=asn1 asn1parse bignum bndiv cms conf ct server
SOURCE[asn1]=asn1.c
INCLUDE[asn1]=../include ../../../svn-work/Fuzzer
@@ -12,6 +8,14 @@ SOURCE[asn1parse]=asn1parse.c
INCLUDE[asn1parse]=../include ../../../svn-work/Fuzzer
DEPEND[asn1parse]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+SOURCE[bignum]=bignum.c
+INCLUDE[bignum]=../include ../../../svn-work/Fuzzer
+DEPEND[bignum]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+
+SOURCE[bndiv]=bndiv.c
+INCLUDE[bndiv]=../include ../../../svn-work/Fuzzer
+DEPEND[bndiv]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+
SOURCE[cms]=cms.c
INCLUDE[cms]=../include ../../../svn-work/Fuzzer
DEPEND[cms]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
@@ -20,10 +24,10 @@ SOURCE[conf]=conf.c
INCLUDE[conf]=../include ../../../svn-work/Fuzzer
DEPEND[conf]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
-SOURCE[bignum]=bignum.c
-INCLUDE[bignum]=../include ../../../svn-work/Fuzzer
-DEPEND[bignum]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+SOURCE[ct]=ct.c
+INCLUDE[ct]=../include ../../../svn-work/Fuzzer
+DEPEND[ct]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
-SOURCE[bndiv]=bndiv.c
-INCLUDE[bndiv]=../include ../../../svn-work/Fuzzer
-DEPEND[bndiv]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
+SOURCE[server]=server.c
+INCLUDE[server]=../include ../../../svn-work/Fuzzer
+DEPEND[server]=../libcrypto ../libssl ../../../svn-work/Fuzzer/libFuzzer
diff --git a/fuzz/cms.c b/fuzz/ct.c
similarity index 63%
copy from fuzz/cms.c
copy to fuzz/ct.c
index 7b4fc3d..7050461 100644
--- a/fuzz/cms.c
+++ b/fuzz/ct.c
@@ -9,18 +9,16 @@
*/
/*
- * Test CMS DER parsing.
+ * Fuzz the SCT parser.
*/
-#include <openssl/bio.h>
-#include <openssl/cms.h>
+#include <stdio.h>
+#include <openssl/ct.h>
#include "fuzzer.h"
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
- BIO *in = BIO_new(BIO_s_mem());
- OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
- CMS_ContentInfo *i = d2i_CMS_bio(in, NULL);
- CMS_ContentInfo_free(i);
- BIO_free(in);
+ const uint8_t **pp = &buf;
+ STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len);
+ SCT_LIST_free(scts);
return 0;
Richard Levitte
Jun 3, 2016, 9:31:35 AM6/3/16
to
The branch master has been updated
via b38c43f7bc474c369ed652b19360ec90458be516 (commit)
from 4a2c4c1ab81bf2dbdcab0f33845e0e842a57182a (commit)
- Log -----------------------------------------------------------------
commit b38c43f7bc474c369ed652b19360ec90458be516
Author: Richard Levitte <lev...@openssl.org>
Date: Fri Jun 3 13:56:20 2016 +0200
tests: clean up temporary SSL session files.
RT#4557
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
test/recipes/70-test_tlsextms.t | 15 ++++++++++-----
2 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t
index c30ac44..aeed99c 100755
--- a/test/recipes/70-test_sslsessiontick.t
+++ b/test/recipes/70-test_sslsessiontick.t
@@ -75,7 +75,7 @@ checkmessages(3, "No client support session ticket test", 0, 0, 0, 1);
#Expected result: ClientHello extension seen; ServerHello extension not seen
# NewSessionTicket message not seen; Abbreviated handshake
clearall();
-(my $fh, my $session) = tempfile();
+(undef, my $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
@@ -83,12 +83,13 @@ $proxy->clearClient();
$proxy->clientflags("-sess_in ".$session);
$proxy->clientstart();
checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0);
+unlink $session;
#Test 5: Test session resumption with ticket capable client without a ticket
#Expected result: ClientHello extension seen; ServerHello extension seen
# NewSessionTicket message seen; Abbreviated handshake
clearall();
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session." -no_ticket");
$proxy->start();
@@ -97,6 +98,7 @@ $proxy->clientflags("-sess_in ".$session);
$proxy->clientstart();
checkmessages(5, "Session resumption with ticket capable client without a "
."ticket", 1, 1, 1, 0);
+unlink $session;
#Test 6: Client accepts empty ticket.
#Expected result: ClientHello extension seen; ServerHello extension seen;
@@ -108,7 +110,7 @@ checkmessages(6, "Empty ticket test", 1, 1, 1, 1);
#Test 7-8: Client keeps existing ticket on empty ticket.
clearall();
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
$proxy->serverconnects(3);
$proxy->filter(undef);
$proxy->clientflags("-sess_out ".$session);
@@ -127,6 +129,7 @@ $proxy->clientstart();
#Expected result: ClientHello extension seen; ServerHello extension not seen;
# NewSessionTicket message not seen; Abbreviated handshake.
checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0);
+unlink $session;
#Test 9: Bad server sends the ServerHello extension but does not send a
#NewSessionTicket
diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t
index 6cc04ff..25cc627 100644
--- a/test/recipes/70-test_tlsextms.t
+++ b/test/recipes/70-test_tlsextms.t
@@ -91,7 +91,7 @@ checkmessages(2, "No ticket, no client extension extended master secret test", 0
clearall();
setrmextms(0, 0);
-(my $fh, my $session) = tempfile();
+(undef, my $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
@@ -99,6 +99,7 @@ $proxy->clearClient();
$proxy->clientflags("-sess_in ".$session);
$proxy->clientstart();
checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
+unlink $session;
#Test 6: Session resumption extended master secret test original session
# omits extension. Server must not resume session.
@@ -107,7 +108,7 @@ checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
clearall();
setrmextms(1, 0);
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
@@ -116,6 +117,7 @@ $proxy->clientflags("-sess_in ".$session);
setrmextms(0, 0);
$proxy->clientstart();
checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
+unlink $session;
#Test 7: Session resumption extended master secret test resumed session
# omits client extension. Server must abort connection.
@@ -123,7 +125,7 @@ checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
clearall();
setrmextms(0, 0);
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
@@ -132,6 +134,7 @@ $proxy->clientflags("-sess_in ".$session);
setrmextms(1, 0);
$proxy->clientstart();
ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
+unlink $session;
#Test 8: Session resumption extended master secret test resumed session
# omits server extension. Client must abort connection.
@@ -139,7 +142,7 @@ ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
clearall();
setrmextms(0, 0);
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
@@ -148,6 +151,7 @@ $proxy->clientflags("-sess_in ".$session);
setrmextms(0, 1);
$proxy->clientstart();
ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
+unlink $session;
#Test 9: Session resumption extended master secret test initial session
# omits server extension. Client must abort connection.
@@ -155,7 +159,7 @@ ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
clearall();
setrmextms(0, 1);
-($fh, $session) = tempfile();
+(undef, $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
@@ -164,6 +168,7 @@ $proxy->clientflags("-sess_in ".$session);
setrmextms(0, 0);
$proxy->clientstart();
ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2");
+unlink $session;
sub extms_filter
{
Rich Salz
Jun 3, 2016, 12:19:13 PM6/3/16
to
The branch master has been updated
via 6191fc8634eb0eee1a358bea7dbfbf33ad1f8981 (commit)
via e56f956ef1347b8eb9024471f4fa16691cf8e3ea (commit)
via 0814afcfa46039c8f27739dbe6a355b731f34608 (commit)
via fa64e63373fbc845a39907407ad990a6bbb84174 (commit)
from 49c2a00d1427b84bd851125740f493d1822e6fbc (commit)
- Log -----------------------------------------------------------------
commit 6191fc8634eb0eee1a358bea7dbfbf33ad1f8981
Author: Mat <mberc...@gmail.com>
Date: Thu Jun 2 23:38:56 2016 +0200
Added define for STATUS_SUCCESS
Use STATUS_SUCCESS instead of 0.
Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines.
(Merged from https://github.com/openssl/openssl/pull/1142)
commit e56f956ef1347b8eb9024471f4fa16691cf8e3ea
Author: Mat <mberc...@gmail.com>
Date: Sun May 29 20:44:27 2016 +0200
Adds casts for 64-bit
Adds missing casts for 64-bit.
Removed zero initialization of hProvider. hProvider is an "out" parameter of CryptAcquireContextW.
(Merged from https://github.com/openssl/openssl/pull/1142)
commit 0814afcfa46039c8f27739dbe6a355b731f34608
Author: Mat <mberc...@gmail.com>
Date: Sun May 29 20:38:37 2016 +0200
Define USE_BCRYPT
Define USE_BCRYPT
Removed _WIN32_WINNT define
(Merged from https://github.com/openssl/openssl/pull/1142)
commit fa64e63373fbc845a39907407ad990a6bbb84174
Author: Mat <mberc...@gmail.com>
Date: Sun May 29 20:23:22 2016 +0200
Use BCryptGenRandom on Windows 7 or higher
When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI.
This change brings the following benefits:
- Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll
- CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded.
- Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps)
(Merged from https://github.com/openssl/openssl/pull/1142)
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/rand_win.c | 33 +++++++++++++++++++++++++--------
1 file changed, 25 insertions(+), 8 deletions(-)
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 46cbe14..c5d0aa1 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -13,31 +13,47 @@
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
# include <windows.h>
-# ifndef _WIN32_WINNT
-# define _WIN32_WINNT 0x0400
+/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
+# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
+# define RAND_WINDOWS_USE_BCRYPT
# endif
-# include <wincrypt.h>
+# ifdef RAND_WINDOWS_USE_BCRYPT
+# include <bcrypt.h>
+# pragma comment(lib, "bcrypt.lib")
+# ifndef STATUS_SUCCESS
+# define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
+# endif
+# else
+# include <wincrypt.h>
/*
* Intel hardware RNG CSP -- available from
* http://developer.intel.com/design/security/rng/redist_license.htm
*/
-# define PROV_INTEL_SEC 22
-# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+# define PROV_INTEL_SEC 22
+# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+# endif
static void readtimer(void);
int RAND_poll(void)
{
MEMORYSTATUS mst;
- HCRYPTPROV hProvider = 0;
+# ifndef RAND_WINDOWS_USE_BCRYPT
+ HCRYPTPROV hProvider;
+# endif
DWORD w;
BYTE buf[64];
+# ifdef RAND_WINDOWS_USE_BCRYPT
+ if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
+ RAND_add(buf, sizeof(buf), sizeof(buf));
+ }
+# else
/* poll the CryptoAPI PRNG */
/* The CryptoAPI returns sizeof(buf) bytes of randomness */
if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
- if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+ if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
CryptReleaseContext(hProvider, 0);
@@ -45,11 +61,12 @@ int RAND_poll(void)
/* poll the Pentium PRG with CryptoAPI */
if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
- if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+ if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
CryptReleaseContext(hProvider, 0);
}
+# endif
/* timer data */
readtimer();
Matt Caswell
Jun 3, 2016, 12:27:40 PM6/3/16
to
The branch master has been updated
via 49c2a00d1427b84bd851125740f493d1822e6fbc (commit)
via 4d6013c762dcd8d1eb7d481b7d6df6b5433818fe (commit)
via 073b1b72f61d81f3cf8bc1728d35f9e7e734bbd2 (commit)
via 8c4f8039df25c930f9120eca4ccd9cfd225ad7ef (commit)
via 75737d4fcd19974dc7b21fa790836435dafb294c (commit)
via 26dee42d6ac6770d6ccdff59500f1619eb486cf0 (commit)
from 7d6df9e9150abc8e0d8f88b02159261e37eea167 (commit)
- Log -----------------------------------------------------------------
commit 49c2a00d1427b84bd851125740f493d1822e6fbc
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 3 10:51:13 2016 +0100
Add a paragraph on documentation to CONTRIBUTING
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 4d6013c762dcd8d1eb7d481b7d6df6b5433818fe
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 3 10:42:20 2016 +0100
Further update CONTRIBUTING
Tweak to the wording on merge commits.
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 073b1b72f61d81f3cf8bc1728d35f9e7e734bbd2
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 2 11:09:13 2016 +0100
Tweaks to NOTES.PERL
Fix some typos and other minor amendments to NOTES.PERL.
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 8c4f8039df25c930f9120eca4ccd9cfd225ad7ef
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 2 11:03:45 2016 +0100
Update NOTES.WIN
Make the recommendation for MSYS perl in an MSYS environment more forceful.
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 75737d4fcd19974dc7b21fa790836435dafb294c
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 2 11:03:10 2016 +0100
Update CONTRIBUTING
Fix typos and clarify a few things in the CONTRIBUTING file.
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 26dee42d6ac6770d6ccdff59500f1619eb486cf0
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 2 11:01:32 2016 +0100
Bring the README file up to date
The README file was a little out of date so needed a refresh
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CONTRIBUTING | 25 ++++++++++++++++---------
-----------------------------------------------------------------------
Summary of changes:
NOTES.PERL | 9 +++++----
NOTES.WIN | 2 +-
README | 34 ++++++++++++++++------------------
4 files changed, 38 insertions(+), 32 deletions(-)
diff --git a/CONTRIBUTING b/CONTRIBUTING
index 1bfbc1b..07115e5 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -1,11 +1,11 @@
HOW TO CONTRIBUTE TO PATCHES OpenSSL
------------------------------------
-(Please visit https://openssl.org/community/getting-started.html for
+(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the
-above link or http://mta.openssl.org for information on subscribing).
+above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
@@ -16,7 +16,7 @@ The best way to submit a patch is to make a pull request on GitHub.
If you think the patch could use feedback from the community, please
start a thread on openssl-dev.
-You can also submit patches by sending it as mail to rt@opensslorg.
+You can also submit patches by sending it as mail to r...@openssl.org.
Please include the word "PATCH" and an explanation of what the patch
does in the subject line. If you do this, our preferred format is "git
format-patch" output. For example to provide a patch file containing the
@@ -42,7 +42,7 @@ the acceptance and review process faster:
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
- https://openssl.org/policies/cla.html for details.
+ https://www.openssl.org/policies/cla.html for details.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
@@ -56,13 +56,20 @@ the acceptance and review process faster:
https://www.openssl.org/source/license.html
3. Patches should be as current as possible. When using GitHub, please
- expect to have to rebase and update often.
+ expect to have to rebase and update often. Note that we do not accept merge
+ commits. You will be asked to remove them before a patch is considered
+ acceptable.
- 3. Patches should follow our coding style (see
+ 4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
- warnings using the --strict-warnings flag. OpenSSL compiles on many
- varied platforms: try to ensure you only use portable features.
+ warnings. Where gcc or clang is availble you should use the
+ --strict-warnings Configure option. OpenSSL compiles on many varied
+ platforms: try to ensure you only use portable features.
- 4. When at all possible, patches should include tests. These can either be
+ 5. When at all possible, patches should include tests. These can either be
added to an existing test, or completely new. Please see test/README
for information on the test framework.
+
+ 6. New features or changed functionality must include documentation. Please
+ look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
+ our style.
diff --git a/NOTES.PERL b/NOTES.PERL
index eda812d..46d585a 100644
--- a/NOTES.PERL
+++ b/NOTES.PERL
@@ -35,7 +35,8 @@
MinGW and Cygwin. The key recommendation is to use "matching" Perl,
one that matches build environment. For example, if you will build
on Cygwin be sure to use the Cygwin package manager to install Perl.
- For VC-* builds we recommend ActiveState Perl, available from
+ For MSYS builds use the MSYS provided Perl. For VC-* builds we
+ recommend ActiveState Perl, available from
http://www.activestate.com/ActivePerl.
Notes on Perl on VMS
@@ -43,7 +44,7 @@
You will need to install Perl separately. One way to do so is to
download the source from http://perl.org/, unpacking it, reading
- README.vms and follow instructions. Another way is to download a
+ README.vms and follow the instructions. Another way is to download a
.PCSI file from http://www.vmsperl.com/ and install it using the
POLYCENTER install tool.
@@ -99,9 +100,9 @@
$ cpan -i Text::Template
- Note that this runs all the tests that the module to be install
+ Note that this runs all the tests that the module to be installed
comes with. This is usually a smooth operation, but there are
- platforms where a failure is indicate even though the actual tests
+ platforms where a failure is indicated even though the actual tests
were successful. Should that happen, you can force an
installation regardless (that should be safe since you've already
seen the tests succeed!):
diff --git a/NOTES.WIN b/NOTES.WIN
index b3d1967..00ffb4a 100644
--- a/NOTES.WIN
+++ b/NOTES.WIN
@@ -95,7 +95,7 @@
required. Run the installers and do whatever magic they say it takes
to start MSYS bash shell with GNU tools and matching Perl on its PATH.
"Matching Perl" refers to chosen "shell environment", i.e. if built
- under MSYS, then Perl compiled for MSYS is highly recommended.
+ under MSYS, then Perl compiled for MSYS must be used.
Alternativelly, one can use MSYS2 from http://msys2.github.io/,
which includes MingW (32-bit and 64-bit).
diff --git a/README b/README
index 1672580..aa8fe68 100644
--- a/README
+++ b/README
@@ -10,11 +10,8 @@
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
- well as a full-strength general purpose cryptographic library. The project is
- managed by a worldwide community of volunteers that use the Internet to
- communicate, plan, and develop the OpenSSL toolkit and its related
- documentation.
+ Transport Layer Security (TLS) protocols (including SSLv3) as well as a
+ full-strength general purpose cryptographic library.
OpenSSL is descended from the SSLeay library developed by Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
@@ -55,7 +52,9 @@
-------
See the OpenSSL website www.openssl.org for details on how to obtain
- commercial technical support.
+ commercial technical support. Free community support is available through the
+ openssl-users email list (see
+ https://www.openssl.org/community/mailinglists.html for further details).
If you have any problems with OpenSSL then please take the following steps
first:
@@ -68,12 +67,11 @@
If you wish to report a bug then please include the following information in
any bug report:
- - On Unix systems:
- Self-test report generated by 'make report'
- - On other systems:
- OpenSSL version: output of 'openssl version -a'
- OS Name, Version, Hardware platform
- Compiler Details (name, version)
+ - OpenSSL version: output of 'openssl version -a'
+ - Any "Configure" options that you selected during compilation of the
+ library if applicable (see INSTALL)
+ - OS Name, Version, Hardware platform
+ - Compiler Details (name, version)
- Application Details (name, version)
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
@@ -83,8 +81,8 @@
r...@openssl.org
In order to avoid spam, this is a moderated mailing list, and it might
- take a day for the ticket to show up. (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail
+ take a couple of days for the ticket to show up. (We also scan posts to make
+ sure that security disclosures aren't publically posted by mistake.) Mail
to this address is recorded in the public RT (request tracker) database
(see https://www.openssl.org/community/index.html#bugs for details) and
also forwarded the public openssl-dev mailing list. Confidential mail
@@ -93,11 +91,11 @@
Please do NOT use this for general assistance or support queries.
Just because something doesn't work the way you expect does not mean it
- is necessarily a bug in OpenSSL.
+ is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
+ of query.
- You can also make GitHub pull requests. If you do this, please also send
- mail to r...@openssl.org with a link to the PR so that we can more easily
- keep track of it.
+ You can also make GitHub pull requests. See the CONTRIBUTING file for more
+ details.
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
Rich Salz
Jun 3, 2016, 12:47:39 PM6/3/16
to
The branch master has been updated
via 7d6df9e9150abc8e0d8f88b02159261e37eea167 (commit)
from b38c43f7bc474c369ed652b19360ec90458be516 (commit)
- Log -----------------------------------------------------------------
commit 7d6df9e9150abc8e0d8f88b02159261e37eea167
Author: Pauli <paul...@oracle.com>
Date: Fri Jun 3 10:52:32 2016 -0400
Fix threading issue that at best will leak memory
The problem is the checking in policy_cache_set, there is a race
condition between the null check and obtaining the lock. The fix is in
policy_cache_new to detect if the creation has happened already.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 3 insertions(+)
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index e254142..a9ee30a 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -78,6 +78,9 @@ static int policy_cache_new(X509 *x)
CERTIFICATEPOLICIES *ext_cpols = NULL;
POLICY_MAPPINGS *ext_pmaps = NULL;
int i;
+
+ if (x->policy_cache != NULL)
+ return 1;
cache = OPENSSL_malloc(sizeof(*cache));
if (cache == NULL)
return 0;
It is loading more messages.
0 new messages