[openssl-commits] [openssl] master update

Andy Polyakov

unread,

Mar 18, 2015, 12:25:34 PM3/18/15

to

The branch master has been updated
via 7ead0c89185c46378e3ed85c0012d083f4b3039b (commit)
from 9e43c6b5c28731d13afcb4658dc2fa4dd188cc0b (commit)

- Log -----------------------------------------------------------------
commit 7ead0c89185c46378e3ed85c0012d083f4b3039b
Author: Andy Polyakov <ap...@openssl.org>
Date: Mon Mar 16 22:33:36 2015 +0100

Configure: fold related configurations more aggressively and clean-up.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
Configurations/10-main.conf | 1268 ++++++++++++++-----------------------------
Configure | 90 +--
2 files changed, 418 insertions(+), 940 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index eb46789..9d38554 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -6,10 +6,12 @@

%targets = (

-# Basic configs that should work on any (32 and less bit) box
+#### Basic configs that should work on any 32-bit box
"gcc" => {
cc => "gcc",
- cflags => "-O3",
+ cflags => "",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3",
thread_cflag => "(unknown)",
bn_ops => "BN_LLONG",
},
@@ -19,9 +21,8 @@
thread_cflag => "(unknown)",
},

-####VOS Configurations
+#### VOS Configurations
"vos-gcc" => {
- inherit_from => [ "no_asm_filler" ],
cc => "gcc",
cflags => "-Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN",
debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG",
@@ -34,15 +35,17 @@
},

#### Solaris x86 with GNU C setups
-# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
-# here because whenever GNU C instantiates an assembler template it
-# surrounds it with #APP #NO_APP comment pair which (at least Solaris
-# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
-# error message.
"solaris-x86-gcc" => {
- inherit_from => [ "x86_elf_asm" ],
- cc => "gcc",
- cflags => "-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM",
+ # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have
+ # to do it here because whenever GNU C instantiates an assembler
+ # template it surrounds it with #APP #NO_APP comment pair which
+ # (at least Solaris 7_x86) /usr/ccs/bin/as fails to assemble
+ # with "Illegal mnemonic" error message.
+ inherit_from => [ asm("x86_elf_asm") ],
+ cc => "gcc",
+ cflags => "-march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3 -fomit-frame-pointer",
thread_cflag => "-D_REENTRANT",
lflags => "-lsocket -lnsl -ldl",
bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
@@ -52,18 +55,20 @@
shared_ldflag => "-shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
-# -shared -static-libgcc might appear controversial, but modules taken
-# from static libgcc do not have relocations and linking them into our
-# shared objects doesn't have any negative side-effects. On the contrary,
-# doing so makes it possible to use gcc shared build with Sun C. Given
-# that gcc generates faster code [thanks to inline assembler], I would
-# actually recommend to consider using gcc shared build even with vendor
-# compiler:-)
-# <ap...@fy.chalmers.se>
"solaris64-x86_64-gcc" => {
- inherit_from => [ "x86_64_asm" ],
- cc => "gcc",
- cflags => "-m64 -O3 -Wall -DL_ENDIAN",
+ # -shared -static-libgcc might appear controversial, but modules
+ # taken from static libgcc do not have relocations and linking
+ # them into our shared objects doesn't have any negative side
+ # effects. On the contrary, doing so makes it possible to use
+ # gcc shared build with Sun C. Given that gcc generates faster
+ # code [thanks to inline assembler], I would actually recommend
+ # to consider using gcc shared build even with vendor compiler:-)
+ # <ap...@fy.chalmers.se>
+ inherit_from => [ asm("x86_64_asm") ],
+ cc => "gcc",
+ cflags => "-m64 -Wall -DL_ENDIAN",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3",
thread_cflag => "-D_REENTRANT",
lflags => "-lsocket -lnsl -ldl",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
@@ -78,9 +83,10 @@

#### Solaris x86 with Sun C setups
"solaris-x86-cc" => {
- inherit_from => [ "no_asm_filler" ],
cc => "cc",
- cflags => "-fast -xarch=generic -O -Xa",
+ cflags => "-xarch=generic -xstrconst -Xa -DL_ENDIAN",
+ debug_cflags => "-g",
+ release_cflags => "-xO5 -xregs=frameptr -xdepend -xbuiltin",
thread_cflag => "-D_REENTRANT",
lflags => "-lsocket -lnsl -ldl",
bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR",
@@ -91,9 +97,11 @@
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"solaris64-x86_64-cc" => {
- inherit_from => [ "x86_64_asm" ],
+ inherit_from => [ asm("x86_64_asm") ],
cc => "cc",
- cflags => "-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN",
+ cflags => "-xarch=generic64 -xstrconst -Xa -DL_ENDIAN",
+ debug_cflags => "-g",
+ release_cflags => "-xO5 -xdepend -xbuiltin",
thread_cflag => "-D_REENTRANT",
lflags => "-lsocket -lnsl -ldl",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
@@ -101,16 +109,17 @@
dso_scheme => "dlfcn",
shared_target => "solaris-shared",
shared_cflag => "-KPIC",
- shared_ldflag => "-xarch=amd64 -G -dy -z text",
+ shared_ldflag => "-xarch=generic64 -G -dy -z text",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "/64",
},

#### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc" => {
- inherit_from => [ "no_asm_filler" ],
cc => "gcc",
- cflags => "-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W",
+ cflags => "-Wall -DB_ENDIAN -DBN_DIV2W",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3",
thread_cflag => "-D_REENTRANT",
lflags => "-lsocket -lnsl -ldl",
bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR",
@@ -120,52 +129,25 @@
shared_ldflag => "-shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
-####
"solaris-sparcv8-gcc" => {
- inherit_from => [ "sparcv8_asm" ],
- cc => "gcc",
- cflags => "-mv8 -Wall -DB_ENDIAN",
- debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g",
- release_cflags => "-O3 -fomit-frame-pointer -DBN_DIV2W",
- thread_cflag => "-D_REENTRANT",
- lflags => "-lsocket -lnsl -ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "solaris-shared",
- shared_cflag => "-fPIC",
- shared_ldflag => "-shared",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv8_asm") ],
+ cflags => sub { join(" ","-mv8",@_); },
},
-# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
"solaris-sparcv9-gcc" => {
- inherit_from => [ "sparcv9_asm" ],
+ # -m32 should be safe to add as long as driver recognizes
+ # -mcpu=ultrasparc
+ inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv9_asm") ],
cc => "gcc",
- cflags => "-m32 -mcpu=ultrasparc -Wall -DB_ENDIAN -DBN_DIV2W",
+ cflags => sub { join(" ","-m32 -mcpu=ultrasparc",@_); },
debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -pedantic -ansi -Wshadow -Wno-long-long -D__EXTENSIONS__",
- release_cflags => "-O3 -fomit-frame-pointer",
- thread_cflag => "-D_REENTRANT",
- sys_id => "ULTRASPARC",
- lflags => "-lsocket -lnsl -ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "solaris-shared",
- shared_cflag => "-fPIC",
- shared_ldflag => "-shared",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ release_cflags => "-O3",
},
"solaris64-sparcv9-gcc" => {
- inherit_from => [ "sparcv9_asm" ],
+ inherit_from => [ "solaris-sparcv9-gcc" ],
cc => "gcc",
- cflags => "-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN",
- thread_cflag => "-D_REENTRANT",
- sys_id => "ULTRASPARC",
- lflags => "-lsocket -lnsl -ldl",
+ cflags => "-m64 -mcpu=ultrasparc -Wall -DB_ENDIAN",
bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "solaris-shared",
- shared_cflag => "-fPIC",
shared_ldflag => "-m64 -shared",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "/64",
},

@@ -174,9 +156,10 @@
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
# SC5.0 note: Compiler common patch 107357-01 or later is required!
"solaris-sparcv7-cc" => {
- inherit_from => [ "no_asm_filler" ],
cc => "cc",
- cflags => "-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W",
+ cflags => "-xstrconst -Xa -DB_ENDIAN -DBN_DIV2W",
+ debug_cflags => "-g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL",
+ release_cflags => "-xO5 -xdepend",
thread_cflag => "-D_REENTRANT",
lflags => "-lsocket -lnsl -ldl",
bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR",
@@ -188,58 +171,29 @@
},
####
"solaris-sparcv8-cc" => {
- inherit_from => [ "sparcv8_asm" ],
- cc => "cc",
- cflags => "-xarch=v8 -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W",
- debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O",
- release_cflags => "-xO5 -xdepend",
- thread_cflag => "-D_REENTRANT",
- lflags => "-lsocket -lnsl -ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "solaris-shared",
- shared_cflag => "-KPIC",
- shared_ldflag => "-G -dy -z text",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ inherit_from => [ "solaris-sparcv7-cc", asm("sparcv8_asm") ],
+ cflags => sub { join(" ","-xarch=v8",@_); },
},
"solaris-sparcv9-cc" => {
- inherit_from => [ "sparcv9_asm" ],
- cc => "cc",
- cflags => "-xtarget=ultra -xarch=v8plus -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W",
- debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O",
- release_cflags => "-xO5 -xdepend",
- thread_cflag => "-D_REENTRANT",
- sys_id => "ULTRASPARC",
- lflags => "-lsocket -lnsl -ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "solaris-shared",
- shared_cflag => "-KPIC",
- shared_ldflag => "-G -dy -z text",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ inherit_from => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ],
+ cflags => sub { join(" ","-xarch=v8plus -xtarget=ultra",@_); },
},
"solaris64-sparcv9-cc" => {
- inherit_from => [ "sparcv9_asm" ],
- cc => "cc",
- cflags => "-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN",
- thread_cflag => "-D_REENTRANT",
- sys_id => "ULTRASPARC",
- lflags => "-lsocket -lnsl -ldl",
+ inherit_from => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ],
+ cflags => sub { join(" ","-xarch=v9 -xtarget=ultra",@_); },
bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "solaris-shared",
- shared_cflag => "-KPIC",
shared_ldflag => "-xarch=v9 -G -dy -z text",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "/64",
},

#### IRIX 5.x configs
# -mips2 flag is added by ./config when appropriate.
"irix-gcc" => {
- inherit_from => [ "mips32_asm" ],
+ inherit_from => [ asm("mips32_asm") ],
cc => "gcc",
- cflags => "-O3 -DB_ENDIAN",
+ cflags => "-DB_ENDIAN",
+ debug_cflags => "-g -O0",
+ release_cflags => "-O3",
thread_cflag => "(unknown)",
bn_ops => "BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR",
perlasm_scheme => "o32",
@@ -248,9 +202,11 @@
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"irix-cc" => {
- inherit_from => [ "mips32_asm" ],
+ inherit_from => [ asm("mips32_asm") ],
cc => "cc",
- cflags => "-O2 -use_readonly_const -DB_ENDIAN",
+ cflags => "-use_readonly_const -DB_ENDIAN",
+ debug_cflags => "-g -O0",
+ release_cflags => "-O2",
thread_cflag => "(unknown)",
bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR",
perlasm_scheme => "o32",
@@ -262,9 +218,11 @@
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
# './Configure irix-cc -o32' manually.
"irix-mips3-gcc" => {
- inherit_from => [ "mips64_asm" ],
+ inherit_from => [ asm("mips64_asm") ],
cc => "gcc",
- cflags => "-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W",
+ cflags => "-mabi=n32 -DB_ENDIAN -DBN_DIV3W",
+ debug_cflags => "-g -O0",
+ release_cflags => "-O3",
thread_cflag => "-D_SGI_MP_SOURCE",
bn_ops => "MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT",
perlasm_scheme => "n32",
@@ -275,9 +233,11 @@
multilib => "32",
},
"irix-mips3-cc" => {
- inherit_from => [ "mips64_asm" ],
+ inherit_from => [ asm("mips64_asm") ],
cc => "cc",
- cflags => "-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W",
+ cflags => "-n32 -mips3 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W",
+ debug_cflags => "-g -O0",
+ release_cflags => "-O2",
thread_cflag => "-D_SGI_MP_SOURCE",
bn_ops => "DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT",
perlasm_scheme => "n32",
@@ -287,11 +247,13 @@
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "32",
},
-# N64 ABI builds.
+ # N64 ABI builds.
"irix64-mips4-gcc" => {
- inherit_from => [ "mips64_asm" ],
+ inherit_from => [ asm("mips64_asm") ],
cc => "gcc",
- cflags => "-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W",
+ cflags => "-mabi=64 -mips4 -DB_ENDIAN -DBN_DIV3W",
+ debug_cflags => "-g -O0",
+ release_cflags => "-O3",
thread_cflag => "-D_SGI_MP_SOURCE",
bn_ops => "RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG",
perlasm_scheme => "64",
@@ -302,9 +264,11 @@
multilib => "64",
},
"irix64-mips4-cc" => {
- inherit_from => [ "mips64_asm" ],
+ inherit_from => [ asm("mips64_asm") ],
cc => "cc",
- cflags => "-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W",
+ cflags => "-64 -mips4 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W",
+ debug_cflags => "-g -O0",
+ release_cflags => "-O2",
thread_cflag => "-D_SGI_MP_SOURCE",
bn_ops => "RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG",
perlasm_scheme => "64",
@@ -331,36 +295,23 @@
# - Keep in mind that the HP compiler by default generates code
# suitable for execution on the host you're currently compiling at.
# If the toolkit is ment to be used on various PA-RISC processors
-# consider './config +DAportable'.
-# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
-# compatible with *future* releases.
-# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
-# pass -D_REENTRANT on HP-UX 10 and later.
+# consider './Configure hpux-parisc-[g]cc +DAportable'.
# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
# 32-bit message digests. (For the moment of this writing) HP C
# doesn't seem to "digest" too many local variables (they make "him"
# chew forever:-). For more details look-up MD32_XARRAY comment in
# crypto/sha/sha_lcl.h.
+# - originally there were 32-bit hpux-parisc2-* targets. They were
+# scrapped, because a) they were not interchangable with other 32-bit
+# targets; a) when critical 32-bit assembly modules detect if they
+# are executed on PA-RISC 2.0 and thus adequate performance is
+# provided.
# <ap...@fy.chalmers.se>
-#
-# Since there is mention of this in shlib/hpux10-cc.sh
- "hpux-parisc-cc-o4" => {
- inherit_from => [ "no_asm_filler" ],
- cc => "cc",
- cflags => "-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldld",
- bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1",
- dso_scheme => "dl",
- shared_target => "hpux-shared",
- shared_cflag => "+Z",
- shared_ldflag => "-b",
- shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
"hpux-parisc-gcc" => {
- inherit_from => [ "no_asm_filler" ],
cc => "gcc",
- cflags => "-O3 -DB_ENDIAN -DBN_DIV2W",
+ cflags => "-DB_ENDIAN -DBN_DIV2W",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3",
thread_cflag => "-D_REENTRANT",
lflags => "-Wl,+s -ldld",
bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1",
@@ -371,39 +322,18 @@
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"hpux-parisc1_1-gcc" => {
- inherit_from => [ "parisc11_asm" ],
- cc => "gcc",
- cflags => "-O3 -DB_ENDIAN -DBN_DIV2W",
- thread_cflag => "-D_REENTRANT",
- lflags => "-Wl,+s -ldld",
- bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1",
- dso_scheme => "dl",
- shared_target => "hpux-shared",
- shared_cflag => "-fPIC",
- shared_ldflag => "-shared",
- shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ inherit_from => [ "hpux-parisc-gcc", asm("parisc11_asm") ],
multilib => "/pa1.1",
},
- "hpux-parisc2-gcc" => {
- inherit_from => [ "parisc20_32_asm" ],
- cc => "gcc",
- cflags => "-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT",
- lflags => "-Wl,+s -ldld",
- bn_ops => "SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1",
- dso_scheme => "dl",
- shared_target => "hpux-shared",
- shared_cflag => "-fPIC",
- shared_ldflag => "-shared",
- shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- multilib => "/pa20_32",
- },
"hpux64-parisc2-gcc" => {
+ inherit_from => [ asm("parisc20_64_asm") ],
cc => "gcc",
- cflags => "-O3 -DB_ENDIAN -D_REENTRANT",
+ cflags => "-DB_ENDIAN",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3",
+ thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT",
- bn_obj => "pa-risc2W.o",
- perlasm_scheme => "void",
dso_scheme => "dlfcn",
shared_target => "hpux-shared",
shared_cflag => "-fpic",
@@ -412,14 +342,15 @@
multilib => "/pa20_64",
},

-# More attempts at unified 10.X and 11.X targets for HP C compiler.
-#
-# Chris Ruemmler <ruem...@cup.hp.com>
-# Kevin Steves <k...@hp.se>
+ # More attempts at unified 10.X and 11.X targets for HP C compiler.
+ #
+ # Chris Ruemmler <ruem...@cup.hp.com>
+ # Kevin Steves <k...@hp.se>
"hpux-parisc-cc" => {
- inherit_from => [ "no_asm_filler" ],
cc => "cc",
- cflags => "+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY",
+ cflags => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY",
+ debug_cflags => "+O0 +d -g",
+ release_cflags => "+O3",
thread_cflag => "-D_REENTRANT",
lflags => "-Wl,+s -ldld",
bn_ops => "MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT",
@@ -430,36 +361,17 @@
shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"hpux-parisc1_1-cc" => {
- inherit_from => [ "parisc11_asm" ],
- cc => "cc",
- cflags => "+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY",
- thread_cflag => "-D_REENTRANT",
- lflags => "-Wl,+s -ldld",
- bn_ops => "MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT",
- dso_scheme => "dl",
- shared_target => "hpux-shared",
- shared_cflag => "+Z",
- shared_ldflag => "-b",
- shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ inherit_from => [ "hpux-parisc-cc", asm("parisc11_asm") ],
+ cflags => sub { join(" ","+DA1.1",@_); },
multilib => "/pa1.1",
},
- "hpux-parisc2-cc" => {
- inherit_from => [ "parisc20_32_asm" ],
- cc => "cc",
- cflags => "+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT",
- lflags => "-Wl,+s -ldld",
- bn_ops => "SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT",
- dso_scheme => "dl",
- shared_target => "hpux-shared",
- shared_cflag => "+Z",
- shared_ldflag => "-b",
- shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- multilib => "/pa20_32",
- },
"hpux64-parisc2-cc" => {
- inherit_from => [ "parisc20_64_asm" ],
+ inherit_from => [ asm("parisc20_64_asm") ],
cc => "cc",
- cflags => "+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT",
+ cflags => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY",
+ debug_cflags => "+O0 +d -g",
+ release_cflags => "+O3",
+ thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT",
dso_scheme => "dlfcn",
@@ -470,11 +382,14 @@
multilib => "/pa20_64",
},

-# HP/UX IA-64 targets
+ # HP/UX IA-64 targets
"hpux-ia64-cc" => {
- inherit_from => [ "ia64_asm" ],
+ inherit_from => [ asm("ia64_asm") ],
cc => "cc",
- cflags => "-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT",
+ cflags => "-Ae +DD32 +Olit=all -z -DB_ENDIAN",
+ debug_cflags => "+O0 +d -g",
+ release_cflags => "+O2",
+ thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT",
dso_scheme => "dlfcn",
@@ -484,12 +399,15 @@
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "/hpux32",
},
-# Frank Geurts <frank....@nl.abnamro.com> has patiently assisted with
-# with debugging of the following config.
+ # Frank Geurts <frank....@nl.abnamro.com> has patiently assisted
+ # with debugging of the following config.
"hpux64-ia64-cc" => {
- inherit_from => [ "ia64_asm" ],
+ inherit_from => [ asm("ia64_asm") ],
cc => "cc",
- cflags => "-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT",
+ cflags => "-Ae +DD64 +Olit=all -z -DB_ENDIAN",
+ debug_cflags => "+O0 +d -g",
+ release_cflags => "+O3",
+ thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT",
dso_scheme => "dlfcn",
@@ -499,11 +417,14 @@
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "/hpux64",
},
-# GCC builds...
+ # GCC builds...
"hpux-ia64-gcc" => {
- inherit_from => [ "ia64_asm" ],
+ inherit_from => [ asm("ia64_asm") ],
cc => "gcc",
- cflags => "-O3 -DB_ENDIAN -D_REENTRANT",
+ cflags => "-DB_ENDIAN",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3",
+ thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT",
dso_scheme => "dlfcn",
@@ -514,9 +435,12 @@
multilib => "/hpux32",
},
"hpux64-ia64-gcc" => {
- inherit_from => [ "ia64_asm" ],
+ inherit_from => [ asm("ia64_asm") ],
cc => "gcc",
- cflags => "-mlp64 -O3 -DB_ENDIAN -D_REENTRANT",
+ cflags => "-mlp64 -DB_ENDIAN",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3",
+ thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT",
dso_scheme => "dlfcn",
@@ -527,34 +451,6 @@
multilib => "/hpux64",
},

-# Legacy HPUX 9.X configs...
- "hpux-cc" => {
- inherit_from => [ "no_asm_filler" ],
- cc => "cc",
- cflags => "-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z",
- thread_cflag => "(unknown)",
- lflags => "-Wl,+s -ldld",
- bn_ops => "DES_PTR DES_UNROLL DES_RISC1",
- dso_scheme => "dl",
- shared_target => "hpux-shared",
- shared_cflag => "+Z",
- shared_ldflag => "-b",
- shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
- "hpux-gcc" => {
- inherit_from => [ "no_asm_filler" ],
- cc => "gcc",
- cflags => "-DB_ENDIAN -DBN_DIV2W -O3",
- thread_cflag => "(unknown)",
- lflags => "-Wl,+s -ldld",
- bn_ops => "DES_PTR DES_UNROLL DES_RISC1",
- dso_scheme => "dl",
- shared_target => "hpux-shared",
- shared_cflag => "-fPIC",
- shared_ldflag => "-shared",
- shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
-
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
"MPE/iX-gcc" => {
cc => "gcc",
@@ -565,7 +461,7 @@
bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1",
},

-# DEC Alpha OSF/1/Tru64 targets.
+#### DEC Alpha OSF/1/Tru64 targets.
#
# "What's in a name? That which we call a rose
# By any other word would smell as sweet."
@@ -575,7 +471,7 @@
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
#
"osf1-alpha-gcc" => {
- inherit_from => [ "alpha_asm" ],
+ inherit_from => [ asm("alpha_asm") ],
cc => "gcc",
cflags => "-O3",
thread_cflag => "(unknown)",
@@ -585,7 +481,7 @@
shared_extension => ".so",
},
"osf1-alpha-cc" => {
- inherit_from => [ "alpha_asm" ],
+ inherit_from => [ asm("alpha_asm") ],
cc => "cc",
cflags => "-std1 -tune host -O4 -readonly_strings",
thread_cflag => "(unknown)",
@@ -595,7 +491,7 @@
shared_extension => ".so",
},
"tru64-alpha-cc" => {
- inherit_from => [ "alpha_asm" ],
+ inherit_from => [ asm("alpha_asm") ],
cc => "cc",
cflags => "-std1 -tune host -fast -readonly_strings",
thread_cflag => "-pthread",
@@ -612,11 +508,10 @@
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
"linux-generic32" => {
- inherit_from => [ "no_asm_filler" ],
cc => "gcc",
cflags => "-Wall",
- debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g",
- release_cflags => "-O3 -fomit-frame-pointer",
+ debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG",
+ release_cflags => "-O3",
thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
@@ -625,425 +520,206 @@
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
+ "linux-generic64" => {
+ inherit_from => [ "linux-generic32" ],
+ bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
+ },
+
"linux-ppc" => {
- inherit_from => [ "ppc32_asm" ],
- cc => "gcc",
- cflags => "-DB_ENDIAN -O3 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL",
+ inherit_from => [ "linux-generic32", asm("ppc32_asm") ],
perlasm_scheme => "linux32",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ },
+ "linux-ppc64" => {
+ inherit_from => [ "linux-generic64", asm("ppc64_asm") ],
+ cflags => "-m64 -Wall -DB_ENDIAN",
+ perlasm_scheme => "linux64",
+ shared_ldflag => "-m64",
+ multilib => "64",
+ },
+ "linux-ppc64le" => {
+ inherit_from => [ "linux-generic64", asm("ppc64_asm") ],
+ cflags => "-m64 -Wall -DL_ENDIAN",
+ perlasm_scheme => "linux64le",
+ shared_ldflag => "-m64",
},

-#######################################################################
-# Note that -march is not among compiler options in below linux-armv4
-# target line. Not specifying one is intentional to give you choice to:
-#
-# a) rely on your compiler default by not specifying one;
-# b) specify your target platform explicitly for optimal performance,
-# e.g. -march=armv6 or -march=armv7-a;
-# c) build "universal" binary that targets *range* of platforms by
-# specifying minimum and maximum supported architecture;
-#
-# As for c) option. It actually makes no sense to specify maximum to be
-# less than ARMv7, because it's the least requirement for run-time
-# switch between platform-specific code paths. And without run-time
-# switch performance would be equivalent to one for minimum. Secondly,
-# there are some natural limitations that you'd have to accept and
-# respect. Most notably you can *not* build "universal" binary for
-# big-endian platform. This is because ARMv7 processor always picks
-# instructions in little-endian order. Another similar limitation is
-# that -mthumb can't "cross" -march=armv6t2 boundary, because that's
-# where it became Thumb-2. Well, this limitation is a bit artificial,
-# because it's not really impossible, but it's deemed too tricky to
-# support. And of course you have to be sure that your binutils are
-# actually up to the task of handling maximum target platform. With all
-# this in mind here is an example of how to configure "universal" build:
-#
-# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
-#
"linux-armv4" => {
- inherit_from => [ "armv4_asm" ],
- cc => "gcc",
- cflags => "-O3 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ ################################################################
+ # Note that -march is not among compiler options in linux-armv4
+ # target description. Not specifying one is intentional to give
+ # you choice to:
+ #
+ # a) rely on your compiler default by not specifying one;
+ # b) specify your target platform explicitly for optimal
+ # performance, e.g. -march=armv6 or -march=armv7-a;
+ # c) build "universal" binary that targets *range* of platforms
+ # by specifying minimum and maximum supported architecture;
+ #
+ # As for c) option. It actually makes no sense to specify
+ # maximum to be less than ARMv7, because it's the least
+ # requirement for run-time switch between platform-specific
+ # code paths. And without run-time switch performance would be
+ # equivalent to one for minimum. Secondly, there are some
+ # natural limitations that you'd have to accept and respect.
+ # Most notably you can *not* build "universal" binary for
+ # big-endian platform. This is because ARMv7 processor always
+ # picks instructions in little-endian order. Another similar
+ # limitation is that -mthumb can't "cross" -march=armv6t2
+ # boundary, because that's where it became Thumb-2. Well, this
+ # limitation is a bit artificial, because it's not really
+ # impossible, but it's deemed too tricky to support. And of
+ # course you have to be sure that your binutils are actually
+ # up to the task of handling maximum target platform. With all
+ # this in mind here is an example of how to configure
+ # "universal" build:
+ #
+ # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
+ #
+ inherit_from => [ "linux-generic32", asm("armv4_asm") ],
+ perlasm_scheme => "linux32",
},
"linux-aarch64" => {
- inherit_from => [ "aarch64_asm" ],
- cc => "gcc",
- cflags => "-O3 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
+ inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
perlasm_scheme => "linux64",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
-# Configure script adds minimally required -march for assembly support,
-# if no -march was specified at command line. mips32 and mips64 below
-# refer to contemporary MIPS Architecture specifications, MIPS32 and
-# MIPS64, rather than to kernel bitness.
+
"linux-mips32" => {
- inherit_from => [ "mips32_asm" ],
- cc => "gcc",
- cflags => "-mabi=32 -O3 -Wall -DBN_DIV3W",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
+ # Configure script adds minimally required -march for assembly
+ # support, if no -march was specified at command line.
+ inherit_from => [ "linux-generic32", asm("mips32_asm") ],
+ cflags => "-mabi=32 -Wall -DBN_DIV3W",
perlasm_scheme => "o32",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ shared_ldflag => "-mabi=32",
},
+ # mips32 and mips64 below refer to contemporary MIPS Architecture
+ # specifications, MIPS32 and MIPS64, rather than to kernel bitness.
"linux-mips64" => {
- inherit_from => [ "mips64_asm" ],
- cc => "gcc",
- cflags => "-mabi=n32 -O3 -Wall -DBN_DIV3W",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
+ inherit_from => [ "linux-generic32", asm("mips64_asm") ],
+ cflags => "-mabi=n32 -Wall -DBN_DIV3W",
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
perlasm_scheme => "n32",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
shared_ldflag => "-mabi=n32",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "32",
},
"linux64-mips64" => {
- inherit_from => [ "mips64_asm" ],
- cc => "gcc",
+ inherit_from => [ "linux-generic64", asm("mips64_asm") ],
cflags => "-mabi=64 -O3 -Wall -DBN_DIV3W",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
perlasm_scheme => "64",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
shared_ldflag => "-mabi=64",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "64",
},
-#### IA-32 targets...
- "linux-ia32-icc" => {
- inherit_from => [ "x86_elf_asm" ],
- cc => "icc",
- cflags => "-DL_ENDIAN -O2",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl -no_cpprt",
- bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-KPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
+
+ #### IA-32 targets...
"linux-elf" => {
- inherit_from => [ "x86_elf_asm" ],
+ inherit_from => [ "linux-generic32", asm("x86_elf_asm") ],
cc => "gcc",
- cflags => "-DL_ENDIAN -Wall",
- debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g -march=i486",
+ cflags => "-march=i486 -DL_ENDIAN -Wall",
+ debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG",
release_cflags => "-O3 -fomit-frame-pointer",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
debug_lflags => "-lefence",
bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"linux-aout" => {
- inherit_from => [ "x86_asm" ],
+ inherit_from => [ asm("x86_asm") ],
cc => "gcc",
- cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall",
+ cflags => "-DL_ENDIAN -march=i486 -Wall",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3 -fomit-frame-pointer",
thread_cflag => "(unknown)",
bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
perlasm_scheme => "a.out",
},
-####
- "linux-generic64" => {
- inherit_from => [ "no_asm_filler" ],
- cc => "gcc",
- cflags => "-Wall",
- debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g",
- release_cflags => "-O3",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
- "linux-ppc64" => {
- inherit_from => [ "ppc64_asm" ],
- cc => "gcc",
- cflags => "-m64 -DB_ENDIAN -O3 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL",
- perlasm_scheme => "linux64",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_ldflag => "-m64",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- multilib => "64",
- },
- "linux-ppc64le" => {
- inherit_from => [ "ppc64_asm" ],
- cc => "gcc",
- cflags => "-m64 -DL_ENDIAN -O3 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL",
- perlasm_scheme => "linux64le",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_ldflag => "-m64",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
- "linux-ia64" => {
- inherit_from => [ "ia64_asm" ],
- cc => "gcc",
- cflags => "-DL_ENDIAN -O3 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
- "linux-ia64-icc" => {
- inherit_from => [ "ia64_asm" ],
- cc => "icc",
- cflags => "-DL_ENDIAN -O2 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl -no_cpprt",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
+
"linux-x86_64" => {
- inherit_from => [ "x86_64_asm" ],
- cc => "gcc",
+ inherit_from => [ "linux-generic64", asm("x86_64_asm") ],
cflags => "-m64 -DL_ENDIAN -Wall",
- debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g",
- release_cflags => "-O3",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
- perlasm_scheme => "elf",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_ldflag => "-m64",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- multilib => "64",
- },
- "linux-x86_64-clang" => {
- inherit_from => [ "x86_64_asm" ],
- cc => "clang",
- cflags => "-m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
- perlasm_scheme => "elf",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_ldflag => "-m64",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- multilib => "64",
- },
- "linux-x86_64-icc" => {
- inherit_from => [ "x86_64_asm" ],
- cc => "icc",
- cflags => "-DL_ENDIAN -O2",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl -no_cpprt",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
perlasm_scheme => "elf",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ shared_ldflag => "-m64",
multilib => "64",
},
+ "linux-x86_64-clang" => {
+ inherit_from => [ "linux-x86_64" ],
+ cc => "clang",
+ cflags => "-m64 -DL_ENDIAN -Weverything $clang_disabled_warnings -Qunused-arguments",
+ },
"linux-x32" => {
- inherit_from => [ "x86_64_asm" ],
- cc => "gcc",
- cflags => "-mx32 -DL_ENDIAN -O3 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
+ inherit_from => [ "linux-generic32", asm("x86_64_asm") ],
+ cflags => "-mx32 -DL_ENDIAN -Wall",
bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL",
perlasm_scheme => "elf",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
shared_ldflag => "-mx32",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "x32",
},
+
+ "linux-ia64" => {
+ inherit_from => [ "linux-generic64", asm("ia64_asm") ],
+ bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT",
+ },
+
"linux64-s390x" => {
- inherit_from => [ "s390x_asm" ],
- cc => "gcc",
- cflags => "-m64 -DB_ENDIAN -O3 -Wall",
+ inherit_from => [ "linux-generic64", asm("s390x_asm") ],
+ cflags => "-m64 -Wall -DB_ENDIAN",
thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL",
perlasm_scheme => "64",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
shared_ldflag => "-m64",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "64",
},
-#### So called "highgprs" target for z/Architecture CPUs
-# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-# /proc/cpuinfo. The idea is to preserve most significant bits of
-# general purpose registers not only upon 32-bit process context
-# switch, but even on asynchronous signal delivery to such process.
-# This makes it possible to deploy 64-bit instructions even in legacy
-# application context and achieve better [or should we say adequate]
-# performance. The build is binary compatible with linux-generic32,
-# and the idea is to be able to install the resulting libcrypto.so
-# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for
-# ldconfig and run-time linker to autodiscover. Unfortunately it
-# doesn't work just yet, because of couple of bugs in glibc
-# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
"linux32-s390x" => {
- inherit_from => [ "s390x_32_asm" ],
- cc => "gcc",
- cflags => "-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux
+ # 2.6.32, see /proc/cpuinfo. The idea is to preserve most
+ # significant bits of general purpose registers not only
+ # upon 32-bit process context switch, but even on
+ # asynchronous signal delivery to such process. This makes
+ # it possible to deploy 64-bit instructions even in legacy
+ # application context and achieve better [or should we say
+ # adequate] performance. The build is binary compatible with
+ # linux-generic32, and the idea is to be able to install the
+ # resulting libcrypto.so alongside generic one, e.g. as
+ # /lib/highgprs/libcrypto.so.x.y, for ldconfig and run-time
+ # linker to autodiscover. Unfortunately it doesn't work just
+ # yet, because of couple of bugs in glibc
+ # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+ #
+ inherit_from => [ "linux-generic32", asm("s390x_asm") ],
+ cflags => "-m31 -Wall -Wa,-mzarch -DB_ENDIAN",
+ bn_obj => sub { my $r=join(" ",@_); $r=~s/bn\-s390x/bn_asm/; $r; },
perlasm_scheme => "31",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
shared_ldflag => "-m31",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "/highgprs",
},
-#### SPARC Linux setups
-# Ray Miller <ray.m...@computing-services.oxford.ac.uk> has patiently
-# assisted with debugging of following two configs.
+
+ #### SPARC Linux setups
+ # Ray Miller <ray.m...@computing-services.oxford.ac.uk> has
+ # patiently assisted with debugging of following two configs.
"linux-sparcv8" => {
- inherit_from => [ "sparcv8_asm" ],
- cc => "gcc",
- cflags => "-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ inherit_from => [ "linux-generic32", asm("sparcv8_asm") ],
+ cflags => "-mv8 -Wall -DB_ENDIAN -DBN_DIV2W",
},
-# it's a real mess with -mcpu=ultrasparc option under Linux, but
-# -Wa,-Av8plus should do the trick no matter what.
"linux-sparcv9" => {
- inherit_from => [ "sparcv9_asm" ],
- cc => "gcc",
- cflags => "-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W",
- thread_cflag => "-D_REENTRANT",
- sys_id => "ULTRASPARC",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
+ # it's a real mess with -mcpu=ultrasparc option under Linux,
+ # but -Wa,-Av8plus should do the trick no matter what.
+ inherit_from => [ "linux-generic32", asm("sparcv9_asm") ],
+ cflags => "-m32 -mcpu=ultrasparc -Wall -Wa,-Av8plus -DB_ENDIAN -DBN_DIV2W",
shared_ldflag => "-m32",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
-# GCC 3.1 is a requirement
"linux64-sparcv9" => {
- inherit_from => [ "sparcv9_asm" ],
- cc => "gcc",
- cflags => "-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall",
- thread_cflag => "-D_REENTRANT",
- sys_id => "ULTRASPARC",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
+ # GCC 3.1 is a requirement
+ inherit_from => [ "linux-generic64", asm("sparcv9_asm") ],
+ cflags => "-m64 -mcpu=ultrasparc -Wall -DB_ENDIAN",
+ bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
shared_ldflag => "-m64",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "64",
},
-#### Alpha Linux with GNU C and Compaq C setups
-# Special notes:
-# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-# ought to run './Configure linux-alpha+bwx-gcc' manually, do
-# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
-# which is appropriate.
-# - If you use ccc keep in mind that -fast implies -arch host and the
-# compiler is free to issue instructions which gonna make elder CPU
-# choke. If you wish to build "blended" toolkit, add -arch generic
-# *after* -fast and invoke './Configure linux-alpha-ccc' manually.
+
"linux-alpha-gcc" => {
- inherit_from => [ "alpha_asm" ],
- cc => "gcc",
- cflags => "-O3 -DL_ENDIAN",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
+ inherit_from => [ "linux-generic64", asm("alpha_asm") ],
+ cflags => "-DL_ENDIAN",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
- "linux-alpha+bwx-gcc" => {
- inherit_from => [ "alpha_asm" ],
- cc => "gcc",
- cflags => "-O3 -DL_ENDIAN",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
- "linux-alpha-ccc" => {
- inherit_from => [ "alpha_asm" ],
- cc => "ccc",
- cflags => "-fast -readonly_strings -DL_ENDIAN",
- thread_cflag => "-D_REENTRANT",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL",
},
- "linux-alpha+bwx-ccc" => {
- inherit_from => [ "alpha_asm" ],
- cc => "ccc",
- cflags => "-fast -readonly_strings -DL_ENDIAN",
- thread_cflag => "-D_REENTRANT",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL",
- },
-#
-# TI_CGT_C6000_7.3.x is a requirement
"linux-c64xplus" => {
+ # TI_CGT_C6000_7.3.x is a requirement
cc => "cl6x",
cflags => "--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT",
thread_cflag => "-D_REENTRANT",
@@ -1063,62 +739,33 @@
ranlib => "true",
},

-# Android: linux-* but without pointers to headers and libs.
+#### Android: linux-* but without pointers to headers and libs.
"android" => {
- inherit_from => [ "no_asm_filler" ],
- cc => "gcc",
- cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ inherit_from => [ "linux-generic32" ],
+ cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -Wall",
+ debug_cflags => "-O0 -g",
},
"android-x86" => {
- inherit_from => [ "android_x86_elf_asm" ],
- cc => "gcc",
- cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
+ inherit_from => [ "android", asm("x86_asm") ],
+ release_cflags => "-O3 -fomit-frame-pointer",
bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ perlasm_scheme => "android",
},
"android-armv7" => {
- inherit_from => [ "armv4_asm" ],
- cc => "gcc",
- cflags => "-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ inherit_from => [ "android", asm("armv4_asm") ],
+ cflags => sub { join (" ","-march=armv7-a",@_); },
},
"android-mips" => {
- inherit_from => [ "mips32_asm" ],
- cc => "gcc",
- cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall",
- thread_cflag => "-D_REENTRANT",
- lflags => "-ldl",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
+ inherit_from => [ "android", asm("mips32_asm") ],
perlasm_scheme => "o32",
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},

#### *BSD [do see comment about ${BSDthreads} in Configure!]
"BSD-generic32" => {
- inherit_from => [ "no_asm_filler" ],
cc => "gcc",
- cflags => "-O3 -fomit-frame-pointer -Wall",
+ cflags => "-Wall",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O3",
thread_cflag => "${BSDthreads}",
bn_ops => "BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL",
dso_scheme => "dlfcn",
@@ -1126,94 +773,52 @@
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
- "BSD-x86" => {
- inherit_from => [ "x86_asm" ],
- cc => "gcc",
- cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
- thread_cflag => "${BSDthreads}",
- bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
- perlasm_scheme => "a.out",
- dso_scheme => "dlfcn",
- shared_target => "bsd-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-generic64" => {
+ inherit_from => [ "BSD-generic32" ],
+ bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
},
- "BSD-x86-elf" => {
- inherit_from => [ "x86_elf_asm" ],
- cc => "gcc",
+
+ "BSD-x86" => {
+ inherit_from => [ "BSD-generic32", asm("x86_asm") ],
cflags => "-DL_ENDIAN -Wall",
- debug_cflags => "-g",
release_cflags => "-O3 -fomit-frame-pointer",
- thread_cflag => "${BSDthreads}",
bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
- dso_scheme => "dlfcn",
shared_target => "bsd-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ perlasm_scheme => "a.out",
},
- "BSD-sparcv8" => {
- inherit_from => [ "sparcv8_asm" ],
- cc => "gcc",
- cflags => "-DB_ENDIAN -O3 -mv8 -Wall",
- thread_cflag => "${BSDthreads}",
- bn_ops => "BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL",
- dso_scheme => "dlfcn",
- shared_target => "bsd-gcc-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-x86-elf" => {
+ inherit_from => [ "BSD-x86" ],
+ perlasm_scheme => "elf",
},

- "BSD-generic64" => {
- inherit_from => [ "no_asm_filler" ],
- cc => "gcc",
- cflags => "-O3 -Wall",
- thread_cflag => "${BSDthreads}",
- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
- dso_scheme => "dlfcn",
- shared_target => "bsd-gcc-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-sparcv8" => {
+ inherit_from => [ "BSD-generic32", asm("sparcv8_asm") ],
+ cflags => "-mv8 -Wall -DB_ENDIAN",
},
-# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
-# simply *happens* to work around a compiler bug in gcc 3.3.3,
-# triggered by RIPEMD160 code.
"BSD-sparc64" => {
- inherit_from => [ "sparcv9_asm" ],
- cc => "gcc",
- cflags => "-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall",
- thread_cflag => "${BSDthreads}",
+ # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+ # simply *happens* to work around a compiler bug in gcc 3.3.3,
+ # triggered by RIPEMD160 code.
+ inherit_from => [ "BSD-generic64", asm("sparcv9_asm") ],
+ cflags => "-DB_ENDIAN -DMD32_REG_T=int -Wall",
bn_ops => "BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "bsd-gcc-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
+
"BSD-ia64" => {
- inherit_from => [ "ia64_asm" ],
- cc => "gcc",
- cflags => "-DL_ENDIAN -O3 -Wall",
- thread_cflag => "${BSDthreads}",
+ inherit_from => [ "BSD-generic64", asm("ia64_asm") ],
+ cflags => "-DL_ENDIAN -Wall",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT",
- dso_scheme => "dlfcn",
- shared_target => "bsd-gcc-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
+
"BSD-x86_64" => {
- inherit_from => [ "x86_64_asm" ],
- cc => "gcc",
- cflags => "-DL_ENDIAN -O3 -Wall",
- thread_cflag => "${BSDthreads}",
+ inherit_from => [ "BSD-generic64", asm("x86_64_asm") ],
+ cflags => "-DL_ENDIAN -Wall",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
perlasm_scheme => "elf",
- dso_scheme => "dlfcn",
- shared_target => "bsd-gcc-shared",
- shared_cflag => "-fPIC",
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},

"bsdi-elf-gcc" => {
- inherit_from => [ "x86_elf_asm" ],
+ inherit_from => [ asm("x86_elf_asm") ],
cc => "gcc",
cflags => "-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall",
thread_cflag => "(unknown)",
@@ -1248,7 +853,6 @@
bn_ops => "${x86_gcc_des} ${x86_gcc_opts}",
},
"QNX6" => {
- inherit_from => [ "no_asm_filler" ],
cc => "gcc",
lflags => "-lsocket",
dso_scheme => "dlfcn",
@@ -1257,7 +861,7 @@
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"QNX6-i386" => {
- inherit_from => [ "x86_elf_asm" ],
+ inherit_from => [ asm("x86_elf_asm") ],
cc => "gcc",
cflags => "-DL_ENDIAN -O2 -Wall",
lflags => "-lsocket",
@@ -1295,7 +899,7 @@
bn_ops => "${x86_gcc_des} ${x86_gcc_opts}",
},
"unixware-7" => {
- inherit_from => [ "x86_elf_asm" ],
+ inherit_from => [ asm("x86_elf_asm") ],
cc => "cc",
cflags => "-O -DFILIO_H -Kalloca",
thread_cflag => "-Kthread",
@@ -1308,7 +912,7 @@
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"unixware-7-gcc" => {
- inherit_from => [ "x86_elf_asm" ],
+ inherit_from => [ asm("x86_elf_asm") ],
cc => "gcc",
cflags => "-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall",
thread_cflag => "-D_REENTRANT",
@@ -1322,7 +926,7 @@
},
# SCO 5 - Ben Laurie <b...@algroup.co.uk> says the -O breaks the SCO cc.
"sco5-cc" => {
- inherit_from => [ "x86_elf_asm" ],
+ inherit_from => [ asm("x86_elf_asm") ],
cc => "cc",
cflags => "-belf",
thread_cflag => "(unknown)",
@@ -1335,7 +939,7 @@
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"sco5-gcc" => {
- inherit_from => [ "x86_elf_asm" ],
+ inherit_from => [ asm("x86_elf_asm") ],
cc => "gcc",
cflags => "-O3 -fomit-frame-pointer",
thread_cflag => "(unknown)",
@@ -1349,17 +953,12 @@
},

#### IBM's AIX.
- "aix3-cc" => {
- cc => "cc",
- cflags => "-O -DB_ENDIAN -qmaxmem=16384",
- thread_cflag => "(unknown)",
- sys_id => "AIX",
- bn_ops => "BN_LLONG RC4_CHAR",
- },
"aix-gcc" => {
- inherit_from => [ "ppc32_asm" ],
+ inherit_from => [ asm("ppc32_asm") ],
cc => "gcc",
- cflags => "-O -DB_ENDIAN",
+ cflags => "-DB_ENDIAN",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O",
thread_cflag => "-pthread",
sys_id => "AIX",
bn_ops => "BN_LLONG RC4_CHAR",
@@ -1371,9 +970,11 @@
arflags => "-X32",
},
"aix64-gcc" => {
- inherit_from => [ "ppc64_asm" ],
+ inherit_from => [ asm("ppc64_asm") ],
cc => "gcc",
- cflags => "-maix64 -O -DB_ENDIAN",
+ cflags => "-maix64 -DB_ENDIAN",
+ debug_cflags => "-O0 -g",
+ release_cflags => "-O",
thread_cflag => "-pthread",
sys_id => "AIX",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
@@ -1384,12 +985,15 @@
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
arflags => "-X64",
},
-# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
-# at build time. $OBJECT_MODE is respected at ./config stage!
+ # Below targets assume AIX 5. Idea is to effectively disregard
+ # $OBJECT_MODE at build time. $OBJECT_MODE is respected at
+ # ./config stage!
"aix-cc" => {
- inherit_from => [ "ppc32_asm" ],
+ inherit_from => [ asm("ppc32_asm") ],
cc => "cc",
- cflags => "-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst",
+ cflags => "-q32 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst",
+ debug_cflags => "",
+ release_cflags => "-O",
thread_cflag => "-qthreaded -D_THREAD_SAFE",
sys_id => "AIX",
bn_ops => "BN_LLONG RC4_CHAR",
@@ -1401,9 +1005,11 @@
arflags => "-X 32",
},
"aix64-cc" => {
- inherit_from => [ "ppc64_asm" ],
+ inherit_from => [ asm("ppc64_asm") ],
cc => "cc",
- cflags => "-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst",
+ cflags => "-q64 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst",
+ debug_cflags => "",
+ release_cflags => "-O",
thread_cflag => "-qthreaded -D_THREAD_SAFE",
sys_id => "AIX",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
@@ -1435,7 +1041,7 @@
bn_ops => "THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR",
},

-# Visual C targets
+#### Visual C targets
#
# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
#
@@ -1443,79 +1049,59 @@
# positives in some situations. Disabling it altogether masks both
# legitimate and false cases, but as we compile on multiple platforms,
# we rely on other compilers to catch legitimate cases.
- "VC-WIN64I" => {
+ "VC-common" => {
+ template => 1,
cc => "cl",
- cflags => "-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE",
- sys_id => "WIN64I",
- bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN",
- cpuid_obj => "ia64cpuid.o",
- bn_obj => "ia64.o ia64-mont.o",
- aes_obj => "aes_core.o aes_cbc.o aes-ia64.o",
- md5_obj => "md5-ia64.o",
- sha1_obj => "sha1-ia64.o sha256-ia64.o sha512-ia64.o",
- modes_obj => "ghash-ia64.o",
- perlasm_scheme => "ias",
+ cflags => "-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE",
dso_scheme => "win32",
},
- "debug-VC-WIN64I" => {
- cc => "cl",
- cflags => "-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE",
+ "VC-WIN64I" => {
+ inherit_from => [ "VC-common", asm("ia64_asm") ],
+ cflags => sub { join(" ",@_,"-DUNICODE -D_UNICODE"); },
sys_id => "WIN64I",
bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN",
- cpuid_obj => "ia64cpuid.o",
- bn_obj => "ia64.o",
- aes_obj => "aes_core.o aes_cbc.o aes-ia64.o",
- md5_obj => "md5-ia64.o",
- sha1_obj => "sha1-ia64.o sha256-ia64.o sha512-ia64.o",
- modes_obj => "ghash-ia64.o",
+ bn_obj => sub { my $r=join(" ",@_); $r=~s/bn\-//; $r; },
+ rc4_obj => "",
perlasm_scheme => "ias",
- dso_scheme => "win32",
},
"VC-WIN64A" => {
- inherit_from => [ "win_x86_64_asm" ],
- cc => "cl",
- cflags => "-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE",
- debug_cflags => "-Zi",
+ inherit_from => [ "VC-common", asm("x86_64_asm") ],
+ cflags => sub { join(" ",@_,"-DUNICODE -D_UNICODE"); },
sys_id => "WIN64A",
bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN",
+ bn_obj => sub { my $r=join(" ",@_); $r=~s/x86_64\-gcc/bn_asm/; $r; },
perlasm_scheme => "auto",
- dso_scheme => "win32",
},
-# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
-# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
"VC-WIN32" => {
- inherit_from => [ "x86_asm" ],
- cc => "cl",
- cflags => "-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE",
- debug_cflags => "-Zi",
+ # x86 Win32 target defaults to ANSI API, if you want UNICODE,
+ # configure with 'perl Configure VC-WIN32 -DUNICODE -D_UNICODE'
+ inherit_from => [ "VC-common", asm("x86_asm") ],
sys_id => "WIN32",
bn_ops => "BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}",
perlasm_scheme => "win32n",
- dso_scheme => "win32",
},
-# Unified CE target
"VC-CE" => {
- inherit_from => [ "no_asm_filler" ],
cc => "cl",
sys_id => "WINCE",
bn_ops => "BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}",
dso_scheme => "win32",
},

-# Borland C++ 4.5
+#### Borland C++ 4.5
"BC-32" => {
- inherit_from => [ "no_asm_filler" ],
cc => "bcc32",
sys_id => "WIN32",
bn_ops => "BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN",
dso_scheme => "win32",
},

-# MinGW
+#### MinGW
"mingw" => {
- inherit_from => [ "x86_asm" ],
+ inherit_from => [ asm("x86_asm") ],
cc => "gcc",
- cflags => "-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall",
+ cflags => "-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -march=i486 -Wall",
+ debug_cflags => "-g -O0",
+ release_clags => "-O3 -fomit-frame-pointer",
thread_cflag => "-D_MT",
sys_id => "MINGW32",
lflags => "-lws2_32 -lgdi32 -lcrypt32",
@@ -1527,17 +1113,20 @@
shared_ldflag => "-mno-cygwin",
shared_extension => ".dll.a",
},
-# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
-# compiled with one compiler with application compiled with another
-# compiler. It's possible to engage Applink support in mingw64 build,
-# but it's not done, because till mingw64 supports structured exception
-# handling, one can't seriously consider its binaries for using with
-# non-mingw64 run-time environment. And as mingw64 is always consistent
-# with itself, Applink is never engaged and can as well be omitted.
"mingw64" => {
- inherit_from => [ "x86_64_asm" ],
- cc => "gcc",
- cflags => "-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE",
+ # As for OPENSSL_USE_APPLINK. Applink makes it possible to use
+ # .dll compiled with one compiler with application compiled with
+ # another compiler. It's possible to engage Applink support in
+ # mingw64 build, but it's not done, because till mingw64
+ # supports structured exception handling, one can't seriously
+ # consider its binaries for using with non-mingw64 run-time
+ # environment. And as mingw64 is always consistent with itself,
+ # Applink is never engaged and can as well be omitted.
+ inherit_from => [ asm("x86_64_asm") ],
+ cc => "gcc",
+ cflags => "-mno-cygwin -DL_ENDIAN -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE",
+ debug_cflags => "-g -O0",
+ release_clags => "-O3",
thread_cflag => "-D_MT",
sys_id => "MINGW64",
lflags => "-lws2_32 -lgdi32 -lcrypt32",
@@ -1550,9 +1139,8 @@
shared_extension => ".dll.a",
},

-# UWIN
+#### UWIN
"UWIN" => {
- inherit_from => [ "no_asm_filler" ],
cc => "cc",
cflags => "-DTERMIOS -DL_ENDIAN -O -Wall",
sys_id => "UWIN",
@@ -1560,11 +1148,13 @@
dso_scheme => "win32",
},

-# Cygwin
+#### Cygwin
"Cygwin" => {
- inherit_from => [ "x86_asm" ],
+ inherit_from => [ asm("x86_asm") ],
cc => "gcc",
- cflags => "-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall",
+ cflags => "-DTERMIOS -DL_ENDIAN -march=i486 -Wall",
+ debug_cflags => "-g -O0",
+ release_clags => "-O3 -fomit-frame-pointer",
sys_id => "CYGWIN",
bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
perlasm_scheme => "coff",
@@ -1575,9 +1165,11 @@
shared_extension => ".dll.a",
},
"Cygwin-x86_64" => {
- inherit_from => [ "x86_64_asm" ],
+ inherit_from => [ asm("x86_64_asm") ],
cc => "gcc",
- cflags => "-DTERMIOS -DL_ENDIAN -O3 -Wall",
+ cflags => "-DTERMIOS -DL_ENDIAN -Wall",
+ debug_cflags => "-g -O0",
+ release_clags => "-O3",
sys_id => "CYGWIN",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
perlasm_scheme => "mingw64",
@@ -1588,7 +1180,7 @@
shared_extension => ".dll.a",
},

-# NetWare from David Ward (dsw...@novell.com)
+#### NetWare from David Ward (dsw...@novell.com)
# requires either MetroWerks NLM development tools, or gcc / nlmconv
# NetWare defaults socket bio to WinSock sockets. However,
# the builds can be configured to use BSD sockets instead.
@@ -1611,7 +1203,7 @@
cflags => "-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall",
bn_ops => "${x86_gcc_opts}",
},
-# netware-libc => LibC/NKS support
+ # netware-libc => LibC/NKS support
"netware-libc" => {
cc => "mwccnlm",
bn_ops => "BN_LLONG ${x86_gcc_opts}",
@@ -1631,9 +1223,9 @@
bn_ops => "BN_LLONG ${x86_gcc_opts}",
},

-# DJGPP
+#### DJGPP
"DJGPP" => {
- inherit_from => [ "x86_asm" ],
+ inherit_from => [ asm("x86_asm") ],
cc => "gcc",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall",
sys_id => "MSDOS",
@@ -1642,7 +1234,7 @@
perlasm_scheme => "a.out",
},

-# Ultrix from Bernhard Simon <si...@zid.tuwien.ac.at>
+#### Ultrix from Bernhard Simon <si...@zid.tuwien.ac.at>
"ultrix-cc" => {
cc => "cc",
cflags => "-std1 -O -Olimit 2500 -DL_ENDIAN",
@@ -1658,11 +1250,11 @@
##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",

##### MacOS X (a.k.a. Darwin) setup
- "darwin-ppc-cc" => {
- inherit_from => [ "ppc32_asm" ],
+ "darwin-common" => {
+ template => 1,
cc => "cc",
- cflags => "-arch ppc -DB_ENDIAN -Wa,-force_cpusubtype_ALL",
- debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall -O",
+ cflags => "",
+ debug_cflags => "-g -O0",
release_cflags => "-O3",
thread_cflag => "-D_REENTRANT",
sys_id => "MACOSX",
@@ -1672,59 +1264,39 @@
dso_scheme => "dlfcn",
shared_target => "darwin-shared",
shared_cflag => "-fPIC -fno-common",
- shared_ldflag => "-arch ppc -dynamiclib",
+ shared_ldflag => "-dynamiclib",
shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
+ "darwin-ppc-cc" => {
+ inherit_from => [ "darwin-common", asm("ppc32_asm") ],
+ cflags => "-arch ppc -DB_ENDIAN -Wa,-force_cpusubtype_ALL",
+ perlasm_scheme => "osx32",
+ shared_ldflag => "-arch ppc -dynamiclib",
+ },
"darwin64-ppc-cc" => {
- inherit_from => [ "ppc64_asm" ],
- cc => "cc",
- cflags => "-arch ppc64 -O3 -DB_ENDIAN",
- thread_cflag => "-D_REENTRANT",
- sys_id => "MACOSX",
- lflags => "-Wl,-search_paths_first%",
+ inherit_from => [ "darwin-common", asm("ppc64_asm") ],
+ cflags => "-arch ppc64 -DB_ENDIAN",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR",
perlasm_scheme => "osx64",
- dso_scheme => "dlfcn",
- shared_target => "darwin-shared",
- shared_cflag => "-fPIC -fno-common",
shared_ldflag => "-arch ppc64 -dynamiclib",
- shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
"darwin-i386-cc" => {
- inherit_from => [ "x86_asm_nocast" ],
- cc => "cc",
+ inherit_from => [ "darwin-common", asm("x86_asm") ],
cflags => "-arch i386 -DL_ENDIAN",
- debug_cflags => "-g3",
release_cflags => "-O3 -fomit-frame-pointer",
- thread_cflag => "-D_REENTRANT",
- sys_id => "MACOSX",
- lflags => "-Wl,-search_paths_first%",
bn_ops => "BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR",
perlasm_scheme => "macosx",
- dso_scheme => "dlfcn",
- shared_target => "darwin-shared",
- shared_cflag => "-fPIC -fno-common",
shared_ldflag => "-arch i386 -dynamiclib",
- shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
"darwin64-x86_64-cc" => {
- inherit_from => [ "x86_64_asm" ],
- cc => "cc",
+ inherit_from => [ "darwin-common", asm("x86_64_asm") ],
cflags => "-arch x86_64 -DL_ENDIAN -Wall",
- debug_cflags => "-ggdb -g2 -O0",
- release_cflags => "-O3",
- thread_cflag => "-D_REENTRANT",
- sys_id => "MACOSX",
- lflags => "-Wl,-search_paths_first%",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
perlasm_scheme => "macosx",
- dso_scheme => "dlfcn",
- shared_target => "darwin-shared",
- shared_cflag => "-fPIC -fno-common",
shared_ldflag => "-arch x86_64 -dynamiclib",
- shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
-# iPhoneOS/iOS
+
+#### iPhoneOS/iOS
#
# It takes three prior-set environment variables to make it work:
#
@@ -1737,51 +1309,24 @@
#
# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
-# CROSS_SDK=iPhoneOS7.0.sdk
+# CROSS_SDK=iPhoneOS.sdk
#
"iphoneos-cross" => {
- inherit_from => [ "no_asm_filler" ],
- cc => "cc",
- cflags => "-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common",
- thread_cflag => "-D_REENTRANT",
+ inherit_from => [ "darwin-common" ],
+ cflags => "-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common",
sys_id => "iOS",
- lflags => "-Wl,-search_paths_first%",
- bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR",
- dso_scheme => "dlfcn",
- shared_target => "darwin-shared",
- shared_cflag => "-fPIC -fno-common",
- shared_ldflag => "-dynamiclib",
- shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
"ios64-cross" => {
- inherit_from => [ "aarch64_asm" ],
- cc => "cc",
- cflags => "-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common",
- thread_cflag => "-D_REENTRANT",
+ inherit_from => [ "darwin-common", asm("aarch64_asm") ],
+ cflags => "-arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common",
sys_id => "iOS",
- lflags => "-Wl,-search_paths_first%",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
perlasm_scheme => "ios64",
- dso_scheme => "dlfcn",
- shared_target => "darwin-shared",
- shared_cflag => "-fPIC -fno-common",
- shared_ldflag => "-dynamiclib",
- shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
- },
-
-##### A/UX
- "aux3-gcc" => {
- cc => "gcc",
- cflags => "-O2 -DTERMIO",
- thread_cflag => "(unknown)",
- sys_id => "AUX",
- lflags => "-lbsd",
- bn_ops => "RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR",
},

##### GNU Hurd
"hurd-x86" => {
- inherit_from => [ "x86_elf_asm" ],
+ inherit_from => [ asm("x86_elf_asm") ],
cc => "gcc",
cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall",
thread_cflag => "-D_REENTRANT",
@@ -1835,7 +1380,6 @@
lflags => "-r",
},
"vxworks-simlinux" => {
- inherit_from => [ "no_asm_filler" ],
cc => "ccpentium",
cflags => "-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK",
sys_id => "VXWORKS",
@@ -1843,7 +1387,7 @@
ranlib => "ranlibpentium",
},
"vxworks-mips" => {
- inherit_from => [ "mips32_asm" ],
+ inherit_from => [ asm("mips32_asm") ],
cc => "ccmips",
cflags => "-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip",
thread_cflag => "-D_REENTRANT",
@@ -1853,9 +1397,8 @@
ranlib => "ranlibmips",
},

-# uClinux
+#### uClinux
"uClinux-dist" => {
- inherit_from => [ "no_asm_filler" ],
cc => "$ENV{'CC'}",
cflags => "\$(CFLAGS)",
thread_cflag => "-D_REENTRANT",
@@ -1869,7 +1412,6 @@
ranlib => "$ENV{'RANLIB'}",
},
"uClinux-dist64" => {
- inherit_from => [ "no_asm_filler" ],
cc => "$ENV{'CC'}",
cflags => "\$(CFLAGS)",
thread_cflag => "-D_REENTRANT",
diff --git a/Configure b/Configure
index 4a34b4e..c038f85 100755
--- a/Configure
+++ b/Configure
@@ -166,7 +166,6 @@ my $ppc32_asm=$ppc64_asm;
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";

-
# table of known configurations, read in from files
#
# The content of each entry can take one of two forms:
@@ -349,29 +348,7 @@ my %table=(
# Note: as long as someone might use old style configuration strings,
# or we bother supporting that, those variables need to stay

- # Filler used for when there are no asm files.
- no_asm_filler => {
- template => 1,
- cpuid_obj => "",
- bn_obj => "",
- ec_obj => "",
- des_obj => "",
- aes_obj => "",
- bf_obj => "",
- md5_obj => "",
- sha1_obj => "",
- cast_obj => "",
- rc4_obj => "",
- rmd160_obj => "",
- rc5_obj => "",
- wp_obj => "",
- cmll_obj => "",
- modes_obj => "",
- engines_obj => "",
- perlasm_scheme => "void"
- },
-
- x86_asm_nocast => {
+ x86_asm => {
template => 1,
cpuid_obj => "x86cpuid.o",
bn_obj => "bn-586.o co-586.o x86-mont.o x86-gf2m.o",
@@ -389,26 +366,15 @@ my %table=(
modes_obj => "ghash-x86.o",
engines_obj => "e_padlock-x86.o"
},
- x86_asm => {
- template => 1,
- inherit_from => [ "x86_asm_nocast" ],
- cast_obj => "cast-586.o",
- },
x86_elf_asm => {
template => 1,
inherit_from => [ "x86_asm" ],
perlasm_scheme => "elf"
},
- android_x86_elf_asm => {
- template => 1,
- inherit_from => [ "x86_asm" ],
- perlasm_scheme => "android"
- },
-
- _x86_64_asm => {
+ x86_64_asm => {
template => 1,
cpuid_obj => "x86_64cpuid.o",
- bn_obj => "x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o",
+ bn_obj => "x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o",
ec_obj => "ecp_nistz256.o ecp_nistz256-x86_64.o",
aes_obj => "aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o",
md5_obj => "md5-x86_64.o",
@@ -419,16 +385,6 @@ my %table=(
modes_obj => "ghash-x86_64.o aesni-gcm-x86_64.o",
engines_obj => "e_padlock-x86_64.o"
},
- x86_64_asm => {
- inherit_from => [ "_x86_64_asm" ],
- template => 1,
- bn_obj => sub { join(" ","x86_64-gcc.o",@_) }
- },
- win_x86_64_asm => {
- inherit_from => [ "_x86_64_asm" ],
- template => 1,
- bn_obj => sub { join(" ","bn_asm.o",@_) }
- },
ia64_asm => {
template => 1,
cpuid_obj => "ia64cpuid.o",
@@ -478,25 +434,15 @@ my %table=(
template => 1,
sha1_obj => sub { join(" ", @_, "sha512-mips.o") }
},
- _s390x_asm => {
+ s390x_asm => {
template => 1,
cpuid_obj => "s390xcap.o s390xcpuid.o",
- bn_obj => "s390x-mont.o s390x-gf2m.o",
+ bn_obj => "bn-s390x.o s390x-mont.o s390x-gf2m.o",
aes_obj => "aes-s390x.o aes-ctr.o aes-xts.o",
sha1_obj => "sha1-s390x.o sha256-s390x.o sha512-s390x.o",
rc4_obj => "rc4-s390x.o",
modes_obj => "ghash-s390x.o",
},
- s390x_asm => {
- template => 1,
- inherit_from => [ "_s390x_asm" ],
- bn_obj => sub { join(" ", "bn-s390x.o", @_) }
- },
- s390x_32_asm => {
- template => 1,
- inherit_from => [ "_s390x_asm" ],
- bn_obj => sub { join(" ", "bn_asm.o", @_) }
- },
armv4_asm => {
template => 1,
cpuid_obj => "armcap.o armv4cpuid.o",
@@ -524,26 +470,10 @@ my %table=(
modes_obj => "ghash-parisc.o",
perlasm_scheme => "32"
},
- _parisc20_asm => {
- template => 1,
- cpuid_obj => "pariscid.o",
- bn_obj => "parisc-mont.o",
- aes_obj => "aes_core.o aes_cbc.o aes-parisc.o",
- sha1_obj => "sha1-parisc.o sha256-parisc.o sha512-parisc.o",
- rc4_obj => "rc4-parisc.o",
- modes_obj => "ghash-parisc.o",
- perlasm_scheme => "64"
- },
- parisc20_32_asm => {
- template => 1,
- inherit_from => [ "_parisc20_asm" ],
- bn_obj => sub { join(" ", "pa-risc2.o", @_) },
- perlasm_scheme => "32",
- },
parisc20_64_asm => {
template => 1,
- inherit_from => [ "_parisc20_asm" ],
- bn_obj => sub { join(" ", "pa-risc2W.o", @_) },
+ inherit_from => [ "parisc11_asm" ],
+ bn_obj => sub { my $r=join(" ",@_); $r=~s/bn_asm/pa-risc2W/; $r; },
perlasm_scheme => "64",
},
ppc64_asm => {
@@ -560,6 +490,12 @@ my %table=(
},
);

+{ my $no_asm_templates=0;
+ foreach (@ARGV) { $no_asm_templates=1 if (/^\-?no\-asm$/); }
+ sub asm { $no_asm_templates?():@_; }
+}
+
+
sub stringtohash {
my $in = shift @_;
if (ref($in) eq "HASH") {
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

Matt Caswell

unread,

Mar 19, 2015, 10:03:52 AM3/19/15

to

The branch master has been updated

via 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f (commit)
via 367eab2f9f1d1131356118507d21534558863365 (commit)
via bdc234f3c362b211d9e9384da93f8a0ff212787e (commit)
via c225c3cf9bd67297fb0c297768d69cbc03fbdab7 (commit)
via e677e8d13595f7b3287f8feef7676feb301b0e8a (commit)
via d3cc5e610d1719a35cda52c9152134b490a8c944 (commit)
via 34e3edbf3a10953cb407288101fd56a629af22f9 (commit)
via 09f06923e636019c39c807cb59c481375e720556 (commit)
via 8106d61c354430d6bbbd7f8e7840a39efc0f5829 (commit)
via e83ee04bb7de800cdb71d522fa562e99328003a3 (commit)
via 1d2a18dc5a3b3363e17db5af8b6b0273856ac077 (commit)
from 7ead0c89185c46378e3ed85c0012d083f4b3039b (commit)

- Log -----------------------------------------------------------------
commit 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Mar 19 10:16:32 2015 +0000

Fix a failure to NULL a pointer freed on error.

Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 367eab2f9f1d1131356118507d21534558863365
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Mar 18 10:10:01 2015 +0000

Update NEWS

Resync NEWS with the latest version from 1.0.2

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit bdc234f3c362b211d9e9384da93f8a0ff212787e
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Mar 18 09:35:22 2015 +0000

Update CHANGES

Resync CHANGES with the latest version from 1.0.2.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit c225c3cf9bd67297fb0c297768d69cbc03fbdab7
Author: Emilia Kasper <emi...@openssl.org>
Date: Fri Feb 27 16:52:23 2015 +0100

PKCS#7: avoid NULL pointer dereferences with missing content

In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <st...@openssl.org>

commit e677e8d13595f7b3287f8feef7676feb301b0e8a
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Mar 9 23:11:45 2015 +0000

Fix ASN1_TYPE_cmp

Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit d3cc5e610d1719a35cda52c9152134b490a8c944
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Mar 10 16:38:32 2015 +0000

Fix DHE Null CKE vulnerability

If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.

CVE-2015-1787

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 34e3edbf3a10953cb407288101fd56a629af22f9
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue Mar 3 13:20:57 2015 +0000

Fix for CVE-2015-0291

If a client renegotiates using an invalid signature algorithms extension
it will crash a server with a NULL pointer dereference.

Thanks to David Ramos of Stanford University for reporting this bug.

CVE-2015-0291

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 09f06923e636019c39c807cb59c481375e720556
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Mar 9 23:16:33 2015 +0000

Reject invalid PSS parameters.

Fix a bug where invalid PSS parameters are not rejected resulting in a
NULL pointer exception. This can be triggered during certificate
verification so could be a DoS attack against a client or a server
enabling client authentication.

Thanks to Brian Carpenter for reporting this issues.

CVE-2015-0208

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 8106d61c354430d6bbbd7f8e7840a39efc0f5829
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Feb 23 02:32:44 2015 +0000

Free up ADB and CHOICE if already initialised.

CVE-2015-0287

Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit e83ee04bb7de800cdb71d522fa562e99328003a3
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Mar 9 16:09:04 2015 +0000

Fix Seg fault in DTLSv1_listen

The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next that can lead to a segmentation fault. Erorrs processing the initial
ClientHello can trigger this scenario. An example of such an error could
be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
server.

CVE-2015-0207

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 1d2a18dc5a3b3363e17db5af8b6b0273856ac077
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Mar 2 09:27:10 2015 +0000

Multiblock corrupted pointer fix

OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.

CVE-2015-0290

Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 496 +++++++++++++++++++++---------------------------
NEWS | 117 ++++--------
crypto/asn1/a_type.c | 3 +
crypto/asn1/tasn_dec.c | 24 ++-
crypto/asn1/x_x509.c | 12 +-
crypto/ec/ec_asn1.c | 7 +-
crypto/pkcs7/pk7_doit.c | 87 +++++++--
crypto/pkcs7/pk7_lib.c | 3 +
crypto/rsa/rsa_ameth.c | 3 +-
ssl/d1_lib.c | 3 +
ssl/s3_pkt.c | 2 +-
ssl/s3_srvr.c | 11 +-
ssl/t1_lib.c | 16 +-
13 files changed, 389 insertions(+), 395 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8d6fcaf..5dd7d8d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -370,7 +370,170 @@
whose return value is often ignored.
[Steve Henson]

- Changes between 1.0.1k and 1.0.2 [xx XXX xxxx]
+ Changes between 1.0.2 and 1.0.2a [xx XXX xxxx]
+
+ *) ClientHello sigalgs DoS fix
+
+ If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
+ invalid signature algorithms extension a NULL pointer dereference will
+ occur. This can be exploited in a DoS attack against the server.
+
+ This issue was was reported to OpenSSL by David Ramos of Stanford
+ University.
+ (CVE-2015-0291)
+ [Stephen Henson and Matt Caswell]
+
+ *) Multiblock corrupted pointer fix
+
+ OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
+ feature only applies on 64 bit x86 architecture platforms that support AES
+ NI instructions. A defect in the implementation of "multiblock" can cause
+ OpenSSL's internal write buffer to become incorrectly set to NULL when
+ using non-blocking IO. Typically, when the user application is using a
+ socket BIO for writing, this will only result in a failed connection.
+ However if some other BIO is used then it is likely that a segmentation
+ fault will be triggered, thus enabling a potential DoS attack.
+
+ This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller.
+ (CVE-2015-0290)
+ [Matt Caswell]
+
+ *) Segmentation fault in DTLSv1_listen fix
+
+ The DTLSv1_listen function is intended to be stateless and processes the
+ initial ClientHello from many peers. It is common for user code to loop
+ over the call to DTLSv1_listen until a valid ClientHello is received with
+ an associated cookie. A defect in the implementation of DTLSv1_listen means
+ that state is preserved in the SSL object from one invocation to the next
+ that can lead to a segmentation fault. Errors processing the initial
+ ClientHello can trigger this scenario. An example of such an error could be
+ that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
+ server.
+
+ This issue was reported to OpenSSL by Per Allansson.
+ (CVE-2015-0207)
+ [Matt Caswell]
+
+ *) Segmentation fault in ASN1_TYPE_cmp fix
+
+ The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
+ made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
+ certificate signature algorithm consistency this can be used to crash any
+ certificate verification operation and exploited in a DoS attack. Any
+ application which performs certificate verification is vulnerable including
+ OpenSSL clients and servers which enable client authentication.
+ (CVE-2015-0286)
+ [Stephen Henson]
+
+ *) Segmentation fault for invalid PSS parameters fix
+
+ The signature verification routines will crash with a NULL pointer
+ dereference if presented with an ASN.1 signature using the RSA PSS
+ algorithm and invalid parameters. Since these routines are used to verify
+ certificate signature algorithms this can be used to crash any
+ certificate verification operation and exploited in a DoS attack. Any
+ application which performs certificate verification is vulnerable including
+ OpenSSL clients and servers which enable client authentication.
+
+ This issue was was reported to OpenSSL by Brian Carpenter.
+ (CVE-2015-0208)
+ [Stephen Henson]
+
+ *) ASN.1 structure reuse memory corruption fix
+
+ Reusing a structure in ASN.1 parsing may allow an attacker to cause
+ memory corruption via an invalid write. Such reuse is and has been
+ strongly discouraged and is believed to be rare.
+
+ Applications that parse structures containing CHOICE or ANY DEFINED BY
+ components may be affected. Certificate parsing (d2i_X509 and related
+ functions) are however not affected. OpenSSL clients and servers are
+ not affected.
+ (CVE-2015-0287)
+ [Stephen Henson]
+
+ *) PKCS7 NULL pointer dereferences fix
+
+ The PKCS#7 parsing code does not handle missing outer ContentInfo
+ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
+ missing content and trigger a NULL pointer dereference on parsing.
+
+ Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
+ otherwise parse PKCS#7 structures from untrusted sources are
+ affected. OpenSSL clients and servers are not affected.
+
+ This issue was reported to OpenSSL by Michal Zalewski (Google).
+ (CVE-2015-0289)
+ [Emilia Käsper]
+
+ *) DoS via reachable assert in SSLv2 servers fix
+
+ A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
+ servers that both support SSLv2 and enable export cipher suites by sending
+ a specially crafted SSLv2 CLIENT-MASTER-KEY message.
+
+ This issue was discovered by Sean Burford (Google) and Emilia Käsper
+ (OpenSSL development team).
+ (CVE-2015-0293)
+ [Emilia Käsper]
+
+ *) Empty CKE with client auth and DHE fix
+
+ If client auth is used then a server can seg fault in the event of a DHE
+ ciphersuite being selected and a zero length ClientKeyExchange message
+ being sent by the client. This could be exploited in a DoS attack.
+ (CVE-2015-1787)
+ [Matt Caswell]
+
+ *) Handshake with unseeded PRNG fix
+
+ Under certain conditions an OpenSSL 1.0.2 client can complete a handshake
+ with an unseeded PRNG. The conditions are:
+ - The client is on a platform where the PRNG has not been seeded
+ automatically, and the user has not seeded manually
+ - A protocol specific client method version has been used (i.e. not
+ SSL_client_methodv23)
+ - A ciphersuite is used that does not require additional random data from
+ the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
+
+ If the handshake succeeds then the client random that has been used will
+ have been generated from a PRNG with insufficient entropy and therefore the
+ output may be predictable.
+
+ For example using the following command with an unseeded openssl will
+ succeed on an unpatched platform:
+
+ openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
+ (CVE-2015-0285)
+ [Matt Caswell]
+
+ *) Use After Free following d2i_ECPrivatekey error fix
+
+ A malformed EC private key file consumed via the d2i_ECPrivateKey function
+ could cause a use after free condition. This, in turn, could cause a double
+ free in several private key parsing functions (such as d2i_PrivateKey
+ or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
+ for applications that receive EC private keys from untrusted
+ sources. This scenario is considered rare.
+
+ This issue was discovered by the BoringSSL project and fixed in their
+ commit 517073cd4b.
+ (CVE-2015-0209)
+ [Matt Caswell]
+
+ *) X509_to_X509_REQ NULL pointer deref fix
+
+ The function X509_to_X509_REQ will crash with a NULL pointer dereference if
+ the certificate key is invalid. This function is rarely used in practice.
+
+ This issue was discovered by Brian Carpenter.
+ (CVE-2015-0288)
+ [Stephen Henson]
+
+ *) Removed the export ciphers from the DEFAULT ciphers
+ [Kurt Roeckx]
+
+ Changes between 1.0.1l and 1.0.2 [22 Jan 2015]

*) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
ARMv5 through ARMv8, as opposite to "locking" it to single one.
@@ -700,7 +863,35 @@
X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and
X509_CINF_get_signature were reverted post internal team review.

- Changes between 1.0.1j and 1.0.1k [xx XXX xxxx]
+ Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
+
+ *) Build fixes for the Windows and OpenVMS platforms
+ [Matt Caswell and Richard Levitte]
+
+ Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
+
+ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+ message can cause a segmentation fault in OpenSSL due to a NULL pointer
+ dereference. This could lead to a Denial Of Service attack. Thanks to
+ Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+ (CVE-2014-3571)
+ [Steve Henson]
+
+ *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
+ dtls1_buffer_record function under certain conditions. In particular this
+ could occur if an attacker sent repeated DTLS records with the same
+ sequence number but for the next epoch. The memory leak could be exploited
+ by an attacker in a Denial of Service attack through memory exhaustion.
+ Thanks to Chris Mueller for reporting this issue.
+ (CVE-2015-0206)
+ [Matt Caswell]
+
+ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+ method would be set to NULL which could later result in a NULL pointer
+ dereference. Thanks to Frank Schmirler for reporting this issue.
+ (CVE-2014-3569)
+ [Kurt Roeckx]

*) Abort handshake if server key exchange message is omitted for ephemeral
ECDH ciphersuites.
@@ -719,6 +910,17 @@
(CVE-2015-0204)
[Steve Henson]

+ *) Fixed issue where DH client certificates are accepted without verification.
+ An OpenSSL server will accept a DH certificate for client authentication
+ without the certificate verify message. This effectively allows a client to
+ authenticate without the use of a private key. This only affects servers
+ which trust a client certificate authority which issues certificates
+ containing DH keys: these are extremely rare and hardly ever encountered.
+ Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
+ this issue.
+ (CVE-2015-0205)
+ [Steve Henson]
+
*) Ensure that the session ID context of an SSL is updated when its
SSL_CTX is updated via SSL_set_SSL_CTX.

@@ -763,6 +965,17 @@
(CVE-2014-8275)
[Steve Henson]

+ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+ results on some platforms, including x86_64. This bug occurs at random
+ with a very low probability, and is not known to be exploitable in any
+ way, though its exact impact is difficult to determine. Thanks to Pieter
+ Wuille (Blockstream) who reported this issue and also suggested an initial
+ fix. Further analysis was conducted by the OpenSSL development team and
+ Adam Langley of Google. The final fix was developed by Andy Polyakov of
+ the OpenSSL core team.
+ (CVE-2014-3570)
+ [Andy Polyakov]
+
*) Do not resume sessions on the server if the negotiated protocol
version does not match the session's version. Resuming with a different
version, while not strictly forbidden by the RFC, is of questionable
@@ -1419,63 +1632,6 @@
Add command line options to s_client/s_server.
[Steve Henson]

- Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
-
- *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
-
- This addresses the flaw in CBC record processing discovered by
- Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
- at: http://www.isg.rhul.ac.uk/tls/
-
- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
- Security Group at Royal Holloway, University of London
- (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
- Emilia Käsper for the initial patch.
- (CVE-2013-0169)
- [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
-
- *) Return an error when checking OCSP signatures when key is NULL.
- This fixes a DoS attack. (CVE-2013-0166)
- [Steve Henson]
-
- *) Call OCSP Stapling callback after ciphersuite has been chosen, so
- the right response is stapled. Also change SSL_get_certificate()
- so it returns the certificate actually sent.
- See http://rt.openssl.org/Ticket/Display.html?id=2836.
- (This is a backport)
- [Rob Stradling <rob.st...@comodo.com>]
-
- *) Fix possible deadlock when decoding public keys.
- [Steve Henson]
-
- Changes between 1.0.0i and 1.0.0j [10 May 2012]
-
- [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
- OpenSSL 1.0.1.]
-
- *) Sanity check record length before skipping explicit IV in DTLS
- to fix DoS attack.
-
- Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
- fuzzing as a service testing platform.
- (CVE-2012-2333)
- [Steve Henson]
-
- *) Initialise tkeylen properly when encrypting CMS messages.
- Thanks to Solar Designer of Openwall for reporting this issue.
- [Steve Henson]
-
- Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
-
- *) Check for potentially exploitable overflows in asn1_d2i_read_bio
- BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
- in CRYPTO_realloc_clean.
-
- Thanks to Tavis Ormandy, Google Security Team, for discovering this
- issue and to Adam Langley <a...@chromium.org> for fixing it.
- (CVE-2012-2110)
- [Adam Langley (Google), Tavis Ormandy, Google Security Team]
-
Changes between 1.0.0g and 1.0.0h [12 Mar 2012]

*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
@@ -2466,228 +2622,6 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]

- Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
-
- *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
-
- This addresses the flaw in CBC record processing discovered by
- Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
- at: http://www.isg.rhul.ac.uk/tls/
-
- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
- Security Group at Royal Holloway, University of London
- (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
- Emilia Käsper for the initial patch.
- (CVE-2013-0169)
- [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
-
- *) Return an error when checking OCSP signatures when key is NULL.
- This fixes a DoS attack. (CVE-2013-0166)
- [Steve Henson]
-
- *) Call OCSP Stapling callback after ciphersuite has been chosen, so
- the right response is stapled. Also change SSL_get_certificate()
- so it returns the certificate actually sent.
- See http://rt.openssl.org/Ticket/Display.html?id=2836.
- (This is a backport)
- [Rob Stradling <rob.st...@comodo.com>]
-
- *) Fix possible deadlock when decoding public keys.
- [Steve Henson]
-
- Changes between 0.9.8w and 0.9.8x [10 May 2012]
-
- *) Sanity check record length before skipping explicit IV in DTLS
- to fix DoS attack.
-
- Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
- fuzzing as a service testing platform.
- (CVE-2012-2333)
- [Steve Henson]
-
- *) Initialise tkeylen properly when encrypting CMS messages.
- Thanks to Solar Designer of Openwall for reporting this issue.
- [Steve Henson]
-
- Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
-
- *) The fix for CVE-2012-2110 did not take into account that the
- 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
- int in OpenSSL 0.9.8, making it still vulnerable. Fix by
- rejecting negative len parameter. (CVE-2012-2131)
- [Tomas Hoger <tho...@redhat.com>]
-
- Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
-
- *) Check for potentially exploitable overflows in asn1_d2i_read_bio
- BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
- in CRYPTO_realloc_clean.
-
- Thanks to Tavis Ormandy, Google Security Team, for discovering this
- issue and to Adam Langley <a...@chromium.org> for fixing it.
- (CVE-2012-2110)
- [Adam Langley (Google), Tavis Ormandy, Google Security Team]
-
- Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
-
- *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
- in CMS and PKCS7 code. When RSA decryption fails use a random key for
- content decryption and always return the same error. Note: this attack
- needs on average 2^20 messages so it only affects automated senders. The
- old behaviour can be reenabled in the CMS code by setting the
- CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
- an MMA defence is not necessary.
- Thanks to Ivan Nestlerode <inest...@us.ibm.com> for discovering
- this issue. (CVE-2012-0884)
- [Steve Henson]
-
- *) Fix CVE-2011-4619: make sure we really are receiving a
- client hello before rejecting multiple SGC restarts. Thanks to
- Ivan Nestlerode <inest...@us.ibm.com> for discovering this bug.
- [Steve Henson]
-
- Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
-
- *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
- Thanks to Antonio Martin, Enterprise Secure Access Research and
- Development, Cisco Systems, Inc. for discovering this bug and
- preparing a fix. (CVE-2012-0050)
- [Antonio Martin]
-
- Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
-
- *) Nadhem Alfardan and Kenny Paterson have discovered an extension
- of the Vaudenay padding oracle attack on CBC mode encryption
- which enables an efficient plaintext recovery attack against
- the OpenSSL implementation of DTLS. Their attack exploits timing
- differences arising during decryption processing. A research
- paper describing this attack can be found at:
- http://www.isg.rhul.ac.uk/~kp/dtls.pdf
- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
- Security Group at Royal Holloway, University of London
- (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
- <segge...@fh-muenster.de> and Michael Tuexen <tue...@fh-muenster.de>
- for preparing the fix. (CVE-2011-4108)
- [Robin Seggelmann, Michael Tuexen]
-
- *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
- [Ben Laurie, Kasper <eka...@google.com>]
-
- *) Clear bytes used for block padding of SSL 3.0 records.
- (CVE-2011-4576)
- [Adam Langley (Google)]
-
- *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
- Kadianakis <desn...@gmail.com> for discovering this issue and
- Adam Langley for preparing the fix. (CVE-2011-4619)
- [Adam Langley (Google)]
-
- *) Prevent malformed RFC3779 data triggering an assertion failure.
- Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
- and Rob Austein <s...@hactrn.net> for fixing it. (CVE-2011-4577)
- [Rob Austein <s...@hactrn.net>]
-
- *) Fix ssl_ciph.c set-up race.
- [Adam Langley (Google)]
-
- *) Fix spurious failures in ecdsatest.c.
- [Emilia Käsper (Google)]
-
- *) Fix the BIO_f_buffer() implementation (which was mixing different
- interpretations of the '..._len' fields).
- [Adam Langley (Google)]
-
- *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
- BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
- threads won't reuse the same blinding coefficients.
-
- This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
- lock to call BN_BLINDING_invert_ex, and avoids one use of
- BN_BLINDING_update for each BN_BLINDING structure (previously,
- the last update always remained unused).
- [Emilia Käsper (Google)]
-
- *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
- for multi-threaded use of ECDH.
- [Adam Langley (Google)]
-
- *) Fix x509_name_ex_d2i memory leak on bad inputs.
- [Bodo Moeller]
-
- *) Add protection against ECDSA timing attacks as mentioned in the paper
- by Billy Bob Brumley and Nicola Tuveri, see:
-
- http://eprint.iacr.org/2011/232.pdf
-
- [Billy Bob Brumley and Nicola Tuveri]
-
- Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
-
- *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
- [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
-
- *) Fix bug in string printing code: if *any* escaping is enabled we must
- escape the escape character (backslash) or the resulting string is
- ambiguous.
- [Steve Henson]
-
- Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
-
- *) Disable code workaround for ancient and obsolete Netscape browsers
- and servers: an attacker can use it in a ciphersuite downgrade attack.
- Thanks to Martin Rex for discovering this bug. CVE-2010-4180
- [Steve Henson]
-
- *) Fixed J-PAKE implementation error, originally discovered by
- Sebastien Martini, further info and confirmation from Stefan
- Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
- [Ben Laurie]
-
- Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
-
- *) Fix extension code to avoid race conditions which can result in a buffer
- overrun vulnerability: resumed sessions must not be modified as they can
- be shared by multiple threads. CVE-2010-3864
- [Steve Henson]
-
- *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
- [Steve Henson]
-
- *) Don't reencode certificate when calculating signature: cache and use
- the original encoding instead. This makes signature verification of
- some broken encodings work correctly.
- [Steve Henson]
-
- *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
- is also one of the inputs.
- [Emilia Käsper <emilia...@esat.kuleuven.be> (Google)]
-
- *) Don't repeatedly append PBE algorithms to table if they already exist.
- Sort table on each new add. This effectively makes the table read only
- after all algorithms are added and subsequent calls to PKCS12_pbe_add
- etc are non-op.
- [Steve Henson]
-
- Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
-
- [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
- OpenSSL 1.0.0.]
-
- *) Correct a typo in the CMS ASN1 module which can result in invalid memory
- access or freeing data twice (CVE-2010-0742)
- [Steve Henson, Ronald Moesbergen <inter...@gmail.com>]
-
- *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
- common in certificates and some applications which only call
- SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
- [Steve Henson]
-
- *) VMS fixes:
- Reduce copying into .apps and .test in makevms.com
- Don't try to use blank CA certificate in CA.com
- Allow use of C files from original directories in maketests.com
- [Steven M. Schweda" <s...@antinode.info>]
-
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]

*) When rejecting SSL/TLS records due to an incorrect version number, never
diff --git a/NEWS b/NEWS
index 1aa3ea7..cbf847a 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,23 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

- Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.2 [in beta]:
+ Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [under development]
+
+ o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
+ o Multiblock corrupted pointer fix (CVE-2015-0290)
+ o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
+ o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+ o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
+ o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+ o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+ o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+ o Empty CKE with client auth and DHE fix (CVE-2015-1787)
+ o Handshake with unseeded PRNG fix (CVE-2015-0285)
+ o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+ o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+ o Removed the export ciphers from the DEFAULT ciphers
+
+ Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:

o Suite B support for TLS 1.2 and DTLS 1.2
o Support for DTLS 1.2
@@ -16,6 +32,21 @@
o ALPN support.
o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.

+ Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
+ o Build fixes for the Windows and OpenVMS platforms
+
+ Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+
+ o Fix for CVE-2014-3571
+ o Fix for CVE-2015-0206
+ o Fix for CVE-2014-3569
+ o Fix for CVE-2014-3572
+ o Fix for CVE-2015-0204
+ o Fix for CVE-2015-0205
+ o Fix for CVE-2014-8275
+ o Fix for CVE-2014-3570
+
Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]

o Fix for CVE-2014-3513
@@ -39,6 +70,7 @@

o Fix for CVE-2014-0224
o Fix for CVE-2014-0221
+ o Fix for CVE-2014-0198
o Fix for CVE-2014-0195
o Fix for CVE-2014-3470
o Fix for CVE-2010-5298
@@ -98,23 +130,6 @@
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
o SRP support.

- Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014]
-
- o Fix for DTLS retransmission bug CVE-2013-6450
-
- Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
-
- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
- o Fix OCSP bad key DoS attack CVE-2013-0166
-
- Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
-
- o Fix DTLS record length checking bug CVE-2012-2333
-
- Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
-
- o Fix for ASN1 overflow bug CVE-2012-2110
-
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:

o Fix for CMS/PKCS#7 MMA CVE-2012-0884
@@ -187,72 +202,6 @@
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.

- Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
-
- o Fix for CVE-2014-0224
- o Fix for CVE-2014-0221
- o Fix for CVE-2014-0195
- o Fix for CVE-2014-3470
- o Fix for CVE-2014-0076
- o Fix for CVE-2010-5298
- o Fix to TLS alert handling.
-
- Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
-
- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
- o Fix OCSP bad key DoS attack CVE-2013-0166
-
- Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
-
- o Fix DTLS record length checking bug CVE-2012-2333
-
- Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
-
- o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
-
- Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
-
- o Fix for ASN1 overflow bug CVE-2012-2110
-
- Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
-
- o Fix for CMS/PKCS#7 MMA CVE-2012-0884
- o Corrected fix for CVE-2011-4619
- o Various DTLS fixes.
-
- Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
-
- o Fix for DTLS DoS issue CVE-2012-0050
-
- Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
-
- o Fix for DTLS plaintext recovery attack CVE-2011-4108
- o Fix policy check double free error CVE-2011-4109
- o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
- o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
- o Check for malformed RFC3779 data CVE-2011-4577
-
- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
-
- o Fix for security issue CVE-2011-0014
-
- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
-
- o Fix for security issue CVE-2010-4180
- o Fix for CVE-2010-4252
-
- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
-
- o Fix for security issue CVE-2010-3864.
-
- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
-
- o Fix for security issue CVE-2010-0742.
- o Various DTLS fixes.
- o Recognise SHA2 certificates if only SSL algorithms added.
- o Fix for no-rc4 compilation.
- o Chil ENGINE unload workaround.
-
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:

o CFB cipher definition fixes.
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index 13ecfcd..e7ec49d 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -115,6 +115,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
case V_ASN1_OBJECT:
result = OBJ_cmp(a->value.object, b->value.object);
break;
+ case V_ASN1_BOOLEAN:
+ result = a->value.boolean - b->value.boolean;
+ break;
case V_ASN1_NULL:
result = 0; /* They do not have content. */
break;
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index abdeba4..3d62284 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -303,9 +303,16 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
case ASN1_ITYPE_CHOICE:
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;
-
- /* Allocate structure */
- if (!*pval && !ASN1_item_ex_new(pval, it)) {
+ if (*pval) {
+ /* Free up and zero CHOICE value if initialised */
+ i = asn1_get_choice_selector(pval, it);
+ if ((i >= 0) && (i < it->tcount)) {
+ tt = it->templates + i;
+ pchptr = asn1_get_field_ptr(pval, tt);
+ ASN1_template_free(pchptr, tt);
+ asn1_set_choice_selector(pval, -1, it);
+ }
+ } else if (!ASN1_item_ex_new(pval, it)) {
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
}
@@ -385,6 +392,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;

+ /* Free up and zero any ADB found */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
+ const ASN1_TEMPLATE *seqtt;
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ ASN1_template_free(pseqval, seqtt);
+ }
+ }
+
/* Get each field entry */
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
const ASN1_TEMPLATE *seqtt;
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index f487dbb..36f6ff4 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -168,8 +168,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
{
const unsigned char *q;
X509 *ret;
+ int freeret = 0;
+
/* Save start position */
q = *pp;
+
+ if(!a || *a == NULL) {
+ freeret = 1;
+ }
ret = d2i_X509(a, pp, length);
/* If certificate unreadable then forget it */
if (!ret)
@@ -182,7 +188,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
goto err;
return ret;
err:
- X509_free(ret);
+ if(freeret) {
+ X509_free(ret);
+ if (a)
+ *a = NULL;
+ }
return NULL;
}

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 6ff94a3..b4b0e9f 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1226,16 +1226,19 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
return NULL;
}
- if (a)
- *a = ret;
} else
ret = *a;

if (!d2i_ECPKParameters(&ret->group, in, len)) {
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+ if (a == NULL || *a != ret)
+ EC_KEY_free(ret);
return NULL;
}

+ if (a)
+ *a = ret;
+
return ret;
}

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index f61d63b..25ac2df 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -261,6 +261,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
PKCS7_RECIP_INFO *ri = NULL;
ASN1_OCTET_STRING *os = NULL;

+ if (p7 == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+ return NULL;
+ }
+ /*
+ * The content field in the PKCS7 ContentInfo is optional, but that really
+ * only applies to inner content (precisely, detached signatures).
+ *
+ * When reading content, missing outer content is therefore treated as an
+ * error.
+ *
+ * When creating content, PKCS7_content_new() must be called before
+ * calling this method, so a NULL p7->d is always an error.
+ */
+ if (p7->d.ptr == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+ return NULL;
+ }
+
i = OBJ_obj2nid(p7->type);
p7->state = PKCS7_S_HEADER;

@@ -411,6 +430,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
unsigned char *ek = NULL, *tkey = NULL;
int eklen = 0, tkeylen = 0;

+ if (p7 == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+ return NULL;
+ }
+
+ if (p7->d.ptr == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+ return NULL;
+ }
+
i = OBJ_obj2nid(p7->type);
p7->state = PKCS7_S_HEADER;

@@ -683,6 +712,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
ASN1_OCTET_STRING *os = NULL;

+ if (p7 == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if (p7->d.ptr == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+
EVP_MD_CTX_init(&ctx_tmp);
i = OBJ_obj2nid(p7->type);
p7->state = PKCS7_S_HEADER;
@@ -722,6 +761,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
M_ASN1_OCTET_STRING_free(os);
+ os = NULL;
p7->d.sign->contents->d.data = NULL;
}
break;
@@ -731,6 +771,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
M_ASN1_OCTET_STRING_free(os);
+ os = NULL;
p7->d.digest->contents->d.data = NULL;
}
break;
@@ -796,22 +837,30 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
}

- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
- char *cont;
- long contlen;
- btmp = BIO_find_type(bio, BIO_TYPE_MEM);
- if (btmp == NULL) {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
- goto err;
- }
- contlen = BIO_get_mem_data(btmp, &cont);
+ if (!PKCS7_is_detached(p7)) {
/*
- * Mark the BIO read only then we can use its copy of the data
- * instead of making an extra copy.
+ * NOTE(emilia): I think we only reach os == NULL here because detached
+ * digested data support is broken.
*/
- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
- BIO_set_mem_eof_return(btmp, 0);
- ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+ if (os == NULL)
+ goto err;
+ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
+ char *cont;
+ long contlen;
+ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+ if (btmp == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+ goto err;
+ }
+ contlen = BIO_get_mem_data(btmp, &cont);
+ /*
+ * Mark the BIO read only then we can use its copy of the data
+ * instead of making an extra copy.
+ */
+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+ BIO_set_mem_eof_return(btmp, 0);
+ ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+ }
}
ret = 1;
err:
@@ -886,6 +935,16 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
STACK_OF(X509) *cert;
X509 *x509;

+ if (p7 == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if (p7->d.ptr == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+
if (PKCS7_type_is_signed(p7)) {
cert = p7->d.sign->cert;
} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index c773812..0c5fcaa 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -70,6 +70,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
nid = OBJ_obj2nid(p7->type);

switch (cmd) {
+ /* NOTE(emilia): does not support detached digested data. */
case PKCS7_OP_SET_DETACHED_SIGNATURE:
if (nid == NID_pkcs7_signed) {
ret = p7->detached = (int)larg;
@@ -444,6 +445,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)

STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
{
+ if (p7 == NULL || p7->d.ptr == NULL)
+ return NULL;
if (PKCS7_type_is_signed(p7)) {
return (p7->d.sign->signer_info);
} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 5e8701a..6f4c104 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -703,9 +703,10 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
return -1;
}
- if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
+ if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
/* Carry on */
return 2;
+ }
return -1;
}

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 626cecb..e9a2fc5 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -546,6 +546,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
{
int ret;

+ /* Ensure there is no state left over from a previous invocation */
+ SSL_clear(s);
+
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s->d1->listen = 1;

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 66fa9d1..cf02e49 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -804,7 +804,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)

i = ssl3_write_pending(s, type, &buf[tot], nw);
if (i <= 0) {
- if (i < 0) {
+ if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
OPENSSL_free(wb->buf);
wb->buf = NULL;
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index e5346b6..f8c7e37 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2233,10 +2233,17 @@ int ssl3_get_client_key_exchange(SSL *s)
if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
int idx = -1;
EVP_PKEY *skey = NULL;
- if (n)
+ if (n > 1) {
n2s(p, i);
- else
+ } else {
+ if (alg_k & SSL_kDHE) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+ goto f_err;
+ }
i = 0;
+ }
if (n && n != i + 2) {
if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b6e878a..8b75dba 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2693,6 +2693,7 @@ int tls1_set_server_sigalgs(SSL *s)
if (s->cert->shared_sigalgs) {
OPENSSL_free(s->cert->shared_sigalgs);
s->cert->shared_sigalgs = NULL;
+ s->cert->shared_sigalgslen = 0;
}
/* Clear certificate digests and validity flags */
for (i = 0; i < SSL_PKEY_NUM; i++) {
@@ -3396,6 +3397,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
if (c->shared_sigalgs) {
OPENSSL_free(c->shared_sigalgs);
c->shared_sigalgs = NULL;
+ c->shared_sigalgslen = 0;
}
/* If client use client signature algorithms if not NULL */
if (!s->server && c->client_sigalgs && !is_suiteb) {
@@ -3418,12 +3420,14 @@ static int tls1_set_shared_sigalgs(SSL *s)
preflen = c->peer_sigalgslen;
}
nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
- if (!nmatch)
- return 1;
- salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
- if (!salgs)
- return 0;
- nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
+ if (nmatch) {
+ salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
+ if (!salgs)
+ return 0;
+ nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
+ } else {
+ salgs = NULL;
+ }
c->shared_sigalgs = salgs;
c->shared_sigalgslen = nmatch;
return 1;

Richard Levitte

unread,

Mar 19, 2015, 5:50:19 PM3/19/15

to

The branch master has been updated

via 21ab123770ff42d8c5b8e6b1372ecef4881b786d (commit)
from 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f (commit)

- Log -----------------------------------------------------------------
commit 21ab123770ff42d8c5b8e6b1372ecef4881b786d
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Mar 19 22:35:12 2015 +0100

If the target is an old style debug- target, it will not have debugging [cl]flags

Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
Configure | 1 +
1 file changed, 1 insertion(+)

diff --git a/Configure b/Configure
index c038f85..35f8f8b 100755
--- a/Configure
+++ b/Configure
@@ -1196,6 +1196,7 @@ if ($d) {
&usage if (!defined($table{$target})
|| $table{$target}->{template}
|| ($build_prefix eq "debug_"
+ && $target !~ /^debug-/
&& !($table{$target}->{debug_cflags}
|| $table{$target}->{debug_lflags})));

Matt Caswell

unread,

Mar 20, 2015, 9:18:21 AM3/20/15

to

The branch master has been updated

via 3c381e54233be3d0dcbce7cc853c4767d979fe90 (commit)
via 98b8cdd32277cea829c31034a53f2487f750615d (commit)
via 504e643e0996fb842ac183023c3a6b9049af50ea (commit)
from 21ab123770ff42d8c5b8e6b1372ecef4881b786d (commit)

- Log -----------------------------------------------------------------
commit 3c381e54233be3d0dcbce7cc853c4767d979fe90
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Mar 3 16:08:58 2015 +0000

Add DTLS tests to make test

Updated test/testssl script to include the new DTLS capability in ssltest.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit 98b8cdd32277cea829c31034a53f2487f750615d
Author: David Woodhouse <dw...@infradead.org>
Date: Tue Mar 3 15:47:08 2015 +0000

Add DTLS support to ssltest

Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit 504e643e0996fb842ac183023c3a6b9049af50ea
Author: David Woodhouse <dw...@infradead.org>
Date: Tue Mar 3 15:39:26 2015 +0000

Add DTLS to SSL_get_version

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_lib.c | 6 ++++++
ssl/ssltest.c | 31 ++++++++++++++++++++++++++-----
test/testssl | 24 ++++++++++++++++++++++++
3 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a5eb3db..1e9b34f 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2735,6 +2735,12 @@ const char *SSL_get_version(const SSL *s)
return ("TLSv1");
else if (s->version == SSL3_VERSION)
return ("SSLv3");
+ else if (s->version == DTLS1_BAD_VER)
+ return ("DTLSv0.9");
+ else if (s->version == DTLS1_VERSION)
+ return ("DTLSv1");
+ else if (s->version == DTLS1_2_VERSION)
+ return ("DTLSv1.2");
else
return ("unknown");
}
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 12d3efb..a57d505 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -788,6 +788,10 @@ static void sv_usage(void)
fprintf(stderr, " -ssl3 - use SSLv3\n");
#endif
fprintf(stderr, " -tls1 - use TLSv1\n");
+#ifndef OPENSSL_NO_DTLS
+ fprintf(stderr, " -dtls1 - use DTLSv1\n");
+ fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
+#endif
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
fprintf(stderr, " -cert arg - Server certificate file\n");
@@ -958,7 +962,7 @@ int main(int argc, char *argv[])
int badop = 0;
int bio_pair = 0;
int force = 0;
- int tls1 = 0, ssl3 = 0, ret = 1;
+ int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl3 = 0, ret = 1;
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
@@ -1136,6 +1140,16 @@ int main(int argc, char *argv[])
no_protocol = 1;
#endif
ssl3 = 1;
+ } else if (strcmp(*argv, "-dtls1") == 0) {
+#ifdef OPENSSL_NO_DTLS
+ no_protocol = 1;
+#endif
+ dtls1 = 1;
+ } else if (strcmp(*argv, "-dtls12") == 0) {
+#ifdef OPENSSL_NO_DTLS
+ no_protocol = 1;
+#endif
+ dtls12 = 1;
} else if (strncmp(*argv, "-num", 4) == 0) {
if (--argc < 1)
goto bad;
@@ -1309,8 +1323,8 @@ int main(int argc, char *argv[])
goto end;
}

- if (ssl3 + tls1 > 1) {
- fprintf(stderr, "At most one of -ssl3, or -tls1 should "
+ if (ssl3 + tls1 + dtls1 + dtls12 > 1) {
+ fprintf(stderr, "At most one of -ssl3, -tls1, -dtls1 or -dtls12 should "
"be requested.\n");
EXIT(1);
}
@@ -1327,10 +1341,10 @@ int main(int argc, char *argv[])
goto end;
}

- if (!ssl3 && !tls1 && number > 1 && !reuse && !force) {
+ if (!ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
fprintf(stderr, "This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
- "or add one of -ssl3, -tls1, -reuse\n"
+ "or add one of -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
"to avoid protocol mismatch.\n");
EXIT(1);
}
@@ -1403,6 +1417,13 @@ int main(int argc, char *argv[])
meth = SSLv3_method();
else
#endif
+#ifndef OPENSSL_NO_DTLS
+ if (dtls1)
+ meth = DTLSv1_method();
+ else if (dtls12)
+ meth = DTLSv1_2_method();
+ else
+#endif
if (tls1)
meth = TLSv1_method();
else
diff --git a/test/testssl b/test/testssl
index 9c790e3..71b4d2a 100644
--- a/test/testssl
+++ b/test/testssl
@@ -73,6 +73,30 @@ $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 via BIO pair
$ssltest $extra || exit 1

+echo test dtlsv1
+$ssltest -dtls1 $extra || exit 1
+
+echo test dtlsv1 with server authentication
+$ssltest -dtls1 -server_auth $CA $extra || exit 1
+
+echo test dtlsv1 with client authentication
+$ssltest -dtls1 -client_auth $CA $extra || exit 1
+
+echo test dtlsv1 with both client and server authentication
+$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
+
+echo test dtlsv1.2
+$ssltest -dtls12 $extra || exit 1
+
+echo test dtlsv1.2 with server authentication
+$ssltest -dtls12 -server_auth $CA $extra || exit 1
+
+echo test dtlsv1.2 with client authentication
+$ssltest -dtls12 -client_auth $CA $extra || exit 1
+
+echo test dtlsv1.2 with both client and server authentication
+$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
+
if [ $dsa_cert = NO ]; then
echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
$ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1

Dr. Stephen Henson

unread,

Mar 21, 2015, 4:05:38 PM3/21/15

to

The branch master has been updated

via 77e127ea6e4801a0bb584717f966fa17adabc45f (commit)
via 5724bd49a2f11e1e9663ac82f4b5e63e18da65e6 (commit)
via e6abba3ad6107d35a6e8b01a1a145902edf0062d (commit)
via 1062ecfc53622ff42edef5af63ace39c23dd3b49 (commit)
from 3c381e54233be3d0dcbce7cc853c4767d979fe90 (commit)

- Log -----------------------------------------------------------------
commit 77e127ea6e4801a0bb584717f966fa17adabc45f

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Mar 20 22:53:16 2015 +0000

Add AES unwrap test with invalid key.

This tests the unwrap algorithm with an invalid key. The result should
be rejected without returning any plaintext.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit 5724bd49a2f11e1e9663ac82f4b5e63e18da65e6

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Mar 20 23:08:30 2015 +0000

Fix memory leak.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit e6abba3ad6107d35a6e8b01a1a145902edf0062d
Author: Richard Godbee <ric...@godbee.net>
Date: Fri Mar 13 21:23:21 2015 -0700

CRYPTO_128_unwrap(): Fix refactoring damage

crypto/modes/wrap128.c was heavily refactored to support AES Key Wrap
with Padding, and four bugs were introduced into CRYPTO_128_unwrap() at
that time:

- crypto_128_unwrap_raw()'s return value ('ret') is checked incorrectly,
and the function immediately returns 'ret' in (almost) all cases.
This makes the IV checking code later in the function unreachable, but
callers think the IV check succeeded since CRYPTO_128_unwrap()'s
return value is non-zero.

FIX: Return 0 (error) if crypto_128_unwrap_raw() returned 0 (error).

- crypto_128_unwrap_raw() writes the IV to the 'got_iv' buffer, not to
the first 8 bytes of the output buffer ('out') as the IV checking code
expects. This makes the IV check fail.

FIX: Compare 'iv' to 'got_iv', not 'out'.

- The data written to the output buffer ('out') is "cleansed" if the IV
check fails, but the code passes OPENSSL_cleanse() the input buffer
length ('inlen') instead of the number of bytes that
crypto_128_unwrap_raw() wrote to the output buffer ('ret'). This
means that OPENSSL_cleanse() could potentially write past the end of
'out'.

FIX: Change 'inlen' to 'ret' in the OPENSSL_cleanse() call.

- CRYPTO_128_unwrap() is returning the length of the input buffer
('inlen') instead of the number of bytes written to the output buffer
('ret'). This could cause the caller to read past the end of 'out'.

FIX: Return 'ret' instead of 'inlen' at the end of the function.

PR#3749

Reviewed-by: Stephen Henson <st...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit 1062ecfc53622ff42edef5af63ace39c23dd3b49
Author: Richard Godbee <ric...@godbee.net>
Date: Fri Mar 13 20:54:39 2015 -0700

wrap128.c: Fix Doxygen comments

Reviewed-by: Stephen Henson <st...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/evp_test.c | 20 ++++++++++++++++----
crypto/evp/evptests.txt | 9 +++++++++
crypto/modes/wrap128.c | 49 +++++++++++++++++++++++++------------------------
3 files changed, 50 insertions(+), 28 deletions(-)

diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
index 1b17f64..1524658 100644
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -247,16 +247,27 @@ static void hex_print(const char *name, const unsigned char *buf, size_t len)
fputs("\n", stderr);
}

+static void free_expected(struct evp_test *t)
+{
+ if (t->expected_err) {
+ OPENSSL_free(t->expected_err);
+ t->expected_err = NULL;
+ }
+ if (t->out_expected) {
+ OPENSSL_free(t->out_expected);
+ OPENSSL_free(t->out_got);
+ t->out_expected = NULL;
+ t->out_got = NULL;
+ }
+}
+
static void print_expected(struct evp_test *t)
{
if (t->out_expected == NULL)
return;
hex_print("Expected:", t->out_expected, t->out_len);
hex_print("Got: ", t->out_got, t->out_len);
- OPENSSL_free(t->out_expected);
- OPENSSL_free(t->out_got);
- t->out_expected = NULL;
- t->out_got = NULL;
+ free_expected(t);
}

static int check_test_error(struct evp_test *t)
@@ -313,6 +324,7 @@ static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth)
OPENSSL_free(t->expected_err);
t->expected_err = NULL;
}
+ free_expected(t);
}
t->meth = tmeth;
return 1;
diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt
index 8bf90d0..26d371c 100644
--- a/crypto/evp/evptests.txt
+++ b/crypto/evp/evptests.txt
@@ -2002,6 +2002,15 @@ Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21

+# Same as previous example but with invalid unwrap key: should be rejected
+# without returning any plaintext
+Cipher = id-aes256-wrap
+Operation = DECRYPT
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E00
+Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
+Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
+Result = CIPHERUPDATE_ERROR
+
# AES wrap tests from RFC5649
Cipher = id-aes192-wrap-pad
Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8
diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c
index 73718ae..fe33a98 100644
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
@@ -81,9 +81,9 @@ static const unsigned char default_aiv[] = {
*
* @param[in] key Key value.
* @param[in] iv IV value. Length = 8 bytes. NULL = use default_iv.
- * @param[in] in Plain text as n 64-bit blocks, n >= 2.
+ * @param[in] in Plaintext as n 64-bit blocks, n >= 2.
* @param[in] inlen Length of in.
- * @param[out] out Cipher text. Minimal buffer length = (inlen + 8) bytes.
+ * @param[out] out Ciphertext. Minimal buffer length = (inlen + 8) bytes.
* Input and output buffers can overlap if block function
* supports that.
* @param[in] block Block processing function.
@@ -127,19 +127,19 @@ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
}

/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2.
- * IV check (step 3) is responsibility of the caller.
+ * The IV check (step 3) is responsibility of the caller.
*
* @param[in] key Key value.
* @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes.
- * @param[out] out Plain text without IV.
+ * @param[out] out Plaintext without IV.
* Minimal buffer length = (inlen - 8) bytes.
* Input and output buffers can overlap if block function
* supports that.
- * @param[in] in Ciphertext text as n 64-bit blocks
+ * @param[in] in Ciphertext as n 64-bit blocks.
* @param[in] inlen Length of in.
* @param[in] block Block processing function.
* @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
- * or if inlen is not multiply of 8.
+ * or if inlen is not a multiple of 8.
* Output length otherwise.
*/
static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv,
@@ -174,21 +174,22 @@ static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv,
return inlen;
}

-/** Unwrapping according to RFC 3394 section 2.2.2 including IV check.
- * First block of plain text have to match supplied IV otherwise an error is
- * returned.
+/** Unwrapping according to RFC 3394 section 2.2.2, including the IV check.
+ * The first block of plaintext has to match the supplied IV, otherwise an
+ * error is returned.
*
* @param[in] key Key value.
- * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes.
- * @param[out] out Plain text without IV.
+ * @param[out] iv IV value to match against. Length = 8 bytes.
+ * NULL = use default_iv.
+ * @param[out] out Plaintext without IV.
* Minimal buffer length = (inlen - 8) bytes.
* Input and output buffers can overlap if block function
* supports that.
- * @param[in] in Ciphertext text as n 64-bit blocks
+ * @param[in] in Ciphertext as n 64-bit blocks.
* @param[in] inlen Length of in.
* @param[in] block Block processing function.
* @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
- * or if inlen is not multiply of 8
+ * or if inlen is not a multiple of 8
* or if IV doesn't match expected value.
* Output length otherwise.
*/
@@ -200,26 +201,26 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
unsigned char got_iv[8];

ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
- if (ret != inlen)
- return ret;
+ if (ret == 0)
+ return 0;

if (!iv)
iv = default_iv;
- if (CRYPTO_memcmp(out, iv, 8)) {
- OPENSSL_cleanse(out, inlen);
+ if (CRYPTO_memcmp(got_iv, iv, 8)) {
+ OPENSSL_cleanse(out, ret);
return 0;
}
- return inlen;
+ return ret;
}

/** Wrapping according to RFC 5649 section 4.1.
*
* @param[in] key Key value.
* @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv.
- * @param[out] out Cipher text. Minimal buffer length = (inlen + 15) bytes.
+ * @param[out] out Ciphertext. Minimal buffer length = (inlen + 15) bytes.
* Input and output buffers can overlap if block function
* supports that.
- * @param[in] in Plain text as n 64-bit blocks, n >= 2.
+ * @param[in] in Plaintext as n 64-bit blocks, n >= 2.
* @param[in] inlen Length of in.
* @param[in] block Block processing function.
* @return 0 if inlen is out of range [1, CRYPTO128_WRAP_MAX].
@@ -282,14 +283,14 @@ size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
*
* @param[in] key Key value.
* @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv.
- * @param[out] out Plain text. Minimal buffer length = inlen bytes.
+ * @param[out] out Plaintext. Minimal buffer length = inlen bytes.
* Input and output buffers can overlap if block function
* supports that.
- * @param[in] in Ciphertext text as n 64-bit blocks
+ * @param[in] in Ciphertext as n 64-bit blocks.
* @param[in] inlen Length of in.
* @param[in] block Block processing function.
* @return 0 if inlen is out of range [16, CRYPTO128_WRAP_MAX],
- * or if inlen is not multiply of 8
+ * or if inlen is not a multiple of 8
* or if IV and message length indicator doesn't match.
* Output length if unwrapping succeeded and IV matches.
*/
@@ -308,7 +309,7 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
static unsigned char zeros[8] = { 0x0 };
size_t ret;

- /* Section 4.2: Cipher text length has to be (n+1) 64-bit blocks. */
+ /* Section 4.2: Ciphertext length has to be (n+1) 64-bit blocks. */
if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX)
return 0;

Richard Levitte

unread,

Mar 21, 2015, 7:57:41 PM3/21/15

to

The branch master has been updated

via 9b956beccd552372276e396a40930779cc8d12fb (commit)
from 77e127ea6e4801a0bb584717f966fa17adabc45f (commit)

- Log -----------------------------------------------------------------
commit 9b956beccd552372276e396a40930779cc8d12fb
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Mar 22 00:27:48 2015 +0100

Refer to $table{$target} rather than $table{$t}.

Using $t is an artifact from the earlier changes in Configure and was
unfortunately forgotten as is.

Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

Configure | 70 +++++++++++++++++++++++++++++++--------------------------------
1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/Configure b/Configure
index 35f8f8b..a574f5a 100755
--- a/Configure
+++ b/Configure
@@ -1303,47 +1303,47 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/]
print "IsMK1MF=$IsMK1MF\n";

# Allow environment CC to override compiler...
-my $cc = $ENV{CC} || $table{$t}->{cc};
+my $cc = $ENV{CC} || $table{$target}->{cc};

# For cflags and lflags, add the debug_ or release_ attributes
# Do it in such a way that no spurious space is appended (hence the grep).
my $cflags = join(" ",
- grep { $_ } ($table{$t}->{cflags},
- $table{$t}->{$build_prefix."cflags"}));
+ grep { $_ } ($table{$target}->{cflags},
+ $table{$target}->{$build_prefix."cflags"}));
my $lflags = join(" ",
- grep { $_ } ($table{$t}->{lflags},
- $table{$t}->{$build_prefix."lflags"}));
-
-my $unistd = $table{$t}->{unistd};
-my $thread_cflag = $table{$t}->{thread_cflag};
-my $sys_id = $table{$t}->{sys_id};
-my $bn_ops = $table{$t}->{bn_ops};
-my $cpuid_obj = $table{$t}->{cpuid_obj};
-my $bn_obj = $table{$t}->{bn_obj};
-my $ec_obj = $table{$t}->{ec_obj};
-my $des_obj = $table{$t}->{des_obj};
-my $aes_obj = $table{$t}->{aes_obj};
-my $bf_obj = $table{$t}->{bf_obj};
-my $md5_obj = $table{$t}->{md5_obj};
-my $sha1_obj = $table{$t}->{sha1_obj};
-my $cast_obj = $table{$t}->{cast_obj};
-my $rc4_obj = $table{$t}->{rc4_obj};
-my $rmd160_obj = $table{$t}->{rmd160_obj};
-my $rc5_obj = $table{$t}->{rc5_obj};
-my $wp_obj = $table{$t}->{wp_obj};
-my $cmll_obj = $table{$t}->{cmll_obj};
-my $modes_obj = $table{$t}->{modes_obj};
-my $engines_obj = $table{$t}->{engines_obj};
-my $perlasm_scheme = $table{$t}->{perlasm_scheme};
-my $dso_scheme = $table{$t}->{dso_scheme};
-my $shared_target = $table{$t}->{shared_target};
-my $shared_cflag = $table{$t}->{shared_cflag};
-my $shared_ldflag = $table{$t}->{shared_ldflag};
-my $shared_extension = $table{$t}->{shared_extension};
-my $ranlib = $ENV{'RANLIB'} || $table{$t}->{ranlib};
+ grep { $_ } ($table{$target}->{lflags},
+ $table{$target}->{$build_prefix."lflags"}));
+
+my $unistd = $table{$target}->{unistd};
+my $thread_cflag = $table{$target}->{thread_cflag};
+my $sys_id = $table{$target}->{sys_id};
+my $bn_ops = $table{$target}->{bn_ops};
+my $cpuid_obj = $table{$target}->{cpuid_obj};
+my $bn_obj = $table{$target}->{bn_obj};
+my $ec_obj = $table{$target}->{ec_obj};
+my $des_obj = $table{$target}->{des_obj};
+my $aes_obj = $table{$target}->{aes_obj};
+my $bf_obj = $table{$target}->{bf_obj};
+my $md5_obj = $table{$target}->{md5_obj};
+my $sha1_obj = $table{$target}->{sha1_obj};
+my $cast_obj = $table{$target}->{cast_obj};
+my $rc4_obj = $table{$target}->{rc4_obj};
+my $rmd160_obj = $table{$target}->{rmd160_obj};
+my $rc5_obj = $table{$target}->{rc5_obj};
+my $wp_obj = $table{$target}->{wp_obj};
+my $cmll_obj = $table{$target}->{cmll_obj};
+my $modes_obj = $table{$target}->{modes_obj};
+my $engines_obj = $table{$target}->{engines_obj};
+my $perlasm_scheme = $table{$target}->{perlasm_scheme};
+my $dso_scheme = $table{$target}->{dso_scheme};
+my $shared_target = $table{$target}->{shared_target};
+my $shared_cflag = $table{$target}->{shared_cflag};
+my $shared_ldflag = $table{$target}->{shared_ldflag};
+my $shared_extension = $table{$target}->{shared_extension};
+my $ranlib = $ENV{'RANLIB'} || $table{$target}->{ranlib};
my $ar = $ENV{'AR'} || "ar";
-my $arflags = $table{$t}->{arflags};
-my $multilib = $table{$t}->{multilib};
+my $arflags = $table{$target}->{arflags};
+my $multilib = $table{$target}->{multilib};

# if $prefix/lib$multilib is not an existing directory, then
# assume that it's not searched by linker automatically, in

Andy Polyakov

unread,

Mar 23, 2015, 8:39:12 AM3/23/15

to

The branch master has been updated

via 2ecd32a1f8f0643ae7b38f59bbaf9f0d6ef326fe (commit)
from 9b956beccd552372276e396a40930779cc8d12fb (commit)

- Log -----------------------------------------------------------------
commit 2ecd32a1f8f0643ae7b38f59bbaf9f0d6ef326fe
Author: Andy Polyakov <ap...@openssl.org>
Date: Mon Mar 23 13:34:03 2015 +0100

sha/asm/sha256-armv4.pl: adapt for use in Linux kernel context.

In cooperation with Ard Biesheuvel (Linaro) and Sami Tolvanen (Google).

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/sha/asm/sha256-armv4.pl | 74 +++++++++++++++++++++++++++++++++++-------
1 file changed, 63 insertions(+), 11 deletions(-)

diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl
index f14c9c3..4fee74d 100644
--- a/crypto/sha/asm/sha256-armv4.pl
+++ b/crypto/sha/asm/sha256-armv4.pl
@@ -5,6 +5,8 @@
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Permission to use under GPL terms is granted.
# ====================================================================

# SHA256 block procedure for ARMv4. May 2007.
@@ -151,10 +153,24 @@ ___
}

$code=<<___;
-#include "arm_arch.h"
+#ifndef __KERNEL__
+# include "arm_arch.h"
+#else
+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
+# define __ARM_MAX_ARCH__ 7
+#endif

.text
+#if __ARM_ARCH__<7
.code 32
+#else
+.syntax unified
+# ifdef __thumb2__
+.thumb
+# else
+.code 32
+# endif
+#endif

.type K256,%object
.align 5
@@ -177,7 +193,7 @@ K256:
.word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
.size K256,.-K256
.word 0 @ terminator
-#if __ARM_MAX_ARCH__>=7
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
.LOPENSSL_armcap:
.word OPENSSL_armcap_P-sha256_block_data_order
#endif
@@ -186,9 +202,12 @@ K256:
.global sha256_block_data_order
.type sha256_block_data_order,%function
sha256_block_data_order:
+#if __ARM_ARCH__<7
sub r3,pc,#8 @ sha256_block_data_order
- add $len,$inp,$len,lsl#6 @ len to point at the end of inp
-#if __ARM_MAX_ARCH__>=7
+#else
+ adr r3,sha256_block_data_order
+#endif
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
ldr r12,.LOPENSSL_armcap
ldr r12,[r3,r12] @ OPENSSL_armcap_P
tst r12,#ARMV8_SHA256
@@ -196,6 +215,7 @@ sha256_block_data_order:
tst r12,#ARMV7_NEON
bne .LNEON
#endif
+ add $len,$inp,$len,lsl#6 @ len to point at the end of inp
stmdb sp!,{$ctx,$inp,$len,r4-r11,lr}
ldmia $ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
sub $Ktbl,r3,#256+32 @ K256
@@ -213,6 +233,9 @@ for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
$code.=".Lrounds_16_xx:\n";
for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
$code.=<<___;
+#if __ARM_ARCH__>=7
+ ite eq @ Thumb2 thing, sanity check in ARM
+#endif
ldreq $t3,[sp,#16*4] @ pull ctx
bne .Lrounds_16_xx

@@ -429,16 +452,19 @@ $code.=<<___;
.arch armv7-a
.fpu neon

+.global sha256_block_data_order_neon
.type sha256_block_data_order_neon,%function
.align 4
sha256_block_data_order_neon:
.LNEON:
stmdb sp!,{r4-r12,lr}

+ sub $H,sp,#16*4+16
+ adr $Ktbl,K256
+ bic $H,$H,#15 @ align for 128-bit stores
mov $t2,sp
- sub sp,sp,#16*4+16 @ alloca
- sub $Ktbl,r3,#256+32 @ K256
- bic sp,sp,#15 @ align for 128-bit stores
+ mov sp,$H @ alloca
+ add $len,$inp,$len,lsl#6 @ len to point at the end of inp

vld1.8 {@X[0]},[$inp]!
vld1.8 {@X[1]},[$inp]!
@@ -490,11 +516,13 @@ $code.=<<___;
ldr $t0,[sp,#72]
sub $Ktbl,$Ktbl,#256 @ rewind $Ktbl
teq $inp,$t0
+ it eq
subeq $inp,$inp,#64 @ avoid SEGV
vld1.8 {@X[0]},[$inp]! @ load next input block
vld1.8 {@X[1]},[$inp]!
vld1.8 {@X[2]},[$inp]!
vld1.8 {@X[3]},[$inp]!
+ it ne
strne $inp,[sp,#68]
mov $Xfer,sp
___
@@ -526,10 +554,12 @@ $code.=<<___;
str $D,[$t1],#4
stmia $t1,{$E-$H}

+ ittte ne
movne $Xfer,sp
ldrne $t1,[sp,#0]
eorne $t2,$t2,$t2
ldreq sp,[sp,#76] @ restore original sp
+ itt ne
eorne $t3,$B,$C
bne .L_00_48

@@ -548,13 +578,26 @@ my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15));
my $Ktbl="r3";

$code.=<<___;
-#if __ARM_MAX_ARCH__>=7
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+
+# ifdef __thumb2__
+# define INST(a,b,c,d) .byte c,d|0xc,a,b
+# else
+# define INST(a,b,c,d) .byte a,b,c,d
+# endif
+
.type sha256_block_data_order_armv8,%function
.align 5
sha256_block_data_order_armv8:
.LARMv8:
vld1.32 {$ABCD,$EFGH},[$ctx]
- sub $Ktbl,r3,#sha256_block_data_order-K256
+# ifdef __thumb2__
+ adr $Ktbl,.LARMv8
+ sub $Ktbl,$Ktbl,#.LARMv8-K256
+# else
+ adrl $Ktbl,K256
+# endif
+ add $len,$inp,$len,lsl#6 @ len to point at the end of inp

.Loop_v8:
vld1.8 {@MSG[0]-@MSG[1]},[$inp]!
@@ -607,6 +650,7 @@ $code.=<<___;

vadd.i32 $ABCD,$ABCD,$ABCD_SAVE
vadd.i32 $EFGH,$EFGH,$EFGH_SAVE
+ it ne
bne .Loop_v8

vst1.32 {$ABCD,$EFGH},[$ctx]
@@ -619,11 +663,19 @@ ___
$code.=<<___;
.asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
-#if __ARM_MAX_ARCH__>=7
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
.comm OPENSSL_armcap_P,4,4
#endif
___

+open SELF,$0;
+while(<SELF>) {
+ next if (/^#!/);
+ last if (!s/^#/@/ and !/^$/);
+ print;
+}
+close SELF;
+
{ my %opcode = (
"sha256h" => 0xf3000c40, "sha256h2" => 0xf3100c40,
"sha256su0" => 0xf3ba03c0, "sha256su1" => 0xf3200c40 );
@@ -638,7 +690,7 @@ ___
# since ARMv7 instructions are always encoded little-endian.
# correct solution is to use .inst directive, but older
# assemblers don't implement it:-(
- sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
+ sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s",
$word&0xff,($word>>8)&0xff,
($word>>16)&0xff,($word>>24)&0xff,
$mnemonic,$arg;

Dr. Stephen Henson

unread,

Mar 23, 2015, 9:16:33 AM3/23/15

to

The branch master has been updated

via 564df0ddead0fbac0bf2eeec6164a81bc3fa8882 (commit)
via f422a51486a3ab415153eccdc3c3746c53da01f4 (commit)
from 2ecd32a1f8f0643ae7b38f59bbaf9f0d6ef326fe (commit)

- Log -----------------------------------------------------------------
commit 564df0ddead0fbac0bf2eeec6164a81bc3fa8882

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Mar 14 18:06:59 2015 +0000

Remove {i2d,d2i}_ASN1_BOOLEAN

Remove {i2d,d2i}_ASN1_BOOLEAN.

Rewrite single occurrence of d2i_ASN1_BOOLEAN in asn1_parse2

Reviewed-by: Rich Salz <rs...@openssl.org>

commit f422a51486a3ab415153eccdc3c3746c53da01f4

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Mar 14 04:16:42 2015 +0000

Remove old ASN.1 code.

Remove old M_ASN1_ macros and replace any occurences with the corresponding
function.

Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/asn1/Makefile | 28 +----
crypto/asn1/a_bitstr.c | 6 +-
crypto/asn1/a_bool.c | 111 -----------------
crypto/asn1/a_bytes.c | 306 -----------------------------------------------
crypto/asn1/a_enum.c | 4 +-
crypto/asn1/a_gentm.c | 2 +-
crypto/asn1/a_int.c | 14 +--
crypto/asn1/a_octet.c | 6 +-
crypto/asn1/a_set.c | 239 ------------------------------------
crypto/asn1/a_utctm.c | 4 +-
crypto/asn1/asn1.h | 183 ----------------------------
crypto/asn1/asn1_lib.c | 9 +-
crypto/asn1/asn1_par.c | 16 +--
crypto/asn1/asn_pack.c | 100 ----------------
crypto/asn1/evp_asn1.c | 30 ++---
crypto/asn1/p5_pbev2.c | 4 +-
crypto/asn1/t_req.c | 2 +-
crypto/asn1/x_pkey.c | 4 +-
crypto/ec/ec_asn1.c | 18 +--
crypto/ocsp/v3_ocsp.c | 4 +-
crypto/pkcs12/p12_add.c | 4 +-
crypto/pkcs12/p12_decr.c | 2 +-
crypto/pkcs12/p12_init.c | 2 +-
crypto/pkcs12/p12_mutl.c | 4 +-
crypto/pkcs12/p12_p8e.c | 2 +-
crypto/pkcs7/pk7_doit.c | 12 +-
crypto/pkcs7/pk7_lib.c | 14 +--
crypto/rsa/rsa_saos.c | 2 +-
crypto/ts/ts_lib.c | 8 +-
crypto/ts/ts_rsp_sign.c | 2 +-
crypto/ts/ts_rsp_utils.c | 2 +-
crypto/x509/x509_cmp.c | 2 +-
crypto/x509/x509_r2x.c | 2 +-
crypto/x509/x509_set.c | 16 +--
crypto/x509/x509_v3.c | 2 +-
crypto/x509/x509cset.c | 18 +--
crypto/x509v3/v3_akey.c | 6 +-
crypto/x509v3/v3_alt.c | 6 +-
crypto/x509v3/v3_bitst.c | 6 +-
crypto/x509v3/v3_conf.c | 10 +-
crypto/x509v3/v3_cpols.c | 4 +-
crypto/x509v3/v3_ia5.c | 4 +-
crypto/x509v3/v3_prn.c | 2 +-
crypto/x509v3/v3_skey.c | 10 +-
crypto/x509v3/v3_sxnet.c | 18 +--
45 files changed, 145 insertions(+), 1105 deletions(-)
delete mode 100644 crypto/asn1/a_bool.c
delete mode 100644 crypto/asn1/a_bytes.c
delete mode 100644 crypto/asn1/a_set.c

diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index 3009bbf..cb143b3 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -18,7 +18,7 @@ APPS=

LIB=$(TOP)/libcrypto.a
LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
- a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+ a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \
x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
@@ -27,12 +27,12 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
tasn_prn.c tasn_scn.c ameth_lib.c \
f_int.c f_string.c n_pkey.c \
- f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \
- asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \
+ f_enum.c x_pkey.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \
+ asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \
evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c \
asn_mstbl.c
LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
- a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+ a_print.o a_type.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \
x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
@@ -41,8 +41,8 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
tasn_prn.o tasn_scn.o ameth_lib.o \
f_int.o f_string.o n_pkey.o \
- f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \
- asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \
+ f_enum.o x_pkey.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \
+ asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_strnid.o \
evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o \
asn_mstbl.o

@@ -125,14 +125,6 @@ a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
a_bool.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bool.c
-a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
-a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-a_bytes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_bytes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_bytes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bytes.o: ../cryptlib.h a_bytes.c
a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -226,14 +218,6 @@ a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
a_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
a_print.o: ../cryptlib.h a_print.c
-a_set.o: ../../e_os.h ../../include/openssl/asn1.h
-a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_set.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h a_set.c
a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 1b2f608..5a5cc23 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -62,7 +62,7 @@

int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
{
- return M_ASN1_BIT_STRING_set(x, d, len);
+ return ASN1_STRING_set(x, d, len);
}

int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
@@ -136,7 +136,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
}

if ((a == NULL) || ((*a) == NULL)) {
- if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
+ if ((ret = ASN1_BIT_STRING_new()) == NULL)
return (NULL);
} else
ret = (*a);
@@ -178,7 +178,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
err:
ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_BIT_STRING_free(ret);
+ ASN1_BIT_STRING_free(ret);
return (NULL);
}

diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.c
deleted file mode 100644
index 1b85bc9..0000000
--- a/crypto/asn1/a_bool.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/asn1/a_bool.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-
-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
-{
- int r;
- unsigned char *p;
-
- r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
- if (pp == NULL)
- return (r);
- p = *pp;
-
- ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
- *(p++) = (unsigned char)a;
- *pp = p;
- return (r);
-}
-
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
-{
- int ret = -1;
- const unsigned char *p;
- long len;
- int inf, tag, xclass;
- int i = 0;
-
- p = *pp;
- inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
- if (inf & 0x80) {
- i = ASN1_R_BAD_OBJECT_HEADER;

- goto err;
- }
-

- if (tag != V_ASN1_BOOLEAN) {
- i = ASN1_R_EXPECTING_A_BOOLEAN;

- goto err;
- }
-

- if (len != 1) {
- i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
- goto err;
- }
- ret = (int)*(p++);
- if (a != NULL)
- (*a) = ret;
- *pp = p;
- return (ret);
- err:
- ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i);
- return (ret);
-}
diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
deleted file mode 100644
index 12715a7..0000000
--- a/crypto/asn1/a_bytes.c
+++ /dev/null
@@ -1,306 +0,0 @@
-/* crypto/asn1/a_bytes.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
-/*
- * type is a 'bitmap' of acceptable string types.
- */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
- long length, int type)
-{
- ASN1_STRING *ret = NULL;
- const unsigned char *p;
- unsigned char *s;
- long len;
- int inf, tag, xclass;
- int i = 0;
-
- p = *pp;
- inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
- if (inf & 0x80)
- goto err;
-
- if (tag >= 32) {
- i = ASN1_R_TAG_VALUE_TOO_HIGH;
- goto err;
- }
- if (!(ASN1_tag2bit(tag) & type)) {
- i = ASN1_R_WRONG_TYPE;

- goto err;
- }
-

- /* If a bit-string, exit early */
- if (tag == V_ASN1_BIT_STRING)
- return (d2i_ASN1_BIT_STRING(a, pp, length));
-
- if ((a == NULL) || ((*a) == NULL)) {
- if ((ret = ASN1_STRING_new()) == NULL)
- return (NULL);
- } else
- ret = (*a);
-
- if (len != 0) {
- s = (unsigned char *)OPENSSL_malloc((int)len + 1);
- if (s == NULL) {
- i = ERR_R_MALLOC_FAILURE;
- goto err;
- }
- memcpy(s, p, (int)len);
- s[len] = '\0';
- p += len;
- } else
- s = NULL;
-
- if (ret->data != NULL)
- OPENSSL_free(ret->data);
- ret->length = (int)len;
- ret->data = s;
- ret->type = tag;
- if (a != NULL)
- (*a) = ret;
- *pp = p;
- return (ret);
- err:
- ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i);
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- ASN1_STRING_free(ret);
- return (NULL);
-}
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
-{
- int ret, r, constructed;
- unsigned char *p;
-
- if (a == NULL)
- return (0);
-
- if (tag == V_ASN1_BIT_STRING)
- return (i2d_ASN1_BIT_STRING(a, pp));
-
- ret = a->length;
- r = ASN1_object_size(0, ret, tag);
- if (pp == NULL)
- return (r);
- p = *pp;
-
- if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
- constructed = 1;
- else
- constructed = 0;
- ASN1_put_object(&p, constructed, ret, tag, xclass);
- memcpy(p, a->data, a->length);
- p += a->length;
- *pp = p;
- return (r);
-}
-
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
- long length, int Ptag, int Pclass)
-{
- ASN1_STRING *ret = NULL;
- const unsigned char *p;
- unsigned char *s;
- long len;
- int inf, tag, xclass;
- int i = 0;
-
- if ((a == NULL) || ((*a) == NULL)) {
- if ((ret = ASN1_STRING_new()) == NULL)
- return (NULL);
- } else
- ret = (*a);
-
- p = *pp;
- inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
- if (inf & 0x80) {
- i = ASN1_R_BAD_OBJECT_HEADER;

- goto err;
- }
-

- if (tag != Ptag) {
- i = ASN1_R_WRONG_TAG;

- goto err;
- }
-

- if (inf & V_ASN1_CONSTRUCTED) {
- ASN1_const_CTX c;
-
- c.pp = pp;
- c.p = p;
- c.inf = inf;
- c.slen = len;
- c.tag = Ptag;
- c.xclass = Pclass;
- c.max = (length == 0) ? 0 : (p + length);
- if (!asn1_collate_primitive(ret, &c))
- goto err;
- else {
- p = c.p;
- }
- } else {
- if (len != 0) {
- if ((ret->length < len) || (ret->data == NULL)) {
- if (ret->data != NULL)
- OPENSSL_free(ret->data);
- s = (unsigned char *)OPENSSL_malloc((int)len + 1);
- if (s == NULL) {
- i = ERR_R_MALLOC_FAILURE;
- goto err;
- }
- } else
- s = ret->data;
- memcpy(s, p, (int)len);
- s[len] = '\0';
- p += len;
- } else {
- s = NULL;
- if (ret->data != NULL)
- OPENSSL_free(ret->data);
- }
-
- ret->length = (int)len;
- ret->data = s;
- ret->type = Ptag;
- }
-
- if (a != NULL)
- (*a) = ret;
- *pp = p;
- return (ret);
- err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- ASN1_STRING_free(ret);
- ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
- return (NULL);
-}
-
-/*
- * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them
- * into the one structure that is then returned
- */
-/*
- * There have been a few bug fixes for this function from Paul Keogh
- * <paul....@sse.ie>, many thanks to him
- */
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
-{
- ASN1_STRING *os = NULL;
- BUF_MEM b;
- int num;
-
- b.length = 0;
- b.max = 0;
- b.data = NULL;
-
- if (a == NULL) {
- c->error = ERR_R_PASSED_NULL_PARAMETER;

- goto err;
- }
-

- num = 0;
- for (;;) {
- if (c->inf & 1) {
- c->eos = ASN1_const_check_infinite_end(&c->p,
- (long)(c->max - c->p));
- if (c->eos)
- break;
- } else {
- if (c->slen <= 0)
- break;
- }
-
- c->q = c->p;
- if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass)
- == NULL) {
- c->error = ERR_R_ASN1_LIB;

- goto err;
- }
-

- if (!BUF_MEM_grow_clean(&b, num + os->length)) {
- c->error = ERR_R_BUF_LIB;
- goto err;
- }
- memcpy(&(b.data[num]), os->data, os->length);
- if (!(c->inf & 1))
- c->slen -= (c->p - c->q);
- num += os->length;
- }
-
- if (!asn1_const_Finish(c))
- goto err;
-
- a->length = num;
- if (a->data != NULL)
- OPENSSL_free(a->data);
- a->data = (unsigned char *)b.data;
- if (os != NULL)
- ASN1_STRING_free(os);
- return (1);
- err:
- ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
- if (os != NULL)
- ASN1_STRING_free(os);
- if (b.data != NULL)
- OPENSSL_free(b.data);
- return (0);
-}
diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c
index c3498ac..00312b0 100644
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -139,7 +139,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
int len, j;

if (ai == NULL)
- ret = M_ASN1_ENUMERATED_new();
+ ret = ASN1_ENUMERATED_new();
else
ret = ai;
if (ret == NULL) {
@@ -165,7 +165,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
return (ret);
err:
if (ret != ai)
- M_ASN1_ENUMERATED_free(ret);
+ ASN1_ENUMERATED_free(ret);
return (NULL);
}

diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index 97011f8..0e9149a 100644
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -223,7 +223,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
size_t len = 20;

if (s == NULL)
- s = M_ASN1_GENERALIZEDTIME_new();
+ s = ASN1_GENERALIZEDTIME_new();
if (s == NULL)
return (NULL);

diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 7f11859..a33e3fd 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -63,7 +63,7 @@

ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{
- return M_ASN1_INTEGER_dup(x);
+ return ASN1_STRING_dup(x);
}

int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
@@ -190,7 +190,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
int i;

if ((a == NULL) || ((*a) == NULL)) {
- if ((ret = M_ASN1_INTEGER_new()) == NULL)
+ if ((ret = ASN1_INTEGER_new()) == NULL)
return (NULL);
ret->type = V_ASN1_INTEGER;
} else
@@ -266,7 +266,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
err:
ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_INTEGER_free(ret);
+ ASN1_INTEGER_free(ret);
return (NULL);
}

@@ -287,7 +287,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
int i;

if ((a == NULL) || ((*a) == NULL)) {
- if ((ret = M_ASN1_INTEGER_new()) == NULL)
+ if ((ret = ASN1_INTEGER_new()) == NULL)
return (NULL);
ret->type = V_ASN1_INTEGER;
} else
@@ -335,7 +335,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
err:
ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_INTEGER_free(ret);
+ ASN1_INTEGER_free(ret);
return (NULL);
}

@@ -410,7 +410,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
int len, j;

if (ai == NULL)
- ret = M_ASN1_INTEGER_new();
+ ret = ASN1_INTEGER_new();
else
ret = ai;
if (ret == NULL) {
@@ -440,7 +440,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
return (ret);
err:
if (ret != ai)
- M_ASN1_INTEGER_free(ret);
+ ASN1_INTEGER_free(ret);
return (NULL);
}

diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c
index 1a6e9ca..f6fd622 100644
--- a/crypto/asn1/a_octet.c
+++ b/crypto/asn1/a_octet.c
@@ -62,17 +62,17 @@

ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
{
- return M_ASN1_OCTET_STRING_dup(x);
+ return ASN1_STRING_dup(x);
}

int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
const ASN1_OCTET_STRING *b)
{
- return M_ASN1_OCTET_STRING_cmp(a, b);
+ return ASN1_STRING_cmp(a, b);
}

int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
int len)
{
- return M_ASN1_OCTET_STRING_set(x, d, len);
+ return ASN1_STRING_set(x, d, len);
}
diff --git a/crypto/asn1/a_set.c b/crypto/asn1/a_set.c
deleted file mode 100644
index 453100b..0000000
--- a/crypto/asn1/a_set.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/* crypto/asn1/a_set.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-#ifndef NO_ASN1_OLD
-
-typedef struct {
- unsigned char *pbData;
- int cbData;
-} MYBLOB;
-
-/*
- * SetBlobCmp This function compares two elements of SET_OF block
- */
-static int SetBlobCmp(const void *elem1, const void *elem2)
-{
- const MYBLOB *b1 = (const MYBLOB *)elem1;
- const MYBLOB *b2 = (const MYBLOB *)elem2;
- int r;
-
- r = memcmp(b1->pbData, b2->pbData,
- b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
- if (r != 0)
- return r;
- return b1->cbData - b2->cbData;
-}
-
-/*
- * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)
- */
-int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
- i2d_of_void *i2d, int ex_tag, int ex_class, int is_set)
-{
- int ret = 0, r;
- int i;
- unsigned char *p;
- unsigned char *pStart, *pTempMem;
- MYBLOB *rgSetBlob;
- int totSize;
-
- if (a == NULL)
- return (0);
- for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--)
- ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
- r = ASN1_object_size(1, ret, ex_tag);
- if (pp == NULL)
- return (r);
-
- p = *pp;
- ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
-
-/* Modified by g...@nsj.co.jp */
- /* And then again by Ben */
- /* And again by Steve */
-
- if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) {
- for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++)
- i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
-
- *pp = p;
- return (r);
- }
-
- pStart = p; /* Catch the beg of Setblobs */
- /* In this array we will store the SET blobs */
- rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
- if (rgSetBlob == NULL) {
- ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
- return (0);
- }
-
- for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
- rgSetBlob[i].pbData = p; /* catch each set encode blob */
- i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
- rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
- * SetBlob */
- }
- *pp = p;
- totSize = p - pStart; /* This is the total size of all set blobs */
-
- /*
- * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs
- * *Copy to temp-mem *Copy from temp-mem to user-mem
- */
- qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
- if (!(pTempMem = OPENSSL_malloc(totSize))) {
- OPENSSL_free(rgSetBlob);
- ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
- return (0);
- }
-
-/* Copy to temp mem */
- p = pTempMem;
- for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
- memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
- p += rgSetBlob[i].cbData;
- }
-
-/* Copy back to user mem*/
- memcpy(pStart, pTempMem, totSize);
- OPENSSL_free(pTempMem);
- OPENSSL_free(rgSetBlob);
-
- return (r);
-}
-
-STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
- const unsigned char **pp,
- long length, d2i_of_void *d2i,
- void (*free_func) (OPENSSL_BLOCK),
- int ex_tag, int ex_class)
-{
- ASN1_const_CTX c;
- STACK_OF(OPENSSL_BLOCK) *ret = NULL;
-
- if ((a == NULL) || ((*a) == NULL)) {
- if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
- ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- } else
- ret = (*a);
-
- c.p = *pp;
- c.max = (length == 0) ? 0 : (c.p + length);
-
- c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
- if (c.inf & 0x80)
- goto err;
- if (ex_class != c.xclass) {
- ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
- goto err;
- }
- if (ex_tag != c.tag) {
- ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
- goto err;
- }
- if ((c.slen + c.p) > c.max) {
- ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
- goto err;
- }
- /*
- * check for infinite constructed - it can be as long as the amount of
- * data passed to us
- */
- if (c.inf == (V_ASN1_CONSTRUCTED + 1))
- c.slen = length + *pp - c.p;
- c.max = c.p + c.slen;
-
- while (c.p < c.max) {
- char *s;
-
- if (M_ASN1_D2I_end_sequence())
- break;
- /*
- * XXX: This was called with 4 arguments, incorrectly, it seems if
- * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
- */
- if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
- ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT);
- asn1_add_error(*pp, (int)(c.p - *pp));
- goto err;
- }
- if (!sk_OPENSSL_BLOCK_push(ret, s))
- goto err;
- }
- if (a != NULL)
- (*a) = ret;
- *pp = c.p;
- return (ret);
- err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
- if (free_func != NULL)
- sk_OPENSSL_BLOCK_pop_free(ret, free_func);
- else
- sk_OPENSSL_BLOCK_free(ret);
- }
- return (NULL);
-}
-
-#endif
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index e56cbbc..2dac3b5 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -194,7 +194,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,

if (s == NULL) {
free_s = 1;
- s = M_ASN1_UTCTIME_new();
+ s = ASN1_UTCTIME_new();
}
if (s == NULL)
goto err;
@@ -234,7 +234,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
return (s);
err:
if (free_s && s)
- M_ASN1_UTCTIME_free(s);
+ ASN1_UTCTIME_free(s);
return NULL;
}

diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 66e1fac..392143c 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -572,50 +572,6 @@ typedef struct BIT_STRING_BITNAME_st {
const char *sname;
} BIT_STRING_BITNAME;

-# define M_ASN1_STRING_length(x) ((x)->length)
-# define M_ASN1_STRING_length_set(x, n) ((x)->length = (n))
-# define M_ASN1_STRING_type(x) ((x)->type)
-# define M_ASN1_STRING_data(x) ((x)->data)
-
-/* Macros for string operations */
-# define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\
- ASN1_STRING_type_new(V_ASN1_BIT_STRING)
-# define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
- (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-
-# define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\
- ASN1_STRING_type_new(V_ASN1_INTEGER)
-# define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
- (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
- ASN1_STRING_type_new(V_ASN1_ENUMERATED)
-# define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\
- (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-# define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\
- ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
-# define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
- (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-# define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-# define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b)
-# define M_i2d_ASN1_OCTET_STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
- V_ASN1_UNIVERSAL)
-
# define B_ASN1_TIME \
B_ASN1_UTCTIME | \
B_ASN1_GENERALIZEDTIME
@@ -645,134 +601,6 @@ typedef struct BIT_STRING_BITNAME_st {
B_ASN1_BMPSTRING|\
B_ASN1_UTF8STRING

-# define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING)
-# define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
- pp,a->type,V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_PRINTABLE(a,pp,l) \
- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
- B_ASN1_PRINTABLE)
-
-# define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-# define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
- pp,a->type,V_ASN1_UNIVERSAL)
-# define M_d2i_DIRECTORYSTRING(a,pp,l) \
- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
- B_ASN1_DIRECTORYSTRING)
-
-# define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-# define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
- pp,a->type,V_ASN1_UNIVERSAL)
-# define M_d2i_DISPLAYTEXT(a,pp,l) \
- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
- B_ASN1_DISPLAYTEXT)
-
-# define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
- ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-# define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
- V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
- (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
-
-# define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\
- ASN1_STRING_type_new(V_ASN1_T61STRING)
-# define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_T61STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
- V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_T61STRING(a,pp,l) \
- (ASN1_T61STRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
-
-# define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\
- ASN1_STRING_type_new(V_ASN1_IA5STRING)
-# define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_IA5STRING_dup(a) \
- (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_i2d_ASN1_IA5STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
- V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_IA5STRING(a,pp,l) \
- (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
- B_ASN1_IA5STRING)
-
-# define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\
- ASN1_STRING_type_new(V_ASN1_UTCTIME)
-# define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-
-# define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\
- ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
-# define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
- (const ASN1_STRING *)a)
-
-# define M_ASN1_TIME_new() (ASN1_TIME *)\
- ASN1_STRING_type_new(V_ASN1_UTCTIME)
-# define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-
-# define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\
- ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
-# define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_GENERALSTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
- V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
- (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
-
-# define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\
- ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
-# define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
- V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
- (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
-
-# define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\
- ASN1_STRING_type_new(V_ASN1_BMPSTRING)
-# define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_BMPSTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
- V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_BMPSTRING(a,pp,l) \
- (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
-
-# define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\
- ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-# define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_VISIBLESTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
- V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
- (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
-
-# define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\
- ASN1_STRING_type_new(V_ASN1_UTF8STRING)
-# define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_UTF8STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
- V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_UTF8STRING(a,pp,l) \
- (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
-
- /* for the is_set parameter to i2d_ASN1_SET */
-# define IS_SEQUENCE 0
-# define IS_SET 1
-
DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)

int ASN1_TYPE_get(ASN1_TYPE *a);
@@ -826,9 +654,6 @@ int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
BIT_STRING_BITNAME *tbl);

-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length);
-
DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
@@ -895,14 +720,6 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
**out);
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);

-int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
- i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
-STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
- const unsigned char **pp,
- long length, d2i_of_void *d2i,
- void (*free_func) (OPENSSL_BLOCK),
- int ex_tag, int ex_class);
-
int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 1586aaf..fe63b62 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -460,21 +460,20 @@ void asn1_add_error(const unsigned char *address, int offset)

int ASN1_STRING_length(const ASN1_STRING *x)
{
- return M_ASN1_STRING_length(x);
+ return x->length;
}

void ASN1_STRING_length_set(ASN1_STRING *x, int len)
{
- M_ASN1_STRING_length_set(x, len);
- return;
+ x->length = len;
}

int ASN1_STRING_type(ASN1_STRING *x)
{
- return M_ASN1_STRING_type(x);
+ return x->type;
}

unsigned char *ASN1_STRING_data(ASN1_STRING *x)
{
- return M_ASN1_STRING_data(x);
+ return x->data;
}
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index b12edf9..20f3a88 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -215,15 +215,11 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
goto end;
}
} else if (tag == V_ASN1_BOOLEAN) {
- int ii;
-
- opp = op;
- ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl);
- if (ii < 0) {
+ if (len != 1) {
if (BIO_write(bp, "Bad boolean\n", 12) <= 0)
goto end;
}
- BIO_printf(bp, ":%d", ii);
+ BIO_printf(bp, ":%u", p[0]);
} else if (tag == V_ASN1_BMPSTRING) {
/* do the BMP thang */
} else if (tag == V_ASN1_OCTET_STRING) {
@@ -281,7 +277,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
}
}
if (os != NULL) {
- M_ASN1_OCTET_STRING_free(os);
+ ASN1_OCTET_STRING_free(os);
os = NULL;
}
} else if (tag == V_ASN1_INTEGER) {
@@ -308,7 +304,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
if (BIO_write(bp, "BAD INTEGER", 11) <= 0)
goto end;
}
- M_ASN1_INTEGER_free(bs);
+ ASN1_INTEGER_free(bs);
} else if (tag == V_ASN1_ENUMERATED) {
ASN1_ENUMERATED *bs;
int i;
@@ -333,7 +329,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0)
goto end;
}
- M_ASN1_ENUMERATED_free(bs);
+ ASN1_ENUMERATED_free(bs);
} else if (len > 0 && dump) {
if (!nl) {
if (BIO_write(bp, "\n", 1) <= 0)
@@ -363,7 +359,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
if (o != NULL)
ASN1_OBJECT_free(o);
if (os != NULL)
- M_ASN1_OCTET_STRING_free(os);
+ ASN1_OCTET_STRING_free(os);
*pp = p;
return (ret);
}
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
index 366caf0..8d0f0b0 100644
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -61,108 +61,8 @@
#include "cryptlib.h"
#include <openssl/asn1.h>

-#ifndef NO_ASN1_OLD
-
/* ASN1 packing and unpacking functions */

-/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-
-STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
- d2i_of_void *d2i,
- void (*free_func) (OPENSSL_BLOCK))
-{
- STACK_OF(OPENSSL_BLOCK) *sk;
- const unsigned char *pbuf;
- pbuf = buf;
- if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
- ASN1err(ASN1_F_ASN1_SEQ_UNPACK, ASN1_R_DECODE_ERROR);
- return sk;
-}
-
-/*
- * Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
- * OPENSSL_malloc'ed buffer
- */
-
-unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
- unsigned char **buf, int *len)
-{
- int safelen;
- unsigned char *safe, *p;
- if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
- ASN1err(ASN1_F_ASN1_SEQ_PACK, ASN1_R_ENCODE_ERROR);
- return NULL;
- }
- if (!(safe = OPENSSL_malloc(safelen))) {
- ASN1err(ASN1_F_ASN1_SEQ_PACK, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- p = safe;
- i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
- IS_SEQUENCE);
- if (len)
- *len = safelen;
- if (buf)
- *buf = safe;
- return safe;
-}
-
-/* Extract an ASN1 object from an ASN1_STRING */
-
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
-{
- const unsigned char *p;
- char *ret;
-
- p = oct->data;
- if (!(ret = d2i(NULL, &p, oct->length)))
- ASN1err(ASN1_F_ASN1_UNPACK_STRING, ASN1_R_DECODE_ERROR);
- return ret;
-}
-
-/* Pack an ASN1 object into an ASN1_STRING */
-
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
-{
- unsigned char *p;
- ASN1_STRING *octmp;
-
- if (!oct || !*oct) {
- if (!(octmp = ASN1_STRING_new())) {
- ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if (oct)
- *oct = octmp;
- } else
- octmp = *oct;
-
- if (!(octmp->length = i2d(obj, NULL))) {
- ASN1err(ASN1_F_ASN1_PACK_STRING, ASN1_R_ENCODE_ERROR);
- goto err;
- }
- if (!(p = OPENSSL_malloc(octmp->length))) {
- ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- octmp->data = p;
- i2d(obj, &p);
- return octmp;
- err:
- if (!oct || !*oct) {
- ASN1_STRING_free(octmp);
- if (oct)
- *oct = NULL;
- }
- return NULL;
-}
-
-#endif
-
-/* ASN1_ITEM versions of the above */
-
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
{
ASN1_STRING *octmp;
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index 5876afa..3664576 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -65,10 +65,10 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
{
ASN1_STRING *os;

- if ((os = M_ASN1_OCTET_STRING_new()) == NULL)
+ if ((os = ASN1_OCTET_STRING_new()) == NULL)
return (0);
- if (!M_ASN1_OCTET_STRING_set(os, data, len)) {
- M_ASN1_OCTET_STRING_free(os);
+ if (!ASN1_OCTET_STRING_set(os, data, len)) {
+ ASN1_OCTET_STRING_free(os);
return 0;
}
ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
@@ -85,8 +85,8 @@ int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
return (-1);
}
- p = M_ASN1_STRING_data(a->value.octet_string);
- ret = M_ASN1_STRING_length(a->value.octet_string);
+ p = ASN1_STRING_data(a->value.octet_string);
+ ret = ASN1_STRING_length(a->value.octet_string);
if (ret < max_len)
num = ret;
else
@@ -111,7 +111,7 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
os.length = len;
ASN1_INTEGER_set(&in, num);
n = i2d_ASN1_INTEGER(&in, NULL);
- n += M_i2d_ASN1_OCTET_STRING(&os, NULL);
+ n += i2d_ASN1_OCTET_STRING(&os, NULL);

size = ASN1_object_size(1, n, V_ASN1_SEQUENCE);

@@ -123,12 +123,12 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
return (0);
}

- M_ASN1_STRING_length_set(osp, size);
- p = M_ASN1_STRING_data(osp);
+ ASN1_STRING_length_set(osp, size);
+ p = ASN1_STRING_data(osp);

ASN1_put_object(&p, 1, n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
i2d_ASN1_INTEGER(&in, &p);
- M_i2d_ASN1_OCTET_STRING(&os, &p);
+ i2d_ASN1_OCTET_STRING(&os, &p);

ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp);
return (1);
@@ -152,8 +152,8 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
goto err;
}
- p = M_ASN1_STRING_data(a->value.sequence);
- length = M_ASN1_STRING_length(a->value.sequence);
+ p = ASN1_STRING_data(a->value.sequence);
+ length = ASN1_STRING_length(a->value.sequence);

c.pp = &p;
c.p = p;
@@ -175,21 +175,21 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
if (num != NULL)
*num = ASN1_INTEGER_get(ai);

- ret = M_ASN1_STRING_length(os);
+ ret = ASN1_STRING_length(os);
if (max_len > ret)
n = ret;
else
n = max_len;

if (data != NULL)
- memcpy(data, M_ASN1_STRING_data(os), n);
+ memcpy(data, ASN1_STRING_data(os), n);
if (0) {
err:
ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
}
if (os != NULL)
- M_ASN1_OCTET_STRING_free(os);
+ ASN1_OCTET_STRING_free(os);
if (ai != NULL)
- M_ASN1_INTEGER_free(ai);
+ ASN1_INTEGER_free(ai);
return (ret);
}
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index 73ba4a3..c56d850 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -210,7 +210,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,

if (!(kdf = PBKDF2PARAM_new()))
goto merr;
- if (!(osalt = M_ASN1_OCTET_STRING_new()))
+ if (!(osalt = ASN1_OCTET_STRING_new()))
goto merr;

kdf->salt->value.octet_string = osalt;
@@ -237,7 +237,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
/* If have a key len set it up */

if (keylen > 0) {
- if (!(kdf->keylength = M_ASN1_INTEGER_new()))
+ if (!(kdf->keylength = ASN1_INTEGER_new()))
goto merr;
if (!ASN1_INTEGER_set(kdf->keylength, keylen))
goto merr;
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index 2a88958..bd76950 100644
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -216,7 +216,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
goto err;
if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
BIO_printf(bp, "%16s", "");
- M_ASN1_OCTET_STRING_print(bp, ex->value);
+ ASN1_STRING_print(bp, ex->value);
}
if (BIO_write(bp, "\n", 1) <= 0)
goto err;
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
index 2da23e4..cf5fd80 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -109,7 +109,7 @@ X509_PKEY *X509_PKEY_new(void)
M_ASN1_New_Malloc(ret, X509_PKEY);
ret->version = 0;
M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
- M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
+ M_ASN1_New(ret->enc_pkey, ASN1_OCTET_STRING_new);
ret->dec_pkey = NULL;
ret->key_length = 0;
ret->key_data = NULL;
@@ -144,7 +144,7 @@ void X509_PKEY_free(X509_PKEY *x)
if (x->enc_algor != NULL)
X509_ALGOR_free(x->enc_algor);
if (x->enc_pkey != NULL)
- M_ASN1_OCTET_STRING_free(x->enc_pkey);
+ ASN1_OCTET_STRING_free(x->enc_pkey);
if (x->dec_pkey != NULL)
EVP_PKEY_free(x->dec_pkey);
if ((x->key_data != NULL) && (x->key_free))
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index b4b0e9f..87cc334 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -499,8 +499,8 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
}

/* set a and b */
- if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
- !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) {
+ if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
+ !ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) {
ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
goto err;
}
@@ -1044,8 +1044,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
ret->version = priv_key->version;

if (priv_key->privateKey) {
- ret->priv_key = BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey),
- M_ASN1_STRING_length(priv_key->privateKey),
+ ret->priv_key = BN_bin2bn(ASN1_STRING_data(priv_key->privateKey),
+ ASN1_STRING_length(priv_key->privateKey),
ret->priv_key);
if (ret->priv_key == NULL) {
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_BN_LIB);
@@ -1068,8 +1068,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
const unsigned char *pub_oct;
int pub_oct_len;

- pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
- pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
+ pub_oct = ASN1_STRING_data(priv_key->publicKey);
+ pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
/*
* The first byte - point conversion form - must be present.
*/
@@ -1142,7 +1142,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
goto err;
}

- if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) {
+ if (!ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) {
ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
}
@@ -1157,7 +1157,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
}

if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) {
- priv_key->publicKey = M_ASN1_BIT_STRING_new();
+ priv_key->publicKey = ASN1_BIT_STRING_new();
if (priv_key->publicKey == NULL) {
ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
goto err;
@@ -1184,7 +1184,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)

priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) {
+ if (!ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) {
ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
}
diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
index 006db17..6558116 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -248,14 +248,14 @@ static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)

err:
if (os && (!pos || (*pos != os)))
- M_ASN1_OCTET_STRING_free(os);
+ ASN1_OCTET_STRING_free(os);
OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
return NULL;
}

static void ocsp_nonce_free(void *a)
{
- M_ASN1_OCTET_STRING_free(a);
+ ASN1_OCTET_STRING_free(a);
}

static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index 982805d..51ea42a 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -142,7 +142,7 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
return NULL;
}
p7->type = OBJ_nid2obj(NID_pkcs7_data);
- if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
+ if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -197,7 +197,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
}
X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
p7->d.encrypted->enc_data->algorithm = pbe;
- M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+ ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
if (!(p7->d.encrypted->enc_data->enc_data =
PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
passlen, bags, 1))) {
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 6780b4f..7a9d3ca 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -174,7 +174,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
ASN1_OCTET_STRING *oct = NULL;
unsigned char *in = NULL;
int inlen;
- if (!(oct = M_ASN1_OCTET_STRING_new())) {
+ if (!(oct = ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
index 0322df9..34710e9 100644
--- a/crypto/pkcs12/p12_init.c
+++ b/crypto/pkcs12/p12_init.c
@@ -74,7 +74,7 @@ PKCS12 *PKCS12_init(int mode)
pkcs12->authsafes->type = OBJ_nid2obj(mode);
switch (mode) {
case NID_pkcs7_data:
- if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) {
+ if (!(pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
goto err;
}
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 4138a4d..d5eb8ff 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -146,7 +146,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
- if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
+ if (!(ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
return 0;
}
@@ -160,7 +160,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
if (!(p12->mac = PKCS12_MAC_DATA_new()))
return PKCS12_ERROR;
if (iter > 1) {
- if (!(p12->mac->iter = M_ASN1_INTEGER_new())) {
+ if (!(p12->mac->iter = ASN1_INTEGER_new())) {
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
index 861a087..0275742 100644
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -88,7 +88,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
}
X509_ALGOR_free(p8->algor);
p8->algor = pbe;
- M_ASN1_OCTET_STRING_free(p8->digest);
+ ASN1_OCTET_STRING_free(p8->digest);
p8->digest =
PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
pass, passlen, p8inf, 1);
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 25ac2df..0200b3b 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -409,7 +409,7 @@ static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
pcert->cert_info->issuer);
if (ret)
return ret;
- return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+ return ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
ri->issuer_and_serial->serial);
}

@@ -735,7 +735,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
si_sk = p7->d.signed_and_enveloped->signer_info;
os = p7->d.signed_and_enveloped->enc_data->enc_data;
if (!os) {
- os = M_ASN1_OCTET_STRING_new();
+ os = ASN1_OCTET_STRING_new();
if (!os) {
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
goto err;
@@ -747,7 +747,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
/* XXXXXXXXXXXXXXXX */
os = p7->d.enveloped->enc_data->enc_data;
if (!os) {
- os = M_ASN1_OCTET_STRING_new();
+ os = ASN1_OCTET_STRING_new();
if (!os) {
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
goto err;
@@ -760,7 +760,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
os = PKCS7_get_octet_string(p7->d.sign->contents);

/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {

- M_ASN1_OCTET_STRING_free(os);
+ ASN1_OCTET_STRING_free(os);

os = NULL;
p7->d.sign->contents->d.data = NULL;
}

@@ -770,7 +770,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
os = PKCS7_get_octet_string(p7->d.digest->contents);

/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {

- M_ASN1_OCTET_STRING_free(os);
+ ASN1_OCTET_STRING_free(os);

os = NULL;
p7->d.digest->contents->d.data = NULL;
}

@@ -834,7 +834,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
goto err;
if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
goto err;
- M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
}

if (!PKCS7_is_detached(p7)) {
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 0c5fcaa..511ae8c 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -177,7 +177,7 @@ int PKCS7_set_type(PKCS7 *p7, int type)
break;
case NID_pkcs7_data:
p7->type = obj;
- if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL)
+ if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL)
goto err;
break;
case NID_pkcs7_signedAndEnveloped:
@@ -368,9 +368,9 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
* because ASN1_INTEGER_set is used to set a 'long' we will do things the
* ugly way.
*/
- M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+ ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial =
- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+ ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
goto err;

/* lets keep the pkey around for a while */
@@ -523,9 +523,9 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
X509_get_issuer_name(x509)))
return 0;

- M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+ ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial =
- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+ ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
return 0;

pkey = X509_get_pubkey(x509);
@@ -614,7 +614,7 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
case NID_pkcs7_signedAndEnveloped:
os = p7->d.signed_and_enveloped->enc_data->enc_data;
if (os == NULL) {
- os = M_ASN1_OCTET_STRING_new();
+ os = ASN1_OCTET_STRING_new();
p7->d.signed_and_enveloped->enc_data->enc_data = os;
}
break;
@@ -622,7 +622,7 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
case NID_pkcs7_enveloped:
os = p7->d.enveloped->enc_data->enc_data;
if (os == NULL) {
- os = M_ASN1_OCTET_STRING_new();
+ os = ASN1_OCTET_STRING_new();
p7->d.enveloped->enc_data->enc_data = os;
}
break;
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index e400236..6ebab3d 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -139,7 +139,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
ret = 1;
err:
if (sig != NULL)
- M_ASN1_OCTET_STRING_free(sig);
+ ASN1_OCTET_STRING_free(sig);
if (s != NULL) {
OPENSSL_cleanse(s, (unsigned int)siglen);
OPENSSL_free(s);
diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
index 089d5ea..6ec1f0c 100644
--- a/crypto/ts/ts_lib.c
+++ b/crypto/ts/ts_lib.c
@@ -115,7 +115,7 @@ int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
BIO_printf(bio, ": %s\n", critical ? "critical" : "");
if (!X509V3_EXT_print(bio, ex, 0, 4)) {
BIO_printf(bio, "%4s", "");
- M_ASN1_OCTET_STRING_print(bio, ex->value);
+ ASN1_STRING_print(bio, ex->value);
}
BIO_write(bio, "\n", 1);
}
@@ -132,14 +132,14 @@ int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg)

int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
{
- const ASN1_OCTET_STRING *msg;
+ ASN1_OCTET_STRING *msg;

TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a));

BIO_printf(bio, "Message data:\n");
msg = TS_MSG_IMPRINT_get_msg(a);
- BIO_dump_indent(bio, (const char *)M_ASN1_STRING_data(msg),
- M_ASN1_STRING_length(msg), 4);
+ BIO_dump_indent(bio, (const char *)ASN1_STRING_data(msg),
+ ASN1_STRING_length(msg), 4);

return 1;
}
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index db6ce32..b510ceb 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -1006,7 +1006,7 @@ static ASN1_GENERALIZEDTIME
*p++ = '\0';

/* Now call OpenSSL to check and set our genTime value */
- if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))
+ if (!asn1_time && !(asn1_time = ASN1_GENERALIZEDTIME_new()))
goto err;
if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) {
ASN1_GENERALIZEDTIME_free(asn1_time);
diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c
index f6f6332..72d9f63 100644
--- a/crypto/ts/ts_rsp_utils.c
+++ b/crypto/ts/ts_rsp_utils.c
@@ -186,7 +186,7 @@ int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)

if (a->time == gtime)
return 1;
- new_time = M_ASN1_GENERALIZEDTIME_dup(gtime);
+ new_time = ASN1_STRING_dup(gtime);
if (new_time == NULL) {
TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
return 0;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 04cecad..eb46a67 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -71,7 +71,7 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)

ai = a->cert_info;
bi = b->cert_info;
- i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
+ i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
if (i)
return (i);
return (X509_NAME_cmp(ai->issuer, bi->issuer));
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index 0ff439c..3cd7280 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -80,7 +80,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
xi = ret->cert_info;

if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
- if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
+ if ((xi->version = ASN1_INTEGER_new()) == NULL)
goto err;
if (!ASN1_INTEGER_set(xi->version, 2))
goto err;
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 5b802bd..6ddbabf 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -68,12 +68,12 @@ int X509_set_version(X509 *x, long version)
if (x == NULL)
return (0);
if (version == 0) {
- M_ASN1_INTEGER_free(x->cert_info->version);
+ ASN1_INTEGER_free(x->cert_info->version);
x->cert_info->version = NULL;
return (1);
}
if (x->cert_info->version == NULL) {
- if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL)
+ if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL)
return (0);
}
return (ASN1_INTEGER_set(x->cert_info->version, version));
@@ -87,9 +87,9 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
return (0);
in = x->cert_info->serialNumber;
if (in != serial) {
- in = M_ASN1_INTEGER_dup(serial);
+ in = ASN1_INTEGER_dup(serial);
if (in != NULL) {
- M_ASN1_INTEGER_free(x->cert_info->serialNumber);
+ ASN1_INTEGER_free(x->cert_info->serialNumber);
x->cert_info->serialNumber = in;
}
}
@@ -118,9 +118,9 @@ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
return (0);
in = x->cert_info->validity->notBefore;
if (in != tm) {
- in = M_ASN1_TIME_dup(tm);
+ in = ASN1_STRING_dup(tm);
if (in != NULL) {
- M_ASN1_TIME_free(x->cert_info->validity->notBefore);
+ ASN1_TIME_free(x->cert_info->validity->notBefore);
x->cert_info->validity->notBefore = in;
}
}
@@ -135,9 +135,9 @@ int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
return (0);
in = x->cert_info->validity->notAfter;
if (in != tm) {
- in = M_ASN1_TIME_dup(tm);
+ in = ASN1_STRING_dup(tm);
if (in != NULL) {
- M_ASN1_TIME_free(x->cert_info->validity->notAfter);
+ ASN1_TIME_free(x->cert_info->validity->notAfter);
x->cert_info->validity->notAfter = in;
}
}
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index 4a03445..0a6247d 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -254,7 +254,7 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)

if (ex == NULL)
return (0);
- i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
+ i = ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
if (!i)
return (0);
return (1);
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 24ca35b..042c90d 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -69,7 +69,7 @@ int X509_CRL_set_version(X509_CRL *x, long version)
if (x == NULL)
return (0);
if (x->crl->version == NULL) {
- if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL)
+ if ((x->crl->version = ASN1_INTEGER_new()) == NULL)
return (0);
}
return (ASN1_INTEGER_set(x->crl->version, version));
@@ -90,9 +90,9 @@ int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
return (0);
in = x->crl->lastUpdate;
if (in != tm) {
- in = M_ASN1_TIME_dup(tm);
+ in = ASN1_STRING_dup(tm);
if (in != NULL) {
- M_ASN1_TIME_free(x->crl->lastUpdate);
+ ASN1_TIME_free(x->crl->lastUpdate);
x->crl->lastUpdate = in;
}
}
@@ -107,9 +107,9 @@ int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
return (0);
in = x->crl->nextUpdate;
if (in != tm) {
- in = M_ASN1_TIME_dup(tm);
+ in = ASN1_STRING_dup(tm);
if (in != NULL) {
- M_ASN1_TIME_free(x->crl->nextUpdate);
+ ASN1_TIME_free(x->crl->nextUpdate);
x->crl->nextUpdate = in;
}
}
@@ -140,9 +140,9 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
return (0);
in = x->revocationDate;
if (in != tm) {
- in = M_ASN1_TIME_dup(tm);
+ in = ASN1_STRING_dup(tm);
if (in != NULL) {
- M_ASN1_TIME_free(x->revocationDate);
+ ASN1_TIME_free(x->revocationDate);
x->revocationDate = in;
}
}
@@ -157,9 +157,9 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
return (0);
in = x->serialNumber;
if (in != serial) {
- in = M_ASN1_INTEGER_dup(serial);
+ in = ASN1_INTEGER_dup(serial);
if (in != NULL) {
- M_ASN1_INTEGER_free(x->serialNumber);
+ ASN1_INTEGER_free(x->serialNumber);
x->serialNumber = in;
}
}
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index e920270..7369af1 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -169,7 +169,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

if ((issuer && !ikeyid) || (issuer == 2)) {
isname = X509_NAME_dup(X509_get_issuer_name(cert));
- serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+ serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
if (!isname || !serial) {
X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
@@ -199,7 +199,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

err:
X509_NAME_free(isname);
- M_ASN1_INTEGER_free(serial);
- M_ASN1_OCTET_STRING_free(ikeyid);
+ ASN1_INTEGER_free(serial);
+ ASN1_OCTET_STRING_free(ikeyid);
return NULL;
}
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index e16d2b6..50cb6b2 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -367,7 +367,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
while ((i = X509_NAME_get_index_by_NID(nm,
NID_pkcs9_emailAddress, i)) >= 0) {
ne = X509_NAME_get_entry(nm, i);
- email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+ email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
if (move_p) {
X509_NAME_delete_entry(nm, i);
X509_NAME_ENTRY_free(ne);
@@ -391,7 +391,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)

err:
GENERAL_NAME_free(gen);
- M_ASN1_IA5STRING_free(email);
+ ASN1_IA5STRING_free(email);
return 0;

}
@@ -498,7 +498,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
}

if (is_string) {
- if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
+ if (!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
!ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
strlen(value))) {
X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
index b7bb3b5..bf0d7bc 100644
--- a/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
@@ -112,7 +112,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
ASN1_BIT_STRING *bs;
int i;
BIT_STRING_BITNAME *bnam;
- if (!(bs = M_ASN1_BIT_STRING_new())) {
+ if (!(bs = ASN1_BIT_STRING_new())) {
X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -124,7 +124,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
ERR_R_MALLOC_FAILURE);
- M_ASN1_BIT_STRING_free(bs);
+ ASN1_BIT_STRING_free(bs);
return NULL;
}
break;
@@ -134,7 +134,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
X509V3_conf_err(val);
- M_ASN1_BIT_STRING_free(bs);
+ ASN1_BIT_STRING_free(bs);
return NULL;
}
}
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 7af3aec..9631e57 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -195,7 +195,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
p = ext_der;
method->i2d(ext_struc, &p);
}
- if (!(ext_oct = M_ASN1_OCTET_STRING_new()))
+ if (!(ext_oct = ASN1_OCTET_STRING_new()))
goto merr;
ext_oct->data = ext_der;
ext_der = NULL;
@@ -204,7 +204,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
if (!ext)
goto merr;
- M_ASN1_OCTET_STRING_free(ext_oct);
+ ASN1_OCTET_STRING_free(ext_oct);

return ext;

@@ -213,7 +213,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
if (ext_der != NULL)
OPENSSL_free(ext_der);
if (ext_oct != NULL)
- M_ASN1_OCTET_STRING_free(ext_oct);
+ ASN1_OCTET_STRING_free(ext_oct);
return NULL;

}
@@ -292,7 +292,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
goto err;
}

- if (!(oct = M_ASN1_OCTET_STRING_new())) {
+ if (!(oct = ASN1_OCTET_STRING_new())) {
X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -305,7 +305,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,

err:
ASN1_OBJECT_free(obj);
- M_ASN1_OCTET_STRING_free(oct);
+ ASN1_OCTET_STRING_free(oct);
if (ext_der)
OPENSSL_free(ext_der);
return extension;
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 9826859..66d486f 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -234,7 +234,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR);
goto err;
}
- if(!(qual->d.cpsuri = M_ASN1_IA5STRING_new()))
+ if(!(qual->d.cpsuri = ASN1_IA5STRING_new()))
goto merr;
if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
strlen(cnf->value)))
@@ -304,7 +304,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
cnf = sk_CONF_VALUE_value(unot, i);
if (!strcmp(cnf->name, "explicitText")) {
- if(!(not->exptext = M_ASN1_VISIBLESTRING_new()))
+ if(!(not->exptext = ASN1_VISIBLESTRING_new()))
goto merr;
if (!ASN1_STRING_set(not->exptext, cnf->value,
strlen(cnf->value)))
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
index 642171f..42a0d86 100644
--- a/crypto/x509v3/v3_ia5.c
+++ b/crypto/x509v3/v3_ia5.c
@@ -97,11 +97,11 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
X509V3_R_INVALID_NULL_ARGUMENT);
return NULL;
}
- if (!(ia5 = M_ASN1_IA5STRING_new()))
+ if (!(ia5 = ASN1_IA5STRING_new()))
goto err;
if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str,
strlen(str))) {
- M_ASN1_IA5STRING_free(ia5);
+ ASN1_IA5STRING_free(ia5);
goto err;
}
#ifdef CHARSET_EBCDIC
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index a760794..7fd3231 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -209,7 +209,7 @@ int X509V3_extensions_print(BIO *bp, char *title,
return 0;
if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
BIO_printf(bp, "%*s", indent + 4, "");
- M_ASN1_OCTET_STRING_print(bp, ex->value);
+ ASN1_STRING_print(bp, ex->value);
}
if (BIO_write(bp, "\n", 1) <= 0)
return 0;
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index 1cede04..705d86c 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -83,13 +83,13 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
ASN1_OCTET_STRING *oct;
long length;

- if (!(oct = M_ASN1_OCTET_STRING_new())) {
+ if (!(oct = ASN1_OCTET_STRING_new())) {
X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
return NULL;
}

if (!(oct->data = string_to_hex(str, &length))) {
- M_ASN1_OCTET_STRING_free(oct);
+ ASN1_OCTET_STRING_free(oct);
return NULL;
}

@@ -110,7 +110,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
if (strcmp(str, "hash"))
return s2i_ASN1_OCTET_STRING(method, ctx, str);

- if (!(oct = M_ASN1_OCTET_STRING_new())) {
+ if (!(oct = ASN1_OCTET_STRING_new())) {
X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -137,7 +137,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
goto err;

- if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+ if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -145,6 +145,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
return oct;

err:
- M_ASN1_OCTET_STRING_free(oct);
+ ASN1_OCTET_STRING_free(oct);
return NULL;
}
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
index df1384a..ecd1ec6 100644
--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
@@ -117,7 +117,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
OPENSSL_free(tmp);
- M_ASN1_OCTET_STRING_print(out, id->user);
+ ASN1_STRING_print(out, id->user);
}
return 1;
}
@@ -166,9 +166,9 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
int userlen)
{
ASN1_INTEGER *izone = NULL;
- if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+ if (!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
- M_ASN1_INTEGER_free(izone);
+ ASN1_INTEGER_free(izone);
return 0;
}
return SXNET_add_id_INTEGER(psx, izone, user, userlen);
@@ -214,7 +214,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
if (userlen == -1)
userlen = strlen(user);

- if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen))
+ if (!ASN1_OCTET_STRING_set(id->user, (unsigned char *)user, userlen))
goto err;
if (!sk_SXNETID_push(sx->ids, id))
goto err;
@@ -238,7 +238,7 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
return NULL;
}
oct = SXNET_get_id_INTEGER(sx, izone);
- M_ASN1_INTEGER_free(izone);
+ ASN1_INTEGER_free(izone);
return oct;
}

@@ -246,13 +246,13 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
{
ASN1_INTEGER *izone = NULL;
ASN1_OCTET_STRING *oct;
- if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+ if (!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
- M_ASN1_INTEGER_free(izone);
+ ASN1_INTEGER_free(izone);
return NULL;
}
oct = SXNET_get_id_INTEGER(sx, izone);
- M_ASN1_INTEGER_free(izone);
+ ASN1_INTEGER_free(izone);
return oct;
}

@@ -262,7 +262,7 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
int i;
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
- if (!M_ASN1_INTEGER_cmp(id->zone, zone))
+ if (!ASN1_INTEGER_cmp(id->zone, zone))
return id->user;
}
return NULL;

Dr. Stephen Henson

unread,

Mar 23, 2015, 9:59:26 AM3/23/15

to

The branch master has been updated

via 4fe67498b0d1c0052fabcc46d6de07d7900aa850 (commit)
from 564df0ddead0fbac0bf2eeec6164a81bc3fa8882 (commit)

- Log -----------------------------------------------------------------
commit 4fe67498b0d1c0052fabcc46d6de07d7900aa850

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Mar 23 13:47:57 2015 +0000

Remove deleted functions, update ordinals.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/asn1/asn1.h | 20 --------------------
util/libeay.num | 22 +++++++++++-----------
2 files changed, 11 insertions(+), 31 deletions(-)

diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 392143c..ef5b9e8 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -747,14 +747,7 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
/* given a string, return the correct type, max is the maximum length */
int ASN1_PRINTABLE_type(const unsigned char *s, int max);

-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);

-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,

- long length, int Ptag, int Pclass);
unsigned long ASN1_tag2bit(int tag);
-/* type is one or more of the B_ASN1_ values. */

-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
- long length, int type);
-

/* PARSING */
int asn1_Finish(ASN1_CTX *c);
int asn1_const_Finish(ASN1_const_CTX *c);
@@ -865,20 +858,7 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,

int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,

unsigned char *data, int max_len);

-STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
- d2i_of_void *d2i,

- void (*free_func) (OPENSSL_BLOCK));

-unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,

- unsigned char **buf, int *len);
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);

-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,

- ASN1_OCTET_STRING **oct);
-
-# define ASN1_pack_string_of(type,obj,i2d,oct) \
- (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
- CHECKED_I2D_OF(type, i2d), \
- oct))

ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,

ASN1_OCTET_STRING **oct);
diff --git a/util/libeay.num b/util/libeay.num
index 3ad7e1d..623f639 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -703,7 +703,7 @@ BN_usub 709 EXIST::FUNCTION:
bn_sqr_words 710 NOEXIST::FUNCTION:
_ossl_old_crypt 711 NOEXIST::FUNCTION:
d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION:
-d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION:
+d2i_ASN1_BOOLEAN 713 NOEXIST::FUNCTION:
d2i_ASN1_HEADER 714 NOEXIST::FUNCTION:
d2i_ASN1_IA5STRING 715 EXIST::FUNCTION:
d2i_ASN1_INTEGER 716 EXIST::FUNCTION:
@@ -711,12 +711,12 @@ d2i_ASN1_OBJECT 717 EXIST::FUNCTION:
d2i_ASN1_OCTET_STRING 718 EXIST::FUNCTION:
d2i_ASN1_PRINTABLE 719 EXIST::FUNCTION:
d2i_ASN1_PRINTABLESTRING 720 EXIST::FUNCTION:
-d2i_ASN1_SET 721 EXIST::FUNCTION:
+d2i_ASN1_SET 721 NOEXIST::FUNCTION:
d2i_ASN1_T61STRING 722 EXIST::FUNCTION:
d2i_ASN1_TYPE 723 EXIST::FUNCTION:
d2i_ASN1_UTCTIME 724 EXIST::FUNCTION:
-d2i_ASN1_bytes 725 EXIST::FUNCTION:
-d2i_ASN1_type_bytes 726 EXIST::FUNCTION:
+d2i_ASN1_bytes 725 NOEXIST::FUNCTION:
+d2i_ASN1_type_bytes 726 NOEXIST::FUNCTION:
d2i_DHparams 727 EXIST::FUNCTION:DH
d2i_DSAPrivateKey 728 EXIST::FUNCTION:DSA
d2i_DSAPrivateKey_bio 729 EXIST::FUNCTION:DSA
@@ -808,17 +808,17 @@ i2a_ASN1_INTEGER 815 EXIST::FUNCTION:
i2a_ASN1_OBJECT 816 EXIST::FUNCTION:
i2a_ASN1_STRING 817 EXIST::FUNCTION:
i2d_ASN1_BIT_STRING 818 EXIST::FUNCTION:
-i2d_ASN1_BOOLEAN 819 EXIST::FUNCTION:
+i2d_ASN1_BOOLEAN 819 NOEXIST::FUNCTION:
i2d_ASN1_HEADER 820 NOEXIST::FUNCTION:
i2d_ASN1_IA5STRING 821 EXIST::FUNCTION:
i2d_ASN1_INTEGER 822 EXIST::FUNCTION:
i2d_ASN1_OBJECT 823 EXIST::FUNCTION:
i2d_ASN1_OCTET_STRING 824 EXIST::FUNCTION:
i2d_ASN1_PRINTABLE 825 EXIST::FUNCTION:
-i2d_ASN1_SET 826 EXIST::FUNCTION:
+i2d_ASN1_SET 826 NOEXIST::FUNCTION:
i2d_ASN1_TYPE 827 EXIST::FUNCTION:
i2d_ASN1_UTCTIME 828 EXIST::FUNCTION:
-i2d_ASN1_bytes 829 EXIST::FUNCTION:
+i2d_ASN1_bytes 829 NOEXIST::FUNCTION:
i2d_DHparams 830 EXIST::FUNCTION:DH
i2d_DSAPrivateKey 831 EXIST::FUNCTION:DSA
i2d_DSAPrivateKey_bio 832 EXIST::FUNCTION:DSA
@@ -1231,10 +1231,10 @@ i2d_AUTHORITY_KEYID 1254 EXIST::FUNCTION:
d2i_AUTHORITY_KEYID 1255 EXIST::FUNCTION:
AUTHORITY_KEYID_new 1256 EXIST::FUNCTION:
AUTHORITY_KEYID_free 1257 EXIST::FUNCTION:
-ASN1_seq_unpack 1258 EXIST::FUNCTION:
-ASN1_seq_pack 1259 EXIST::FUNCTION:
-ASN1_unpack_string 1260 EXIST::FUNCTION:
-ASN1_pack_string 1261 EXIST::FUNCTION:
+ASN1_seq_unpack 1258 NOEXIST::FUNCTION:
+ASN1_seq_pack 1259 NOEXIST::FUNCTION:
+ASN1_unpack_string 1260 NOEXIST::FUNCTION:
+ASN1_pack_string 1261 NOEXIST::FUNCTION:
PKCS12_pack_safebag 1262 NOEXIST::FUNCTION:
PKCS12_MAKE_KEYBAG 1263 EXIST::FUNCTION:
PKCS8_encrypt 1264 EXIST::FUNCTION:

Matt Caswell

unread,

Mar 23, 2015, 10:08:58 AM3/23/15

to

The branch master has been updated

via b79d24101e3b5904b3770d60e32bdd6edc558337 (commit)
from 4fe67498b0d1c0052fabcc46d6de07d7900aa850 (commit)

- Log -----------------------------------------------------------------
commit b79d24101e3b5904b3770d60e32bdd6edc558337
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Mar 20 15:10:16 2015 +0000

Don't check curves that haven't been sent

Don't check that the curve appears in the list of acceptable curves for the
peer, if they didn't send us such a list (RFC 4492 does not require that the
extension be sent).

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/t1_lib.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8b75dba..511223e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -706,6 +706,16 @@ static int tls1_check_ec_key(SSL *s,
for (j = 0; j <= 1; j++) {
if (!tls1_get_curvelist(s, j, &pcurves, &num_curves))
return 0;
+ if (j == 1 && num_curves == 0) {
+ /*
+ * If we've not received any curves then skip this check.
+ * RFC 4492 does not require the supported elliptic curves extension
+ * so if it is not sent we can just choose any curve.
+ * It is invalid to send an empty list in the elliptic curves
+ * extension, so num_curves == 0 always means no extension.
+ */
+ break;
+ }
for (i = 0; i < num_curves; i++, pcurves += 2) {
if (pcurves[0] == curve_id[0] && pcurves[1] == curve_id[1])
break;

Richard Levitte

unread,

Mar 23, 2015, 11:16:39 AM3/23/15

to

The branch master has been updated

via d2a5c40d0c5c4bfe2bec28070c3a0075f5bbdced (commit)
via 4a695602d27bb09dead75b5ea76bf8c5fcac0be8 (commit)
from b79d24101e3b5904b3770d60e32bdd6edc558337 (commit)

- Log -----------------------------------------------------------------
commit d2a5c40d0c5c4bfe2bec28070c3a0075f5bbdced
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Mar 22 09:00:43 2015 +0100

Remove PREFIX, as it's not used any more.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 4a695602d27bb09dead75b5ea76bf8c5fcac0be8
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Mar 22 08:56:02 2015 +0100

Actually remove TABLE from version control

Follow up on the earlier "Do not keep TABLE in version control".
Actually removing TABLE from version control was forgotten.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

TABLE | 6043 ----------------------------------------------------------------
config | 3 +-
2 files changed, 1 insertion(+), 6045 deletions(-)
delete mode 100644 TABLE

diff --git a/TABLE b/TABLE
deleted file mode 100644
index f0e8b9b..0000000
--- a/TABLE
+++ /dev/null
@@ -1,6043 +0,0 @@
-Output of `Configure TABLE':
-
-*** BC-32
-$cc = bcc32
-$cflags =
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = WIN32
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = win32
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** BS2000-OSD
-$cc = c89
-$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags = -lsocket -lnsl
-$debug_lflags =
-$release_lflags =
-$bn_ops = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** BSD-generic32
-$cc = gcc
-$cflags = -O3 -fomit-frame-pointer -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** BSD-generic64
-$cc = gcc
-$cflags = -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** BSD-ia64
-$cc = gcc
-$cflags = -DL_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT
-$cpuid_obj = ia64cpuid.o
-$bn_obj = bn-ia64.o ia64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ia64.o
-$bf_obj =
-$md5_obj = md5-ia64.o
-$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o
-$cast_obj =
-$rc4_obj = rc4-ia64.o rc4_skey.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-ia64.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** BSD-sparc64
-$cc = gcc
-$cflags = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR
-$cpuid_obj = sparcv9cap.o sparccpuid.o
-$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o
-$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o
-$bf_obj =
-$md5_obj = md5-sparcv9.o
-$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o
-$modes_obj = ghash-sparcv9.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** BSD-sparcv8
-$cc = gcc
-$cflags = -DB_ENDIAN -O3 -mv8 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
-$cpuid_obj =
-$bn_obj = sparcv8.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** BSD-x86
-$cc = gcc
-$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = a.out
-$dso_scheme = dlfcn
-$shared_target= bsd-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** BSD-x86-elf
-$cc = gcc
-$cflags = -DL_ENDIAN -Wall
-$debug_cflags = -g
-$release_cflags = -O3 -fomit-frame-pointer
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= bsd-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** BSD-x86_64
-$cc = gcc
-$cflags = -DL_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** Cygwin
-$cc = gcc
-$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = CYGWIN
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = coff
-$dso_scheme = dlfcn
-$shared_target= cygwin-shared
-$shared_cflag = -D_WINDLL
-$shared_ldflag = -shared
-$shared_extension = .dll.a
-$ranlib =
-$arflags =
-$multilib =
-
-*** Cygwin-x86_64
-$cc = gcc
-$cflags = -DTERMIOS -DL_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = CYGWIN
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = mingw64
-$dso_scheme = dlfcn
-$shared_target= cygwin-shared
-$shared_cflag = -D_WINDLL
-$shared_ldflag = -shared
-$shared_extension = .dll.a
-$ranlib =
-$arflags =
-$multilib =
-
-*** DJGPP
-$cc = gcc
-$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = MSDOS
-$lflags = -L/dev/env/WATT_ROOT/lib -lwatt
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = a.out
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** MPE/iX-gcc
-$cc = gcc
-$cflags = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id = MPE
-$lflags = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** OS2-EMX
-$cc = gcc
-$cflags =
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** OS390-Unix
-$cc = c89.sh
-$cflags = -O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** QNX6
-$cc = gcc
-$cflags =
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags = -lsocket
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** QNX6-i386
-$cc = gcc
-$cflags = -DL_ENDIAN -O2 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags = -lsocket
-$debug_lflags =
-$release_lflags =
-$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** UWIN
-$cc = cc
-$cflags = -DTERMIOS -DL_ENDIAN -O -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = UWIN
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = win32
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** VC-CE
-$cc = cl
-$cflags =
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = WINCE
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = win32
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** VC-WIN32
-$cc = cl
-$cflags = -W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE
-$debug_cflags = -Zi
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = WIN32
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = win32n
-$dso_scheme = win32
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** VC-WIN64A
-$cc = cl
-$cflags = -W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE
-$debug_cflags = -Zi
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = WIN64A
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = auto
-$dso_scheme = win32
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** VC-WIN64I
-$cc = cl
-$cflags = -W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = WIN64I
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN
-$cpuid_obj = ia64cpuid.o
-$bn_obj = ia64.o ia64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ia64.o
-$bf_obj =
-$md5_obj = md5-ia64.o
-$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-ia64.o
-$engines_obj =
-$perlasm_scheme = ias
-$dso_scheme = win32
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** aix-cc
-$cc = cc
-$cflags = -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -qthreaded -D_THREAD_SAFE
-$sys_id = AIX
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR
-$cpuid_obj = ppccpuid.o ppccap.o
-$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashp8-ppc.o
-$engines_obj =
-$perlasm_scheme = aix32
-$dso_scheme = dlfcn
-$shared_target= aix-shared
-$shared_cflag =
-$shared_ldflag = -q32 -G
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags = -X 32
-$multilib =
-
-*** aix-gcc
-$cc = gcc
-$cflags = -O -DB_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread
-$sys_id = AIX
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR
-$cpuid_obj = ppccpuid.o ppccap.o
-$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashp8-ppc.o
-$engines_obj =
-$perlasm_scheme = aix32
-$dso_scheme = dlfcn
-$shared_target= aix-shared
-$shared_cflag =
-$shared_ldflag = -shared -Wl,-G
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags = -X32
-$multilib =
-
-*** aix64-cc
-$cc = cc
-$cflags = -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -qthreaded -D_THREAD_SAFE
-$sys_id = AIX
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR
-$cpuid_obj = ppccpuid.o ppccap.o
-$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashp8-ppc.o
-$engines_obj =
-$perlasm_scheme = aix64
-$dso_scheme = dlfcn
-$shared_target= aix-shared
-$shared_cflag =
-$shared_ldflag = -q64 -G
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags = -X 64
-$multilib =
-
-*** aix64-gcc
-$cc = gcc
-$cflags = -maix64 -O -DB_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread
-$sys_id = AIX
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR
-$cpuid_obj = ppccpuid.o ppccap.o
-$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashp8-ppc.o
-$engines_obj =
-$perlasm_scheme = aix64
-$dso_scheme = dlfcn
-$shared_target= aix-shared
-$shared_cflag =
-$shared_ldflag = -maix64 -shared -Wl,-G
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags = -X64
-$multilib =
-
-*** android
-$cc = gcc
-$cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** android-armv7
-$cc = gcc
-$cflags = -march=armv7-a -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj = armcap.o armv4cpuid.o
-$bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-armv4.o
-$des_obj =
-$aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-armv4.o ghashv8-armx.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** android-mips
-$cc = gcc
-$cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = o32
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** android-x86
-$cc = gcc
-$cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = android
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** bsdi-elf-gcc
-$cc = gcc
-$cflags = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** cc
-$cc = cc
-$cflags = -O
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** darwin-i386-cc
-$cc = cc
-$cflags = -arch i386 -DL_ENDIAN
-$debug_cflags = -g3
-$release_cflags = -O3 -fomit-frame-pointer
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = MACOSX
-$lflags = -Wl,-search_paths_first%
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj =
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = macosx
-$dso_scheme = dlfcn
-$shared_target= darwin-shared
-$shared_cflag = -fPIC -fno-common
-$shared_ldflag = -arch i386 -dynamiclib
-$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$ranlib =
-$arflags =
-$multilib =
-
-*** darwin-ppc-cc
-$cc = cc
-$cflags = -arch ppc -DB_ENDIAN -Wa,-force_cpusubtype_ALL
-$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall -O
-$release_cflags = -O3
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = MACOSX
-$lflags = -Wl,-search_paths_first%
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$cpuid_obj = ppccpuid.o ppccap.o
-$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashp8-ppc.o
-$engines_obj =
-$perlasm_scheme = osx32
-$dso_scheme = dlfcn
-$shared_target= darwin-shared
-$shared_cflag = -fPIC -fno-common
-$shared_ldflag = -arch ppc -dynamiclib
-$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$ranlib =
-$arflags =
-$multilib =
-
-*** darwin64-debug-test-64-clang
-$cc = clang
-$cflags = -arch x86_64 -DL_ENDIAN -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id = MACOSX
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = macosx
-$dso_scheme = dlfcn
-$shared_target= darwin-shared
-$shared_cflag = -fPIC -fno-common
-$shared_ldflag = -arch x86_64 -dynamiclib
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$ranlib =
-$arflags =
-$multilib =
-
-*** darwin64-ppc-cc
-$cc = cc
-$cflags = -arch ppc64 -O3 -DB_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = MACOSX
-$lflags = -Wl,-search_paths_first%
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$cpuid_obj = ppccpuid.o ppccap.o
-$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashp8-ppc.o
-$engines_obj =
-$perlasm_scheme = osx64
-$dso_scheme = dlfcn
-$shared_target= darwin-shared
-$shared_cflag = -fPIC -fno-common
-$shared_ldflag = -arch ppc64 -dynamiclib
-$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$ranlib =
-$arflags =
-$multilib =
-
-*** darwin64-x86_64-cc
-$cc = cc
-$cflags = -arch x86_64 -DL_ENDIAN -Wall
-$debug_cflags = -ggdb -g2 -O0
-$release_cflags = -O3
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = MACOSX
-$lflags = -Wl,-search_paths_first%
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = macosx
-$dso_scheme = dlfcn
-$shared_target= darwin-shared
-$shared_cflag = -fPIC -fno-common
-$shared_ldflag = -arch x86_64 -dynamiclib
-$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug
-$cc = gcc
-$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags = -lefence
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-VC-WIN64I
-$cc = cl
-$cflags = -W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = WIN64I
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN
-$cpuid_obj = ia64cpuid.o
-$bn_obj = ia64.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ia64.o
-$bf_obj =
-$md5_obj = md5-ia64.o
-$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-ia64.o
-$engines_obj =
-$perlasm_scheme = ias
-$dso_scheme = win32
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben
-$cc = gcc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-darwin64
-$cc = cc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = MACOSX
-$lflags = -Wl,-search_paths_first%
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = macosx
-$dso_scheme = dlfcn
-$shared_target= darwin-shared
-$shared_cflag = -fPIC -fno-common
-$shared_ldflag = -arch x86_64 -dynamiclib
-$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-debug
-$cc = gcc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-debug-64
-$cc = gcc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-debug-64-clang
-$cc = clang
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-debug-64-noopt
-$cc = gcc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-macos
-$cc = cc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-no-opt
-$cc = gcc
-$cflags = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-openbsd
-$cc = gcc
-$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-openbsd-debug
-$cc = gcc
-$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-ben-strict
-$cc = gcc
-$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-bodo
-$cc = gcc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** debug-erbridge
-$cc = gcc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** debug-geoff32
-$cc = gcc
-$cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-geoff64
-$cc = gcc
-$cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-levitte-linux-elf-extreme
-$cc = gcc
-$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-levitte-linux-noasm
-$cc = gcc
-$cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-levitte-linux-noasm-extreme
-$cc = gcc
-$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-linux-elf-noefence
-$cc = gcc
-$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-linux-ia32-aes
-$cc = gcc
-$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o
-$ec_obj =
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes_x86core.o aes_cbc.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj =
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-linux-pentium
-$cc = gcc
-$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-linux-ppro
-$cc = gcc
-$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-rse
-$cc = cc
-$cflags = -DL_ENDIAN -pipe -O -g -ggdb3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-steve-opt
-$cc = gcc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-steve32
-$cc = gcc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -rdynamic -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m32
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-steve64
-$cc = gcc
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** debug-test-64-clang
-$cc = clang
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** dist
-$cc = cc
-$cflags = -O
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** gcc
-$cc = gcc
-$cflags = -O3
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** hpux-ia64-cc
-$cc = cc
-$cflags = -Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
-$cpuid_obj = ia64cpuid.o
-$bn_obj = bn-ia64.o ia64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ia64.o
-$bf_obj =
-$md5_obj = md5-ia64.o
-$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o
-$cast_obj =
-$rc4_obj = rc4-ia64.o rc4_skey.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-ia64.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= hpux-shared
-$shared_cflag = +Z
-$shared_ldflag = +DD32 -b
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /hpux32
-
-*** hpux-ia64-gcc
-$cc = gcc
-$cflags = -O3 -DB_ENDIAN -D_REENTRANT
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
-$cpuid_obj = ia64cpuid.o
-$bn_obj = bn-ia64.o ia64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ia64.o
-$bf_obj =
-$md5_obj = md5-ia64.o
-$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o
-$cast_obj =
-$rc4_obj = rc4-ia64.o rc4_skey.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-ia64.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= hpux-shared
-$shared_cflag = -fpic
-$shared_ldflag = -shared
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /hpux32
-
-*** hpux-parisc1_1-cc
-$cc = cc
-$cflags = +DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -Wl,+s -ldld
-$debug_lflags =
-$release_lflags =
-$bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
-$cpuid_obj = pariscid.o
-$bn_obj = bn_asm.o parisc-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-parisc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o
-$cast_obj =
-$rc4_obj = rc4-parisc.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-parisc.o
-$engines_obj =
-$perlasm_scheme = 32
-$dso_scheme = dl
-$shared_target= hpux-shared
-$shared_cflag = +Z
-$shared_ldflag = -b
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /pa1.1
-
-*** hpux-parisc1_1-gcc
-$cc = gcc
-$cflags = -O3 -DB_ENDIAN -DBN_DIV2W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -Wl,+s -ldld
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
-$cpuid_obj = pariscid.o
-$bn_obj = bn_asm.o parisc-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-parisc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o
-$cast_obj =
-$rc4_obj = rc4-parisc.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-parisc.o
-$engines_obj =
-$perlasm_scheme = 32
-$dso_scheme = dl
-$shared_target= hpux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -shared
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /pa1.1
-
-*** hpux64-ia64-cc
-$cc = cc
-$cflags = -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
-$cpuid_obj = ia64cpuid.o
-$bn_obj = bn-ia64.o ia64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ia64.o
-$bf_obj =
-$md5_obj = md5-ia64.o
-$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o
-$cast_obj =
-$rc4_obj = rc4-ia64.o rc4_skey.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-ia64.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= hpux-shared
-$shared_cflag = +Z
-$shared_ldflag = +DD64 -b
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /hpux64
-
-*** hpux64-ia64-gcc
-$cc = gcc
-$cflags = -mlp64 -O3 -DB_ENDIAN -D_REENTRANT
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
-$cpuid_obj = ia64cpuid.o
-$bn_obj = bn-ia64.o ia64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ia64.o
-$bf_obj =
-$md5_obj = md5-ia64.o
-$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o
-$cast_obj =
-$rc4_obj = rc4-ia64.o rc4_skey.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-ia64.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= hpux-shared
-$shared_cflag = -fpic
-$shared_ldflag = -mlp64 -shared
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /hpux64
-
-*** hpux64-parisc2-cc
-$cc = cc
-$cflags = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
-$cpuid_obj = pariscid.o
-$bn_obj = pa-risc2W.o parisc-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-parisc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o
-$cast_obj =
-$rc4_obj = rc4-parisc.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-parisc.o
-$engines_obj =
-$perlasm_scheme = 64
-$dso_scheme = dlfcn
-$shared_target= hpux-shared
-$shared_cflag = +Z
-$shared_ldflag = +DD64 -b
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /pa20_64
-
-*** hpux64-parisc2-gcc
-$cc = gcc
-$cflags = -O3 -DB_ENDIAN -D_REENTRANT
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
-$cpuid_obj =
-$bn_obj = pa-risc2W.o
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= hpux-shared
-$shared_cflag = -fpic
-$shared_ldflag = -shared
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /pa20_64
-
-*** hurd-x86
-$cc = gcc
-$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** ios64-cross
-$cc = cc
-$cflags = -O3 -arch arm64 -mios-version-min=7.0.0 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fno-common
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = iOS
-$lflags = -Wl,-search_paths_first%
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj = armcap.o arm64cpuid.o mem_clr.o
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aesv8-armx.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-armv8.o sha256-armv8.o sha512-armv8.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashv8-armx.o
-$engines_obj =
-$perlasm_scheme = ios64
-$dso_scheme = dlfcn
-$shared_target= darwin-shared
-$shared_cflag = -fPIC -fno-common
-$shared_ldflag = -dynamiclib
-$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$ranlib =
-$arflags =
-$multilib =
-
-*** iphoneos-cross
-$cc = cc
-$cflags = -O3 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fomit-frame-pointer -fno-common
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = iOS
-$lflags = -Wl,-search_paths_first%
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= darwin-shared
-$shared_cflag = -fPIC -fno-common
-$shared_ldflag = -dynamiclib
-$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$ranlib =
-$arflags =
-$multilib =
-
-*** irix-cc
-$cc = cc
-$cflags = -O2 -use_readonly_const -DB_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = o32
-$dso_scheme = dlfcn
-$shared_target= irix-shared
-$shared_cflag =
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** irix-gcc
-$cc = gcc
-$cflags = -O3 -DB_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = o32
-$dso_scheme = dlfcn
-$shared_target= irix-shared
-$shared_cflag =
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** irix-mips3-cc
-$cc = cc
-$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_SGI_MP_SOURCE
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = n32
-$dso_scheme = dlfcn
-$shared_target= irix-shared
-$shared_cflag =
-$shared_ldflag = -n32
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 32
-
-*** irix-mips3-gcc
-$cc = gcc
-$cflags = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_SGI_MP_SOURCE
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = n32
-$dso_scheme = dlfcn
-$shared_target= irix-shared
-$shared_cflag =
-$shared_ldflag = -mabi=n32
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 32
-
-*** irix64-mips4-cc
-$cc = cc
-$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_SGI_MP_SOURCE
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = 64
-$dso_scheme = dlfcn
-$shared_target= irix-shared
-$shared_cflag =
-$shared_ldflag = -64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** irix64-mips4-gcc
-$cc = gcc
-$cflags = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_SGI_MP_SOURCE
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = 64
-$dso_scheme = dlfcn
-$shared_target= irix-shared
-$shared_cflag =
-$shared_ldflag = -mabi=64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** levitte-linux-elf
-$cc = gcc
-$cflags = -DL_ENDIAN -Wall
-$debug_cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG-ggdb -g3
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-aarch64
-$cc = gcc
-$cflags = -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj = armcap.o arm64cpuid.o mem_clr.o
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aesv8-armx.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-armv8.o sha256-armv8.o sha512-armv8.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashv8-armx.o
-$engines_obj =
-$perlasm_scheme = linux64
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-alpha-gcc
-$cc = gcc
-$cflags = -O3 -DL_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL
-$cpuid_obj = alphacpuid.o
-$bn_obj = bn_asm.o alpha-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-alpha.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-alpha.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-aout
-$cc = gcc
-$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = a.out
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-armv4
-$cc = gcc
-$cflags = -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj = armcap.o armv4cpuid.o
-$bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-armv4.o
-$des_obj =
-$aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-armv4.o ghashv8-armx.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-c64xplus
-$cc = cl6x
-$cflags = --linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG
-$cpuid_obj = c64xpluscpuid.o
-$bn_obj = bn-c64xplus.o c64xplus-gf2m.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes-c64xplus.o aes_cbc.o aes_ctr.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-c64xplus.o sha256-c64xplus.o sha512-c64xplus.o
-$cast_obj =
-$rc4_obj = rc4-c64xplus.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-c64xplus.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = --pic
-$shared_ldflag = -z --sysv --shared
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib = true
-$arflags =
-$multilib =
-
-*** linux-elf
-$cc = gcc
-$cflags = -DL_ENDIAN -Wall
-$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g -march=i486
-$release_cflags = -O3 -fomit-frame-pointer
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags = -lefence
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-generic32
-$cc = gcc
-$cflags = -Wall
-$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g
-$release_cflags = -O3 -fomit-frame-pointer
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-generic64
-$cc = gcc
-$cflags = -Wall
-$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g
-$release_cflags = -O3
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-ia32-icc
-$cc = icc
-$cflags = -DL_ENDIAN -O2
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl -no_cpprt
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -KPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-ia64
-$cc = gcc
-$cflags = -DL_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT
-$cpuid_obj = ia64cpuid.o
-$bn_obj = bn-ia64.o ia64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ia64.o
-$bf_obj =
-$md5_obj = md5-ia64.o
-$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o
-$cast_obj =
-$rc4_obj = rc4-ia64.o rc4_skey.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-ia64.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-ia64-icc
-$cc = icc
-$cflags = -DL_ENDIAN -O2 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl -no_cpprt
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT
-$cpuid_obj = ia64cpuid.o
-$bn_obj = bn-ia64.o ia64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ia64.o
-$bf_obj =
-$md5_obj = md5-ia64.o
-$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o
-$cast_obj =
-$rc4_obj = rc4-ia64.o rc4_skey.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-ia64.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-mips32
-$cc = gcc
-$cflags = -mabi=32 -O3 -Wall -DBN_DIV3W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = o32
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-mips64
-$cc = gcc
-$cflags = -mabi=n32 -O3 -Wall -DBN_DIV3W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = n32
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -mabi=n32
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 32
-
-*** linux-ppc
-$cc = gcc
-$cflags = -DB_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
-$cpuid_obj = ppccpuid.o ppccap.o
-$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashp8-ppc.o
-$engines_obj =
-$perlasm_scheme = linux32
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-ppc64
-$cc = gcc
-$cflags = -m64 -DB_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
-$cpuid_obj = ppccpuid.o ppccap.o
-$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashp8-ppc.o
-$engines_obj =
-$perlasm_scheme = linux64
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** linux-ppc64le
-$cc = gcc
-$cflags = -m64 -DL_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
-$cpuid_obj = ppccpuid.o ppccap.o
-$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghashp8-ppc.o
-$engines_obj =
-$perlasm_scheme = linux64le
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-sparcv8
-$cc = gcc
-$cflags = -mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj = sparcv8.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-sparcv9
-$cc = gcc
-$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = ULTRASPARC
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$cpuid_obj = sparcv9cap.o sparccpuid.o
-$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o
-$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o
-$bf_obj =
-$md5_obj = md5-sparcv9.o
-$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o
-$modes_obj = ghash-sparcv9.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m32
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** linux-x32
-$cc = gcc
-$cflags = -mx32 -DL_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -mx32
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = x32
-
-*** linux-x86_64
-$cc = gcc
-$cflags = -m64 -DL_ENDIAN -Wall
-$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g
-$release_cflags = -O3
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** linux-x86_64-clang
-$cc = clang
-$cflags = -m64 -DL_ENDIAN -O3 -Weverything -Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum -Qunused-arguments
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** linux-x86_64-icc
-$cc = icc
-$cflags = -DL_ENDIAN -O2
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl -no_cpprt
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** linux32-s390x
-$cc = gcc
-$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = s390xcap.o s390xcpuid.o
-$bn_obj = bn_asm.o s390x-mont.o s390x-gf2m.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes-s390x.o aes-ctr.o aes-xts.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-s390x.o sha256-s390x.o sha512-s390x.o
-$cast_obj =
-$rc4_obj = rc4-s390x.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-s390x.o
-$engines_obj =
-$perlasm_scheme = 31
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m31
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /highgprs
-
-*** linux64-mips64
-$cc = gcc
-$cflags = -mabi=64 -O3 -Wall -DBN_DIV3W
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = 64
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -mabi=64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** linux64-s390x
-$cc = gcc
-$cflags = -m64 -DB_ENDIAN -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = s390xcap.o s390xcpuid.o
-$bn_obj = bn-s390x.o s390x-mont.o s390x-gf2m.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes-s390x.o aes-ctr.o aes-xts.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-s390x.o sha256-s390x.o sha512-s390x.o
-$cast_obj =
-$rc4_obj = rc4-s390x.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-s390x.o
-$engines_obj =
-$perlasm_scheme = 64
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** linux64-sparcv9
-$cc = gcc
-$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = ULTRASPARC
-$lflags = -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
-$cpuid_obj = sparcv9cap.o sparccpuid.o
-$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o
-$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o
-$bf_obj =
-$md5_obj = md5-sparcv9.o
-$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o
-$modes_obj = ghash-sparcv9.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = 64
-
-*** mingw
-$cc = gcc
-$cflags = -mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_MT
-$sys_id = MINGW32
-$lflags = -lws2_32 -lgdi32 -lcrypt32
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT EXPORT_VAR_AS_FN
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = coff
-$dso_scheme = win32
-$shared_target= cygwin-shared
-$shared_cflag = -D_WINDLL -DOPENSSL_USE_APPLINK
-$shared_ldflag = -mno-cygwin
-$shared_extension = .dll.a
-$ranlib =
-$arflags =
-$multilib =
-
-*** mingw64
-$cc = gcc
-$cflags = -mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_MT
-$sys_id = MINGW64
-$lflags = -lws2_32 -lgdi32 -lcrypt32
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = mingw64
-$dso_scheme = win32
-$shared_target= cygwin-shared
-$shared_cflag = -D_WINDLL
-$shared_ldflag = -mno-cygwin
-$shared_extension = .dll.a
-$ranlib =
-$arflags =
-$multilib =
-
-*** netware-clib
-$cc = mwccnlm
-$cflags =
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** netware-clib-bsdsock
-$cc = mwccnlm
-$cflags =
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** netware-clib-bsdsock-gcc
-$cc = i586-netware-gcc
-$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** netware-clib-gcc
-$cc = i586-netware-gcc
-$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** netware-libc
-$cc = mwccnlm
-$cflags =
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** netware-libc-bsdsock
-$cc = mwccnlm
-$cflags =
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** netware-libc-bsdsock-gcc
-$cc = i586-netware-gcc
-$cflags = -nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** netware-libc-gcc
-$cc = i586-netware-gcc
-$cflags = -nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** nextstep
-$cc = cc
-$cflags = -O -Wall
-$debug_cflags =
-$release_cflags =
-$unistd = <libc.h>
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** nextstep3.3
-$cc = cc
-$cflags = -O3 -Wall
-$debug_cflags =
-$release_cflags =
-$unistd = <libc.h>
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** osf1-alpha-cc
-$cc = cc
-$cflags = -std1 -tune host -O4 -readonly_strings
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
-$cpuid_obj = alphacpuid.o
-$bn_obj = bn_asm.o alpha-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-alpha.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-alpha.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= alpha-osf1-shared
-$shared_cflag =
-$shared_ldflag =
-$shared_extension = .so
-$ranlib =
-$arflags =
-$multilib =
-
-*** osf1-alpha-gcc
-$cc = gcc
-$cflags = -O3
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1
-$cpuid_obj = alphacpuid.o
-$bn_obj = bn_asm.o alpha-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-alpha.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-alpha.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= alpha-osf1-shared
-$shared_cflag =
-$shared_ldflag =
-$shared_extension = .so
-$ranlib =
-$arflags =
-$multilib =
-
-*** purify
-$cc = purify gcc
-$cflags = -g -DPURIFY -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags = -lsocket -lnsl
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** qnx4
-$cc = cc
-$cflags = -DL_ENDIAN -DTERMIO
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** sco5-cc
-$cc = cc
-$cflags = -belf
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags = -lsocket -lnsl
-$debug_lflags =
-$release_lflags =
-$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf-1
-$dso_scheme = dlfcn
-$shared_target= svr3-shared
-$shared_cflag = -Kpic
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** sco5-gcc
-$cc = gcc
-$cflags = -O3 -fomit-frame-pointer
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags = -lsocket -lnsl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf-1
-$dso_scheme = dlfcn
-$shared_target= svr3-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** solaris-sparcv8-cc
-$cc = cc
-$cflags = -xarch=v8 -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
-$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O
-$release_cflags = -xO5 -xdepend
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj = sparcv8.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -KPIC
-$shared_ldflag = -G -dy -z text
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** solaris-sparcv8-gcc
-$cc = gcc
-$cflags = -mv8 -Wall -DB_ENDIAN
-$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g
-$release_cflags = -O3 -fomit-frame-pointer -DBN_DIV2W
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj = sparcv8.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -shared
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** solaris-sparcv9-cc
-$cc = cc
-$cflags = -xtarget=ultra -xarch=v8plus -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
-$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O
-$release_cflags = -xO5 -xdepend
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = ULTRASPARC
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
-$cpuid_obj = sparcv9cap.o sparccpuid.o
-$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o
-$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o
-$bf_obj =
-$md5_obj = md5-sparcv9.o
-$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o
-$modes_obj = ghash-sparcv9.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -KPIC
-$shared_ldflag = -G -dy -z text
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** solaris-sparcv9-gcc
-$cc = gcc
-$cflags = -m32 -mcpu=ultrasparc -Wall -DB_ENDIAN -DBN_DIV2W
-$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -pedantic -ansi -Wshadow -Wno-long-long -D__EXTENSIONS__
-$release_cflags = -O3 -fomit-frame-pointer
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = ULTRASPARC
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$cpuid_obj = sparcv9cap.o sparccpuid.o
-$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o
-$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o
-$bf_obj =
-$md5_obj = md5-sparcv9.o
-$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o
-$modes_obj = ghash-sparcv9.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -shared
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** solaris-x86-cc
-$cc = cc
-$cflags = -fast -xarch=generic -O -Xa
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -KPIC
-$shared_ldflag = -G -dy -z text
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** solaris-x86-gcc
-$cc = gcc
-$cflags = -O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -shared
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** solaris64-sparcv9-cc
-$cc = cc
-$cflags = -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = ULTRASPARC
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
-$cpuid_obj = sparcv9cap.o sparccpuid.o
-$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o
-$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o
-$bf_obj =
-$md5_obj = md5-sparcv9.o
-$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o
-$modes_obj = ghash-sparcv9.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -KPIC
-$shared_ldflag = -xarch=v9 -G -dy -z text
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /64
-
-*** solaris64-sparcv9-gcc
-$cc = gcc
-$cflags = -m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = ULTRASPARC
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
-$cpuid_obj = sparcv9cap.o sparccpuid.o
-$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o
-$ec_obj =
-$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o
-$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o
-$bf_obj =
-$md5_obj = md5-sparcv9.o
-$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o
-$modes_obj = ghash-sparcv9.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64 -shared
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /64
-
-*** solaris64-x86_64-cc
-$cc = cc
-$cflags = -fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -KPIC
-$shared_ldflag = -xarch=amd64 -G -dy -z text
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /64
-
-*** solaris64-x86_64-gcc
-$cc = gcc
-$cflags = -m64 -O3 -Wall -DL_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -lsocket -lnsl -ldl
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj = x86_64cpuid.o
-$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o
-$des_obj =
-$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-$bf_obj =
-$md5_obj = md5-x86_64.o
-$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-$cast_obj =
-$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o
-$rmd160_obj =
-$rc5_obj =
-$wp_obj = wp-x86_64.o
-$cmll_obj = cmll-x86_64.o cmll_misc.o
-$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o
-$engines_obj = e_padlock-x86_64.o
-$perlasm_scheme = elf
-$dso_scheme = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64 -shared -static-libgcc
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib = /64
-
-*** tru64-alpha-cc
-$cc = cc
-$cflags = -std1 -tune host -fast -readonly_strings
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -pthread
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK
-$cpuid_obj = alphacpuid.o
-$bn_obj = bn_asm.o alpha-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-alpha.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj = ghash-alpha.o
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme = dlfcn
-$shared_target= alpha-osf1-shared
-$shared_cflag =
-$shared_ldflag = -msym
-$shared_extension = .so
-$ranlib =
-$arflags =
-$multilib =
-
-*** uClinux-dist
-$cc =
-$cflags = $(CFLAGS)
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = $(LDFLAGS) $(LDLIBS)
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme =
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -shared
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** uClinux-dist64
-$cc =
-$cflags = $(CFLAGS)
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = $(LDFLAGS) $(LDLIBS)
-$debug_lflags =
-$release_lflags =
-$bn_ops = SIXTY_FOUR_BIT_LONG
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme =
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -shared
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** ultrix-cc
-$cc = cc
-$cflags = -std1 -O -Olimit 2500 -DL_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** ultrix-gcc
-$cc = gcc
-$cflags = -O3 -DL_ENDIAN
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = (unknown)
-$sys_id =
-$lflags =
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** unixware-2.0
-$cc = cc
-$cflags = -DFILIO_H -DNO_STRINGS_H
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -Kthread
-$sys_id =
-$lflags = -lsocket -lnsl -lresolv -lx
-$debug_lflags =
-$release_lflags =
-$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** unixware-2.1
-$cc = cc
-$cflags = -O -DFILIO_H
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -Kthread
-$sys_id =
-$lflags = -lsocket -lnsl -lresolv -lx
-$debug_lflags =
-$release_lflags =
-$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** unixware-7
-$cc = cc
-$cflags = -O -DFILIO_H -Kalloca
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -Kthread
-$sys_id =
-$lflags = -lsocket -lnsl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf-1
-$dso_scheme = dlfcn
-$shared_target= svr5-shared
-$shared_cflag = -Kpic
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** unixware-7-gcc
-$cc = gcc
-$cflags = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id =
-$lflags = -lsocket -lnsl
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj = x86cpuid.o
-$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o
-$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o
-$des_obj = des-586.o crypt586.o
-$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o
-$bf_obj = bf-586.o
-$md5_obj = md5-586.o
-$sha1_obj = sha1-586.o sha256-586.o sha512-586.o
-$cast_obj = cast-586.o
-$rc4_obj = rc4-586.o
-$rmd160_obj = rmd-586.o
-$rc5_obj = rc5-586.o
-$wp_obj = wp_block.o wp-mmx.o
-$cmll_obj = cmll-x86.o
-$modes_obj = ghash-x86.o
-$engines_obj = e_padlock-x86.o
-$perlasm_scheme = elf-1
-$dso_scheme = dlfcn
-$shared_target= gnu-shared
-$shared_cflag = -fPIC
-$shared_ldflag =
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib =
-$arflags =
-$multilib =
-
-*** vos-gcc
-$cc = gcc
-$cflags = -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN
-$debug_cflags = -O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG
-$release_cflags = -O3
-$unistd =
-$thread_cflag = (unknown)
-$sys_id = VOS
-$lflags = -Wl,-map
-$debug_lflags =
-$release_lflags =
-$bn_ops = BN_LLONG
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension = .so
-$ranlib =
-$arflags =
-$multilib =
-
-*** vxworks-mips
-$cc = ccmips
-$cflags = -mrtp -mips2 -O -G 0 -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/h/wrn/coreip
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag = -D_REENTRANT
-$sys_id = VXWORKS
-$lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj = bn-mips.o mips-mont.o
-$ec_obj =
-$des_obj =
-$aes_obj = aes_cbc.o aes-mips.o
-$bf_obj =
-$md5_obj =
-$sha1_obj = sha1-mips.o sha256-mips.o
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = o32
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib = ranlibmips
-$arflags =
-$multilib =
-
-*** vxworks-ppc405
-$cc = ccppc
-$cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = VXWORKS
-$lflags = -r
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** vxworks-ppc60x
-$cc = ccppc
-$cflags = -D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/usr/h/wrn/coreip
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = VXWORKS
-$lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/ppc/PPC32/common
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** vxworks-ppc750
-$cc = ccppc
-$cflags = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h $(DEBUG_FLAG)
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = VXWORKS
-$lflags = -r
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** vxworks-ppc750-debug
-$cc = ccppc
-$cflags = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = VXWORKS
-$lflags = -r
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** vxworks-ppc860
-$cc = ccppc
-$cflags = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = VXWORKS
-$lflags = -r
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** vxworks-ppcgen
-$cc = ccppc
-$cflags = -D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/usr/h/wrn/coreip
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = VXWORKS
-$lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib =
-$arflags =
-$multilib =
-
-*** vxworks-simlinux
-$cc = ccpentium
-$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/h -I$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK
-$debug_cflags =
-$release_cflags =
-$unistd =
-$thread_cflag =
-$sys_id = VXWORKS
-$lflags = -r
-$debug_lflags =
-$release_lflags =
-$bn_ops =
-$cpuid_obj =
-$bn_obj =
-$ec_obj =
-$des_obj =
-$aes_obj =
-$bf_obj =
-$md5_obj =
-$sha1_obj =
-$cast_obj =
-$rc4_obj =
-$rmd160_obj =
-$rc5_obj =
-$wp_obj =
-$cmll_obj =
-$modes_obj =
-$engines_obj =
-$perlasm_scheme = void
-$dso_scheme =
-$shared_target=
-$shared_cflag =
-$shared_ldflag =
-$shared_extension =
-$ranlib = ranlibpentium
-$arflags =
-$multilib =
diff --git a/config b/config
index 44c48c1..944ead2 100755
--- a/config
+++ b/config
@@ -20,7 +20,6 @@
# Be as similar to the output of config.guess/config.sub
# as possible.

-PREFIX=""
SUFFIX=""
TEST="false"
EXE=""
@@ -931,7 +930,7 @@ if [ $? = "0" ]; then
OUT="$OUT-$CC"
fi

-OUT="$PREFIX$OUT"
+OUT="$OUT"

$PERL ./Configure LIST | grep "$OUT" > /dev/null
if [ $? = "0" ]; then

Matt Caswell

unread,

Mar 23, 2015, 12:05:26 PM3/23/15

to

The branch master has been updated

via c7f5b5d7bc462ca9dd5fc391e25c00a691960017 (commit)
via 77d514c5a00511017967f98b03a946d86c923e94 (commit)
via ac59d70553723cd8c7c1558071a2e1672d80daef (commit)
via 69f682374868ba2b19a8aeada496bf03dbb037cf (commit)
via 4bcdb4a6019e57b3de077b17940e18befe745531 (commit)
via 913f1042b3801bfa0e366922060507949e4af280 (commit)
from d2a5c40d0c5c4bfe2bec28070c3a0075f5bbdced (commit)

- Log -----------------------------------------------------------------
commit c7f5b5d7bc462ca9dd5fc391e25c00a691960017
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Mar 23 15:27:40 2015 +0000

Fix SSL_clear unused return

Fix missing return value check in dtls1_listen when calling SSL_clear().

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 77d514c5a00511017967f98b03a946d86c923e94
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Mar 9 15:33:46 2015 +0000

ssl3_set_handshake_header returns

Change ssl_set_handshake_header from return void to returning int, and
handle error return code appropriately.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit ac59d70553723cd8c7c1558071a2e1672d80daef
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Mar 6 14:39:46 2015 +0000

apps return value checks

Ensure that all libssl functions called from within the apps have their
return values checked where appropriate.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 69f682374868ba2b19a8aeada496bf03dbb037cf
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Mar 6 14:37:17 2015 +0000

Fix missing return value checks

Ensure that all functions have their return values checked where
appropriate. This covers all functions defined and called from within
libssl.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 4bcdb4a6019e57b3de077b17940e18befe745531
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Mar 5 10:14:40 2015 +0000

Check libssl function returns

Mark most functions returning a result defined in any libssl header file
with __owur to warn if they are used without checking the return value.
Use -DUNUSED_RETURN compiler flag with gcc to activate these warnings.
Some functions returning a result are skipped if it is common and valid to
use these functions without checking the return value.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 913f1042b3801bfa0e366922060507949e4af280
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Mar 6 14:22:22 2015 +0000

Add -DDEBUG_UNUSED to --strict-warnings

In order to receive warnings on unused function return values the flag
-DDEBUG_UNUSED must be passed to the compiler. This change adds that for the
--strict-warnings Configure option.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

Configure | 2 +-
apps/s_cb.c | 6 +-
apps/s_client.c | 36 ++++-
apps/s_server.c | 73 ++++++---
apps/s_time.c | 12 +-
apps/sess_id.c | 5 +-
ssl/bio_ssl.c | 5 +-
ssl/d1_both.c | 9 +-
ssl/d1_clnt.c | 6 +-
ssl/d1_lib.c | 13 +-
ssl/d1_pkt.c | 8 +-
ssl/d1_srvr.c | 6 +-
ssl/s23_clnt.c | 6 +-
ssl/s23_srvr.c | 6 +-
ssl/s3_both.c | 11 +-
ssl/s3_clnt.c | 29 +++-
ssl/s3_enc.c | 10 +-
ssl/s3_lib.c | 7 +-
ssl/s3_pkt.c | 5 +-
ssl/s3_srvr.c | 65 +++++++-
ssl/srtp.h | 8 +-
ssl/ssl.h | 428 +++++++++++++++++++++++++--------------------------
ssl/ssl_algs.c | 2 +-
ssl/ssl_ciph.c | 5 +-
ssl/ssl_err.c | 84 ++++------
ssl/ssl_lib.c | 25 ++-
ssl/ssl_locl.h | 464 ++++++++++++++++++++++++++++----------------------------
ssl/ssl_rsa.c | 5 +-
ssl/ssl_sess.c | 6 +-
ssl/ssl_txt.c | 3 +-
ssl/ssltest.c | 95 +++++++-----
ssl/t1_enc.c | 3 +-
ssl/t1_lib.c | 26 ++--
ssl/tls1.h | 8 +-
34 files changed, 847 insertions(+), 635 deletions(-)

diff --git a/Configure b/Configure
index a574f5a..5993f9b 100755
--- a/Configure
+++ b/Configure
@@ -110,7 +110,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.

-my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK";
+my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED";

my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 8a66c9a..8bc4b81 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1181,8 +1181,10 @@ static int set_cert_cb(SSL *ssl, void *arg)

print_chain_flags(bio_err, ssl, rv);
if (rv & CERT_PKEY_VALID) {
- SSL_use_certificate(ssl, exc->cert);
- SSL_use_PrivateKey(ssl, exc->key);
+ if(!SSL_use_certificate(ssl, exc->cert)
+ || !SSL_use_PrivateKey(ssl, exc->key)) {
+ return 0;
+ }
/*
* NB: we wouldn't normally do this as it is not efficient
* building chains on each connection better to cache the chain
diff --git a/apps/s_client.c b/apps/s_client.c
index 3ec754f..c02ed3c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1259,8 +1259,11 @@ int MAIN(int argc, char **argv)
if (sdebug)
ssl_ctx_security_debug(ctx, bio_err, sdebug);

- if (vpm)
- SSL_CTX_set1_param(ctx, vpm);
+ if (vpm && !SSL_CTX_set1_param(ctx, vpm)) {
+ BIO_printf(bio_err, "Error setting verify params\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }

if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake)) {
ERR_print_errors(bio_err);
@@ -1299,8 +1302,14 @@ int MAIN(int argc, char **argv)
}
#endif
#ifndef OPENSSL_NO_SRTP
- if (srtp_profiles != NULL)
- SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+ if (srtp_profiles != NULL) {
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles)) {
+ BIO_printf(bio_err, "Error setting SRTP profile\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
#endif
if (exc)
ssl_ctx_set_excert(ctx, exc);
@@ -1318,16 +1327,23 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Error parsing -alpn argument\n");
goto end;
}
- SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len)) {
+ BIO_printf(bio_err, "Error setting ALPN\n");
+ goto end;
+ }
OPENSSL_free(alpn);
}
#endif
#ifndef OPENSSL_NO_TLSEXT
for (i = 0; i < serverinfo_types_count; i++) {
- SSL_CTX_add_client_custom_ext(ctx,
+ if(!SSL_CTX_add_client_custom_ext(ctx,
serverinfo_types[i],
NULL, NULL, NULL,
- serverinfo_cli_parse_cb, NULL);
+ serverinfo_cli_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Warning: Unable to add custom extension %u. "
+ "Skipping\n", serverinfo_types[i]);
+ }
}
#endif

@@ -1390,7 +1406,11 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
- SSL_set_session(con, sess);
+ if(!SSL_set_session(con, sess)) {
+ BIO_printf(bio_err, "Can't set session\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
SSL_SESSION_free(sess);
}

diff --git a/apps/s_server.c b/apps/s_server.c
index ec2fe6f..298e665 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1723,8 +1723,14 @@ int MAIN(int argc, char *argv[])
SSL_CTX_sess_set_cache_size(ctx, 128);

#ifndef OPENSSL_NO_SRTP
- if (srtp_profiles != NULL)
- SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+ if (srtp_profiles != NULL) {
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles)) {
+ BIO_printf(bio_err, "Error setting SRTP profile\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
#endif

if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
@@ -1733,8 +1739,11 @@ int MAIN(int argc, char *argv[])
ERR_print_errors(bio_err);
/* goto end; */
}
- if (vpm)
- SSL_CTX_set1_param(ctx, vpm);
+ if (vpm && !SSL_CTX_set1_param(ctx, vpm)) {
+ BIO_printf(bio_err, "Error setting X509 params\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }

ssl_ctx_add_crls(ctx, crls, 0);
if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
@@ -1790,8 +1799,11 @@ int MAIN(int argc, char *argv[])
(!SSL_CTX_set_default_verify_paths(ctx2))) {
ERR_print_errors(bio_err);
}
- if (vpm)
- SSL_CTX_set1_param(ctx2, vpm);
+ if (vpm && !SSL_CTX_set1_param(ctx2, vpm)) {
+ BIO_printf(bio_err, "Error setting X509 params\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }

ssl_ctx_add_crls(ctx2, crls, 0);
if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
@@ -1913,8 +1925,13 @@ int MAIN(int argc, char *argv[])
#endif

SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
- SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
- sizeof s_server_session_id_context);
+ if(!SSL_CTX_set_session_id_context(ctx,
+ (void *)&s_server_session_id_context,
+ sizeof s_server_session_id_context)) {
+ BIO_printf(bio_err, "error setting session id context\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }

/* Set DTLS cookie generation and verification callbacks */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
@@ -1923,9 +1940,13 @@ int MAIN(int argc, char *argv[])
#ifndef OPENSSL_NO_TLSEXT
if (ctx2) {
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
- SSL_CTX_set_session_id_context(ctx2,
+ if(!SSL_CTX_set_session_id_context(ctx2,
(void *)&s_server_session_id_context,
- sizeof s_server_session_id_context);
+ sizeof s_server_session_id_context)) {
+ BIO_printf(bio_err, "error setting session id context\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }

tlsextcbp.biodebug = bio_s_out;
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
@@ -2130,10 +2151,18 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
- if (context)
- SSL_set_session_id_context(con, context, strlen((char *)context));
+ if (context && !SSL_set_session_id_context(con, context,
+ strlen((char *)context))) {
+ BIO_printf(bio_err, "Error setting session id context\n");
+ ret = -1;

+ goto err;
+ }
+ }

+ if(!SSL_clear(con)) {
+ BIO_printf(bio_err, "Error clearing SSL connection\n");
+ ret = -1;
+ goto err;
}
- SSL_clear(con);

if (stype == SOCK_DGRAM) {

@@ -2687,8 +2716,10 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
- if (context)
- SSL_set_session_id_context(con, context, strlen((char *)context));
+ if (context && !SSL_set_session_id_context(con, context,
+ strlen((char *)context))) {
+ goto err;
+ }

sbio = BIO_new_socket(s, BIO_NOCLOSE);
if (s_nbio_test) {
@@ -3033,8 +3064,11 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
- if (context)
- SSL_set_session_id_context(con, context, strlen((char *)context));
+ if (context && !SSL_set_session_id_context(con, context,
+ strlen((char *)context))) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }

sbio = BIO_new_socket(s, BIO_NOCLOSE);
SSL_set_bio(con, sbio, sbio);
@@ -3230,7 +3264,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session)
return 0;
}
p = sess->der;
- i2d_SSL_SESSION(session, &p);
+ if(i2d_SSL_SESSION(session, &p) < 0) {
+ BIO_printf(bio_err, "Error encoding session\n");
+ return 0;
+ }

sess->next = first;
first = sess;
diff --git a/apps/s_time.c b/apps/s_time.c
index 96e39aa..5b94634 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -356,7 +356,8 @@ int MAIN(int argc, char **argv)

if (st_bugs)
SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
- SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
+ if(!SSL_CTX_set_cipher_list(tm_ctx, tm_cipher))
+ goto end;
if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
goto end;

@@ -405,7 +406,8 @@ int MAIN(int argc, char **argv)
if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
- SSL_write(scon, buf, strlen(buf));
+ if(SSL_write(scon, buf, strlen(buf)) <= 0)
+ goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
@@ -461,7 +463,8 @@ int MAIN(int argc, char **argv)

if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
- SSL_write(scon, buf, strlen(buf));
+ if(SSL_write(scon, buf, strlen(buf)) <= 0)
+ goto end;
while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
}
#ifdef NO_SHUTDOWN
@@ -498,7 +501,8 @@ int MAIN(int argc, char **argv)
if (s_www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
- SSL_write(scon, buf, strlen(buf));
+ if(SSL_write(scon, buf, strlen(buf)) <= 0)
+ goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
diff --git a/apps/sess_id.c b/apps/sess_id.c
index fcb0911..9400af9 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -166,7 +166,10 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Context too long\n");
goto end;
}
- SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
+ if(!SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len)) {
+ BIO_printf(bio_err, "Error setting id context\n");
+ goto end;
+ }
}

if (!noout || text) {
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index e2831af..99f8b5e 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -292,7 +292,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
else if (ssl->handshake_func == ssl->method->ssl_accept)
SSL_set_accept_state(ssl);

- SSL_clear(ssl);
+ if(!SSL_clear(ssl)) {
+ ret = 0;
+ break;
+ }

if (b->next_bio != NULL)
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index a7d0a82..22626f1 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -989,7 +989,10 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
s->d1->handshake_write_seq, 0, 0);

/* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 1);
+ if(!dtls1_buffer_message(s, 1)) {
+ SSLerr(SSL_F_DTLS1_SEND_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }

s->state = b;
}
@@ -1237,7 +1240,7 @@ void dtls1_clear_record_buffer(SSL *s)
}
}

-unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
+void dtls1_set_message_header(SSL *s, unsigned char *p,
unsigned char mt, unsigned long len,
unsigned long frag_off,
unsigned long frag_len)
@@ -1250,8 +1253,6 @@ unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,

dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
frag_off, frag_len);
-
- return p += DTLS1_HM_HEADER_LENGTH;
}

/* don't actually do the writing, wait till the MTU has been retrieved */
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 151dd47..c5831cd 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -181,8 +181,10 @@ int dtls1_connect(SSL *s)
cb = s->ctx->info_callback;

s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s))
- SSL_clear(s);
+ if (!SSL_in_init(s) || SSL_in_before(s)) {
+ if(!SSL_clear(s))
+ return -1;
+ }

#ifndef OPENSSL_NO_SCTP
/*
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index e9a2fc5..ad6561c 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -67,7 +67,7 @@
#endif

static void get_current_time(struct timeval *t);
-static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
+static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
static int dtls1_handshake_write(SSL *s);
const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT;
int dtls1_listen(SSL *s, struct sockaddr *client);
@@ -547,7 +547,8 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
int ret;

/* Ensure there is no state left over from a previous invocation */

- SSL_clear(s);
+ if(!SSL_clear(s))
+ return -1;

SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s->d1->listen = 1;

@@ -560,14 +561,18 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
return 1;
}

-static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
+static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
{
unsigned char *p = (unsigned char *)s->init_buf->data;
dtls1_set_message_header(s, p, htype, len, 0, len);
s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
s->init_off = 0;
/* Buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
+
+ if(!dtls1_buffer_message(s, 0))
+ return 0;
+
+ return 1;
}

static int dtls1_handshake_write(SSL *s)
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 4dbd694..5463acf 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -937,7 +937,10 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
#ifndef OPENSSL_NO_HEARTBEATS
else if (rr->type == TLS1_RT_HEARTBEAT) {
- dtls1_process_heartbeat(s);
+ /* We allow a 0 return */
+ if(dtls1_process_heartbeat(s) < 0) {
+ return -1;
+ }

/* Exit and notify application to read again */
rr->length = 0;
@@ -1246,7 +1249,8 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
if (dtls1_check_timeout_num(s) < 0)
return -1;

- dtls1_retransmit_buffered_messages(s);
+ /* Ignore retransmit failures - swallow return code */
+ if(dtls1_retransmit_buffered_messages(s));
rr->length = 0;
goto start;
}
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index bcf63e0..24361ae 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -184,8 +184,10 @@ int dtls1_accept(SSL *s)

/* init things to blank */
s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s))
- SSL_clear(s);
+ if (!SSL_in_init(s) || SSL_in_before(s)) {
+ if(!SSL_clear(s))
+ return -1;
+ }

s->d1->listen = listen;
#ifndef OPENSSL_NO_SCTP
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index e04d3af..21a32bc 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -157,8 +157,10 @@ int ssl23_connect(SSL *s)
cb = s->ctx->info_callback;

s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s))
- SSL_clear(s);
+ if (!SSL_in_init(s) || SSL_in_before(s)) {
+ if(!SSL_clear(s))
+ return -1;
+ }

for (;;) {
state = s->state;
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 6ac6e4e..255d278 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -156,8 +156,10 @@ int ssl23_accept(SSL *s)
cb = s->ctx->info_callback;

s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s))
- SSL_clear(s);
+ if (!SSL_in_init(s) || SSL_in_before(s)) {
+ if(!SSL_clear(s))
+ return -1;
+ }

for (;;) {
state = s->state;
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index de49e64..2bc4e6a 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -187,7 +187,10 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
s->s3->previous_server_finished_len = i;
}

- ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
+ if(!ssl_set_handshake_header(s, SSL3_MT_FINISHED, l)) {
+ SSLerr(SSL_F_SSL3_SEND_FINISHED, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
s->state = b;
}

@@ -324,7 +327,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
p = ssl_handshake_start(s);
l2n3(l, p);
l += 3;
- ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
+
+ if(!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l)) {
+ SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
return l + SSL_HM_HEADER_LENGTH(s);
}

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index b37a733..81381ef 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -197,8 +197,10 @@ int ssl3_connect(SSL *s)
cb = s->ctx->info_callback;

s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s))
- SSL_clear(s);
+ if (!SSL_in_init(s) || SSL_in_before(s)) {
+ if(!SSL_clear(s))
+ return -1;
+ }

#ifndef OPENSSL_NO_HEARTBEATS
/*
@@ -841,7 +843,11 @@ int ssl3_client_hello(SSL *s)
#endif

l = p - d;
- ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l);
+ if(!ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l)) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
s->state = SSL3_ST_CW_CLNT_HELLO_B;
}

@@ -2996,7 +3002,12 @@ int ssl3_send_client_key_exchange(SSL *s)
goto err;
}

- ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n);
+ if(!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n)) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

+ goto err;
+ }
+

s->state = SSL3_ST_CW_KEY_EXCH_B;
}

@@ -3044,6 +3055,11 @@ int ssl3_send_client_key_exchange(SSL *s)
OPENSSL_cleanse(pms, pmslen);
OPENSSL_free(pms);
s->cert->pms = NULL;
+ if(s->session->master_key_length < 0) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
}
return n;
memerr:
@@ -3190,7 +3206,10 @@ int ssl3_send_client_verify(SSL *s)
SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
- ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n);
+ if(!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
s->state = SSL3_ST_CW_CERT_VRFY_B;
}
EVP_MD_CTX_cleanup(&mctx);
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 83a576a..bcefe12 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -253,7 +253,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
EVP_CIPHER_CTX_init(s->enc_read_ctx);
dd = s->enc_read_ctx;

- ssl_replace_hash(&s->read_hash, m);
+ if(!ssl_replace_hash(&s->read_hash, m)) {
+ SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if (s->expand != NULL) {
@@ -288,7 +291,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
*/
EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd = s->enc_write_ctx;
- ssl_replace_hash(&s->write_hash, m);
+ if(!ssl_replace_hash(&s->write_hash, m)) {
+ SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if (s->compress != NULL) {
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3e6530e..6c59824 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3087,13 +3087,15 @@ int ssl3_pending(const SSL *s)
SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
}

-void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
+int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
{
unsigned char *p = (unsigned char *)s->init_buf->data;
*(p++) = htype;
l2n3(len, p);
s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
s->init_off = 0;
+
+ return 1;
}

int ssl3_handshake_write(SSL *s)
@@ -3114,7 +3116,8 @@ int ssl3_new(SSL *s)
s->s3 = s3;

#ifndef OPENSSL_NO_SRP
- SSL_SRP_CTX_init(s);
+ if(!SSL_SRP_CTX_init(s))
+ goto err;
#endif
s->method->ssl_clear(s);
return (1);
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index cf02e49..4f81f1a 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1320,7 +1320,10 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
#ifndef OPENSSL_NO_HEARTBEATS
else if (rr->type == TLS1_RT_HEARTBEAT) {
- tls1_process_heartbeat(s);
+ /* We can ignore 0 return values */
+ if(tls1_process_heartbeat(s) < 0) {
+ return -1;
+ }

/* Exit and notify application to read again */
rr->length = 0;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index f8c7e37..ccccd54 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -226,8 +226,10 @@ int ssl3_accept(SSL *s)

/* init things to blank */
s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s))
- SSL_clear(s);
+ if (!SSL_in_init(s) || SSL_in_before(s)) {
+ if(!SSL_clear(s))
+ return -1;
+ }

if (s->cert == NULL) {
SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
@@ -884,7 +886,10 @@ int ssl3_send_hello_request(SSL *s)
{

if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
- ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0);
+ if(!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) {
+ SSLerr(SSL_F_SSL3_SEND_HELLO_REQUEST, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
s->state = SSL3_ST_SW_HELLO_REQ_B;
}

@@ -1500,7 +1505,10 @@ int ssl3_send_server_hello(SSL *s)
#endif
/* do the header */
l = (p - d);
- ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l);
+ if(!ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
s->state = SSL3_ST_SW_SRVR_HELLO_B;
}

@@ -1512,7 +1520,10 @@ int ssl3_send_server_done(SSL *s)
{

if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
- ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0);
+ if(!ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_DONE, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
s->state = SSL3_ST_SW_SRVR_DONE_B;
}

@@ -1959,7 +1970,11 @@ int ssl3_send_server_key_exchange(SSL *s)
}
}

- ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n);
+ if(!ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n)) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
}

s->state = SSL3_ST_SW_KEY_EXCH_B;
@@ -2037,7 +2052,10 @@ int ssl3_send_certificate_request(SSL *s)
p = ssl_handshake_start(s) + off;
s2n(nl, p);

- ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n);
+ if(!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n)) {
+ SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }

s->state = SSL3_ST_SW_CERT_REQ_B;
}
@@ -2227,6 +2245,11 @@ int ssl3_get_client_key_exchange(SSL *s)
sizeof
(rand_premaster_secret));
OPENSSL_cleanse(p, sizeof(rand_premaster_secret));
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
} else
#endif
#ifndef OPENSSL_NO_DH
@@ -2319,6 +2342,11 @@ int ssl3_get_client_key_exchange(SSL *s)
session->master_key,
p, i);
OPENSSL_cleanse(p, i);
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if (dh_clnt)
return 2;
} else
@@ -2484,6 +2512,11 @@ int ssl3_get_client_key_exchange(SSL *s)
s->
session->master_key,
pms, outl);
+ if(s->session->master_key_length < 0) {
+ al = SSL_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }

if (kssl_ctx->client_princ) {
size_t len = strlen(kssl_ctx->client_princ);
@@ -2632,6 +2665,11 @@ int ssl3_get_client_key_exchange(SSL *s)
p, i);

OPENSSL_cleanse(p, i);
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
return (ret);
} else
#endif
@@ -2716,6 +2754,11 @@ int ssl3_get_client_key_exchange(SSL *s)
session->master_key,
psk_or_pre_ms,
pre_ms_len);
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto psk_err;
+ }
psk_err = 0;
psk_err:
OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
@@ -2817,6 +2860,11 @@ int ssl3_get_client_key_exchange(SSL *s)
s->
session->master_key,
premaster_secret, 32);
+ if(s->session->master_key_length < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
/* Check if pubkey from client certificate was used */
if (EVP_PKEY_CTX_ctrl
(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
@@ -3387,7 +3435,8 @@ int ssl3_send_newsession_ticket(SSL *s)
/* Now write out lengths: p points to end of data written */
/* Total length */
len = p - ssl_handshake_start(s);
- ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len);
+ if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
+ goto err;
/* Skip ticket lifetime hint */
p = ssl_handshake_start(s) + 4;
s2n(len - 6, p);
diff --git a/ssl/srtp.h b/ssl/srtp.h
index 2279c32..611f5ef 100644
--- a/ssl/srtp.h
+++ b/ssl/srtp.h
@@ -132,11 +132,11 @@ extern "C" {

# ifndef OPENSSL_NO_SRTP

-int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
-int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
+__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+__owur int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);

-STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);

# endif

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 56eb7ba..3a6f9fb 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -664,14 +664,14 @@ void SSL_set_msg_callback(SSL *ssl,
# ifndef OPENSSL_NO_SRP

/* see tls_srp.c */
-int SSL_SRP_CTX_init(SSL *s);
-int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+__owur int SSL_SRP_CTX_init(SSL *s);
+__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
int SSL_SRP_CTX_free(SSL *ctx);
int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
-int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
-int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
+__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
+__owur int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
+__owur int SRP_Calc_A_param(SSL *s);
+__owur int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);

# endif

@@ -772,7 +772,7 @@ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
EVP_PKEY **pkey);
# ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
# endif
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
int (*app_gen_cookie_cb) (SSL *ssl,
@@ -805,7 +805,7 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
# endif

# ifndef OPENSSL_NO_TLSEXT
-int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client,
unsigned int client_len);
@@ -815,9 +815,9 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
# define OPENSSL_NPN_NEGOTIATED 1
# define OPENSSL_NPN_NO_OVERLAP 2

-int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned protos_len);
-int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned protos_len);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
@@ -894,8 +894,8 @@ void SSL_set_psk_server_callback(SSL *ssl,
unsigned
int
max_psk_len));
-int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
-int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
+__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
+__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
const char *SSL_get_psk_identity_hint(const SSL *s);
const char *SSL_get_psk_identity(const SSL *s);
# endif
@@ -903,21 +903,21 @@ const char *SSL_get_psk_identity(const SSL *s);
# ifndef OPENSSL_NO_TLSEXT
/* Register callbacks to handle custom TLS Extensions for client or server. */

-int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
custom_ext_add_cb add_cb,
custom_ext_free_cb free_cb,
void *add_arg,
custom_ext_parse_cb parse_cb,
void *parse_arg);

-int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
custom_ext_add_cb add_cb,
custom_ext_free_cb free_cb,
void *add_arg,
custom_ext_parse_cb parse_cb,
void *parse_arg);

-int SSL_extension_supported(unsigned int ext_type);
+__owur int SSL_extension_supported(unsigned int ext_type);

# endif

@@ -1362,88 +1362,88 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_get0_ec_point_formats(s, plst) \
SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)

-BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+__owur BIO_METHOD *BIO_f_ssl(void);
+__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from);
void BIO_ssl_shutdown(BIO *ssl_bio);

-int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
+__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
void SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
+__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
-int SSL_want(const SSL *s);
-int SSL_clear(SSL *s);
+__owur int SSL_want(const SSL *s);
+__owur int SSL_clear(SSL *s);

void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);

-const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
-const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
-
-int SSL_get_fd(const SSL *s);
-int SSL_get_rfd(const SSL *s);
-int SSL_get_wfd(const SSL *s);
-const char *SSL_get_cipher_list(const SSL *s, int n);
-char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
-int SSL_get_read_ahead(const SSL *s);
-int SSL_pending(const SSL *s);
+__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+__owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+__owur unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
+
+__owur int SSL_get_fd(const SSL *s);
+__owur int SSL_get_rfd(const SSL *s);
+__owur int SSL_get_wfd(const SSL *s);
+__owur const char *SSL_get_cipher_list(const SSL *s, int n);
+__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
+__owur int SSL_get_read_ahead(const SSL *s);
+__owur int SSL_pending(const SSL *s);
# ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s, int fd);
-int SSL_set_rfd(SSL *s, int fd);
-int SSL_set_wfd(SSL *s, int fd);
+__owur int SSL_set_fd(SSL *s, int fd);
+__owur int SSL_set_rfd(SSL *s, int fd);
+__owur int SSL_set_wfd(SSL *s, int fd);
# endif
void SSL_set_rbio(SSL *s, BIO *rbio);
void SSL_set_wbio(SSL *s, BIO *wbio);
void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
-BIO *SSL_get_rbio(const SSL *s);
-BIO *SSL_get_wbio(const SSL *s);
-int SSL_set_cipher_list(SSL *s, const char *str);
+__owur BIO *SSL_get_rbio(const SSL *s);
+__owur BIO *SSL_get_wbio(const SSL *s);
+__owur int SSL_set_cipher_list(SSL *s, const char *str);
void SSL_set_read_ahead(SSL *s, int yes);
-int SSL_get_verify_mode(const SSL *s);
-int SSL_get_verify_depth(const SSL *s);
-int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *);
+__owur int SSL_get_verify_mode(const SSL *s);
+__owur int SSL_get_verify_depth(const SSL *s);
+__owur int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *);
void SSL_set_verify(SSL *s, int mode,
int (*callback) (int ok, X509_STORE_CTX *ctx));
void SSL_set_verify_depth(SSL *s, int depth);
void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
# ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
# endif
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
+__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
+__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
long len);
-int SSL_use_certificate(SSL *ssl, X509 *x);
-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
+__owur int SSL_use_certificate(SSL *ssl, X509 *x);
+__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);

# ifndef OPENSSL_NO_TLSEXT
/* Set serverinfo data for the current active cert. */
-int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
size_t serverinfo_length);
# ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
# endif /* NO_STDIO */

# endif

# ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
/* PEM type */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *file);
# ifndef OPENSSL_SYS_VMS
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
@@ -1453,53 +1453,53 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
# endif

void SSL_load_error_strings(void);
-const char *SSL_state_string(const SSL *s);
-const char *SSL_rstate_string(const SSL *s);
-const char *SSL_state_string_long(const SSL *s);
-const char *SSL_rstate_string_long(const SSL *s);
-long SSL_SESSION_get_time(const SSL_SESSION *s);
-long SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long SSL_SESSION_get_timeout(const SSL_SESSION *s);
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-int SSL_SESSION_has_ticket(const SSL_SESSION *s);
-unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+__owur const char *SSL_state_string(const SSL *s);
+__owur const char *SSL_rstate_string(const SSL *s);
+__owur const char *SSL_state_string_long(const SSL *s);
+__owur const char *SSL_rstate_string_long(const SSL *s);
+__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
size_t *len);
void SSL_copy_session_id(SSL *to, const SSL *from);
-X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);

-SSL_SESSION *SSL_SESSION_new(void);
+__owur SSL_SESSION *SSL_SESSION_new(void);
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
unsigned int *len);
-unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
# ifndef OPENSSL_NO_STDIO
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
# endif
int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
void SSL_SESSION_free(SSL_SESSION *ses);
-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
-int SSL_set_session(SSL *to, SSL_SESSION *session);
-int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
+__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
-int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+__owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
+__owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
+__owur int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
unsigned int id_len);
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
long length);

# ifdef HEADER_X509_H
-X509 *SSL_get_peer_certificate(const SSL *s);
+__owur X509 *SSL_get_peer_certificate(const SSL *s);
# endif

-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
+__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);

-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int,
+__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+__owur int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int,
X509_STORE_CTX *);
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
int (*callback) (int, X509_STORE_CTX *));
@@ -1510,40 +1510,40 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
void *arg);
# ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
# endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
+__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
const unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
const unsigned char *d);

void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);

-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-int SSL_check_private_key(const SSL *ctx);
+__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+__owur int SSL_check_private_key(const SSL *ctx);

-int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);

SSL *SSL_new(SSL_CTX *ctx);
-int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);

-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
+__owur int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
+__owur int SSL_set_purpose(SSL *s, int purpose);
+__owur int SSL_CTX_set_trust(SSL_CTX *s, int trust);
+__owur int SSL_set_trust(SSL *s, int trust);

-int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
-int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
+__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);

-X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
-X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
+__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
+__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);

# ifndef OPENSSL_NO_SRP
int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
@@ -1562,156 +1562,156 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
const char *grp);

-BIGNUM *SSL_get_srp_g(SSL *s);
-BIGNUM *SSL_get_srp_N(SSL *s);
+__owur BIGNUM *SSL_get_srp_g(SSL *s);
+__owur BIGNUM *SSL_get_srp_N(SSL *s);

-char *SSL_get_srp_username(SSL *s);
-char *SSL_get_srp_userinfo(SSL *s);
+__owur char *SSL_get_srp_username(SSL *s);
+__owur char *SSL_get_srp_userinfo(SSL *s);
# endif

void SSL_certs_clear(SSL *s);
void SSL_free(SSL *ssl);
-int SSL_accept(SSL *ssl);
-int SSL_connect(SSL *ssl);
-int SSL_read(SSL *ssl, void *buf, int num);
-int SSL_peek(SSL *ssl, void *buf, int num);
-int SSL_write(SSL *ssl, const void *buf, int num);
+__owur int SSL_accept(SSL *ssl);
+__owur int SSL_connect(SSL *ssl);
+__owur int SSL_read(SSL *ssl, void *buf, int num);
+__owur int SSL_peek(SSL *ssl, void *buf, int num);
+__owur int SSL_write(SSL *ssl, const void *buf, int num);
long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
long SSL_callback_ctrl(SSL *, int, void (*)(void));
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));

-int SSL_get_error(const SSL *s, int ret_code);
-const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_error(const SSL *s, int ret_code);
+__owur const char *SSL_get_version(const SSL *s);

/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);

# ifndef OPENSSL_NO_SSL3_METHOD
-const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
+__owur const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
+__owur const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
+__owur const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
# endif

-const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS
+__owur const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS
* version */
-const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available
+__owur const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available
* SSL/TLS version */
-const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available
+__owur const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available
* SSL/TLS version */

-const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
-const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
-const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
+__owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
+__owur const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
+__owur const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */

-const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
+__owur const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
+__owur const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
+__owur const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */

-const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
+__owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
+__owur const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
+__owur const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */

-const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
+__owur const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
+__owur const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
+__owur const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */

-const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */
-const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */
-const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */
+__owur const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */
+__owur const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */
+__owur const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */

-const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
-const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
-const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */

-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
-STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);

-int SSL_do_handshake(SSL *s);
+__owur int SSL_do_handshake(SSL *s);
int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_abbreviated(SSL *s);
-int SSL_renegotiate_pending(SSL *s);
+__owur int SSL_renegotiate_abbreviated(SSL *s);
+__owur int SSL_renegotiate_pending(SSL *s);
int SSL_shutdown(SSL *s);

-const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
-const SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
-const char *SSL_alert_type_string_long(int value);
-const char *SSL_alert_type_string(int value);
-const char *SSL_alert_desc_string_long(int value);
-const char *SSL_alert_desc_string(int value);
+__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
+__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s);
+__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+__owur const char *SSL_alert_type_string_long(int value);
+__owur const char *SSL_alert_type_string(int value);
+__owur const char *SSL_alert_desc_string_long(int value);
+__owur const char *SSL_alert_desc_string(int value);

void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl, X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+__owur int SSL_add_client_CA(SSL *ssl, X509 *x);
+__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);

void SSL_set_connect_state(SSL *s);
void SSL_set_accept_state(SSL *s);

-long SSL_get_default_timeout(const SSL *s);
+__owur long SSL_get_default_timeout(const SSL *s);

int SSL_library_init(void);

-char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
+__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
+__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);

-SSL *SSL_dup(SSL *ssl);
+__owur SSL *SSL_dup(SSL *ssl);

-X509 *SSL_get_certificate(const SSL *ssl);
+__owur X509 *SSL_get_certificate(const SSL *ssl);
/*
* EVP_PKEY
*/ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);

-X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
-EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
+__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);

void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
void SSL_set_quiet_shutdown(SSL *ssl, int mode);
-int SSL_get_quiet_shutdown(const SSL *ssl);
+__owur int SSL_get_quiet_shutdown(const SSL *ssl);
void SSL_set_shutdown(SSL *ssl, int mode);
-int SSL_get_shutdown(const SSL *ssl);
-int SSL_version(const SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+__owur int SSL_get_shutdown(const SSL *ssl);
+__owur int SSL_version(const SSL *ssl);
+__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath);
# define SSL_get0_session SSL_get_session/* just peek at pointer */
-SSL_SESSION *SSL_get_session(const SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
+__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
+__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
void SSL_set_info_callback(SSL *ssl,
void (*cb) (const SSL *ssl, int type, int val));
void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
int val);
-int SSL_state(const SSL *ssl);
+__owur int SSL_state(const SSL *ssl);
void SSL_set_state(SSL *ssl, int state);

void SSL_set_verify_result(SSL *ssl, long v);
-long SSL_get_verify_result(const SSL *ssl);
+__owur long SSL_get_verify_result(const SSL *ssl);

-int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
void *SSL_get_ex_data(const SSL *ssl, int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+__owur int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+__owur int SSL_SESSION_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);

-int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+__owur int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);

-int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);

# define SSL_CTX_sess_set_cache_size(ctx,t) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
@@ -1770,32 +1770,32 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,
# endif

# ifndef OPENSSL_NO_COMP
-const COMP_METHOD *SSL_get_current_compression(SSL *s);
-const COMP_METHOD *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+__owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
+__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
+__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
*meths);
void SSL_COMP_free_compression_methods(void);
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
# else
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const void *comp);
+__owur const void *SSL_get_current_compression(SSL *s);
+__owur const void *SSL_get_current_expansion(SSL *s);
+__owur const char *SSL_COMP_get_name(const void *comp);
void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id, void *cm);
+__owur int SSL_COMP_add_compression_method(int id, void *cm);
# endif

const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);

/* TLS extensions functions */
-int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
+__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);

-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+__owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
void *arg);

/* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s,
+__owur int SSL_set_session_secret_cb(SSL *s,
tls_session_secret_cb_fn tls_session_secret_cb,
void *arg);

@@ -1810,27 +1810,27 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
is_forward_secure));

void SSL_set_debug(SSL *s, int debug);
-int SSL_cache_hit(SSL *s);
-int SSL_is_server(SSL *s);
+__owur int SSL_cache_hit(SSL *s);
+__owur int SSL_is_server(SSL *s);

-SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void);
int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
-unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
-int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
+__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);

void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);

-int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
-int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
-int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);

# ifndef OPENSSL_NO_SSL_TRACE
void SSL_trace(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
-const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
# endif

/* What the "other" parameter contains in security callback */
@@ -1892,7 +1892,7 @@ const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER)

void SSL_set_security_level(SSL *s, int level);
-int SSL_get_security_level(const SSL *s);
+__owur int SSL_get_security_level(const SSL *s);
void SSL_set_security_callback(SSL *s,
int (*cb) (SSL *s, SSL_CTX *ctx, int op,
int bits, int nid, void *other,
@@ -1901,10 +1901,10 @@ int (*SSL_get_security_callback(const SSL *s)) (SSL *s, SSL_CTX *ctx, int op,
int bits, int nid,
void *other, void *ex);
void SSL_set0_security_ex_data(SSL *s, void *ex);
-void *SSL_get0_security_ex_data(const SSL *s);
+__owur void *SSL_get0_security_ex_data(const SSL *s);

void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
-int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx);
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
int (*cb) (SSL *s, SSL_CTX *ctx, int op,
int bits, int nid, void *other,
@@ -1916,10 +1916,10 @@ int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (SSL *s,
void *other,
void *ex);
void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
-void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);

# ifndef OPENSSL_NO_UNIT_TEST
-const struct openssl_ssl_test_functions *SSL_test_functions(void);
+__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
# endif

/* BEGIN ERROR CODES */
@@ -1956,6 +1956,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_DTLS1_READ_BYTES 258
# define SSL_F_DTLS1_READ_FAILED 259
# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
+# define SSL_F_DTLS1_SEND_CHANGE_CIPHER_SPEC 342
# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
@@ -2011,7 +2012,10 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
# define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
+# define SSL_F_SSL3_SEND_FINISHED 343
+# define SSL_F_SSL3_SEND_HELLO_REQUEST 344
# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
+# define SSL_F_SSL3_SEND_SERVER_DONE 345
# define SSL_F_SSL3_SEND_SERVER_HELLO 242
# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
# define SSL_F_SSL3_SETUP_KEY_BLOCK 157
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index 504e4d7..ba9fc48 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -130,7 +130,7 @@ int SSL_library_init(void)
* This will initialise the built-in compression algorithms. The value
* returned is a STACK_OF(SSL_COMP), but that can be discarded safely
*/
- (void)SSL_COMP_get_compression_methods();
+ SSL_COMP_get_compression_methods();
#endif
/* initialize cipher/digest methods table */
ssl_load_ciphers();
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index f220e8e..0f6758b 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -532,10 +532,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
else
*comp = NULL;
}
+ /* If were only interested in comp then return success */
+ if((enc == NULL) && (md == NULL))
+ return 1;
}

if ((enc == NULL) || (md == NULL))
- return (0);
+ return 0;

switch (c->algorithm_enc) {
case SSL_DES:
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index f370e9e..75ca684 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
*

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -83,8 +83,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "dtls1_get_message"},
- {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),
- "DTLS1_GET_MESSAGE_FRAGMENT"},
+ {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "dtls1_get_record"},
{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "dtls1_handle_timeout"},
{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
@@ -96,7 +95,9 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "dtls1_read_bytes"},
{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "dtls1_read_failed"},
{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),
- "dtls1_send_certificate_request"},
+ "DTLS1_SEND_CERTIFICATE_REQUEST"},
+ {ERR_FUNC(SSL_F_DTLS1_SEND_CHANGE_CIPHER_SPEC),
+ "dtls1_send_change_cipher_spec"},
{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),
"dtls1_send_client_certificate"},
{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),
@@ -109,8 +110,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "dtls1_send_server_hello"},
{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),
"dtls1_send_server_key_exchange"},
- {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),
- "dtls1_write_app_data_bytes"},
+ {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"},
{ERR_FUNC(SSL_F_SSL23_ACCEPT), "ssl23_accept"},
{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
{ERR_FUNC(SSL_F_SSL23_CONNECT), "ssl23_connect"},
@@ -130,10 +130,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL3_CONNECT), "ssl3_connect"},
{ERR_FUNC(SSL_F_SSL3_CTRL), "ssl3_ctrl"},
{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "ssl3_ctx_ctrl"},
- {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),
- "ssl3_digest_cached_records"},
- {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),
- "ssl3_do_change_cipher_spec"},
+ {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "ssl3_digest_cached_records"},
+ {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "ssl3_do_change_cipher_spec"},
{ERR_FUNC(SSL_F_SSL3_ENC), "ssl3_enc"},
{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),
@@ -169,8 +167,11 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),
"ssl3_send_client_key_exchange"},
{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "ssl3_send_client_verify"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_FINISHED), "ssl3_send_finished"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_HELLO_REQUEST), "ssl3_send_hello_request"},
{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),
"ssl3_send_server_certificate"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_DONE), "ssl3_send_server_done"},
{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "ssl3_send_server_hello"},
{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE),
"ssl3_send_server_key_exchange"},
@@ -183,8 +184,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_ADD_CERT_TO_BUF), "SSL_ADD_CERT_TO_BUF"},
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),
"ssl_add_clienthello_renegotiate_ext"},
- {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),
- "ssl_add_clienthello_tlsext"},
+ {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "ssl_add_clienthello_tlsext"},
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
"ssl_add_clienthello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
@@ -193,8 +193,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"SSL_add_file_cert_subjects_to_stack"},
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
"ssl_add_serverhello_renegotiate_ext"},
- {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),
- "ssl_add_serverhello_tlsext"},
+ {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "ssl_add_serverhello_tlsext"},
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
"ssl_add_serverhello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"},
@@ -210,8 +209,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"SSL_CHECK_SERVERHELLO_TLSEXT"},
{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
"ssl_check_srvr_ecc_cert_and_alg"},
- {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),
- "SSL_CIPHER_PROCESS_RULESTR"},
+ {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
@@ -296,10 +294,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
- {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),
- "SSL_set_session_id_context"},
- {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),
- "SSL_set_session_ticket_ext"},
+ {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
+ {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
@@ -317,10 +313,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
- {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),
- "SSL_use_RSAPrivateKey_ASN1"},
- {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),
- "SSL_use_RSAPrivateKey_file"},
+ {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
+ {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
{ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"},
@@ -391,16 +385,14 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_BAD_VALUE), "bad value"},
{ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
{ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
- {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
- "block cipher pad is wrong"},
+ {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"},
{ERR_REASON(SSL_R_BN_LIB), "bn lib"},
{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"},
{ERR_REASON(SSL_R_CA_DN_TOO_LONG), "ca dn too long"},
{ERR_REASON(SSL_R_CA_KEY_TOO_SMALL), "ca key too small"},
{ERR_REASON(SSL_R_CA_MD_TOO_WEAK), "ca md too weak"},
{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
- {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),
- "certificate verify failed"},
+ {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"},
{ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"},
{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
@@ -413,8 +405,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
"compression id not within private range"},
- {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),
- "compression library error"},
+ {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"},
{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
{ERR_REASON(SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
@@ -443,8 +434,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_EE_KEY_TOO_SMALL), "ee key too small"},
{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
"empty srtp protection profile list"},
- {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
- "encrypted length too long"},
+ {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"},
{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),
"error generating tmp rsa key"},
{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
@@ -494,8 +484,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_MISSING_ECDH_CERT), "missing ecdh cert"},
{ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),
"missing ecdsa signing cert"},
- {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),
- "missing export tmp dh key"},
+ {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"},
{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),
"missing export tmp rsa key"},
{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
@@ -527,8 +516,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
{ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
- {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST),
- "digest requred for handshake isn't computed"},
+ {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
{ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
{ERR_REASON(SSL_R_NO_SHARED_SIGATURE_ALGORITHMS),
"no shared sigature algorithms"},
@@ -546,8 +534,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"only TLS 1.2 allowed in Suite B mode"},
{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),
"only tls allowed in fips mode"},
- {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),
- "opaque PRF input too long"},
+ {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"},
{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
{ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
{ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
@@ -597,8 +584,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
"ssl3 ext invalid servername type"},
{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
- {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),
- "ssl3 session id too short"},
+ {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"},
{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
"sslv3 alert bad certificate"},
{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
@@ -634,13 +620,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"ssl session id context too long"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
"ssl session id has bad length"},
- {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
- "tlsv1 alert access denied"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"},
{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
"tlsv1 alert decryption failed"},
- {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
- "tlsv1 alert decrypt error"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"},
{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
"tlsv1 alert export restriction"},
{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
@@ -683,8 +667,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"tls rsa encrypted value length is wrong"},
{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
"tried to use unsupported cipher"},
- {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),
- "unable to decode dh certs"},
+ {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
"unable to decode ecdh certs"},
{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),
@@ -693,8 +676,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"unable to find ecdh parameters"},
{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
"unable to find public key parameters"},
- {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),
- "unable to find ssl method"},
+ {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"},
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
"unable to load ssl3 md5 routines"},
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
@@ -708,12 +690,10 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"},
{ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
{ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
- {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
- "unknown key exchange type"},
+ {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"},
{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
- {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),
- "unknown remote error type"},
+ {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"},
{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"},
{ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 1e9b34f..0c9f4f7 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -378,7 +378,8 @@ SSL *SSL_new(SSL_CTX *ctx)
s->references = 1;
s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;

- SSL_clear(s);
+ if(!SSL_clear(s))
+ goto err;

CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);

@@ -885,7 +886,10 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
CERT *tmp;

/* Do we need to to SSL locking? */
- SSL_set_session(t, SSL_get_session(f));
+ if(!SSL_set_session(t, SSL_get_session(f))) {
+ /* How do we handle this!! void function */
+ return;
+ }

/*
* what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa
@@ -904,7 +908,10 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
t->cert = NULL;
if (tmp != NULL)
ssl_cert_free(tmp);
- SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
+ if(!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {
+ /* Really should do something about this..but void function - ignore */
+ ;
+ }
}

/* Fix this so it checks all the valid key/cert options */
@@ -1924,10 +1931,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
if (ret->cert_store == NULL)
goto err;

- ssl_create_cipher_list(ret->method,
+ if(!ssl_create_cipher_list(ret->method,
&ret->cipher_list, &ret->cipher_list_by_id,
- SSL_DEFAULT_CIPHER_LIST, ret->cert);
- if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+ SSL_DEFAULT_CIPHER_LIST, ret->cert)
+ || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@@ -1980,7 +1987,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->psk_server_callback = NULL;
#endif
#ifndef OPENSSL_NO_SRP
- SSL_CTX_SRP_CTX_init(ret);
+ if(!SSL_CTX_SRP_CTX_init(ret))
+ goto err;
#endif
#ifndef OPENSSL_NO_ENGINE
ret->client_cert_engine = NULL;
@@ -2783,7 +2791,8 @@ SSL *SSL_dup(SSL *s)
goto err;
}

- SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length);
+ if(!SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length))
+ goto err;
}

ret->options = s->options;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 3396572..3b3f298 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1839,7 +1839,7 @@ typedef struct ssl3_enc_method {
/* Handshake header length */
unsigned int hhlen;
/* Set the handshake header */
- void (*set_handshake_header) (SSL *s, int type, unsigned long len);
+ int (*set_handshake_header) (SSL *s, int type, unsigned long len);
/* Write out handshake message */
int (*do_write) (SSL *s);
} SSL3_ENC_METHOD;
@@ -2050,379 +2050,379 @@ struct openssl_ssl_test_functions {

void ssl_clear_cipher_ctx(SSL *s);
int ssl_clear_bad_session(SSL *s);
-CERT *ssl_cert_new(void);
-CERT *ssl_cert_dup(CERT *cert);
+__owur CERT *ssl_cert_new(void);
+__owur CERT *ssl_cert_dup(CERT *cert);
void ssl_cert_set_default_md(CERT *cert);
void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c);
-SESS_CERT *ssl_sess_cert_new(void);
+__owur SESS_CERT *ssl_sess_cert_new(void);
void ssl_sess_cert_free(SESS_CERT *sc);
-int ssl_set_peer_cert_type(SESS_CERT *c, int type);
-int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
+__owur int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+__owur int ssl_get_new_session(SSL *s, int session);
+__owur int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
const unsigned char *limit);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
+__owur STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
int num,
STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+__owur int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
unsigned char *p,
int (*put_cb) (const SSL_CIPHER *,
unsigned char *));
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
+__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
STACK_OF(SSL_CIPHER) **pref,
STACK_OF(SSL_CIPHER) **sorted,
const char *rule_str, CERT *c);
void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
int *mac_secret_size, SSL_COMP **comp, int use_etm);
-int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
-int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
-const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);
-int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
-int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
-int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
-int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
-int ssl_cert_select_current(CERT *c, X509 *x);
-int ssl_cert_set_current(CERT *c, long arg);
-X509 *ssl_cert_get0_next_certificate(CERT *c, int first);
+__owur int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
+__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
+__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);
+__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_select_current(CERT *c, X509 *x);
+__owur int ssl_cert_set_current(CERT *c, long arg);
+__owur X509 *ssl_cert_get0_next_certificate(CERT *c, int first);
void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg),
void *arg);

-int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
-int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
-int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
-int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref);
+__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
+__owur int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
+__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
+__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref);

-int ssl_security(SSL *s, int op, int bits, int nid, void *other);
-int ssl_ctx_security(SSL_CTX *ctx, int op, int bits, int nid, void *other);
+__owur int ssl_security(SSL *s, int op, int bits, int nid, void *other);
+__owur int ssl_ctx_security(SSL_CTX *ctx, int op, int bits, int nid, void *other);

int ssl_undefined_function(SSL *s);
-int ssl_undefined_void_function(void);
-int ssl_undefined_const_function(const SSL *s);
-CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
+__owur int ssl_undefined_void_function(void);
+__owur int ssl_undefined_const_function(const SSL *s);
+__owur CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
# ifndef OPENSSL_NO_TLSEXT
-int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
+__owur int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
size_t *serverinfo_length);
# endif
-EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
+__owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
+__owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-int ssl_verify_alarm_type(long type);
+__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+__owur int ssl_verify_alarm_type(long type);
void ssl_load_ciphers(void);
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
+__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);

-const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
void ssl3_init_finished_mac(SSL *s);
-int ssl3_send_server_certificate(SSL *s);
-int ssl3_send_newsession_ticket(SSL *s);
-int ssl3_send_cert_status(SSL *s);
-int ssl3_get_finished(SSL *s, int state_a, int state_b);
-int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
-int ssl3_change_cipher_state(SSL *s, int which);
+__owur int ssl3_send_server_certificate(SSL *s);
+__owur int ssl3_send_newsession_ticket(SSL *s);
+__owur int ssl3_send_cert_status(SSL *s);
+__owur int ssl3_get_finished(SSL *s, int state_a, int state_b);
+__owur int ssl3_setup_key_block(SSL *s);
+__owur int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
+__owur int ssl3_change_cipher_state(SSL *s, int which);
void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s, int type);
+__owur int ssl3_do_write(SSL *s, int type);
int ssl3_send_alert(SSL *s, int level, int desc);
-int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-int ssl3_num_ciphers(void);
-const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+__owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
+__owur long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+__owur int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
+__owur int ssl3_num_ciphers(void);
+__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl);
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+__owur int ssl3_dispatch_alert(SSL *s);
+__owur int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
+__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
+__owur int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
-int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+__owur int ssl3_enc(SSL *s, int send_data);
+__owur int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
void ssl3_free_digest_list(SSL *s);
-unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
+__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
+__owur SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr);
-int ssl3_setup_buffers(SSL *s);
-int ssl3_setup_read_buffer(SSL *s);
-int ssl3_setup_write_buffer(SSL *s);
+__owur int ssl3_setup_buffers(SSL *s);
+__owur int ssl3_setup_read_buffer(SSL *s);
+__owur int ssl3_setup_write_buffer(SSL *s);
int ssl3_release_read_buffer(SSL *s);
int ssl3_release_write_buffer(SSL *s);
-int ssl3_digest_cached_records(SSL *s);
-int ssl3_new(SSL *s);
+__owur int ssl3_digest_cached_records(SSL *s);
+__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
-int ssl3_accept(SSL *s);
-int ssl3_connect(SSL *s);
-int ssl3_read(SSL *s, void *buf, int len);
-int ssl3_peek(SSL *s, void *buf, int len);
-int ssl3_write(SSL *s, const void *buf, int len);
-int ssl3_shutdown(SSL *s);
+__owur int ssl3_accept(SSL *s);
+__owur int ssl3_connect(SSL *s);
+__owur int ssl3_read(SSL *s, void *buf, int len);
+__owur int ssl3_peek(SSL *s, void *buf, int len);
+__owur int ssl3_write(SSL *s, const void *buf, int len);
+__owur int ssl3_shutdown(SSL *s);
void ssl3_clear(SSL *s);
-long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
-long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
-long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
-int ssl3_pending(const SSL *s);
+__owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+__owur int ssl3_pending(const SSL *s);

void ssl3_record_sequence_update(unsigned char *seq);
-int ssl3_do_change_cipher_spec(SSL *ssl);
-long ssl3_default_timeout(void);
-
-void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len);
-int ssl3_handshake_write(SSL *s);
-
-int ssl23_num_ciphers(void);
-const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-int ssl23_read(SSL *s, void *buf, int len);
-int ssl23_peek(SSL *s, void *buf, int len);
-int ssl23_write(SSL *s, const void *buf, int len);
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-long ssl23_default_timeout(void);
-
-int ssl_allow_compression(SSL *s);
-
-long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s, int type);
-int ssl3_read_n(SSL *s, int n, int max, int extend);
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_do_compress(SSL *ssl);
-int ssl3_do_uncompress(SSL *ssl);
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+__owur int ssl3_do_change_cipher_spec(SSL *ssl);
+__owur long ssl3_default_timeout(void);
+
+__owur int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len);
+__owur int ssl3_handshake_write(SSL *s);
+
+__owur int ssl23_num_ciphers(void);
+__owur const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+__owur int ssl23_read(SSL *s, void *buf, int len);
+__owur int ssl23_peek(SSL *s, void *buf, int len);
+__owur int ssl23_write(SSL *s, const void *buf, int len);
+__owur int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+__owur const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+__owur long ssl23_default_timeout(void);
+
+__owur int ssl_allow_compression(SSL *s);
+
+__owur long tls1_default_timeout(void);
+__owur int dtls1_do_write(SSL *s, int type);
+__owur int ssl3_read_n(SSL *s, int n, int max, int extend);
+__owur int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+__owur int ssl3_do_compress(SSL *ssl);
+__owur int ssl3_do_uncompress(SSL *ssl);
+__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s,
- unsigned char *p, unsigned char mt,
- unsigned long len,
- unsigned long frag_off,
- unsigned long frag_len);
-
-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
-
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-int dtls1_read_failed(SSL *s, int code);
-int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq,
+void dtls1_set_message_header(SSL *s,
+ unsigned char *p, unsigned char mt,
+ unsigned long len,
+ unsigned long frag_off,
+ unsigned long frag_len);
+
+__owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
+__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
+
+__owur int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
+__owur int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
+__owur int dtls1_read_failed(SSL *s, int code);
+__owur int dtls1_buffer_message(SSL *s, int ccs);
+__owur int dtls1_retransmit_message(SSL *s, unsigned short seq,
unsigned long frag_off, int *found);
-int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
-int dtls1_retransmit_buffered_messages(SSL *s);
+__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
+__owur int dtls1_retransmit_buffered_messages(SSL *s);
void dtls1_clear_record_buffer(SSL *s);
void dtls1_get_message_header(unsigned char *data,
struct hm_header_st *msg_hdr);
void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
void dtls1_reset_seq_numbers(SSL *s, int rw);
-long dtls1_default_timeout(void);
-struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
-int dtls1_check_timeout_num(SSL *s);
-int dtls1_handle_timeout(SSL *s);
-const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+__owur long dtls1_default_timeout(void);
+__owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
+__owur int dtls1_check_timeout_num(SSL *s);
+__owur int dtls1_handle_timeout(SSL *s);
+__owur const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
void dtls1_start_timer(SSL *s);
void dtls1_stop_timer(SSL *s);
-int dtls1_is_timer_expired(SSL *s);
+__owur int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
-int dtls1_send_newsession_ticket(SSL *s);
-unsigned int dtls1_min_mtu(SSL *s);
-unsigned int dtls1_link_min_mtu(void);
+__owur int dtls1_send_newsession_ticket(SSL *s);
+__owur unsigned int dtls1_min_mtu(SSL *s);
+__owur unsigned int dtls1_link_min_mtu(void);
void dtls1_hm_fragment_free(hm_fragment *frag);

/* some client-only functions */
-int ssl3_client_hello(SSL *s);
-int ssl3_get_server_hello(SSL *s);
-int ssl3_get_certificate_request(SSL *s);
-int ssl3_get_new_session_ticket(SSL *s);
-int ssl3_get_cert_status(SSL *s);
-int ssl3_get_server_done(SSL *s);
-int ssl3_send_client_verify(SSL *s);
-int ssl3_send_client_certificate(SSL *s);
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
-int ssl3_send_client_key_exchange(SSL *s);
-int ssl3_get_key_exchange(SSL *s);
-int ssl3_get_server_certificate(SSL *s);
-int ssl3_check_cert_and_algorithm(SSL *s);
+__owur int ssl3_client_hello(SSL *s);
+__owur int ssl3_get_server_hello(SSL *s);
+__owur int ssl3_get_certificate_request(SSL *s);
+__owur int ssl3_get_new_session_ticket(SSL *s);
+__owur int ssl3_get_cert_status(SSL *s);
+__owur int ssl3_get_server_done(SSL *s);
+__owur int ssl3_send_client_verify(SSL *s);
+__owur int ssl3_send_client_certificate(SSL *s);
+__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
+__owur int ssl3_send_client_key_exchange(SSL *s);
+__owur int ssl3_get_key_exchange(SSL *s);
+__owur int ssl3_get_server_certificate(SSL *s);
+__owur int ssl3_check_cert_and_algorithm(SSL *s);
# ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_send_next_proto(SSL *s);
+__owur int ssl3_send_next_proto(SSL *s);
# endif
# endif

int dtls1_client_hello(SSL *s);

/* some server-only functions */
-int ssl3_get_client_hello(SSL *s);
-int ssl3_send_server_hello(SSL *s);
-int ssl3_send_hello_request(SSL *s);
-int ssl3_send_server_key_exchange(SSL *s);
-int ssl3_send_certificate_request(SSL *s);
-int ssl3_send_server_done(SSL *s);
-int ssl3_get_client_certificate(SSL *s);
-int ssl3_get_client_key_exchange(SSL *s);
-int ssl3_get_cert_verify(SSL *s);
+__owur int ssl3_get_client_hello(SSL *s);
+__owur int ssl3_send_server_hello(SSL *s);
+__owur int ssl3_send_hello_request(SSL *s);
+__owur int ssl3_send_server_key_exchange(SSL *s);
+__owur int ssl3_send_certificate_request(SSL *s);
+__owur int ssl3_send_server_done(SSL *s);
+__owur int ssl3_get_client_certificate(SSL *s);
+__owur int ssl3_get_client_key_exchange(SSL *s);
+__owur int ssl3_get_cert_verify(SSL *s);
# ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_get_next_proto(SSL *s);
+__owur int ssl3_get_next_proto(SSL *s);
# endif

-int ssl23_accept(SSL *s);
-int ssl23_connect(SSL *s);
-int ssl23_read_bytes(SSL *s, int n);
-int ssl23_write_bytes(SSL *s);
+__owur int ssl23_accept(SSL *s);
+__owur int ssl23_connect(SSL *s);
+__owur int ssl23_read_bytes(SSL *s, int n);
+__owur int ssl23_write_bytes(SSL *s);

-int tls1_new(SSL *s);
+__owur int tls1_new(SSL *s);
void tls1_free(SSL *s);
void tls1_clear(SSL *s);
long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));

-int dtls1_new(SSL *s);
-int dtls1_accept(SSL *s);
-int dtls1_connect(SSL *s);
+__owur int dtls1_new(SSL *s);
+__owur int dtls1_accept(SSL *s);
+__owur int dtls1_connect(SSL *s);
void dtls1_free(SSL *s);
void dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
-int dtls1_shutdown(SSL *s);
+__owur int dtls1_shutdown(SSL *s);

-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int dtls1_get_record(SSL *s);
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+__owur long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+__owur int dtls1_get_record(SSL *s);
+__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragement);
-int dtls1_dispatch_alert(SSL *s);
+__owur int dtls1_dispatch_alert(SSL *s);

-int ssl_init_wbio_buffer(SSL *s, int push);
+__owur int ssl_init_wbio_buffer(SSL *s, int push);
void ssl_free_wbio_buffer(SSL *s);

-int tls1_change_cipher_state(SSL *s, int which);
-int tls1_setup_key_block(SSL *s);
-int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s,
+__owur int tls1_change_cipher_state(SSL *s, int which);
+__owur int tls1_setup_key_block(SSL *s);
+__owur int tls1_enc(SSL *s, int snd);
+__owur int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
-int tls1_mac(SSL *ssl, unsigned char *md, int snd);
-int tls1_generate_master_secret(SSL *s, unsigned char *out,
+__owur int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
+__owur int tls1_mac(SSL *ssl, unsigned char *md, int snd);
+__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);
-int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *p, size_t plen,
int use_context);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
-int ssl_ok(SSL *s);
+__owur int tls1_alert_code(int code);
+__owur int ssl3_alert_code(int code);
+__owur int ssl_ok(SSL *s);

# ifndef OPENSSL_NO_EC
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
+__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
# endif

SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);

# ifndef OPENSSL_NO_EC
-int tls1_ec_curve_id2nid(int curve_id);
-int tls1_ec_nid2curve_id(int nid);
-int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
-int tls1_shared_curve(SSL *s, int nmatch);
-int tls1_set_curves(unsigned char **pext, size_t *pextlen,
+__owur int tls1_ec_curve_id2nid(int curve_id);
+__owur int tls1_ec_nid2curve_id(int nid);
+__owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
+__owur int tls1_shared_curve(SSL *s, int nmatch);
+__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen,
int *curves, size_t ncurves);
-int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
+__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str);
-int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
+__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
# endif /* OPENSSL_NO_EC */

# ifndef OPENSSL_NO_TLSEXT
-int tls1_shared_list(SSL *s,
+__owur int tls1_shared_list(SSL *s,
const unsigned char *l1, size_t l1len,
const unsigned char *l2, size_t l2len, int nmatch);
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+__owur unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al);
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+__owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al);
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
+__owur int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
unsigned char *d, int n);
-int tls1_set_server_sigalgs(SSL *s);
-int ssl_check_clienthello_tlsext_late(SSL *s);
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
+__owur int tls1_set_server_sigalgs(SSL *s);
+__owur int ssl_check_clienthello_tlsext_late(SSL *s);
+__owur int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
unsigned char *d, int n);
-int ssl_prepare_clienthello_tlsext(SSL *s);
-int ssl_prepare_serverhello_tlsext(SSL *s);
+__owur int ssl_prepare_clienthello_tlsext(SSL *s);
+__owur int ssl_prepare_serverhello_tlsext(SSL *s);

# ifndef OPENSSL_NO_HEARTBEATS
-int tls1_heartbeat(SSL *s);
-int dtls1_heartbeat(SSL *s);
-int tls1_process_heartbeat(SSL *s);
-int dtls1_process_heartbeat(SSL *s);
+__owur int tls1_heartbeat(SSL *s);
+__owur int dtls1_heartbeat(SSL *s);
+__owur int tls1_process_heartbeat(SSL *s);
+__owur int dtls1_process_heartbeat(SSL *s);
# endif

-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+__owur int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
const unsigned char *limit, SSL_SESSION **ret);

-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
+__owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
const EVP_MD *md);
-int tls12_get_sigid(const EVP_PKEY *pk);
-const EVP_MD *tls12_get_hash(unsigned char hash_alg);
+__owur int tls12_get_sigid(const EVP_PKEY *pk);
+__owur const EVP_MD *tls12_get_hash(unsigned char hash_alg);
void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op);

-int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
-int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
-int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
+__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
+__owur int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
int idx);
void tls1_set_cert_validity(SSL *s);

# endif
# ifndef OPENSSL_NO_DH
-DH *ssl_get_auto_dh(SSL *s);
+__owur DH *ssl_get_auto_dh(SSL *s);
# endif

-int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
-int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, int vfy);
+__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
+__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, int vfy);

-EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
+__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+__owur int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+__owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
int *al);
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+__owur int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+__owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
int *al);
-long ssl_get_algorithm2(SSL *s);
-size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
+__owur long ssl_get_algorithm2(SSL *s);
+__owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
const unsigned char *psig, size_t psiglen);
-int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
-int tls1_process_sigalgs(SSL *s);
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
-int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
+__owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
+__owur int tls1_process_sigalgs(SSL *s);
+__owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
+__owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
const unsigned char *sig, EVP_PKEY *pkey);
void ssl_set_client_disabled(SSL *s);
-int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op);
+__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op);

-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
+__owur int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
+__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
int *al);
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
+__owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,
+__owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,
int *al);

-int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);
+__owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);

/* s3_cbc.c */
void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size);
-int ssl3_cbc_remove_padding(const SSL *s,
+__owur int ssl3_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size);
-int tls1_cbc_remove_padding(const SSL *s,
+__owur int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size);
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
unsigned char *md_out,
size_t *md_out_size,
@@ -2437,19 +2437,19 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
EVP_MD_CTX *mac_ctx, const unsigned char *data,
size_t data_len, size_t orig_len);

-int srp_verify_server_param(SSL *s, int *al);
+__owur int srp_verify_server_param(SSL *s, int *al);

/* t1_ext.c */

void custom_ext_init(custom_ext_methods *meths);

-int custom_ext_parse(SSL *s, int server,
+__owur int custom_ext_parse(SSL *s, int server,
unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size, int *al);
-int custom_ext_add(SSL *s, int server,
+__owur int custom_ext_add(SSL *s, int server,
unsigned char **pret, unsigned char *limit, int *al);

-int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src);
+__owur int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src);
void custom_exts_free(custom_ext_methods *exts);

# else
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 8799d3d..60a6834 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -693,7 +693,10 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
int r;
unsigned long err;

- SSL_CTX_clear_chain_certs(ctx);
+ if(!SSL_CTX_clear_chain_certs(ctx)) {
+ ret = 0;
+ goto end;
+ }

while ((ca = PEM_read_bio_X509(in, NULL,
ctx->default_passwd_callback,
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index cf019c8..22d2e66 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -510,12 +510,14 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
*/
if (!
(s->session_ctx->session_cache_mode &
- SSL_SESS_CACHE_NO_INTERNAL_STORE))
+ SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
/*
* The following should not return 1, otherwise, things are
* very strange
*/
- SSL_CTX_add_session(s->session_ctx, ret);
+ if(SSL_CTX_add_session(s->session_ctx, ret))
+ goto err;
+ }
}
}

diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index e5774d2..ccdf8ec 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -214,7 +214,8 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (x->compress_meth != 0) {
SSL_COMP *comp = NULL;

- ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0);
+ if(!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
+ goto err;
if (comp == NULL) {
if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <=
0)
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index a57d505..457ba86 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -1443,8 +1443,11 @@ int main(int argc, char *argv[])
SSL_CTX_set_security_level(s_ctx, 0);

if (cipher != NULL) {
- SSL_CTX_set_cipher_list(c_ctx, cipher);
- SSL_CTX_set_cipher_list(s_ctx, cipher);
+ if(!SSL_CTX_set_cipher_list(c_ctx, cipher)
+ || !SSL_CTX_set_cipher_list(s_ctx, cipher)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}

/* Process SSL_CONF arguments */
@@ -1537,10 +1540,13 @@ int main(int argc, char *argv[])
}

if (client_auth) {
- SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM);
- SSL_CTX_use_PrivateKey_file(c_ctx,
+ if(!SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM)
+ || !SSL_CTX_use_PrivateKey_file(c_ctx,
(client_key ? client_key : client_cert),
- SSL_FILETYPE_PEM);
+ SSL_FILETYPE_PEM)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}

if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
@@ -1569,8 +1575,11 @@ int main(int argc, char *argv[])

{
int session_id_context = 0;
- SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
- sizeof session_id_context);
+ if(!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
+ sizeof session_id_context)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}

/* Use PSK only if PSK key is given */
@@ -1637,15 +1646,22 @@ int main(int argc, char *argv[])
}
#endif

- if (serverinfo_sct)
- SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
+ if (serverinfo_sct) {
+ if(!SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
NULL, NULL, NULL,
- serverinfo_cli_parse_cb, NULL);
- if (serverinfo_tack)
- SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
+ serverinfo_cli_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error adding SCT extension\n");
+ goto end;
+ }
+ }
+ if (serverinfo_tack) {
+ if(!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
NULL, NULL, NULL,
- serverinfo_cli_parse_cb, NULL);
-
+ serverinfo_cli_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error adding TACK extension\n");
+ goto end;
+ }
+ }
if (serverinfo_file)
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
BIO_printf(bio_err, "missing serverinfo file\n");
@@ -1653,39 +1669,41 @@ int main(int argc, char *argv[])
}

if (custom_ext) {
- SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
+ if(!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
custom_ext_0_cli_add_cb,
NULL, NULL,
- custom_ext_0_cli_parse_cb, NULL);
- SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_0_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
custom_ext_1_cli_add_cb,
NULL, NULL,
- custom_ext_1_cli_parse_cb, NULL);
- SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_1_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
custom_ext_2_cli_add_cb,
NULL, NULL,
- custom_ext_2_cli_parse_cb, NULL);
- SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_2_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
custom_ext_3_cli_add_cb,
NULL, NULL,
- custom_ext_3_cli_parse_cb, NULL);
-
- SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_3_cli_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
custom_ext_0_srv_add_cb,
NULL, NULL,
- custom_ext_0_srv_parse_cb, NULL);
- SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_0_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
custom_ext_1_srv_add_cb,
NULL, NULL,
- custom_ext_1_srv_parse_cb, NULL);
- SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_1_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
custom_ext_2_srv_add_cb,
NULL, NULL,
- custom_ext_2_srv_parse_cb, NULL);
- SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_2_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
custom_ext_3_srv_add_cb,
NULL, NULL,
- custom_ext_3_srv_parse_cb, NULL);
+ custom_ext_3_srv_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error setting custom extensions\n");
+ goto end;
+ }
}

if (alpn_server)
@@ -1699,7 +1717,12 @@ int main(int argc, char *argv[])
BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
goto end;
}
- SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
+ BIO_printf(bio_err, "Error setting ALPN\n");
+ OPENSSL_free(alpn);
+ goto end;
+ }
OPENSSL_free(alpn);
}

@@ -1722,8 +1745,12 @@ int main(int argc, char *argv[])
#endif /* OPENSSL_NO_KRB5 */

for (i = 0; i < number; i++) {
- if (!reuse)
- SSL_set_session(c_ssl, NULL);
+ if (!reuse) {
+ if(!SSL_set_session(c_ssl, NULL)) {
+ BIO_printf(bio_err, "Failed to set session\n");
+ goto end;
+ }
+ }
if (bio_pair)
ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
else
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 26f8415..df97f19 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1095,7 +1095,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
* exchange and before certificate verify)
*/
s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
- ssl3_digest_cached_records(s);
+ if(!ssl3_digest_cached_records(s))
+ return -1;
}
hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
#ifdef SSL_DEBUG
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 511223e..dd28cd6 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1431,7 +1431,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
int el;

- ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
+ /* Returns 0 on success!! */
+ if (ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0)) {
+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }

if ((limit - ret - 4 - el) < 0)
return NULL;
@@ -1601,8 +1605,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
if (SSL_IS_DTLS(s) && s->srtp_profile) {
int el;

- ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
-
+ /* Returns 0 on success!! */
+ if(ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0)) {
+ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
if ((limit - ret - 4 - el) < 0)
return NULL;

@@ -4141,12 +4148,13 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
/* Set validity of certificates in an SSL structure */
void tls1_set_cert_validity(SSL *s)
{
- tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC);
- tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN);
- tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
- tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA);
- tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA);
- tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
+ /* Deliberately ignore all return values */
+ if(tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC)
+ || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN)
+ || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN)
+ || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA)
+ || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA)
+ || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC));
}

/* User level utiity function to check a chain is suitable */
diff --git a/ssl/tls1.h b/ssl/tls1.h
index cb14d8e..e1beaf3 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -312,8 +312,8 @@ extern "C" {

# define TLSEXT_MAXLEN_host_name 255

-const char *SSL_get_servername(const SSL *s, const int type);
-int SSL_get_servername_type(const SSL *s);
+__owur const char *SSL_get_servername(const SSL *s, const int type);
+__owur int SSL_get_servername_type(const SSL *s);
/*
* SSL_export_keying_material exports a value derived from the master secret,
* as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
@@ -321,7 +321,7 @@ int SSL_get_servername_type(const SSL *s);
* flag controls whether a context is included.) It returns 1 on success and
* zero otherwise.
*/
-int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *p, size_t plen,
int use_context);
@@ -334,7 +334,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);

-int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);

# define SSL_set_tlsext_host_name(s,name) \
SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)

Dr. Stephen Henson

unread,

Mar 23, 2015, 2:28:01 PM3/23/15

to

The branch master has been updated

via 4903abd50a8e86ac6bf9f0c6a54cec54d9fc3120 (commit)
from c7f5b5d7bc462ca9dd5fc391e25c00a691960017 (commit)

- Log -----------------------------------------------------------------
commit 4903abd50a8e86ac6bf9f0c6a54cec54d9fc3120

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Mar 15 13:43:56 2015 +0000

make X509_EXTENSION opaque

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/t_req.c | 2 +-
crypto/asn1/x_crl.c | 8 ++++----
crypto/ocsp/ocsp_ext.c | 3 ++-
crypto/ts/ts_lib.c | 3 ++-
crypto/x509/Makefile | 4 ++--
crypto/x509/x509.h | 6 +-----
crypto/x509/x509_lcl.h | 6 ++++++
crypto/x509/x509_v3.c | 1 +
crypto/{asn1 => x509}/x_exten.c | 1 +
crypto/x509v3/v3_lib.c | 15 +++++++++------
crypto/x509v3/v3_prn.c | 30 +++++++++++++++---------------
11 files changed, 44 insertions(+), 35 deletions(-)
rename crypto/{asn1 => x509}/x_exten.c (99%)

diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index bd76950..01eabfa 100644

--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -216,7 +216,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
goto err;
if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
BIO_printf(bp, "%16s", "");

- ASN1_STRING_print(bp, ex->value);
+ ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));

}
if (BIO_write(bp, "\n", 1) <= 0)
goto err;

diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 8884223..e32556e 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -179,8 +179,8 @@ static int crl_set_issuers(X509_CRL *crl)

for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) {
ext = sk_X509_EXTENSION_value(exts, j);
- if (ext->critical > 0) {
- if (OBJ_obj2nid(ext->object) == NID_certificate_issuer)
+ if (X509_EXTENSION_get_critical(ext)) {
+ if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_certificate_issuer)
continue;
crl->flags |= EXFLAG_CRITICAL;
break;
@@ -253,10 +253,10 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
int nid;
ext = sk_X509_EXTENSION_value(exts, idx);
- nid = OBJ_obj2nid(ext->object);
+ nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
if (nid == NID_freshest_crl)
crl->flags |= EXFLAG_FRESHEST;
- if (ext->critical > 0) {
+ if (X509_EXTENSION_get_critical(ext)) {
/* We handle IDP and deltas */
if ((nid == NID_issuing_distribution_point)
|| (nid == NID_authority_key_identifier)
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 04ae17f..4c6edb1 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -388,7 +388,8 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
*/
req_ext = OCSP_REQUEST_get_ext(req, req_idx);
resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
- if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
+ if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext),
+ X509_EXTENSION_get_data(resp_ext)))
return 0;
return 1;
}
diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
index 6ec1f0c..cac9aa4 100644
--- a/crypto/ts/ts_lib.c
+++ b/crypto/ts/ts_lib.c
@@ -61,6 +61,7 @@
#include "cryptlib.h"
#include <openssl/objects.h>
#include <openssl/bn.h>
+#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/ts.h>

@@ -115,7 +116,7 @@ int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)

BIO_printf(bio, ": %s\n", critical ? "critical" : "");
if (!X509V3_EXT_print(bio, ex, 0, 4)) {
BIO_printf(bio, "%4s", "");

- ASN1_STRING_print(bio, ex->value);
+ ASN1_STRING_print(bio, X509_EXTENSION_get_data(ex));
}
BIO_write(bio, "\n", 1);
}
diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile
index de96405..f6cfbec 100644
--- a/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
@@ -22,13 +22,13 @@ LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
x509_set.c x509cset.c x509rset.c x509_err.c \
x509name.c x509_v3.c x509_ext.c x509_att.c \
x509type.c x509_lu.c x_all.c x509_txt.c \
- x509_trs.c by_file.c by_dir.c x509_vpm.c x_attrib.c
+ x509_trs.c by_file.c by_dir.c x509_vpm.c x_attrib.c x_exten.c
LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
x509_obj.o x509_req.o x509spki.o x509_vfy.o \
x509_set.o x509cset.o x509rset.o x509_err.o \
x509name.o x509_v3.o x509_ext.o x509_att.o \
x509type.o x509_lu.o x_all.o x509_txt.o \
- x509_trs.o by_file.o by_dir.o x509_vpm.o x_attrib.o
+ x509_trs.o by_file.o by_dir.o x509_vpm.o x_attrib.o x_exten.o

SRC= $(LIBSRC)

diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 64f1283..5fcea0c 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -171,11 +171,7 @@ DECLARE_STACK_OF(X509_NAME)

# define X509_EX_V_NETSCAPE_HACK 0x8000
# define X509_EX_V_INIT 0x0001
-typedef struct X509_extension_st {
- ASN1_OBJECT *object;
- ASN1_BOOLEAN critical;
- ASN1_OCTET_STRING *value;
-} X509_EXTENSION;
+typedef struct X509_extension_st X509_EXTENSION;

typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;

diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index 15b8618..5e38f5f 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -86,3 +86,9 @@ struct x509_attributes_st {
*/ ASN1_TYPE *single;
} value;
};
+
+struct X509_extension_st {
+ ASN1_OBJECT *object;
+ ASN1_BOOLEAN critical;
+ ASN1_OCTET_STRING *value;
+};
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index 0a6247d..d70bfae 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -64,6 +64,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#include "x509_lcl.h"

int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
{
diff --git a/crypto/asn1/x_exten.c b/crypto/x509/x_exten.c
similarity index 99%
rename from crypto/asn1/x_exten.c
rename to crypto/x509/x_exten.c
index 00a9580..c0d4c96 100644
--- a/crypto/asn1/x_exten.c
+++ b/crypto/x509/x_exten.c
@@ -61,6 +61,7 @@
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
+#include "x509_lcl.h"

ASN1_SEQUENCE(X509_EXTENSION) = {
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index 90ddd86..7e3e984 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -117,7 +117,7 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
{
int nid;
- if ((nid = OBJ_obj2nid(ext->object)) == NID_undef)
+ if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef)
return NULL;
return X509V3_EXT_get_nid(nid);
}
@@ -180,14 +180,17 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
{
const X509V3_EXT_METHOD *method;
const unsigned char *p;
+ ASN1_STRING *extvalue;
+ int extlen;

if (!(method = X509V3_EXT_get(ext)))
return NULL;
- p = ext->value->data;
+ extvalue = X509_EXTENSION_get_data(ext);
+ p = ASN1_STRING_data(extvalue);
+ extlen = ASN1_STRING_length(extvalue);
if (method->it)
- return ASN1_item_d2i(NULL, &p, ext->value->length,
- ASN1_ITEM_ptr(method->it));
- return method->d2i(NULL, &p, ext->value->length);
+ return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
+ return method->d2i(NULL, &p, extlen);
}

/*-
@@ -226,7 +229,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
lastpos = 0;
for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
ex = sk_X509_EXTENSION_value(x, i);
- if (OBJ_obj2nid(ex->object) == nid) {
+ if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) {
if (idx) {
*idx = i;
found_ex = ex;
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index 7fd3231..9d093a3 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -65,7 +65,7 @@

/* Extension printing routines */

-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
unsigned long flag, int indent, int supported);

/* Print out a name+value stack */
@@ -120,23 +120,26 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
{
void *ext_str = NULL;
char *value = NULL;
+ ASN1_OCTET_STRING *extoct;
const unsigned char *p;
+ int extlen;
const X509V3_EXT_METHOD *method;
STACK_OF(CONF_VALUE) *nval = NULL;
int ok = 1;

+ extoct = X509_EXTENSION_get_data(ext);
+ p = ASN1_STRING_data(extoct);
+ extlen = ASN1_STRING_length(extoct);
+
if (!(method = X509V3_EXT_get(ext)))
- return unknown_ext_print(out, ext, flag, indent, 0);
- p = ext->value->data;
+ return unknown_ext_print(out, p, extlen, flag, indent, 0);
if (method->it)
- ext_str =
- ASN1_item_d2i(NULL, &p, ext->value->length,
- ASN1_ITEM_ptr(method->it));
+ ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
else
- ext_str = method->d2i(NULL, &p, ext->value->length);
+ ext_str = method->d2i(NULL, &p, extlen);

if (!ext_str)
- return unknown_ext_print(out, ext, flag, indent, 1);
+ return unknown_ext_print(out, p, extlen, flag, indent, 1);

if (method->i2s) {
if (!(value = method->i2s(method, ext_str))) {
@@ -209,7 +212,7 @@ int X509V3_extensions_print(BIO *bp, char *title,

return 0;
if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
BIO_printf(bp, "%*s", indent + 4, "");

- ASN1_STRING_print(bp, ex->value);
+ ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));

}
if (BIO_write(bp, "\n", 1) <= 0)
return 0;

@@ -217,7 +220,7 @@ int X509V3_extensions_print(BIO *bp, char *title,
return 1;
}

-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
unsigned long flag, int indent, int supported)
{
switch (flag & X509V3_EXT_UNKNOWN_MASK) {
@@ -233,12 +236,9 @@ static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
return 1;

case X509V3_EXT_PARSE_UNKNOWN:
- return ASN1_parse_dump(out,
- ext->value->data, ext->value->length, indent,
- -1);
+ return ASN1_parse_dump(out, ext, extlen, indent, -1);
case X509V3_EXT_DUMP_UNKNOWN:
- return BIO_dump_indent(out, (char *)ext->value->data,
- ext->value->length, indent);
+ return BIO_dump_indent(out, (char *)ext, extlen, indent);

default:
return 1;

Dr. Stephen Henson

unread,

Mar 23, 2015, 3:29:17 PM3/23/15

to

The branch master has been updated

via 06e6aa47de1b4da912069eef2e3458952ac79335 (commit)
from 4903abd50a8e86ac6bf9f0c6a54cec54d9fc3120 (commit)

- Log -----------------------------------------------------------------
commit 06e6aa47de1b4da912069eef2e3458952ac79335

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Mar 23 18:47:05 2015 +0000

Fix build.

Remove x_exten.c and x_exten.o from crypto/asn1/Makefile: they've moved now.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/Makefile | 16 ++--------------
1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index cb143b3..a2051f7 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -27,7 +27,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \

tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
tasn_prn.c tasn_scn.c ameth_lib.c \
f_int.c f_string.c n_pkey.c \

- f_enum.c x_pkey.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \
+ f_enum.c x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \

asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \
evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c \
asn_mstbl.c

@@ -41,7 +41,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \

tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
tasn_prn.o tasn_scn.o ameth_lib.o \
f_int.o f_string.o n_pkey.o \

- f_enum.o x_pkey.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \
+ f_enum.o x_pkey.o bio_asn1.o bio_ndef.o asn_mime.o \

asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_strnid.o \
evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o \
asn_mstbl.o

@@ -766,18 +766,6 @@ x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_locl.h x_crl.c
-x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

Kurt Roeckx

unread,

Mar 23, 2015, 4:17:33 PM3/23/15

to

The branch master has been updated

via 4dcb4b91db26de8716c2f43ffb710175fc3279fc (commit)
via 93f1c13619c5b41f2dcfdbf6ae666f867922a87a (commit)
via 24a0d3933d24059942a3cf99695d486c8fadd576 (commit)
from 06e6aa47de1b4da912069eef2e3458952ac79335 (commit)

- Log -----------------------------------------------------------------
commit 4dcb4b91db26de8716c2f43ffb710175fc3279fc
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Sun Mar 15 00:26:26 2015 +0100

return unexpected message when receiving kx with kDHr or kDHd

It was saying that it was an illegal parameter / unsupported cipher

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 93f1c13619c5b41f2dcfdbf6ae666f867922a87a
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Sat Mar 14 23:23:26 2015 +0100

Don't send a for ServerKeyExchange for kDHr and kDHd

The certificate already contains the DH parameters in that case.
ssl3_send_server_key_exchange() would fail in that case anyway.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 24a0d3933d24059942a3cf99695d486c8fadd576
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Wed Mar 18 19:02:50 2015 +0100

Make sure that cert is never NULL

Also removes for it being NULL

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/d1_srvr.c | 6 +-----
ssl/s3_clnt.c | 5 -----
ssl/s3_srvr.c | 4 ----
ssl/ssl.h | 1 -
ssl/ssl_err.c | 2 --
ssl/ssl_lib.c | 47 +++++++++++++++++++----------------------------
6 files changed, 20 insertions(+), 45 deletions(-)

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 24361ae..b55af35 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -199,10 +199,6 @@ int dtls1_accept(SSL *s)
s->in_handshake, NULL);
#endif

- if (s->cert == NULL) {
- SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
- return (-1);
- }
#ifndef OPENSSL_NO_HEARTBEATS
/*
* If we're awaiting a HeartbeatResponse, pretend we already got and
@@ -488,7 +484,7 @@ int dtls1_accept(SSL *s)
#ifndef OPENSSL_NO_PSK
|| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
#endif
- || (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd))
+ || (alg_k & SSL_kDHE)
|| (alg_k & SSL_kECDHE)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 81381ef..f4b60be 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1722,11 +1722,6 @@ int ssl3_get_key_exchange(SSL *s)

s->session->sess_cert->peer_dh_tmp = dh;
dh = NULL;
- } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
- SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
- goto f_err;
}
#endif /* !OPENSSL_NO_DH */

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ccccd54..0efe3dd 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -231,10 +231,6 @@ int ssl3_accept(SSL *s)
return -1;
}

- if (s->cert == NULL) {
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
- return (-1);
- }
#ifndef OPENSSL_NO_HEARTBEATS
/*
* If we're awaiting a HeartbeatResponse, pretend we already got and
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 3a6f9fb..dec3abc 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2387,7 +2387,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
-# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 75ca684..5792906 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -665,8 +665,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"tls peer did not respond with certificate list"},
{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),

"tls rsa encrypted value length is wrong"},

- {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
- "tried to use unsupported cipher"},

{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
"unable to decode ecdh certs"},

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 0c9f4f7..54974df 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -883,8 +883,6 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
*/

void SSL_copy_session_id(SSL *t, const SSL *f)

{
- CERT *tmp;
-

/* Do we need to to SSL locking? */

if(!SSL_set_session(t, SSL_get_session(f))) {

/* How do we handle this!! void function */

@@ -900,14 +898,9 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
t->method->ssl_new(t); /* setup new */
}

- tmp = t->cert;
- if (f->cert != NULL) {
- CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
- t->cert = f->cert;
- } else
- t->cert = NULL;
- if (tmp != NULL)
- ssl_cert_free(tmp);
+ CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
+ ssl_cert_free(t->cert);
+ t->cert = f->cert;

if(!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {

/* Really should do something about this..but void function - ignore */

;
@@ -918,7 +911,7 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
int SSL_CTX_check_private_key(const SSL_CTX *ctx)
{
if ((ctx == NULL) ||
- (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) {
+ (ctx->cert->key->x509 == NULL)) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
SSL_R_NO_CERTIFICATE_ASSIGNED);
return (0);
@@ -939,10 +932,6 @@ int SSL_check_private_key(const SSL *ssl)
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
- if (ssl->cert == NULL) {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
- return 0;
- }
if (ssl->cert->key->x509 == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
return (0);
@@ -3055,26 +3044,28 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)

SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)

{
- CERT *ocert = ssl->cert;
+ CERT *new_cert;
if (ssl->ctx == ctx)
return ssl->ctx;
#ifndef OPENSSL_NO_TLSEXT
if (ctx == NULL)
ctx = ssl->initial_ctx;
#endif
- ssl->cert = ssl_cert_dup(ctx->cert);
- if (ocert) {
- /* Preserve any already negotiated parameters */
- if (ssl->server) {
- ssl->cert->peer_sigalgs = ocert->peer_sigalgs;
- ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen;
- ocert->peer_sigalgs = NULL;
- ssl->cert->ciphers_raw = ocert->ciphers_raw;
- ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen;
- ocert->ciphers_raw = NULL;
- }
- ssl_cert_free(ocert);
+ new_cert = ssl_cert_dup(ctx->cert);
+ if (new_cert == NULL) {
+ return NULL;
}
+ /* Preserve any already negotiated parameters */
+ if (ssl->server) {
+ new_cert->peer_sigalgs = ssl->cert->peer_sigalgs;
+ new_cert->peer_sigalgslen = ssl->cert->peer_sigalgslen;
+ ssl->cert->peer_sigalgs = NULL;
+ new_cert->ciphers_raw = ssl->cert->ciphers_raw;
+ new_cert->ciphers_rawlen = ssl->cert->ciphers_rawlen;
+ ssl->cert->ciphers_raw = NULL;
+ }
+ ssl_cert_free(ssl->cert);
+ ssl->cert = new_cert;

/*
* Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),

Dr. Stephen Henson

unread,

Mar 23, 2015, 7:22:31 PM3/23/15

to

The branch master has been updated

via dd12df794a6fde993cb1970d1f484793a0973988 (commit)
from 4dcb4b91db26de8716c2f43ffb710175fc3279fc (commit)

- Log -----------------------------------------------------------------
commit dd12df794a6fde993cb1970d1f484793a0973988

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Feb 9 14:54:48 2015 +0000

Remove old style ASN.1 support.

Remove old ASN.1 COMPAT type. This was meant as a temporary measure
so older ASN.1 code (from OpenSSL 0.9.6) still worked. It's a hack
which breaks constification and hopefully nothing uses it now, if
it ever did.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/asn1t.h | 34 --------------------------
crypto/asn1/tasn_dec.c | 66 ++------------------------------------------------
crypto/asn1/tasn_enc.c | 16 ------------
crypto/asn1/tasn_fre.c | 7 ------
crypto/asn1/tasn_new.c | 11 ---------
5 files changed, 2 insertions(+), 132 deletions(-)

diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h
index 99bc0ee..3dcca32 100644
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@@ -597,10 +597,6 @@ struct ASN1_ITEM_st {
* The 'funcs' field is used for application
* specific functions.
*
- * For COMPAT types the funcs field gives a
- * set of functions that handle this type, this
- * supports the old d2i, i2d convention.
- *
* The EXTERN type uses a new style d2i/i2d.
* The new style should be used where possible
* because it avoids things like the d2i IMPLICIT
@@ -625,8 +621,6 @@ struct ASN1_ITEM_st {

# define ASN1_ITYPE_CHOICE 0x2

-# define ASN1_ITYPE_COMPAT 0x3
-
# define ASN1_ITYPE_EXTERN 0x4

# define ASN1_ITYPE_MSTRING 0x5
@@ -677,13 +671,6 @@ typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval,
const ASN1_ITEM *it, int indent,
const ASN1_PCTX *pctx);

-typedef struct ASN1_COMPAT_FUNCS_st {
- ASN1_new_func *asn1_new;
- ASN1_free_func *asn1_free;
- ASN1_d2i_func *asn1_d2i;
- ASN1_i2d_func *asn1_i2d;
-} ASN1_COMPAT_FUNCS;
-
typedef struct ASN1_EXTERN_FUNCS_st {
void *app_data;
ASN1_ex_new_func *asn1_ex_new;
@@ -786,27 +773,6 @@ typedef struct ASN1_STREAM_ARG_st {
ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
ASN1_ITEM_end(itname)

-/* Macro to implement an ASN1_ITEM in terms of old style funcs */
-
-# define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
-
-# define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
- static const ASN1_COMPAT_FUNCS sname##_ff = { \
- (ASN1_new_func *)sname##_new, \
- (ASN1_free_func *)sname##_free, \
- (ASN1_d2i_func *)d2i_##sname, \
- (ASN1_i2d_func *)i2d_##sname, \
- }; \
- ASN1_ITEM_start(sname) \
- ASN1_ITYPE_COMPAT, \
- tag, \
- NULL, \
- 0, \
- &sname##_ff, \
- 0, \
- #sname \
- ASN1_ITEM_end(sname)
-
# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
ASN1_ITEM_start(sname) \
ASN1_ITYPE_EXTERN, \
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 3d62284..b96c1b5 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -167,19 +167,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int tag, int aclass, char opt, ASN1_TLC *ctx)
{
const ASN1_TEMPLATE *tt, *errtt = NULL;
- const ASN1_COMPAT_FUNCS *cf;
const ASN1_EXTERN_FUNCS *ef;
const ASN1_AUX *aux = it->funcs;
ASN1_aux_cb *asn1_cb;
const unsigned char *p = NULL, *q;
- unsigned char *wp = NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */
- unsigned char imphack = 0, oclass;
+ unsigned char oclass;
char seq_eoc, seq_nolen, cst, isopt;
long tmplen;
int i;
int otag;
int ret = 0;
- ASN1_VALUE **pchptr, *ptmpval;
+ ASN1_VALUE **pchptr;
if (!pval)
return 0;
if (aux && aux->asn1_cb)
@@ -240,66 +238,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
ef = it->funcs;
return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);

- case ASN1_ITYPE_COMPAT:
- /* we must resort to old style evil hackery */
- cf = it->funcs;
-
- /* If OPTIONAL see if it is there */
- if (opt) {
- int exptag;
- p = *in;
- if (tag == -1)
- exptag = it->utype;
- else
- exptag = tag;
- /*
- * Don't care about anything other than presence of expected tag
- */
-
- ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
- &p, len, exptag, aclass, 1, ctx);
- if (!ret) {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- if (ret == -1)
- return -1;
- }
-
- /*
- * This is the old style evil hack IMPLICIT handling: since the
- * underlying code is expecting a tag and class other than the one
- * present we change the buffer temporarily then change it back
- * afterwards. This doesn't and never did work for tags > 30. Yes
- * this is *horrible* but it is only needed for old style d2i which
- * will hopefully not be around for much longer. FIXME: should copy
- * the buffer then modify it so the input buffer can be const: we
- * should *always* copy because the old style d2i might modify the
- * buffer.
- */
-
- if (tag != -1) {
- wp = *(unsigned char **)in;
- imphack = *wp;
- if (p == NULL) {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
- | it->utype);
- }
-
- ptmpval = cf->asn1_d2i(pval, in, len);
-
- if (tag != -1)
- *wp = imphack;
-
- if (ptmpval)
- return 1;
-
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
- goto err;
-

case ASN1_ITYPE_CHOICE:
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;

diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index bc9429c..1c200b0 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -127,9 +127,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
const ASN1_ITEM *it, int tag, int aclass)
{
const ASN1_TEMPLATE *tt = NULL;
- unsigned char *p = NULL;
int i, seqcontlen, seqlen, ndef = 1;
- const ASN1_COMPAT_FUNCS *cf;
const ASN1_EXTERN_FUNCS *ef;
const ASN1_AUX *aux = it->funcs;
ASN1_aux_cb *asn1_cb = 0;
@@ -172,20 +170,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
ef = it->funcs;
return ef->asn1_ex_i2d(pval, out, it, tag, aclass);

- case ASN1_ITYPE_COMPAT:
- /* old style hackery... */
- cf = it->funcs;
- if (out)
- p = *out;
- i = cf->asn1_i2d(*pval, out);
- /*
- * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so
- * did the old code. Tags > 30 are very rare anyway.
- */
- if (out && (tag != -1))
- *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
- return i;
-
case ASN1_ITYPE_NDEF_SEQUENCE:
/* Use indefinite length constructed if requested */
if (aclass & ASN1_TFLG_NDEF)
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index aeea4ef..49c5793 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -82,7 +82,6 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
{
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;
- const ASN1_COMPAT_FUNCS *cf;
const ASN1_AUX *aux = it->funcs;
ASN1_aux_cb *asn1_cb;
int i;
@@ -129,12 +128,6 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
}
break;

- case ASN1_ITYPE_COMPAT:
- cf = it->funcs;
- if (cf && cf->asn1_free)
- cf->asn1_free(*pval);
- break;
-
case ASN1_ITYPE_EXTERN:
ef = it->funcs;
if (ef && ef->asn1_ex_free)
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 7d2964f..3884897 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -89,7 +89,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine)
{
const ASN1_TEMPLATE *tt = NULL;
- const ASN1_COMPAT_FUNCS *cf;
const ASN1_EXTERN_FUNCS *ef;
const ASN1_AUX *aux = it->funcs;
ASN1_aux_cb *asn1_cb;
@@ -118,15 +117,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
}
break;

- case ASN1_ITYPE_COMPAT:
- cf = it->funcs;
- if (cf && cf->asn1_new) {
- *pval = cf->asn1_new();
- if (!*pval)
- goto memerr;
- }
- break;
-
case ASN1_ITYPE_PRIMITIVE:
if (it->templates) {
if (!ASN1_template_new(pval, it->templates))
@@ -245,7 +235,6 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_primitive_clear(pval, it);
break;

- case ASN1_ITYPE_COMPAT:
case ASN1_ITYPE_CHOICE:
case ASN1_ITYPE_SEQUENCE:
case ASN1_ITYPE_NDEF_SEQUENCE:

Richard Levitte

unread,

Mar 24, 2015, 7:20:17 AM3/24/15

to

The branch master has been updated

via 77b1f87214224689a84db21d2eb54e9497186d93 (commit)
via 47b31827887608f910dc80228106a03556c40c4e (commit)
from dd12df794a6fde993cb1970d1f484793a0973988 (commit)

- Log -----------------------------------------------------------------
commit 77b1f87214224689a84db21d2eb54e9497186d93
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Mar 24 11:59:01 2015 +0100

Adjust include path

Thanks to a -I.., the path does work, at least on unix. However, this
doesn't work so well on VMS. Correcting the path to not rely on given
-I does work on both.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 47b31827887608f910dc80228106a03556c40c4e
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Mar 24 11:57:14 2015 +0100

JPAKE Makefile missing 'files' target

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/jpake/Makefile | 3 +++
crypto/x509v3/v3_scts.c | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/crypto/jpake/Makefile b/crypto/jpake/Makefile
index a56d558..112dfb1 100644
--- a/crypto/jpake/Makefile
+++ b/crypto/jpake/Makefile
@@ -21,6 +21,9 @@ lib: $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib

+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
index 9a4c3eb..e70d5e9 100644
--- a/crypto/x509v3/v3_scts.c
+++ b/crypto/x509v3/v3_scts.c
@@ -60,7 +60,7 @@
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/x509v3.h>
-#include "../ssl/ssl_locl.h"
+#include "../../ssl/ssl_locl.h"

#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
# define SCT_TIMESTAMP unsigned __int64

Richard Levitte

unread,

Mar 24, 2015, 7:22:27 AM3/24/15

to

The branch master has been updated

via 2383a74be14d26d57bf7e56a2f2688705577d5e7 (commit)
via 912d7c75d41a36bac2371f4e3a440eca86b6489b (commit)
from 77b1f87214224689a84db21d2eb54e9497186d93 (commit)

- Log -----------------------------------------------------------------
commit 2383a74be14d26d57bf7e56a2f2688705577d5e7
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Mar 24 12:16:31 2015 +0100

Use OPENSSL_malloc rather than malloc/calloc

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 912d7c75d41a36bac2371f4e3a440eca86b6489b
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Mar 24 08:38:22 2015 +0100

Fix eng_cryptodev to not depend on BN internals.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/engine/eng_cryptodev.c | 27 +++++++++------------------
1 file changed, 9 insertions(+), 18 deletions(-)

diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 65efc81..d005e01 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -30,7 +30,6 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
-#include "../bn/bn_lcl.h"

#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
(defined(OpenBSD) || defined(__FreeBSD__))
@@ -1014,7 +1013,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
*/
static int bn2crparam(const BIGNUM *a, struct crparam *crp)
{
- int i, j, k;
ssize_t bytes, bits;
u_char *b;

@@ -1022,9 +1020,9 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
crp->crp_nbits = 0;

bits = BN_num_bits(a);
- bytes = (bits + 7) / 8;
+ bytes = BN_num_bytes(a);

- b = malloc(bytes);
+ b = OPENSSL_malloc(bytes);
if (b == NULL)
return (1);
memset(b, 0, bytes);
@@ -1032,14 +1030,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
crp->crp_p = (caddr_t) b;
crp->crp_nbits = bits;

- for (i = 0, j = 0; i < a->top; i++) {
- for (k = 0; k < BN_BITS2 / 8; k++) {
- if ((j + k) >= bytes)
- return (0);
- b[j + k] = a->d[i] >> (k * 8);
- }
- j += BN_BITS2 / 8;
- }
+ BN_bn2bin(a, b);
return (0);
}

@@ -1054,7 +1045,7 @@ static int crparam2bn(struct crparam *crp, BIGNUM *a)
if (bytes == 0)
return (-1);

- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+ if ((pd = (u_int8_t *) OPENSSL_malloc(bytes)) == NULL)
return (-1);

for (i = 0; i < bytes; i++)
@@ -1239,10 +1230,10 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
BN_CTX *ctx, BN_MONT_CTX *mont)
{
- BIGNUM t2;
+ BIGNUM *t2;
int ret = 0;

- BN_init(&t2);
+ t2 = BN_new();

/* v = ( g^u1 * y^u2 mod p ) mod q */
/* let t1 = g ^ u1 mod p */
@@ -1252,17 +1243,17 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
goto err;

/* let t2 = y ^ u2 mod p */
- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
+ if (!dsa->meth->bn_mod_exp(dsa, t2, dsa->pub_key, u2, dsa->p, ctx, mont))
goto err;
/* let u1 = t1 * t2 mod p */
- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
+ if (!BN_mod_mul(u1, t1, t2, dsa->p, ctx))
goto err;

BN_copy(t1, u1);

ret = 1;
err:
- BN_free(&t2);
+ BN_free(t2);
return (ret);

Matt Caswell

unread,

Mar 24, 2015, 7:40:03 AM3/24/15

to

The branch master has been updated

via 7c82e339a677f8546e1456c7a8f6788598a9de43 (commit)
from 2383a74be14d26d57bf7e56a2f2688705577d5e7 (commit)

- Log -----------------------------------------------------------------
commit 7c82e339a677f8546e1456c7a8f6788598a9de43
Author: Mike Frysinger <vap...@gentoo.org>
Date: Sat Mar 21 05:08:41 2015 -0400

Fix malloc define typo

Fix compilation failure when SCTP is compiled due to incorrect define.

Reported-by: Conrad Kostecki <ck+gento...@bl4ckb0x.de>
URL: https://bugs.gentoo.org/543828

RT#3758
Signed-off-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/bio/bss_dgram.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index aef8149..ed275d1 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -1338,7 +1338,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
(socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
authchunks = OPENSSL_malloc(optlen);
if (!authchunks) {
- BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
+ BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
return -1;
}
memset(authchunks, 0, optlen);
@@ -1410,7 +1410,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
char *tmp;
data->saved_message.bio = b;
if(!(tmp = OPENSSL_malloc(inl))) {
- BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
+ BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
return -1;
}
if (data->saved_message.data)

Rich Salz

unread,

Mar 24, 2015, 7:53:15 AM3/24/15

to

The branch master has been updated

via 0dfb9398bb6493d5a56216e0c7039cb3f9fc88c6 (commit)
from 7c82e339a677f8546e1456c7a8f6788598a9de43 (commit)

- Log -----------------------------------------------------------------
commit 0dfb9398bb6493d5a56216e0c7039cb3f9fc88c6
Author: Rich Salz <rs...@openssl.org>
Date: Tue Mar 24 07:52:24 2015 -0400

free NULL cleanup

Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 5 +++++
apps/cms.c | 3 +--
crypto/asn1/a_bitstr.c | 2 +-
crypto/asn1/a_int.c | 4 ++--
crypto/asn1/a_utctm.c | 8 ++++----
crypto/asn1/asn1_lib.c | 4 +++-
crypto/asn1/asn1_par.c | 12 ++++--------
crypto/asn1/evp_asn1.c | 3 +--
crypto/asn1/p5_pbe.c | 3 +--
crypto/asn1/tasn_fre.c | 26 +++++++++++++++++---------
crypto/asn1/x_algor.c | 3 +--
crypto/asn1/x_pkey.c | 3 +--
crypto/asn1/x_x509a.c | 3 +--
crypto/dh/dh_ameth.c | 6 ++----
crypto/dh/dh_pmeth.c | 6 ++----
crypto/dsa/dsa_ameth.c | 6 ++----
crypto/ec/ec_asn1.c | 5 ++---
crypto/ocsp/ocsp_lib.c | 3 +--
crypto/ocsp/v3_ocsp.c | 2 +-
crypto/rsa/rsa_ameth.c | 9 +++------
crypto/rsa/rsa_saos.c | 3 +--
crypto/x509v3/pcy_data.c | 3 +--
crypto/x509v3/v3_conf.c | 3 +--
crypto/x509v3/v3_pci.c | 5 +----
doc/crypto/ASN1_OBJECT_new.pod | 1 +
doc/crypto/ASN1_STRING_new.pod | 1 +
26 files changed, 61 insertions(+), 71 deletions(-)

diff --git a/CHANGES b/CHANGES
index 5dd7d8d..ab5b482 100644
--- a/CHANGES
+++ b/CHANGES
@@ -71,6 +71,11 @@
Remove all but one '#ifdef undef' which is to be looked at.
[Rich Salz]

+ *) Clean up calling of xxx_free routines.
+ Just like free(), fix most of the xxx_free routines to accept
+ NULL. Remove the non-null checks from callers. Save much code.
+ [Rich Salz]
+
*) Experimental support for a new, fast, unbiased prime candidate generator,
bn_probable_prime_dh_coprime(). Not currently used by any prime generator.
[Felix Laurie von Massenbach <fe...@erbridge.co.uk>]
diff --git a/apps/cms.c b/apps/cms.c
index d983e28..0877426 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1152,8 +1152,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(secret_keyid);
if (pwri_tmp)
OPENSSL_free(pwri_tmp);
- if (econtent_type)
- ASN1_OBJECT_free(econtent_type);
+ ASN1_OBJECT_free(econtent_type);
if (rr)
CMS_ReceiptRequest_free(rr);
if (rr_to)
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 5a5cc23..4078be4 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -177,7 +177,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
return (ret);
err:
ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);

- if ((ret != NULL) && ((a == NULL) || (*a != ret)))

+ if ((a == NULL) || (*a != ret))
ASN1_BIT_STRING_free(ret);
return (NULL);
}
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index a33e3fd..65fac75 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -265,7 +265,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
return (ret);
err:
ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);

- if ((ret != NULL) && ((a == NULL) || (*a != ret)))

+ if ((a == NULL) || (*a != ret))
ASN1_INTEGER_free(ret);
return (NULL);
}
@@ -334,7 +334,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
return (ret);
err:
ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);

- if ((ret != NULL) && ((a == NULL) || (*a != ret)))

+ if ((a == NULL) || (*a != ret))
ASN1_INTEGER_free(ret);
return (NULL);
}
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index 2dac3b5..0e2f1b0 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -193,11 +193,11 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
int free_s = 0;

if (s == NULL) {
- free_s = 1;
s = ASN1_UTCTIME_new();
+ if (s == NULL)
+ goto err;
+ free_s = 1;

}
- if (s == NULL)

- goto err;

ts = OPENSSL_gmtime(&t, &data);
if (ts == NULL)
@@ -233,7 +233,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
#endif
return (s);
err:
- if (free_s && s)
+ if (free_s)
ASN1_UTCTIME_free(s);
return NULL;
}
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index fe63b62..2e36cff 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -429,7 +429,9 @@ void ASN1_STRING_free(ASN1_STRING *a)

void ASN1_STRING_clear_free(ASN1_STRING *a)
{
- if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+ if (a == NULL)
+ return;
+ if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
OPENSSL_cleanse(a->data, a->length);
ASN1_STRING_free(a);
}
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 20f3a88..574e8de 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -276,10 +276,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
nl = 1;

}
}
- if (os != NULL) {

- ASN1_OCTET_STRING_free(os);
- os = NULL;
- }
+ ASN1_OCTET_STRING_free(os);
+ os = NULL;

} else if (tag == V_ASN1_INTEGER) {

ASN1_INTEGER *bs;
int i;
@@ -356,10 +354,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
}
ret = 1;
end:
- if (o != NULL)
- ASN1_OBJECT_free(o);

- if (os != NULL)

- ASN1_OCTET_STRING_free(os);
+ ASN1_OBJECT_free(o);

+ ASN1_OCTET_STRING_free(os);
*pp = p;
return (ret);
}

diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index 3664576..e6a5b5f 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -187,8 +187,7 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
err:
ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);

}
- if (os != NULL)

- ASN1_OCTET_STRING_free(os);

+ ASN1_OCTET_STRING_free(os);
if (ai != NULL)

ASN1_INTEGER_free(ai);
return (ret);
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index bdbfdcd..d54b094 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -118,8 +118,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
err:
if (pbe != NULL)
PBEPARAM_free(pbe);
- if (pbe_str != NULL)
- ASN1_STRING_free(pbe_str);
+ ASN1_STRING_free(pbe_str);
return 0;
}

diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index 49c5793..bdc26f9 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -85,6 +85,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,

const ASN1_AUX *aux = it->funcs;
ASN1_aux_cb *asn1_cb;
int i;

+
if (!pval)
return;
if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
@@ -116,6 +117,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
i = asn1_get_choice_selector(pval, it);

if ((i >= 0) && (i < it->tcount)) {

ASN1_VALUE **pchval;

+
tt = it->templates + i;

pchval = asn1_get_field_ptr(pval, tt);
ASN1_template_free(pchval, tt);
@@ -170,35 +172,41 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,

void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{
- int i;
if (tt->flags & ASN1_TFLG_SK_MASK) {
STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+ int i;
+
for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
- ASN1_VALUE *vtmp;
- vtmp = sk_ASN1_VALUE_value(sk, i);
+ ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i);
+
asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
}
sk_ASN1_VALUE_free(sk);
*pval = NULL;
- } else
+ } else {
asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
tt->flags & ASN1_TFLG_COMBINE);
+ }
}

void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
int utype;
+
+ /* Special case: if 'it' is a primitive with a free_func, use that. */
if (it) {
- const ASN1_PRIMITIVE_FUNCS *pf;
- pf = it->funcs;
+ const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+
if (pf && pf->prim_free) {
pf->prim_free(pval, it);
return;
}
}
- /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+
+ /* Special case: if 'it' is NULL, free contents of ASN1_TYPE */
if (!it) {
ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+
utype = typ->type;
pval = &typ->value.asn1_value;
if (!*pval)
@@ -235,8 +243,8 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)

default:
ASN1_STRING_free((ASN1_STRING *)*pval);
- *pval = NULL;
break;
}
- *pval = NULL;
+ if (*pval)
+ *pval = NULL;
}
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index 0aa3ded..30d6481 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -86,8 +86,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
return 0;
}
if (alg) {
- if (alg->algorithm)
- ASN1_OBJECT_free(alg->algorithm);
+ ASN1_OBJECT_free(alg->algorithm);
alg->algorithm = aobj;
}
if (ptype == 0)
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
index cf5fd80..f4396e7 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -143,8 +143,7 @@ void X509_PKEY_free(X509_PKEY *x)

if (x->enc_algor != NULL)
X509_ALGOR_free(x->enc_algor);

- if (x->enc_pkey != NULL)
- ASN1_OCTET_STRING_free(x->enc_pkey);

+ ASN1_OCTET_STRING_free(x->enc_pkey);
if (x->dec_pkey != NULL)
EVP_PKEY_free(x->dec_pkey);
if ((x->key_data != NULL) && (x->key_free))

diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
index 2a2ca87..8be50b5 100644
--- a/crypto/asn1/x_x509a.c
+++ b/crypto/asn1/x_x509a.c
@@ -159,8 +159,7 @@ int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp))
return 1;
err:
- if (objtmp)
- ASN1_OBJECT_free(objtmp);
+ ASN1_OBJECT_free(objtmp);
return 0;
}

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 2c77381..e7d56f1 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -191,8 +191,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
err:
if (penc)
OPENSSL_free(penc);
- if (str)
- ASN1_STRING_free(str);
+ ASN1_STRING_free(str);

return 0;
}
@@ -297,8 +296,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
err:
if (dp != NULL)
OPENSSL_free(dp);
- if (params != NULL)
- ASN1_STRING_free(params);
+ ASN1_STRING_free(params);
if (prkey != NULL)
ASN1_STRING_clear_free(prkey);
return 0;
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 8975f44..668f5f3 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -155,8 +155,7 @@ static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
if (dctx) {
if (dctx->kdf_ukm)
OPENSSL_free(dctx->kdf_ukm);
- if (dctx->kdf_oid)
- ASN1_OBJECT_free(dctx->kdf_oid);
+ ASN1_OBJECT_free(dctx->kdf_oid);
OPENSSL_free(dctx);
}
}
@@ -245,8 +244,7 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return dctx->kdf_ukmlen;

case EVP_PKEY_CTRL_DH_KDF_OID:
- if (dctx->kdf_oid)
- ASN1_OBJECT_free(dctx->kdf_oid);
+ ASN1_OBJECT_free(dctx->kdf_oid);
dctx->kdf_oid = p2;
return 1;

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index d63c417..425144a 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -166,8 +166,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
err:
if (penc)
OPENSSL_free(penc);
- if (str)
- ASN1_STRING_free(str);
+ ASN1_STRING_free(str);

return 0;
}
@@ -328,8 +327,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
err:
if (dp != NULL)
OPENSSL_free(dp);
- if (params != NULL)
- ASN1_STRING_free(params);
+ ASN1_STRING_free(params);
if (prkey != NULL)
ASN1_STRING_clear_free(prkey);
return 0;
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 87cc334..90de23b 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -317,8 +317,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
return 0;

/* clear the old values (if necessary) */
- if (field->fieldType != NULL)
- ASN1_OBJECT_free(field->fieldType);
+ ASN1_OBJECT_free(field->fieldType);
if (field->p.other != NULL)
ASN1_TYPE_free(field->p.other);

@@ -654,7 +653,7 @@ ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
return NULL;
}
} else {
- if (ret->type == 0 && ret->value.named_curve)
+ if (ret->type == 0)
ASN1_OBJECT_free(ret->value.named_curve);
else if (ret->type == 1 && ret->value.parameters)
ECPARAMETERS_free(ret->value.parameters);
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 8e87f49..34df9ac 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -110,8 +110,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
goto err;

alg = cid->hashAlgorithm;
- if (alg->algorithm != NULL)
- ASN1_OBJECT_free(alg->algorithm);
+ ASN1_OBJECT_free(alg->algorithm);
if ((nid = EVP_MD_type(dgst)) == NID_undef) {
OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);

goto err;
diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c

index 6558116..7e502d7 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -247,7 +247,7 @@ static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
return os;

err:
- if (os && (!pos || (*pos != os)))
+ if ((pos == NULL) || (*pos != os))

ASN1_OCTET_STRING_free(os);
OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
return NULL;

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 6f4c104..071dbb8 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -484,8 +484,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
stmp = NULL;
err:
- if (stmp)
- ASN1_STRING_free(stmp);
+ ASN1_STRING_free(stmp);
if (algtmp)
X509_ALGOR_free(algtmp);
if (*palg)
@@ -576,8 +575,7 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
RSA_PSS_PARAMS_free(pss);
if (rv)
return os;
- if (os)
- ASN1_STRING_free(os);
+ ASN1_STRING_free(os);
return NULL;
}

@@ -921,8 +919,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
err:
if (oaep)
RSA_OAEP_PARAMS_free(oaep);
- if (os)
- ASN1_STRING_free(os);
+ ASN1_STRING_free(os);
return rv;
}

diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index 6ebab3d..0f15f00 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -138,8 +138,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
} else
ret = 1;
err:
- if (sig != NULL)
- ASN1_OCTET_STRING_free(sig);

+ ASN1_OCTET_STRING_free(sig);
if (s != NULL) {
OPENSSL_cleanse(s, (unsigned int)siglen);
OPENSSL_free(s);

diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
index 90e9970..3a8d432 100644
--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@@ -102,8 +102,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
if (!ret->expected_policy_set) {
OPENSSL_free(ret);
- if (id)
- ASN1_OBJECT_free(id);
+ ASN1_OBJECT_free(id);

return NULL;
}

diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c

index 9631e57..eb9cfea 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -212,8 +212,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);

if (ext_der != NULL)
OPENSSL_free(ext_der);

- if (ext_oct != NULL)
- ASN1_OCTET_STRING_free(ext_oct);
+ ASN1_OCTET_STRING_free(ext_oct);
return NULL;

}
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 5a93717..4139b34 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -305,10 +305,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
pathlen = NULL;
goto end;
err:
- if (language) {
- ASN1_OBJECT_free(language);
- language = NULL;
- }
+ ASN1_OBJECT_free(language);
if (pathlen) {
ASN1_INTEGER_free(pathlen);
pathlen = NULL;
diff --git a/doc/crypto/ASN1_OBJECT_new.pod b/doc/crypto/ASN1_OBJECT_new.pod
index 338b726..36fc571 100644
--- a/doc/crypto/ASN1_OBJECT_new.pod
+++ b/doc/crypto/ASN1_OBJECT_new.pod
@@ -19,6 +19,7 @@ ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.
ASN1_OBJECT_new() allocates and initializes a ASN1_OBJECT structure.

ASN1_OBJECT_free() frees up the B<ASN1_OBJECT> structure B<a>.
+If B<a> is NULL, nothing is done.

=head1 NOTES

diff --git a/doc/crypto/ASN1_STRING_new.pod b/doc/crypto/ASN1_STRING_new.pod
index 8ac2a03..6c0b303 100644
--- a/doc/crypto/ASN1_STRING_new.pod
+++ b/doc/crypto/ASN1_STRING_new.pod
@@ -22,6 +22,7 @@ ASN1_STRING_type_new() returns an allocated B<ASN1_STRING> structure of
type B<type>.

ASN1_STRING_free() frees up B<a>.
+If B<a> is NULL nothing is done.

=head1 NOTES

Dr. Stephen Henson

unread,

Mar 24, 2015, 8:12:30 AM3/24/15

to

The branch master has been updated

via 86d20cb6fd3267a603a3e4ec549ef1113c13a374 (commit)
via 27af42f9ac7aa88006dd4cf73abda8abbf67e6d6 (commit)
via 5fe736e5fc29353706c2c1a5ae8bd97f3d7a35e9 (commit)
from 0dfb9398bb6493d5a56216e0c7039cb3f9fc88c6 (commit)

- Log -----------------------------------------------------------------
commit 86d20cb6fd3267a603a3e4ec549ef1113c13a374

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Mar 24 12:05:05 2015 +0000

make depend

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 27af42f9ac7aa88006dd4cf73abda8abbf67e6d6

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Mar 23 22:57:47 2015 +0000

Move some EVP internals to evp_int.h

Move EVP internals to evp_int.h, remove -Ievp hack from crypto/Makefile

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 5fe736e5fc29353706c2c1a5ae8bd97f3d7a35e9

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Mar 23 18:42:42 2015 +0000

Move some ASN.1 internals to asn1_int.h

Move ASN.1 internals used across multiple directories into new internal
header file asn1_int.h remove crypto/Makefile hack which allowed other
directories to include "asn1_locl.h"

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/Makefile | 96 ++++++-----
crypto/Makefile | 2 +-
crypto/asn1/Makefile | 28 ++--
crypto/asn1/a_sign.c | 2 +-
crypto/asn1/a_verify.c | 2 +-
crypto/asn1/ameth_lib.c | 2 +-
crypto/asn1/asn1_locl.h | 45 -----
crypto/asn1/d2i_pr.c | 2 +-
crypto/asn1/i2d_pr.c | 2 +-
crypto/asn1/t_x509.c | 2 +-
crypto/asn1/x_pubkey.c | 2 +-
crypto/cmac/Makefile | 6 +-
crypto/cmac/cm_ameth.c | 2 +-
crypto/cmac/cm_pmeth.c | 2 +-
crypto/cms/Makefile | 14 +-
crypto/cms/cms_env.c | 2 +-
crypto/cms/cms_kari.c | 2 +-
crypto/cms/cms_pwri.c | 2 +-
crypto/cms/cms_sd.c | 2 +-
crypto/cms/cms_smime.c | 2 +-
crypto/des/Makefile | 183 +++++++--------------
crypto/dh/Makefile | 8 +-
crypto/dh/dh_ameth.c | 2 +-
crypto/dh/dh_pmeth.c | 2 +-
crypto/dsa/Makefile | 8 +-
crypto/dsa/dsa_ameth.c | 2 +-
crypto/dsa/dsa_pmeth.c | 2 +-
crypto/ec/Makefile | 8 +-
crypto/ec/ec_ameth.c | 2 +-
crypto/ec/ec_pmeth.c | 2 +-
crypto/ecdsa/Makefile | 13 +-
crypto/engine/Makefile | 4 +-
crypto/engine/tb_asnmth.c | 2 +-
crypto/evp/Makefile | 89 +++++-----
crypto/evp/evp_locl.h | 65 --------
crypto/evp/evp_pkey.c | 2 +-
crypto/evp/m_sigver.c | 2 +-
crypto/evp/p_lib.c | 2 +-
crypto/evp/pmeth_fn.c | 2 +-
crypto/evp/pmeth_gn.c | 2 +-
crypto/evp/pmeth_lib.c | 4 +-
crypto/hmac/Makefile | 6 +-
crypto/hmac/hm_ameth.c | 2 +-
crypto/hmac/hm_pmeth.c | 2 +-
.../asn1_locl.h => include/internal/asn1_int.h} | 62 +------
crypto/include/internal/evp_int.h | 123 ++++++++++++++
crypto/mdc2/Makefile | 17 +-
crypto/ocsp/Makefile | 28 +++-
crypto/pem/Makefile | 32 ++--
crypto/pem/pem_lib.c | 2 +-
crypto/pem/pem_pkey.c | 2 +-
crypto/pkcs7/Makefile | 2 +-
crypto/pkcs7/pk7_lib.c | 2 +-
crypto/rsa/Makefile | 6 +-
crypto/rsa/rsa_ameth.c | 2 +-
crypto/rsa/rsa_pmeth.c | 2 +-
crypto/x509/Makefile | 30 +++-
ssl/Makefile | 24 +--
test/Makefile | 21 +--
59 files changed, 452 insertions(+), 538 deletions(-)
copy crypto/{asn1/asn1_locl.h => include/internal/asn1_int.h} (72%)
create mode 100644 crypto/include/internal/evp_int.h

diff --git a/apps/Makefile b/apps/Makefile
index 12a72e0..ac2663a 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -593,21 +593,19 @@ openssl.o: openssl.c progs.h s_apps.h
passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
-passwd.o: ../include/openssl/e_os2.h
-passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
-passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-passwd.o: ../include/openssl/x509.h
-passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-passwd.o: passwd.c
+passwd.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+passwd.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
+passwd.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+passwd.o: ../include/openssl/x509v3.h apps.h passwd.c
pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -936,27 +934,26 @@ speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
speed.o: ../include/openssl/camellia.h ../include/openssl/cast.h
speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-speed.o: ../include/openssl/des.h
-speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
-speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-speed.o: ../include/openssl/lhash.h ../include/openssl/md4.h
-speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-speed.o: ../include/openssl/modes.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-speed.o: ../include/openssl/seed.h ../include/openssl/sha.h
-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-speed.o: ../include/openssl/whrlpool.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h
+speed.o: ../include/openssl/des.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
+speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/modes.h
+speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/seed.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+speed.o: ../include/openssl/whrlpool.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+speed.o: speed.c testdsa.h testrsa.h
spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -1026,20 +1023,19 @@ version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
version.o: ../include/openssl/crypto.h ../include/openssl/des.h
-version.o: ../include/openssl/e_os2.h
-version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-version.o: ../include/openssl/evp.h ../include/openssl/idea.h
-version.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
-version.o: ../include/openssl/sha.h ../include/openssl/stack.h
-version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-version.o: ../include/openssl/ui.h
-version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-version.o: ../include/openssl/x509v3.h apps.h version.c
+version.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+version.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+version.o: ../include/openssl/engine.h ../include/openssl/evp.h
+version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h
+version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+version.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+version.o: version.c
x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
diff --git a/crypto/Makefile b/crypto/Makefile
index 6e1c129..5eddc5a 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -7,7 +7,7 @@ TOP= ..
CC= cc
INCLUDE= -I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
# INCLUDES targets sudbirs!
-INCLUDES= -I.. -I../.. -I../modes -I../asn1 -I../evp -I../include -I../../include $(ZLIB_INCLUDE)
+INCLUDES= -I.. -I../.. -I../modes -I../include -I../../include $(ZLIB_INCLUDE)
CFLAG= -g
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index a2051f7..6c7c22a 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -117,14 +117,6 @@ a_bitstr.o: ../../include/openssl/opensslconf.h
a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
-a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
-a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-a_bool.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_bool.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bool.c

a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

@@ -230,7 +222,7 @@ a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_sign.o: ../cryptlib.h a_sign.c asn1_locl.h
+a_sign.o: ../cryptlib.h ../include/internal/asn1_int.h a_sign.c
a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -297,8 +289,8 @@ a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c
-a_verify.o: asn1_locl.h
+a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+a_verify.o: ../include/internal/asn1_int.h a_verify.c
ameth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
ameth_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
ameth_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -312,8 +304,8 @@ ameth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ameth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ameth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ameth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ameth_lib.c
-ameth_lib.o: asn1_locl.h
+ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+ameth_lib.o: ../include/internal/asn1_int.h ameth_lib.c
asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -428,7 +420,8 @@ d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h d2i_pr.c
+d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+d2i_pr.o: ../include/internal/asn1_int.h d2i_pr.c
d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
@@ -481,7 +474,8 @@ i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h i2d_pr.c
+i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+i2d_pr.o: ../include/internal/asn1_int.h i2d_pr.c
i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
@@ -640,7 +634,7 @@ t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h asn1_locl.h t_x509.c
+t_x509.o: ../cryptlib.h ../include/internal/asn1_int.h t_x509.c
t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -839,7 +833,7 @@ x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_pubkey.o: ../cryptlib.h asn1_locl.h x_pubkey.c
+x_pubkey.o: ../cryptlib.h ../include/internal/asn1_int.h x_pubkey.c
x_req.o: ../../e_os.h ../../include/openssl/asn1.h
x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 51c6a0c..9fe6665 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -123,7 +123,7 @@
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/buffer.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

#ifndef NO_ASN1_OLD

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index e242d83..6023b14 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -70,7 +70,7 @@
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include <openssl/evp.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

#ifndef NO_ASN1_OLD

diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 67353e0..5c7d6bb 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -63,7 +63,7 @@
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
index 2113802..a7569e7 100644
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/asn1/asn1_locl.h
@@ -97,51 +97,6 @@ struct asn1_sctx_st {
void *app_data;
} /* ASN1_SCTX */ ;

-/* ASN1 public key method structure */
-
-struct evp_pkey_asn1_method_st {
- int pkey_id;
- int pkey_base_id;
- unsigned long pkey_flags;
- char *pem_str;
- char *info;
- int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
- int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
- int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
- int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx);
- int (*priv_decode) (EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);
- int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
- int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx);
- int (*pkey_size) (const EVP_PKEY *pk);
- int (*pkey_bits) (const EVP_PKEY *pk);
- int (*pkey_security_bits) (const EVP_PKEY *pk);
- int (*param_decode) (EVP_PKEY *pkey,
- const unsigned char **pder, int derlen);
- int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
- int (*param_missing) (const EVP_PKEY *pk);
- int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
- int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
- int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx);
- int (*sig_print) (BIO *out,
- const X509_ALGOR *sigalg, const ASN1_STRING *sig,
- int indent, ASN1_PCTX *pctx);
- void (*pkey_free) (EVP_PKEY *pkey);
- int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
- /* Legacy functions for old PEM */
- int (*old_priv_decode) (EVP_PKEY *pkey,
- const unsigned char **pder, int derlen);
- int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
- /* Custom ASN1 signature verification */
- int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
- X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
- int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
- X509_ALGOR *alg1, X509_ALGOR *alg2,
- ASN1_BIT_STRING *sig);
-} /* EVP_PKEY_ASN1_METHOD */ ;
-
/*
* Method to handle CRL access. In general a CRL could be very large (several
* Mb) and can consume large amounts of resources if stored in memory by
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c96da09..5f1a96d 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -66,7 +66,7 @@
#endif
#include <openssl/x509.h>
#include <openssl/asn1.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length)
diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
index 4d338ac..2a6aa19 100644
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c

@@ -60,7 +60,7 @@
#include "cryptlib.h"

#include <openssl/evp.h>
#include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
{
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 667db26..e972220 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -72,7 +72,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

#ifndef OPENSSL_NO_STDIO
int X509_print_fp(FILE *fp, X509 *x)
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 4b68201..cefaf3a 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c

@@ -60,7 +60,7 @@
#include "cryptlib.h"

#include <openssl/asn1t.h>
#include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
diff --git a/crypto/cmac/Makefile b/crypto/cmac/Makefile
index 54e7cc3..2e92a14 100644
--- a/crypto/cmac/Makefile
+++ b/crypto/cmac/Makefile
@@ -83,8 +83,8 @@ cm_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cm_ameth.o: ../../include/openssl/opensslconf.h
cm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-cm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h
-cm_ameth.o: cm_ameth.c
+cm_ameth.o: ../../include/openssl/symhacks.h ../cryptlib.h
+cm_ameth.o: ../include/internal/asn1_int.h cm_ameth.c
cm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
cm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cm_pmeth.o: ../../include/openssl/cmac.h ../../include/openssl/conf.h
@@ -99,7 +99,7 @@ cm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
cm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h cm_pmeth.c
+cm_pmeth.o: ../cryptlib.h ../include/internal/evp_int.h cm_pmeth.c
cmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
cmac.o: ../../include/openssl/buffer.h ../../include/openssl/cmac.h
cmac.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c
index 0b6850e..98634c9 100644
--- a/crypto/cmac/cm_ameth.c
+++ b/crypto/cmac/cm_ameth.c
@@ -55,7 +55,7 @@
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/cmac.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

/*
* CMAC "ASN1" method. This is just here to indicate the maximum CMAC output
diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c
index a2300df..389ae5d 100644
--- a/crypto/cmac/cm_pmeth.c
+++ b/crypto/cmac/cm_pmeth.c
@@ -57,7 +57,7 @@
#include <openssl/x509v3.h>
#include <openssl/evp.h>
#include <openssl/cmac.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"

/* The context structure and "key" is simply a CMAC_CTX */

diff --git a/crypto/cms/Makefile b/crypto/cms/Makefile
index 2e957c7..b767e25 100644
--- a/crypto/cms/Makefile
+++ b/crypto/cms/Makefile
@@ -174,7 +174,7 @@ cms_env.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
cms_env.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
cms_env.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_env.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_env.o: ../asn1/asn1_locl.h ../cryptlib.h cms_env.c cms_lcl.h
+cms_env.o: ../cryptlib.h ../include/internal/asn1_int.h cms_env.c cms_lcl.h
cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -234,8 +234,8 @@ cms_kari.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
cms_kari.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_kari.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_kari.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-cms_kari.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
-cms_kari.o: cms_kari.c cms_lcl.h
+cms_kari.o: ../../include/openssl/x509v3.h ../cryptlib.h
+cms_kari.o: ../include/internal/asn1_int.h cms_kari.c cms_lcl.h
cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_lib.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
@@ -267,8 +267,8 @@ cms_pwri.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
cms_pwri.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_pwri.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_pwri.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-cms_pwri.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
-cms_pwri.o: cms_lcl.h cms_pwri.c
+cms_pwri.o: ../../include/openssl/x509v3.h ../cryptlib.h
+cms_pwri.o: ../include/internal/asn1_int.h cms_lcl.h cms_pwri.c
cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
@@ -284,7 +284,7 @@ cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_sd.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_sd.c
+cms_sd.o: ../cryptlib.h ../include/internal/asn1_int.h cms_lcl.h cms_sd.c
cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
@@ -300,4 +300,4 @@ cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_smime.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_smime.c
+cms_smime.o: ../cryptlib.h ../include/internal/asn1_int.h cms_lcl.h cms_smime.c
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 624c3f2..d1252f8 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -61,7 +61,7 @@
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

/* CMS EnvelopedData Utilities */

diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index f8a6cba..196b5c6 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -61,7 +61,7 @@
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 6729930..dd5f636 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -61,7 +61,7 @@
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
unsigned char *pass, ossl_ssize_t passlen)
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index a936ded..b8ed1a1 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -60,7 +60,7 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

/* CMS SignedData Utilities */

diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index acf5c58..6f6f20d 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -59,7 +59,7 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
{
diff --git a/crypto/des/Makefile b/crypto/des/Makefile
index eb955cf..10b7e34 100644
--- a/crypto/des/Makefile
+++ b/crypto/des/Makefile
@@ -106,156 +106,89 @@ clean:

# DO NOT DELETE THIS LINE -- make depend depends on it.

-cbc_cksm.o: ../../include/openssl/des.h
-cbc_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-cbc_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cbc_cksm.o: ../../include/openssl/ui.h
-cbc_cksm.o: cbc_cksm.c des_locl.h
-cbc_enc.o: ../../include/openssl/des.h
-cbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-cbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-cbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cbc_enc.o: ../../include/openssl/ui.h
-cbc_enc.o: cbc_enc.c des_locl.h ncbc_enc.c
+cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h cbc_cksm.c des_locl.h
+cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cbc_enc.o: ../../include/openssl/opensslconf.h cbc_enc.c des_locl.h ncbc_enc.c
cfb64ede.o: ../../e_os.h ../../include/openssl/des.h
-cfb64ede.o: ../../include/openssl/e_os2.h
-cfb64ede.o: ../../include/openssl/opensslconf.h
-cfb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cfb64ede.o: ../../include/openssl/ui.h
+cfb64ede.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
cfb64ede.o: cfb64ede.c des_locl.h
-cfb64enc.o: ../../include/openssl/des.h
-cfb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-cfb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cfb64enc.o: ../../include/openssl/ui.h
-cfb64enc.o: cfb64enc.c des_locl.h
+cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb64enc.o: ../../include/openssl/opensslconf.h cfb64enc.c des_locl.h
cfb_enc.o: ../../e_os.h ../../include/openssl/des.h
-cfb_enc.o: ../../include/openssl/e_os2.h
-cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h
-cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
cfb_enc.o: cfb_enc.c des_locl.h
des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-des_enc.o: ../../include/openssl/e_os2.h
-des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-des_enc.o: ../../include/openssl/ui.h
-des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h
-ecb3_enc.o: ../../include/openssl/des.h
-ecb3_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ecb3_enc.o: ../../include/openssl/ui.h
-ecb3_enc.o: des_locl.h ecb3_enc.c
+des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+des_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_enc.o: ../../include/openssl/symhacks.h des_enc.c des_locl.h ncbc_enc.c
+des_enc.o: spr.h
+ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h ecb3_enc.c
ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-ecb_enc.o: ../../include/openssl/des.h
-ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecb_enc.o: des_locl.h des_ver.h ecb_enc.c
enc_read.o: ../../e_os.h ../../include/openssl/bio.h
enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-enc_read.o: ../../include/openssl/des.h
-enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+enc_read.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+enc_read.o: ../../include/openssl/opensslconf.h
enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
enc_read.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-enc_read.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-enc_read.o: ../cryptlib.h des_locl.h
+enc_read.o: ../../include/openssl/symhacks.h ../cryptlib.h des_locl.h
enc_read.o: enc_read.c
enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-enc_writ.o: ../../include/openssl/des.h
-enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+enc_writ.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+enc_writ.o: ../../include/openssl/opensslconf.h
enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-enc_writ.o: ../../include/openssl/ui.h
enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c
fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-fcrypt.o: ../../include/openssl/e_os2.h
-fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-fcrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-fcrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fcrypt.o: ../../include/openssl/ui.h
-fcrypt.o: des_locl.h fcrypt.c
-fcrypt_b.o: ../../include/openssl/des.h
-fcrypt_b.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-fcrypt_b.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fcrypt_b.o: ../../include/openssl/ui.h
-fcrypt_b.o: des_locl.h fcrypt_b.c
-ofb64ede.o: ../../include/openssl/des.h
-ofb64ede.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ofb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ofb64ede.o: ../../include/openssl/ui.h
-ofb64ede.o: des_locl.h ofb64ede.c
-ofb64enc.o: ../../include/openssl/des.h
-ofb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ofb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ofb64enc.o: ../../include/openssl/ui.h
-ofb64enc.o: des_locl.h ofb64enc.c
-ofb_enc.o: ../../include/openssl/des.h
-ofb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ofb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-ofb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ofb_enc.o: ../../include/openssl/ui.h
-ofb_enc.o: des_locl.h ofb_enc.c
-pcbc_enc.o: ../../include/openssl/des.h
-pcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-pcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pcbc_enc.o: ../../include/openssl/ui.h
-pcbc_enc.o: des_locl.h pcbc_enc.c
-qud_cksm.o: ../../include/openssl/des.h
-qud_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-qud_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-qud_cksm.o: ../../include/openssl/ui.h
-qud_cksm.o: des_locl.h qud_cksm.c
-rand_key.o: ../../include/openssl/des.h
-rand_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+fcrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+fcrypt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fcrypt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fcrypt.o: ../../include/openssl/symhacks.h des_locl.h fcrypt.c
+fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+fcrypt_b.o: ../../include/openssl/opensslconf.h des_locl.h fcrypt_b.c
+ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb64ede.o: ../../include/openssl/opensslconf.h des_locl.h ofb64ede.c
+ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb64enc.o: ../../include/openssl/opensslconf.h des_locl.h ofb64enc.c
+ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb_enc.o: ../../include/openssl/opensslconf.h des_locl.h ofb_enc.c
+pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h pcbc_enc.c
+qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h qud_cksm.c
+rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+rand_key.o: ../../include/openssl/opensslconf.h
rand_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-rand_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rand_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
rand_key.o: rand_key.c
read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-read2pwd.o: ../../include/openssl/e_os2.h
-read2pwd.o: ../../include/openssl/opensslconf.h
+read2pwd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
read2pwd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
read2pwd.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
read2pwd.o: read2pwd.c
-rpc_enc.o: ../../include/openssl/des.h
-rpc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rpc_enc.o: ../../include/openssl/ui.h
-rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
+rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+rpc_enc.o: rpc_enc.c
set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-set_key.o: ../../include/openssl/e_os2.h
-set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-set_key.o: ../../include/openssl/ui.h
-set_key.o: des_locl.h set_key.c
+set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+set_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/symhacks.h des_locl.h set_key.c
str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-str2key.o: ../../include/openssl/e_os2.h
-str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-str2key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-str2key.o: ../../include/openssl/ui.h
-str2key.o: des_locl.h str2key.c
-xcbc_enc.o: ../../include/openssl/des.h
-xcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-xcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-xcbc_enc.o: ../../include/openssl/ui.h
-xcbc_enc.o: des_locl.h xcbc_enc.c
+str2key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+str2key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str2key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str2key.o: ../../include/openssl/symhacks.h des_locl.h str2key.c
+xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h xcbc_enc.c
diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile
index 943e7c6..6af06d9 100644
--- a/crypto/dh/Makefile
+++ b/crypto/dh/Makefile
@@ -89,8 +89,8 @@ dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dh_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-dh_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-dh_ameth.o: dh_ameth.c
+dh_ameth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+dh_ameth.o: ../include/internal/asn1_int.h dh_ameth.c
dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -182,8 +182,8 @@ dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dh_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
-dh_pmeth.o: dh_pmeth.c
+dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+dh_pmeth.o: ../include/internal/evp_int.h dh_pmeth.c
dh_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dh_prn.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index e7d56f1..17027c5 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -62,7 +62,7 @@
#include <openssl/asn1.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
#ifndef OPENSSL_NO_CMS
# include <openssl/cms.h>
#endif
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 668f5f3..5e3a5e3 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -67,7 +67,7 @@
# include <openssl/dsa.h>
#endif
#include <openssl/objects.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"

/* DH pkey context structure */

diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile
index 5fef4ca..5c1982c 100644
--- a/crypto/dsa/Makefile
+++ b/crypto/dsa/Makefile
@@ -90,8 +90,8 @@ dsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
dsa_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-dsa_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-dsa_ameth.o: dsa_ameth.c
+dsa_ameth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+dsa_ameth.o: ../include/internal/asn1_int.h dsa_ameth.c
dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -178,8 +178,8 @@ dsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
dsa_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
-dsa_pmeth.o: dsa_locl.h dsa_pmeth.c
+dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+dsa_pmeth.o: ../include/internal/evp_int.h dsa_locl.h dsa_pmeth.c
dsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
dsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 425144a..61a9d0f 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -65,7 +65,7 @@
#ifndef OPENSSL_NO_CMS
# include <openssl/cms.h>
#endif
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index c26a0c3..6a47047 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -62,7 +62,7 @@
#include <openssl/x509.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"
#include "dsa_locl.h"

/* DSA pkey context structure */
diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile
index 7e9f7a6..b6d50c7 100644
--- a/crypto/ec/Makefile
+++ b/crypto/ec/Makefile
@@ -136,8 +136,8 @@ ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-ec_ameth.o: ec_ameth.c
+ec_ameth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+ec_ameth.o: ../include/internal/asn1_int.h ec_ameth.c
ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -224,8 +224,8 @@ ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
-ec_pmeth.o: ec_lcl.h ec_pmeth.c
+ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+ec_pmeth.o: ../include/internal/evp_int.h ec_lcl.h ec_pmeth.c
ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index bce0b16..de56c89 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -65,7 +65,7 @@
# include <openssl/cms.h>
#endif
#include <openssl/asn1t.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index d789e7e..4eda2ef 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -64,7 +64,7 @@
#include "ec_lcl.h"
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"

/* EC pkey context structure */

diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile
index 7730f71..da08d2d 100644
--- a/crypto/ecdsa/Makefile
+++ b/crypto/ecdsa/Makefile
@@ -127,16 +127,15 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ecs_sign.o: ecs_locl.h ecs_sign.c
-ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
-ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c
+ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c
diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
index d39a45d..0bdd2aa 100644
--- a/crypto/engine/Makefile
+++ b/crypto/engine/Makefile
@@ -295,8 +295,8 @@ tb_asnmth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tb_asnmth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
tb_asnmth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
tb_asnmth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-tb_asnmth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-tb_asnmth.o: eng_int.h tb_asnmth.c
+tb_asnmth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+tb_asnmth.o: ../include/internal/asn1_int.h eng_int.h tb_asnmth.c
tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
index a1a9b88..4685fcf 100644
--- a/crypto/engine/tb_asnmth.c
+++ b/crypto/engine/tb_asnmth.c
@@ -53,8 +53,8 @@
*/

#include "eng_int.h"
-#include "asn1_locl.h"
#include <openssl/evp.h>
+#include "internal/asn1_int.h"

/*
* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index 9b3095f..d72e6e7 100644
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -263,27 +263,24 @@ e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des.o: ../../include/openssl/des.h
-e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+e_des.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
e_des.o: ../cryptlib.h e_des.c evp_locl.h
e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des3.o: ../../include/openssl/des.h
-e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_des3.o: ../../include/openssl/ui.h
-e_des3.o: ../cryptlib.h e_des3.c evp_locl.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+e_des3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des3.o: ../../include/openssl/symhacks.h ../cryptlib.h e_des3.c evp_locl.h
e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -351,14 +348,13 @@ e_seed.o: e_seed.c evp_locl.h
e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_xcbc_d.o: ../../include/openssl/e_os2.h
-e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_xcbc_d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/opensslconf.h
e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_xcbc_d.o: ../cryptlib.h e_xcbc_d.c
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../cryptlib.h e_xcbc_d.c
e_xcbc_d.o: evp_locl.h
encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -463,7 +459,7 @@ evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
+evp_pkey.o: ../cryptlib.h ../include/internal/asn1_int.h evp_pkey.c
m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
@@ -519,19 +515,18 @@ m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c
m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_mdc2.o: ../../include/openssl/des.h
-m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
-m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-m_mdc2.o: ../../include/openssl/x509.h
-m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+m_mdc2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_mdc2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_mdc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_mdc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_mdc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_mdc2.o: ../cryptlib.h m_mdc2.c
m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -580,8 +575,8 @@ m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
-m_sigver.o: m_sigver.c
+m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+m_sigver.o: ../include/internal/evp_int.h m_sigver.c
m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -675,7 +670,7 @@ p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_lib.o: ../asn1/asn1_locl.h ../cryptlib.h p_lib.c
+p_lib.o: ../cryptlib.h ../include/internal/asn1_int.h p_lib.c
p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -735,8 +730,8 @@ pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-pmeth_fn.o: pmeth_fn.c
+pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h
+pmeth_fn.o: ../include/internal/evp_int.h pmeth_fn.c
pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h
pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
pmeth_gn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -747,7 +742,8 @@ pmeth_gn.o: ../../include/openssl/opensslconf.h
pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h
-pmeth_gn.o: ../include/internal/bn_int.h evp_locl.h pmeth_gn.c
+pmeth_gn.o: ../include/internal/bn_int.h ../include/internal/evp_int.h
+pmeth_gn.o: pmeth_gn.c
pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
pmeth_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -761,5 +757,6 @@ pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pmeth_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-pmeth_lib.o: evp_locl.h pmeth_lib.c
+pmeth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pmeth_lib.o: ../include/internal/asn1_int.h ../include/internal/evp_int.h
+pmeth_lib.o: pmeth_lib.c
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
index 56449c4..b70a54c 100644
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -261,71 +261,6 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
(fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
cipher##_init_key, NULL, NULL, NULL, NULL)

-struct evp_pkey_ctx_st {
- /* Method associated with this operation */
- const EVP_PKEY_METHOD *pmeth;
- /* Engine that implements this method or NULL if builtin */
- ENGINE *engine;
- /* Key: may be NULL */
- EVP_PKEY *pkey;
- /* Peer key for key agreement, may be NULL */
- EVP_PKEY *peerkey;
- /* Actual operation */
- int operation;
- /* Algorithm specific data */
- void *data;
- /* Application specific data */
- void *app_data;
- /* Keygen callback */
- EVP_PKEY_gen_cb *pkey_gencb;
- /* implementation specific keygen data */
- int *keygen_info;
- int keygen_info_count;
-} /* EVP_PKEY_CTX */ ;
-
-#define EVP_PKEY_FLAG_DYNAMIC 1
-
-struct evp_pkey_method_st {
- int pkey_id;
- int flags;
- int (*init) (EVP_PKEY_CTX *ctx);
- int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
- void (*cleanup) (EVP_PKEY_CTX *ctx);
- int (*paramgen_init) (EVP_PKEY_CTX *ctx);
- int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
- int (*keygen_init) (EVP_PKEY_CTX *ctx);
- int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
- int (*sign_init) (EVP_PKEY_CTX *ctx);
- int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
- const unsigned char *tbs, size_t tbslen);
- int (*verify_init) (EVP_PKEY_CTX *ctx);
- int (*verify) (EVP_PKEY_CTX *ctx,
- const unsigned char *sig, size_t siglen,
- const unsigned char *tbs, size_t tbslen);
- int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
- int (*verify_recover) (EVP_PKEY_CTX *ctx,
- unsigned char *rout, size_t *routlen,
- const unsigned char *sig, size_t siglen);
- int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
- int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
- EVP_MD_CTX *mctx);
- int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
- int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
- EVP_MD_CTX *mctx);
- int (*encrypt_init) (EVP_PKEY_CTX *ctx);
- int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
- const unsigned char *in, size_t inlen);
- int (*decrypt_init) (EVP_PKEY_CTX *ctx);
- int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
- const unsigned char *in, size_t inlen);
- int (*derive_init) (EVP_PKEY_CTX *ctx);
- int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
- int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
- int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
-} /* EVP_PKEY_METHOD */ ;
-
-void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
-
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md,
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 52c9a86..7e64e26 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -62,7 +62,7 @@
#include "cryptlib.h"
#include <openssl/x509.h>
#include <openssl/rand.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

/* Extract a private key from a PKCS8 structure */

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 87507ff..65a49ad 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -62,7 +62,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"

static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 1f98d71..604faf2 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -78,7 +78,7 @@
# include <openssl/engine.h>
#endif

-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

static void EVP_PKEY_free_it(EVP_PKEY *x);

diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index a8b7f2f..829b5f0 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -62,7 +62,7 @@
#include "cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"

#define M_check_autoarg(ctx, arg, arglen, err) \
if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 45559eb..a5ae484 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -63,7 +63,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "internal/bn_int.h"
-#include "evp_locl.h"
+#include "internal/evp_int.h"

int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
{
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 9f81d10..9183e40 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -65,8 +65,8 @@
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
-#include "asn1_locl.h"
-#include "evp_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"

typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);

diff --git a/crypto/hmac/Makefile b/crypto/hmac/Makefile
index 0e91709..42a9778 100644
--- a/crypto/hmac/Makefile
+++ b/crypto/hmac/Makefile
@@ -82,8 +82,8 @@ hm_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
hm_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
hm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
hm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-hm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h
-hm_ameth.o: hm_ameth.c
+hm_ameth.o: ../../include/openssl/symhacks.h ../cryptlib.h
+hm_ameth.o: ../include/internal/asn1_int.h hm_ameth.c
hm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
hm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
hm_pmeth.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -98,7 +98,7 @@ hm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
hm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
hm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-hm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h hm_pmeth.c
+hm_pmeth.o: ../cryptlib.h ../include/internal/evp_int.h hm_pmeth.c
hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c
index f72d668..1b0f3b9 100644
--- a/crypto/hmac/hm_ameth.c
+++ b/crypto/hmac/hm_ameth.c
@@ -59,7 +59,7 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/evp.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

#define HMAC_TEST_PRIVATE_KEY_FORMAT

diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c
index 0ffff79..f2be144 100644
--- a/crypto/hmac/hm_pmeth.c
+++ b/crypto/hmac/hm_pmeth.c
@@ -62,7 +62,7 @@
#include <openssl/x509v3.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"

/* HMAC pkey context structure */

diff --git a/crypto/asn1/asn1_locl.h b/crypto/include/internal/asn1_int.h
similarity index 72%
copy from crypto/asn1/asn1_locl.h
copy to crypto/include/internal/asn1_int.h
index 2113802..58759be 100644
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/include/internal/asn1_int.h
@@ -1,10 +1,10 @@
-/* asn1t.h */
+/* asn1_int.h */
/*
* Written by Dr Stephen N Henson (st...@openssl.org) for the OpenSSL project
- * 2006.
+ * 2015.
*/
/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2015 The OpenSSL Project. All rights reserved.

*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

@@ -59,44 +59,6 @@

/* Internal ASN1 structures and functions: not for application use */

-int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
-int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
-
-/* ASN1 print context structure */
-
-struct asn1_pctx_st {
- unsigned long flags;
- unsigned long nm_flags;
- unsigned long cert_flags;
- unsigned long oid_flags;
- unsigned long str_flags;
-} /* ASN1_PCTX */ ;
-
-/* ASN1 scan context structure */
-
-struct asn1_sctx_st {
- /* The ASN1_ITEM associated with this field */
- const ASN1_ITEM *it;
- /* If ASN1_TEMPLATE associated with this field */
- const ASN1_TEMPLATE *tt;
- /* Various flags associated with field and context */
- unsigned long flags;
- /* If SEQUENCE OF or SET OF, field index */
- int skidx;
- /* ASN1 depth of field */
- int depth;
- /* Structure and field name */
- const char *sname, *fname;
- /* If a primitive type the type of underlying field */
- int prim_type;
- /* The field value itself */
- ASN1_VALUE **field;
- /* Callback to pass information to */
- int (*scan_cb) (ASN1_SCTX *ctx);
- /* Context specific application data */
- void *app_data;
-} /* ASN1_SCTX */ ;
-
/* ASN1 public key method structure */

struct evp_pkey_asn1_method_st {
@@ -141,21 +103,3 @@ struct evp_pkey_asn1_method_st {
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig);
} /* EVP_PKEY_ASN1_METHOD */ ;
-
-/*
- * Method to handle CRL access. In general a CRL could be very large (several
- * Mb) and can consume large amounts of resources if stored in memory by
- * multiple processes. This method allows general CRL operations to be
- * redirected to more efficient callbacks: for example a CRL entry database.
- */
-
-#define X509_CRL_METHOD_DYNAMIC 1
-
-struct x509_crl_method_st {
- int flags;
- int (*crl_init) (X509_CRL *crl);
- int (*crl_free) (X509_CRL *crl);
- int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret,
- ASN1_INTEGER *ser, X509_NAME *issuer);
- int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);
-};
diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
new file mode 100644
index 0000000..ea7a61c
--- /dev/null
+++ b/crypto/include/internal/evp_int.h
@@ -0,0 +1,123 @@
+/* evp_int.h */
+/*
+ * Written by Dr Stephen N Henson (st...@openssl.org) for the OpenSSL project
+ * 2015.
+ */
+/* ====================================================================
+ * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * lice...@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (e...@cryptsoft.com). This product includes software written by Tim
+ * Hudson (t...@cryptsoft.com).
+ *
+ */
+
+struct evp_pkey_ctx_st {
+ /* Method associated with this operation */
+ const EVP_PKEY_METHOD *pmeth;
+ /* Engine that implements this method or NULL if builtin */
+ ENGINE *engine;
+ /* Key: may be NULL */
+ EVP_PKEY *pkey;
+ /* Peer key for key agreement, may be NULL */
+ EVP_PKEY *peerkey;
+ /* Actual operation */
+ int operation;
+ /* Algorithm specific data */
+ void *data;
+ /* Application specific data */
+ void *app_data;
+ /* Keygen callback */
+ EVP_PKEY_gen_cb *pkey_gencb;
+ /* implementation specific keygen data */
+ int *keygen_info;
+ int keygen_info_count;
+} /* EVP_PKEY_CTX */ ;
+
+#define EVP_PKEY_FLAG_DYNAMIC 1
+
+struct evp_pkey_method_st {
+ int pkey_id;
+ int flags;
+ int (*init) (EVP_PKEY_CTX *ctx);
+ int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+ void (*cleanup) (EVP_PKEY_CTX *ctx);
+ int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+ int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+ int (*keygen_init) (EVP_PKEY_CTX *ctx);
+ int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+ int (*sign_init) (EVP_PKEY_CTX *ctx);
+ int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen);
+ int (*verify_init) (EVP_PKEY_CTX *ctx);
+ int (*verify) (EVP_PKEY_CTX *ctx,
+ const unsigned char *sig, size_t siglen,
+ const unsigned char *tbs, size_t tbslen);
+ int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+ int (*verify_recover) (EVP_PKEY_CTX *ctx,
+ unsigned char *rout, size_t *routlen,
+ const unsigned char *sig, size_t siglen);
+ int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+ EVP_MD_CTX *mctx);
+ int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+ EVP_MD_CTX *mctx);
+ int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+ int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
+ int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+ int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
+ int (*derive_init) (EVP_PKEY_CTX *ctx);
+ int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+ int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+ int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+} /* EVP_PKEY_METHOD */ ;
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
diff --git a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile
index 7811764..766008e 100644
--- a/crypto/mdc2/Makefile
+++ b/crypto/mdc2/Makefile
@@ -76,18 +76,15 @@ clean:

mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h
mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-mdc2_one.o: ../../include/openssl/des.h
-mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
-mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+mdc2_one.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+mdc2_one.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-mdc2_one.o: ../cryptlib.h mdc2_one.c
+mdc2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h mdc2_one.c
mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-mdc2dgst.o: ../../include/openssl/e_os2.h
-mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/mdc2.h
+mdc2dgst.o: ../../include/openssl/opensslconf.h
mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
mdc2dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-mdc2dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-mdc2dgst.o: mdc2dgst.c
+mdc2dgst.o: ../../include/openssl/symhacks.h mdc2dgst.c
diff --git a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile
index f5b8445..098e663 100644
--- a/crypto/ocsp/Makefile
+++ b/crypto/ocsp/Makefile
@@ -90,7 +90,7 @@ ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_asn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_asn.o: ocsp_asn.c
+ocsp_asn.o: ocsp_asn.c ocsp_lcl.h
ocsp_cl.o: ../../e_os.h ../../include/openssl/asn1.h
ocsp_cl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -106,7 +106,7 @@ ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_cl.o: ../cryptlib.h ocsp_cl.c
+ocsp_cl.o: ../cryptlib.h ocsp_cl.c ocsp_lcl.h
ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -135,7 +135,7 @@ ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ocsp_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ocsp_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_ext.c
+ocsp_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_ext.c ocsp_lcl.h
ocsp_ht.o: ../../e_os.h ../../include/openssl/asn1.h
ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -165,7 +165,7 @@ ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
ocsp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ocsp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ocsp_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lib.c
+ocsp_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lcl.h ocsp_lib.c
ocsp_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -180,7 +180,7 @@ ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ocsp_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_prn.o: ocsp_prn.c
+ocsp_prn.o: ocsp_lcl.h ocsp_prn.c
ocsp_srv.o: ../../e_os.h ../../include/openssl/asn1.h
ocsp_srv.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -196,7 +196,7 @@ ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
ocsp_srv.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ocsp_srv.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ocsp_srv.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_srv.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_srv.c
+ocsp_srv.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lcl.h ocsp_srv.c
ocsp_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -210,4 +210,18 @@ ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_vfy.o: ocsp_vfy.c
+ocsp_vfy.o: ocsp_lcl.h ocsp_vfy.c
+v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lcl.h v3_ocsp.c
diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile
index 3664055..b3e554a 100644
--- a/crypto/pem/Makefile
+++ b/crypto/pem/Makefile
@@ -123,21 +123,19 @@ pem_info.o: ../cryptlib.h pem_info.c
pem_lib.o: ../../e_os.h ../../include/openssl/asn1.h
pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pem_lib.o: ../../include/openssl/e_os2.h
-pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-pem_lib.o: ../../include/openssl/x509.h
-pem_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-pem_lib.o: pem_lib.c
+pem_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pem_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pem_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_lib.o: ../cryptlib.h ../include/internal/asn1_int.h pem_lib.c
pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h
pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -182,8 +180,8 @@ pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_pkey.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-pem_pkey.o: pem_pkey.c
+pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pem_pkey.o: ../include/internal/asn1_int.h pem_pkey.c
pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h
pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 4d4e886..410c2b2 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -66,7 +66,7 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
#ifndef OPENSSL_NO_DES
# include <openssl/des.h>
#endif
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 25b1095..fd7e8b0 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -71,7 +71,7 @@
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

int pem_check_suffix(const char *pem_str, const char *suffix);

diff --git a/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile
index effe05f..987bddf 100644
--- a/crypto/pkcs7/Makefile
+++ b/crypto/pkcs7/Makefile
@@ -140,7 +140,7 @@ pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk7_lib.o: ../asn1/asn1_locl.h ../cryptlib.h pk7_lib.c
+pk7_lib.o: ../cryptlib.h ../include/internal/asn1_int.h pk7_lib.c
pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h
pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 511ae8c..6409d28 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c

@@ -60,7 +60,7 @@
#include "cryptlib.h"

#include <openssl/objects.h>
#include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)

{
diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile
index 18b172c..28213bf 100644
--- a/crypto/rsa/Makefile
+++ b/crypto/rsa/Makefile
@@ -95,7 +95,7 @@ rsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
rsa_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rsa_ameth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_ameth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rsa_ameth.o: ../asn1/asn1_locl.h ../cryptlib.h rsa_ameth.c
+rsa_ameth.o: ../cryptlib.h ../include/internal/asn1_int.h rsa_ameth.c
rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -234,8 +234,8 @@ rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
rsa_pmeth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rsa_pmeth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_pmeth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rsa_pmeth.o: ../../include/openssl/x509v3.h ../cryptlib.h ../evp/evp_locl.h
-rsa_pmeth.o: rsa_locl.h rsa_pmeth.c
+rsa_pmeth.o: ../../include/openssl/x509v3.h ../cryptlib.h
+rsa_pmeth.o: ../include/internal/evp_int.h rsa_locl.h rsa_pmeth.c
rsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 071dbb8..46b0fdc 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -66,7 +66,7 @@
#ifndef OPENSSL_NO_CMS
# include <openssl/cms.h>
#endif
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

static int rsa_cms_sign(CMS_SignerInfo *si);
static int rsa_cms_verify(CMS_SignerInfo *si);
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 0476bf7..0aaca9e 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -68,7 +68,7 @@
#ifndef OPENSSL_NO_CMS
# include <openssl/cms.h>
#endif
-#include "evp_locl.h"
+#include "internal/evp_int.h"
#include "rsa_locl.h"

/* RSA pkey context structure */
diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile
index f6cfbec..2a576e0 100644
--- a/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
@@ -123,7 +123,7 @@ x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_att.o: ../cryptlib.h x509_att.c
+x509_att.o: ../cryptlib.h x509_att.c x509_lcl.h
x509_cmp.o: ../../e_os.h ../../include/openssl/asn1.h
x509_cmp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -298,7 +298,7 @@ x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_v3.o: ../cryptlib.h x509_v3.c
+x509_v3.o: ../cryptlib.h x509_lcl.h x509_v3.c
x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -407,3 +407,29 @@ x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
x_all.o: ../cryptlib.h x_all.c
+x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
+x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_lcl.h
+x_attrib.o: x_attrib.c
+x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_exten.o: ../../include/openssl/x509_vfy.h x509_lcl.h x_exten.c
diff --git a/ssl/Makefile b/ssl/Makefile
index 087f796..90b6ac5 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -105,24 +105,26 @@ clean:

# DO NOT DELETE THIS LINE -- make depend depends on it.

-bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+bio_ssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-bio_ssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-bio_ssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+bio_ssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+bio_ssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+bio_ssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
bio_ssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c
+bio_ssl.o: ssl_locl.h
d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
d1_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
d1_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
diff --git a/test/Makefile b/test/Makefile
index 6c85b04..fc16227 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -657,19 +657,20 @@ evp_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
evp_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
evp_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
evp_extra_test.o: evp_extra_test.c
-evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+evp_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h
evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h
evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h
-evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h
-evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-evp_test.o: ../include/openssl/x509_vfy.h evp_test.c
+evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+evp_test.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+evp_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+evp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+evp_test.o: ../include/openssl/x509v3.h evp_test.c
exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h

Dr. Stephen Henson

unread,

Mar 24, 2015, 8:13:53 AM3/24/15

to

The branch master has been updated

via 4ca5efc2874e094d6382b30416824eda6dde52fe (commit)
from 86d20cb6fd3267a603a3e4ec549ef1113c13a374 (commit)

- Log -----------------------------------------------------------------
commit 4ca5efc2874e094d6382b30416824eda6dde52fe

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Mar 22 17:34:56 2015 +0000

Make OCSP response verification more flexible.

If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.

PR#3668

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/ocsp/ocsp_vfy.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 8beadf7..40a3b01 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -84,6 +84,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
{
X509 *signer, *x;
STACK_OF(X509) *chain = NULL;
+ STACK_OF(X509) *untrusted = NULL;
X509_STORE_CTX ctx;
int i, ret = 0;
ret = ocsp_find_signer(&signer, bs, certs, st, flags);
@@ -108,10 +109,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
}
if (!(flags & OCSP_NOVERIFY)) {
int init_res;
- if (flags & OCSP_NOCHAIN)
- init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
- else
- init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ if (flags & OCSP_NOCHAIN) {
+ untrusted = NULL;
+ } else if (bs->certs && certs) {
+ untrusted = sk_X509_dup(bs->certs);
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);

+ goto end;
+ }
+ }

+ } else {
+ untrusted = bs->certs;
+ }
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
if (!init_res) {
ret = -1;
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
@@ -162,6 +173,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
end:
if (chain)
sk_X509_pop_free(chain, X509_free);
+ if (bs->certs && certs)
+ sk_X509_free(untrusted);
return ret;

Dr. Stephen Henson

unread,

Mar 24, 2015, 8:26:45 AM3/24/15

to

The branch master has been updated

via 7b68c30da01b4eedcd546f81844156646387cacb (commit)
from 4ca5efc2874e094d6382b30416824eda6dde52fe (commit)

- Log -----------------------------------------------------------------
commit 7b68c30da01b4eedcd546f81844156646387cacb

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Mar 13 14:16:32 2015 +0000

Configuration file examples.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/apps/config.pod | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)

diff --git a/doc/apps/config.pod b/doc/apps/config.pod
index d5cce54..e125915 100644
--- a/doc/apps/config.pod
+++ b/doc/apps/config.pod
@@ -277,6 +277,59 @@ priority and B</tmp> used if neither is defined:
# The above value is used if TEMP isn't in the environment
tmpfile=${ENV::TEMP}/tmp.filename

+Simple OpenSSL library configuration example to enter FIPS mode:
+
+ # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
+
+ [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
+
+ [evp_sect]
+ # Set to "yes" to enter FIPS mode if supported
+ fips_mode = yes
+
+Note: in the above example you will get an error in non FIPS capable versions
+of OpenSSL.
+
+More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:
+
+ # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
+
+ [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
+ oid_section = new_oids
+
+ [evp_sect]
+ # This will have no effect as FIPS mode is off by default.
+ # Set to "yes" to enter FIPS mode, if supported
+ fips_mode = no
+
+ [new_oids]
+ # New OID, just short name
+ newoid1 = 1.2.3.4.1
+ # New OID shortname and long name
+ newoid2 = New OID 2 long name, 1.2.3.4.2
+
+The above examples can be used with with any application supporting library
+configuration if "openssl_conf" is modified to match the appropriate "appname".
+
+For example if the second sample file above is saved to "example.cnf" then
+the command line:
+
+ OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1
+
+will output:
+
+ 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1
+
+showing that the OID "newoid1" has been added as "1.2.3.4.1".
+
=head1 BUGS

Currently there is no way to include characters using the octal B<\nnn>

Dr. Stephen Henson

unread,

Mar 24, 2015, 1:39:08 PM3/24/15

to

The branch master has been updated

via e5991ec528b1c339062440811e2641f5ea2b328b (commit)
via 2e430277578d3dd586cd005682a54a59d6158146 (commit)
from 7b68c30da01b4eedcd546f81844156646387cacb (commit)

- Log -----------------------------------------------------------------
commit e5991ec528b1c339062440811e2641f5ea2b328b

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Mar 24 16:21:21 2015 +0000

Fix verify algorithm.

Disable loop checking when we retry verification with an alternative path.
This fixes the case where an intermediate CA is explicitly trusted and part
of the untrusted certificate list. By disabling loop checking for this case
the untrusted CA can be replaced by the explicitly trusted case and
verification will succeed.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 2e430277578d3dd586cd005682a54a59d6158146

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Mar 15 16:26:04 2015 +0000

make ASN1_OBJECT opaque

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/a_object.c | 1 +
crypto/asn1/asn1.h | 16 ----------------
crypto/asn1/asn_moid.c | 1 +
crypto/asn1/tasn_enc.c | 1 +
crypto/evp/evp_lib.c | 2 +-
crypto/include/internal/asn1_int.h | 16 ++++++++++++++++
crypto/objects/obj_dat.c | 15 +++++++++++++++
crypto/objects/obj_lib.c | 1 +
crypto/objects/objects.h | 3 +++
crypto/rsa/rsa_sign.c | 2 +-
crypto/x509/x509_vfy.c | 8 ++++++++
doc/crypto/OBJ_nid2obj.pod | 14 ++++++++++++++
engines/e_4758cca.c | 4 ++--
13 files changed, 64 insertions(+), 20 deletions(-)

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index c780d8e..ddc3aaf 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -63,6 +63,7 @@
#include <openssl/asn1.h>
#include <openssl/objects.h>
#include <openssl/bn.h>
+#include "internal/asn1_int.h"

int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index ef5b9e8..a00c08a 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -194,22 +194,6 @@ typedef struct asn1_const_ctx_st {
int line; /* used in error processing */
} ASN1_const_CTX;

-/*
- * These are used internally in the ASN1_OBJECT to keep track of whether the
- * names and data need to be free()ed
- */
-# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */
-# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */
-# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
-# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */
-struct asn1_object_st {
- const char *sn, *ln;
- int nid;
- int length;
- const unsigned char *data; /* data remains const after init */
- int flags; /* Should we free this one */
-};
-
# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
/*
* This indicates that the ASN1_STRING is not a real value but just a place
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
index fab2dd9..da7e291 100644
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -64,6 +64,7 @@
#include <openssl/conf.h>
#include <openssl/dso.h>
#include <openssl/x509.h>
+#include "internal/asn1_int.h"

/* Simple ASN1 OID module: add all objects in a given section */

diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 1c200b0..1d1f838 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -63,6 +63,7 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>
+#include "internal/asn1_int.h"

static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
const ASN1_ITEM *it, int tag, int aclass);
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 966d9fb..8d00029 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -176,7 +176,7 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
default:
/* Check it has an OID and it is valid */
otmp = OBJ_nid2obj(nid);
- if (!otmp || !otmp->data)
+ if (OBJ_get0_data(otmp) == NULL)
nid = NID_undef;
ASN1_OBJECT_free(otmp);
return nid;
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
index 58759be..20c8f40 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -103,3 +103,19 @@ struct evp_pkey_asn1_method_st {

X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig);
} /* EVP_PKEY_ASN1_METHOD */ ;

+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */
+struct asn1_object_st {
+ const char *sn, *ln;
+ int nid;
+ int length;
+ const unsigned char *data; /* data remains const after init */
+ int flags; /* Should we free this one */
+};
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index e7366af..5c861d1 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -64,6 +64,7 @@
#include <openssl/asn1.h>
#include <openssl/objects.h>
#include <openssl/bn.h>
+#include "internal/asn1_int.h"

/* obj_dat.h is generated from objects.h by obj_dat.pl */
#include "obj_dat.h"
@@ -781,3 +782,17 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
OPENSSL_free(buf);
return (ok);
}
+
+size_t OBJ_length(const ASN1_OBJECT *obj)
+{
+ if (obj == NULL)
+ return 0;
+ return obj->length;
+}
+
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj)
+{
+ if (obj == NULL)
+ return NULL;
+ return obj->data;
+}
diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
index 8851baf..0bcb5df 100644
--- a/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
@@ -61,6 +61,7 @@
#include <openssl/lhash.h>
#include <openssl/objects.h>
#include <openssl/buffer.h>
+#include "internal/asn1_int.h"

ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
{
diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h
index b8dafa8..165817f 100644
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -1107,6 +1107,9 @@ int OBJ_create(const char *oid, const char *sn, const char *ln);
void OBJ_cleanup(void);
int OBJ_create_objects(BIO *in);

+size_t OBJ_length(const ASN1_OBJECT *obj);
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index cc45e40..a521d11 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -95,7 +95,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
return (0);
}
- if (sig.algor->algorithm->length == 0) {
+ if (OBJ_length(sig.algor->algorithm) == 0) {
RSAerr(RSA_F_RSA_SIGN,
RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
return (0);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index bb6e1ce..61f02b5 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -365,8 +365,16 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
&& !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
&& !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
while (j-- > 1) {
+ STACK_OF(X509) *chtmp = ctx->chain;
xtmp2 = sk_X509_value(ctx->chain, j - 1);
+ /*
+ * Temporarily set chain to NULL so we don't discount
+ * duplicates: the same certificate could be an untrusted
+ * CA found in the trusted store.
+ */
+ ctx->chain = NULL;
ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
+ ctx->chain = chtmp;
if (ok < 0)
goto end;
/* Check if we found an alternate chain */
diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod
index 1e45dd4..648204e 100644
--- a/doc/crypto/OBJ_nid2obj.pod
+++ b/doc/crypto/OBJ_nid2obj.pod
@@ -29,6 +29,9 @@ functions
int OBJ_create(const char *oid,const char *sn,const char *ln);
void OBJ_cleanup(void);

+ size_t OBJ_length(const ASN1_OBJECT *obj);
+ const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
=head1 DESCRIPTION

The ASN1 object utility functions process ASN1_OBJECT structures which are
@@ -70,6 +73,11 @@ OBJ_cleanup() cleans up OpenSSLs internal object table: this should
be called before an application exits if any new objects were added
using OBJ_create().

+OBJ_length() returns the size of the content octets of B<obj>.
+
+OBJ_get0_data() returns a pointer to the content octets of B<obj>.
+The returned pointer is an internal pointer which B<must not> be freed.
+
=head1 NOTES

Objects in OpenSSL can have a short name, a long name and a numerical
@@ -96,6 +104,12 @@ Objects do not need to be in the internal tables to be processed,
the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
form of an OID.

+Some objects are used to reprsent algorithms which do not have a
+corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently
+exists for a particular algorithm). As a result they B<cannot> be encoded or
+decoded as part of ASN.1 structures. Applications can determine if there
+is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.
+
=head1 EXAMPLES

Create an object for B<commonName>:
diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c
index 5f77198..3b593c7 100644
--- a/engines/e_4758cca.c
+++ b/engines/e_4758cca.c
@@ -641,7 +641,7 @@ static int cca_rsa_verify(int type, const unsigned char *m,
return 0;
}

- if (!algorithm.algorithm->length) {
+ if (!OBJ_length(algorithm.algorithm)) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
return 0;
@@ -754,7 +754,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
return 0;
}

- if (!algorithm.algorithm->length) {
+ if (!OBJ_length(algorithm.algorithm)) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
return 0;

Richard Levitte

unread,

Mar 24, 2015, 2:48:10 PM3/24/15

to

The branch master has been updated

via e30a64fae76a3eea6e512eacd06aa5e487427fbc (commit)
via fa327fafe2184e6f1d7f3f2a663d00034c5d22b3 (commit)
from e5991ec528b1c339062440811e2641f5ea2b328b (commit)

- Log -----------------------------------------------------------------
commit e30a64fae76a3eea6e512eacd06aa5e487427fbc
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Mar 24 15:11:29 2015 +0100

Update ordinals

Thanks to the change of mkdef.pl, a few more deprecated functions were
properly defined in util/libeay.num.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit fa327fafe2184e6f1d7f3f2a663d00034c5d22b3
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Mar 24 15:02:51 2015 +0100

Teach mkdef.pl to handle multiline declarations.

For the moment, this is specially crafted for DECLARE_DEPRECATED because
that's where we found the problem, but it can easily be expanded to other
types of special delarations when needed.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

util/libeay.num | 8 ++++----
util/mkdef.pl | 19 ++++++++++++++++---
2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/util/libeay.num b/util/libeay.num
index 623f639..957ef3f 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -126,7 +126,7 @@ BN_gcd 131 EXIST::FUNCTION:
BN_generate_prime 132 EXIST::FUNCTION:DEPRECATED
BN_get_word 133 EXIST::FUNCTION:
BN_is_bit_set 134 EXIST::FUNCTION:
-BN_is_prime 135 NOEXIST::FUNCTION:
+BN_is_prime 135 EXIST::FUNCTION:DEPRECATED
BN_lshift 136 EXIST::FUNCTION:
BN_lshift1 137 EXIST::FUNCTION:
BN_mask_bits 138 EXIST::FUNCTION:
@@ -1744,7 +1744,7 @@ X509_REQ_add1_attr_by_txt 2217 EXIST::FUNCTION:
X509_ATTRIBUTE_create_by_txt 2218 EXIST::FUNCTION:
X509at_add1_attr_by_txt 2219 EXIST::FUNCTION:
BN_pseudo_rand 2239 EXIST::FUNCTION:
-BN_is_prime_fasttest 2240 NOEXIST::FUNCTION:
+BN_is_prime_fasttest 2240 EXIST::FUNCTION:DEPRECATED
BN_CTX_end 2241 EXIST::FUNCTION:
BN_CTX_start 2242 EXIST::FUNCTION:
BN_CTX_get 2243 EXIST::FUNCTION:
@@ -2900,7 +2900,7 @@ STORE_method_set_list_start_function 3336 NOEXIST::FUNCTION:
BN_BLINDING_invert_ex 3337 EXIST::FUNCTION:
NAME_CONSTRAINTS_free 3338 EXIST::FUNCTION:
STORE_ATTR_INFO_set_number 3339 NOEXIST::FUNCTION:
-BN_BLINDING_get_thread_id 3340 NOEXIST::FUNCTION:
+BN_BLINDING_get_thread_id 3340 EXIST::FUNCTION:DEPRECATED
X509_STORE_CTX_set0_param 3341 EXIST::FUNCTION:
POLICY_MAPPING_it 3342 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICY_MAPPING_it 3342 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -3368,7 +3368,7 @@ pqueue_insert 3766 EXIST::FUNCTION:
pitem_free 3767 EXIST::FUNCTION:
BN_GF2m_mod_inv_arr 3768 EXIST::FUNCTION:EC2M
ENGINE_unregister_ECDSA 3769 EXIST::FUNCTION:ENGINE
-BN_BLINDING_set_thread_id 3770 NOEXIST::FUNCTION:
+BN_BLINDING_set_thread_id 3770 EXIST::FUNCTION:DEPRECATED
get_rfc3526_prime_8192 3771 EXIST::FUNCTION:
X509_VERIFY_PARAM_clear_flags 3772 EXIST::FUNCTION:
get_rfc2409_prime_1024 3773 EXIST::FUNCTION:
diff --git a/util/mkdef.pl b/util/mkdef.pl
index b549a60..1d47561 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -487,7 +487,14 @@ sub do_defs
while(<IN>) {
if($parens > 0) {
#Inside a DECLARE_DEPRECATED
- $parens += count_parens($_);
+ $stored_multiline .= $_;
+ chomp $stored_multiline;
+ print STDERR "DEBUG: Continuing multiline DEPRECATED: $stored_multiline\n" if $debug;
+ $parens = count_parens($stored_multiline);
+ if ($parens == 0) {
+ $stored_multiline =~ /^\s*DECLARE_DEPRECATED\s*$\s*(\w*(\s|\*|\w)*)/;
+ $def .= "$1(void);";
+ }
next;
}
if (/\/\* Error codes for the \w+ functions\. \*\//)
@@ -881,9 +888,15 @@ sub do_defs
"EXPORT_VAR_AS_FUNCTION",
"FUNCTION");
} elsif (/^\s*DECLARE_DEPRECATED\s*\(\s*(\w*(\s|\*|\w)*)/) {
- $def .= "$1(void);";
$parens = count_parens($_);
- next;
+ if ($parens == 0) {
+ $def .= "$1(void);";
+ } else {
+ $stored_multiline = $_;
+ chomp $stored_multiline;
+ print STDERR "DEBUG: Found multiline DEPRECATED starting with: $stored_multiline\n" if $debug;
+ next;
+ }
} elsif ($tag{'CONST_STRICT'} != 1) {
if (/\{|\/\*|\([^$]*$/) {
$line = $_;

Dr. Stephen Henson

unread,

Mar 24, 2015, 3:12:18 PM3/24/15

to

The branch master has been updated

via 1300705a47b9c9498b15a384c6c5348adc342e2c (commit)
from e30a64fae76a3eea6e512eacd06aa5e487427fbc (commit)

- Log -----------------------------------------------------------------
commit 1300705a47b9c9498b15a384c6c5348adc342e2c

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Mar 24 18:58:51 2015 +0000

update ordinals

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
util/libeay.num | 2 ++
1 file changed, 2 insertions(+)

diff --git a/util/libeay.num b/util/libeay.num
index 957ef3f..8930f2c 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4550,3 +4550,5 @@ EVP_camellia_128_ctr 4908 EXIST::FUNCTION:CAMELLIA
EVP_camellia_256_ctr 4909 EXIST::FUNCTION:CAMELLIA
EVP_camellia_192_ctr 4910 EXIST::FUNCTION:CAMELLIA
OCSP_resp_get0_signature 4911 EXIST::FUNCTION:
+OBJ_length 4912 EXIST::FUNCTION:
+OBJ_get0_data 4913 EXIST::FUNCTION:

Rich Salz

unread,

Mar 24, 2015, 11:18:11 PM3/24/15

to

The branch master has been updated

via d64070838ebba86f00fb3755df5d3e65106e1628 (commit)
from 1300705a47b9c9498b15a384c6c5348adc342e2c (commit)

- Log -----------------------------------------------------------------
commit d64070838ebba86f00fb3755df5d3e65106e1628
Author: Rich Salz <rs...@akamai.com>
Date: Tue Mar 24 10:17:37 2015 -0400

free NULL cleanup

Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.

This gets DH_free, DSA_free, RSA_free

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/dh.c | 3 +--
apps/dhparam.c | 6 ++----
apps/dsa.c | 3 +--
apps/dsaparam.c | 3 +--
apps/gendh.c | 3 +--
apps/gendsa.c | 3 +--
apps/genrsa.c | 3 +--
apps/rsa.c | 3 +--
apps/s_server.c | 3 +--
apps/speed.c | 6 ++----
crypto/dh/dh_ameth.c | 6 ++----
crypto/dh/dh_asn1.c | 3 +--
crypto/dh/dh_lib.c | 1 +
crypto/dh/dhtest.c | 6 ++----
crypto/dsa/dsa_ameth.c | 3 +--
crypto/dsa/dsa_depr.c | 7 +++----
crypto/dsa/dsa_lib.c | 3 +--
crypto/dsa/dsatest.c | 3 +--
crypto/evp/evp_extra_test.c | 4 +---
crypto/pem/pvkfmt.c | 6 ++----
crypto/rsa/rsa_depr.c | 3 +--
demos/easy_tls/easy-tls.c | 3 +--
doc/crypto/DH_new.pod | 1 +
doc/crypto/DSA_new.pod | 1 +
doc/crypto/RSA_new.pod | 1 +
engines/ccgost/gost_ameth.c | 4 +---
engines/e_capi.c | 6 ++----
engines/e_chil.c | 3 +--
engines/e_sureware.c | 6 ++----
ssl/s3_clnt.c | 18 ++++++------------
ssl/s3_lib.c | 21 +++++++--------------
ssl/ssl_cert.c | 12 ++++--------
ssl/ssl_conf.c | 3 +--
ssl/ssltest.c | 6 ++----
34 files changed, 58 insertions(+), 108 deletions(-)

diff --git a/apps/dh.c b/apps/dh.c
index cdb5f4a..a921633 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -314,8 +314,7 @@ int MAIN(int argc, char **argv)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dh != NULL)
- DH_free(dh);
+ DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 0e6a3c3..12a2be6 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -319,8 +319,7 @@ int MAIN(int argc, char **argv)
if (!dsa
|| !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
cb)) {
- if (dsa)
- DSA_free(dsa);
+ DSA_free(dsa);
BN_GENCB_free(cb);
ERR_print_errors(bio_err);
goto end;
@@ -520,8 +519,7 @@ int MAIN(int argc, char **argv)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dh != NULL)
- DH_free(dh);
+ DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/dsa.c b/apps/dsa.c
index 7ff6ee9..8d085bc 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -360,8 +360,7 @@ int MAIN(int argc, char **argv)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dsa != NULL)
- DSA_free(dsa);
+ DSA_free(dsa);
if (passin)
OPENSSL_free(passin);
if (passout)
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 74eefdc..fc1c817 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -438,8 +438,7 @@ int MAIN(int argc, char **argv)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dsa != NULL)
- DSA_free(dsa);
+ DSA_free(dsa);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/gendh.c b/apps/gendh.c
index bbeba06..6102b79 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -212,8 +212,7 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err);
if (out != NULL)
BIO_free_all(out);
- if (dh != NULL)
- DH_free(dh);
+ DH_free(dh);
if (cb != NULL)
BN_GENCB_free(cb);
apps_shutdown();
diff --git a/apps/gendsa.c b/apps/gendsa.c
index fd1360a..d330a01 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -271,8 +271,7 @@ int MAIN(int argc, char **argv)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dsa != NULL)
- DSA_free(dsa);
+ DSA_free(dsa);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 5770c8d..1b06c82 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -311,8 +311,7 @@ int MAIN(int argc, char **argv)
BN_free(bn);
if (cb)
BN_GENCB_free(cb);
- if (rsa)
- RSA_free(rsa);
+ RSA_free(rsa);
if (out)
BIO_free_all(out);
if (passout)
diff --git a/apps/rsa.c b/apps/rsa.c
index 419e504..ac4a3c4 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -424,8 +424,7 @@ int MAIN(int argc, char **argv)
end:
if (out != NULL)
BIO_free_all(out);
- if (rsa != NULL)
- RSA_free(rsa);
+ RSA_free(rsa);
if (passin)
OPENSSL_free(passin);
if (passout)
diff --git a/apps/s_server.c b/apps/s_server.c
index 298e665..97aa23d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3180,8 +3180,7 @@ static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
}
if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
- if (rsa_tmp)
- RSA_free(rsa_tmp);
+ RSA_free(rsa_tmp);
rsa_tmp = NULL;
}
if (!s_quiet) {
diff --git a/apps/speed.c b/apps/speed.c
index 44c276a..b023f28 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2448,13 +2448,11 @@ int MAIN(int argc, char **argv)
OPENSSL_free(buf2_malloc);
#ifndef OPENSSL_NO_RSA
for (i = 0; i < RSA_NUM; i++)
- if (rsa_key[i] != NULL)
- RSA_free(rsa_key[i]);
+ RSA_free(rsa_key[i]);
#endif
#ifndef OPENSSL_NO_DSA
for (i = 0; i < DSA_NUM; i++)
- if (dsa_key[i] != NULL)
- DSA_free(dsa_key[i]);
+ DSA_free(dsa_key[i]);
#endif

#ifndef OPENSSL_NO_EC
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 17027c5..c71538f 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -142,8 +142,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
err:
if (public_key)
ASN1_INTEGER_free(public_key);
- if (dh)
- DH_free(dh);
+ DH_free(dh);
return 0;

}
@@ -711,8 +710,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
ASN1_INTEGER_free(public_key);
if (pkpeer)
EVP_PKEY_free(pkpeer);
- if (dhpeer)
- DH_free(dhpeer);
+ DH_free(dhpeer);
return rv;
}

diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index f470214..7066caf 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -142,8 +142,7 @@ DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
}

if (a) {
- if (*a)
- DH_free(*a);
+ DH_free(*a);
*a = dh;
}

diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 46d1a2b..4f07a27 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -170,6 +170,7 @@ DH *DH_new_method(ENGINE *engine)
void DH_free(DH *r)
{
int i;
+
if (r == NULL)
return;
i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index 9bb9a00..6c063da 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -199,10 +199,8 @@ int main(int argc, char *argv[])
OPENSSL_free(abuf);
if (bbuf != NULL)
OPENSSL_free(bbuf);
- if (b != NULL)
- DH_free(b);

- if (a != NULL)

- DH_free(a);
+ DH_free(b);
+ DH_free(a);
if (_cb)
BN_GENCB_free(_cb);
BIO_free(out);
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 61a9d0f..96d5c5a 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -120,8 +120,7 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
err:
if (public_key)
ASN1_INTEGER_free(public_key);
- if (dsa)
- DSA_free(dsa);
+ DSA_free(dsa);
return 0;

}
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index be1df13..10f0314 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -89,10 +89,8 @@ DSA *DSA_generate_parameters(int bits,
if ((ret = DSA_new()) == NULL)
return NULL;
cb = BN_GENCB_new();
- if (!cb) {
- DSA_free(ret);
- return NULL;
- }
+ if (!cb)
+ goto err;

BN_GENCB_set_old(cb, callback, cb_arg);

@@ -102,6 +100,7 @@ DSA *DSA_generate_parameters(int bits,
return ret;
}
BN_GENCB_free(cb);
+err:
DSA_free(ret);
return NULL;
}
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index eb13fbb..bfd9106 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -315,8 +315,7 @@ DH *DSA_dup_DH(const DSA *r)
return ret;

err:
- if (ret != NULL)
- DH_free(ret);
+ DH_free(ret);
return NULL;
}
#endif
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 9b13089..bf47816 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -211,8 +211,7 @@ int main(int argc, char **argv)
end:
if (!ret)
ERR_print_errors(bio_err);
- if (dsa != NULL)
- DSA_free(dsa);
+ DSA_free(dsa);
if (cb != NULL)
BN_GENCB_free(cb);
CRYPTO_cleanup_all_ex_data();
diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c
index 0f7b011..c474134 100644
--- a/crypto/evp/evp_extra_test.c
+++ b/crypto/evp/evp_extra_test.c
@@ -268,9 +268,7 @@ static EVP_PKEY *load_example_rsa_key(void)
if (pkey) {
EVP_PKEY_free(pkey);
}
- if (rsa) {
- RSA_free(rsa);
- }
+ RSA_free(rsa);

return ret;
}
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index ee4b6a8..0f2390d 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -335,8 +335,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,

memerr:
PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
- if (dsa)
- DSA_free(dsa);
+ DSA_free(dsa);
if (ret)
EVP_PKEY_free(ret);
if (ctx)
@@ -385,8 +384,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
return ret;
memerr:
PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
- if (rsa)
- RSA_free(rsa);
+ RSA_free(rsa);
if (ret)
EVP_PKEY_free(ret);
return NULL;
diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c
index a6ec385..8da6ec1 100644
--- a/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
@@ -101,8 +101,7 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
err:
if (e)
BN_free(e);
- if (rsa)
- RSA_free(rsa);
+ RSA_free(rsa);
if (cb)
BN_GENCB_free(cb);
return 0;
diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
index 610b4f9..33303cc 100644
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -637,8 +637,7 @@ void tls_set_dhe1024(int i, void *apparg)
tls_openssl_errors("", "", NULL, apparg);
return;
}
- if (tls_dhe1024 != NULL)
- DH_free(tls_dhe1024);
+ DH_free(tls_dhe1024);
tls_dhe1024 = dhparams;
}

diff --git a/doc/crypto/DH_new.pod b/doc/crypto/DH_new.pod
index 60c9300..6245e4a 100644
--- a/doc/crypto/DH_new.pod
+++ b/doc/crypto/DH_new.pod
@@ -18,6 +18,7 @@ DH_new() allocates and initializes a B<DH> structure.

DH_free() frees the B<DH> structure and its components. The values are
erased before the memory is returned to the system.
+If B<dh> is NULL nothing is done.

=head1 RETURN VALUES

diff --git a/doc/crypto/DSA_new.pod b/doc/crypto/DSA_new.pod
index 48e9b82..3a6d582 100644
--- a/doc/crypto/DSA_new.pod
+++ b/doc/crypto/DSA_new.pod
@@ -19,6 +19,7 @@ calling DSA_new_method(NULL).

DSA_free() frees the B<DSA> structure and its components. The values are
erased before the memory is returned to the system.
+If B<dsa> is NULL nothing is done.

=head1 RETURN VALUES

diff --git a/doc/crypto/RSA_new.pod b/doc/crypto/RSA_new.pod
index 3d15b92..70901a5 100644
--- a/doc/crypto/RSA_new.pod
+++ b/doc/crypto/RSA_new.pod
@@ -19,6 +19,7 @@ calling RSA_new_method(NULL).

RSA_free() frees the B<RSA> structure and its components. The key is
erased before the memory is returned to the system.
+If B<rsa> is NULL nothing is done.

=head1 RETURN VALUES

diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index ad8480d..a5d80a1 100644
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -276,9 +276,7 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
/* --------------------- free functions * ------------------------------*/
static void pkey_free_gost94(EVP_PKEY *key)
{
- if (key->pkey.dsa) {
- DSA_free(key->pkey.dsa);
- }
+ DSA_free(key->pkey.dsa);
}

static void pkey_free_gost01(EVP_PKEY *key)
diff --git a/engines/e_capi.c b/engines/e_capi.c
index f280397..2373d69 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -754,10 +754,8 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
if (pubkey)
OPENSSL_free(pubkey);
if (!ret) {
- if (rkey)
- RSA_free(rkey);
- if (dkey)
- DSA_free(dkey);
+ RSA_free(rkey);
+ DSA_free(dkey);
}

return ret;
diff --git a/engines/e_chil.c b/engines/e_chil.c
index 69d49d7..19d29d7 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -849,8 +849,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
return res;
err:
# ifndef OPENSSL_NO_RSA
- if (rtmp)
- RSA_free(rtmp);
+ RSA_free(rtmp);
# endif
return NULL;
}
diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index 36f6f43..262766c 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -801,12 +801,10 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
return res;
err:
# ifndef OPENSSL_NO_RSA
- if (rsatmp)
- RSA_free(rsatmp);
+ RSA_free(rsatmp);
# endif
# ifndef OPENSSL_NO_DSA
- if (dsatmp)
- DSA_free(dsatmp);
+ DSA_free(dsatmp);
# endif
return NULL;
}
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f4b60be..27f03d4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1380,16 +1380,12 @@ int ssl3_get_key_exchange(SSL *s)
param = p = (unsigned char *)s->init_msg;
if (s->session->sess_cert != NULL) {
#ifndef OPENSSL_NO_RSA
- if (s->session->sess_cert->peer_rsa_tmp != NULL) {
- RSA_free(s->session->sess_cert->peer_rsa_tmp);
- s->session->sess_cert->peer_rsa_tmp = NULL;
- }
+ RSA_free(s->session->sess_cert->peer_rsa_tmp);
+ s->session->sess_cert->peer_rsa_tmp = NULL;
#endif
#ifndef OPENSSL_NO_DH
- if (s->session->sess_cert->peer_dh_tmp) {
- DH_free(s->session->sess_cert->peer_dh_tmp);
- s->session->sess_cert->peer_dh_tmp = NULL;
- }
+ DH_free(s->session->sess_cert->peer_dh_tmp);
+ s->session->sess_cert->peer_dh_tmp = NULL;
#endif
#ifndef OPENSSL_NO_EC
if (s->session->sess_cert->peer_ecdh_tmp) {
@@ -1955,12 +1951,10 @@ int ssl3_get_key_exchange(SSL *s)
err:
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_RSA
- if (rsa != NULL)
- RSA_free(rsa);
+ RSA_free(rsa);
#endif
#ifndef OPENSSL_NO_DH
- if (dh != NULL)
- DH_free(dh);
+ DH_free(dh);
#endif
#ifndef OPENSSL_NO_EC
BN_CTX_free(bn_ctx);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 6c59824..9893930 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3138,8 +3138,7 @@ void ssl3_free(SSL *s)
if (s->s3->rrec.comp != NULL)
OPENSSL_free(s->s3->rrec.comp);
#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- DH_free(s->s3->tmp.dh);
+ DH_free(s->s3->tmp.dh);
#endif
#ifndef OPENSSL_NO_EC
if (s->s3->tmp.ecdh != NULL)
@@ -3181,10 +3180,8 @@ void ssl3_clear(SSL *s)
s->s3->rrec.comp = NULL;
}
#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL) {
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- }
+ DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
#endif
#ifndef OPENSSL_NO_EC
if (s->s3->tmp.ecdh != NULL) {
@@ -3293,8 +3290,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
return (ret);
}
- if (s->cert->rsa_tmp != NULL)
- RSA_free(s->cert->rsa_tmp);
+ RSA_free(s->cert->rsa_tmp);
s->cert->rsa_tmp = rsa;
ret = 1;
}
@@ -3329,8 +3325,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return (ret);
}
}
- if (s->cert->dh_tmp != NULL)
- DH_free(s->cert->dh_tmp);
+ DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh;
ret = 1;
}
@@ -3766,8 +3761,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
return (0);
} else {
- if (cert->rsa_tmp != NULL)
- RSA_free(cert->rsa_tmp);
+ RSA_free(cert->rsa_tmp);
cert->rsa_tmp = rsa;
return (1);
}
@@ -3801,8 +3795,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return 0;
}
}
- if (cert->dh_tmp != NULL)
- DH_free(cert->dh_tmp);
+ DH_free(cert->dh_tmp);
cert->dh_tmp = new;
return 1;
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index a88d211..cbfe7bb 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -443,12 +443,10 @@ void ssl_cert_free(CERT *c)
#endif

#ifndef OPENSSL_NO_RSA
- if (c->rsa_tmp)
- RSA_free(c->rsa_tmp);
+ RSA_free(c->rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
- if (c->dh_tmp)
- DH_free(c->dh_tmp);
+ DH_free(c->dh_tmp);
#endif
#ifndef OPENSSL_NO_EC
if (c->ecdh_tmp)
@@ -651,12 +649,10 @@ void ssl_sess_cert_free(SESS_CERT *sc)
}

#ifndef OPENSSL_NO_RSA
- if (sc->peer_rsa_tmp != NULL)
- RSA_free(sc->peer_rsa_tmp);
+ RSA_free(sc->peer_rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
- if (sc->peer_dh_tmp != NULL)
- DH_free(sc->peer_dh_tmp);
+ DH_free(sc->peer_dh_tmp);
#endif
#ifndef OPENSSL_NO_EC
if (sc->peer_ecdh_tmp != NULL)
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index cfed40d..25af065 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -421,8 +421,7 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
if (cctx->ssl)
rv = SSL_set_tmp_dh(cctx->ssl, dh);
end:
- if (dh)
- DH_free(dh);
+ DH_free(dh);
if (in)
BIO_free(in);
return rv > 0;
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 457ba86..d244ba3 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -2968,10 +2968,8 @@ static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)

static void free_tmp_rsa(void)
{
- if (rsa_tmp != NULL) {
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
}
#endif

Matt Caswell

unread,

Mar 25, 2015, 8:32:27 AM3/25/15

to

The branch master has been updated

via 4f9fab6bd0253416eeace5a45142c7c4a83bc511 (commit)
via d5d0a1cb1347d4a8547e78aec56c50c528186e50 (commit)
from d64070838ebba86f00fb3755df5d3e65106e1628 (commit)

- Log -----------------------------------------------------------------
commit 4f9fab6bd0253416eeace5a45142c7c4a83bc511
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Feb 5 13:59:16 2015 +0000

Add ticket length before buffering DTLS message

In ssl3_send_new_session_ticket the message to be sent is constructed. We
skip adding the length of the session ticket initially, then call
ssl_set_handshake_header, and finally go back and add in the length of the
ticket. Unfortunately, in DTLS, ssl_set_handshake_header also has the side
effect of buffering the message for subsequent retransmission if required.
By adding the ticket length after the call to ssl_set_handshake_header the
message that is buffered is incomplete, causing an invalid message to be
sent on retransmission.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit d5d0a1cb1347d4a8547e78aec56c50c528186e50
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Feb 5 13:54:37 2015 +0000

Ensure last_write_sequence is saved in DTLS1.2

In DTLS, immediately prior to epoch change, the write_sequence is supposed
to be stored in s->d1->last_write_sequence. The write_sequence is then reset
back to 00000000. In the event of retransmits of records from the previous
epoch, the last_write_sequence is restored. This commit fixes a bug in
DTLS1.2 where the write_sequence was being reset before last_write_sequence
was saved, and therefore retransmits are sent with incorrect sequence
numbers.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/s3_srvr.c | 4 ++--
ssl/t1_enc.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 0efe3dd..ce52854 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3431,11 +3431,11 @@ int ssl3_send_newsession_ticket(SSL *s)

/* Now write out lengths: p points to end of data written */
/* Total length */
len = p - ssl_handshake_start(s);

- if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
- goto err;

/* Skip ticket lifetime hint */
p = ssl_handshake_start(s) + 4;
s2n(len - 6, p);
+ if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
+ goto err;

s->state = SSL3_ST_SW_SESSION_TICKET_B;
OPENSSL_free(senc);
}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index df97f19..e4a689e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -404,9 +404,9 @@ int tls1_change_cipher_state(SSL *s, int which)
}
#endif
/*
- * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+ * this is done by dtls1_reset_seq_numbers for DTLS
*/
- if (s->version != DTLS1_VERSION)
+ if (!SSL_IS_DTLS(s))
memset(&(s->s3->read_sequence[0]), 0, 8);
mac_secret = &(s->s3->read_mac_secret[0]);
mac_secret_size = &(s->s3->read_mac_secret_size);
@@ -442,9 +442,9 @@ int tls1_change_cipher_state(SSL *s, int which)
}
#endif
/*
- * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+ * this is done by dtls1_reset_seq_numbers for DTLS
*/
- if (s->version != DTLS1_VERSION)
+ if (!SSL_IS_DTLS(s))
memset(&(s->s3->write_sequence[0]), 0, 8);
mac_secret = &(s->s3->write_mac_secret[0]);
mac_secret_size = &(s->s3->write_mac_secret_size);

Matt Caswell

unread,

Mar 25, 2015, 8:35:55 AM3/25/15

to

The branch master has been updated

via 8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (commit)
via 7b611e5fe8eaac9512f72094c460f3ed6040076a (commit)
from 4f9fab6bd0253416eeace5a45142c7c4a83bc511 (commit)

- Log -----------------------------------------------------------------
commit 8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Mar 13 16:48:01 2015 +0000

Fix return checks in GOST engine

Filled in lots of return value checks that were missing the GOST engine, and
added appropriate error handling.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 7b611e5fe8eaac9512f72094c460f3ed6040076a
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Mar 13 15:04:54 2015 +0000

Fix misc NULL derefs in sureware engine

Fix miscellaneous NULL pointer derefs in the sureware engine.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

engines/ccgost/e_gost_err.c | 3 +-
engines/ccgost/e_gost_err.h | 1 +
engines/ccgost/gost2001.c | 229 ++++++++++++++++++++++++++++++++++----------
engines/ccgost/gost_ameth.c | 36 ++++++-
engines/ccgost/gost_pmeth.c | 2 +-
engines/ccgost/gost_sign.c | 79 ++++++++++++---
engines/e_sureware.c | 27 +++---
7 files changed, 295 insertions(+), 82 deletions(-)

diff --git a/engines/ccgost/e_gost_err.c b/engines/ccgost/e_gost_err.c
index 47022b1..0afd913 100644
--- a/engines/ccgost/e_gost_err.c
+++ b/engines/ccgost/e_gost_err.c
@@ -1,6 +1,6 @@
/* e_gost_err.c */
/* ====================================================================
- * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.

*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

@@ -90,6 +90,7 @@ static ERR_STRING_DATA GOST_str_functs[] = {
{ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
{ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
+ {ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"},
{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
{ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
{ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h
index e55ebf8..b183957 100644
--- a/engines/ccgost/e_gost_err.h
+++ b/engines/ccgost/e_gost_err.h
@@ -90,6 +90,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
# define GOST_F_GOST_IMIT_CTRL 114
# define GOST_F_GOST_IMIT_FINAL 140
# define GOST_F_GOST_IMIT_UPDATE 115
+# define GOST_F_GOST_SIGN_KEYGEN 142
# define GOST_F_PARAM_COPY_GOST01 116
# define GOST_F_PARAM_COPY_GOST94 117
# define GOST_F_PKEY_GOST01CP_DECRYPT 118
diff --git a/engines/ccgost/gost2001.c b/engines/ccgost/gost2001.c
index b3eec8a..5c4efd6 100644
--- a/engines/ccgost/gost2001.c
+++ b/engines/ccgost/gost2001.c
@@ -41,6 +41,11 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid)
BN_CTX *ctx = BN_CTX_new();
int ok = 0;

+ if(!ctx) {
+ GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);

+ goto err;
+ }
+

BN_CTX_start(ctx);
p = BN_CTX_get(ctx);
a = BN_CTX_get(ctx);
@@ -48,6 +53,10 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid)
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
+ if(!p || !a || !b || !x || !y || !q) {
+ GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
while (params->nid != NID_undef && params->nid != nid)
params++;
if (params->nid == NID_undef) {
@@ -55,18 +64,33 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid)
GOST_R_UNSUPPORTED_PARAMETER_SET);
goto err;
}
- BN_hex2bn(&p, params->p);
- BN_hex2bn(&a, params->a);
- BN_hex2bn(&b, params->b);
+ if(!BN_hex2bn(&p, params->p)
+ || !BN_hex2bn(&a, params->a)
+ || !BN_hex2bn(&b, params->b)) {
+ GOSTerr(GOST_F_FILL_GOST2001_PARAMS,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }

grp = EC_GROUP_new_curve_GFp(p, a, b, ctx);
+ if(!grp) {
+ GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }

P = EC_POINT_new(grp);
+ if(!P) {
+ GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }

- BN_hex2bn(&x, params->x);
- BN_hex2bn(&y, params->y);
- EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx);
- BN_hex2bn(&q, params->q);
+ if(!BN_hex2bn(&x, params->x)
+ || !BN_hex2bn(&y, params->y)
+ || !EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx)
+ || !BN_hex2bn(&q, params->q)) {
+ GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
#ifdef DEBUG_KEYS
fprintf(stderr, "Set params index %d oid %s\nq=",
(params - R3410_2001_paramset), OBJ_nid2sn(params->nid));
@@ -74,16 +98,23 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid)
fprintf(stderr, "\n");
#endif

- EC_GROUP_set_generator(grp, P, q, NULL);
+ if(!EC_GROUP_set_generator(grp, P, q, NULL)) {
+ GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
EC_GROUP_set_curve_name(grp, params->nid);
-
- EC_KEY_set_group(eckey, grp);
+ if(!EC_KEY_set_group(eckey, grp)) {
+ GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
ok = 1;
err:
- EC_POINT_free(P);
- EC_GROUP_free(grp);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
+ if (P) EC_POINT_free(P);
+ if (grp) EC_GROUP_free(grp);
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
return ok;
}

@@ -94,7 +125,7 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid)
*/
DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
{
- DSA_SIG *newsig = NULL;
+ DSA_SIG *newsig = NULL, *ret = NULL;
BIGNUM *md = hashsum2bn(dgst);
BIGNUM *order = NULL;
const EC_GROUP *group;
@@ -103,6 +134,10 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
NULL, *e = NULL;
EC_POINT *C = NULL;
BN_CTX *ctx = BN_CTX_new();
+ if(!ctx || !md) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
BN_CTX_start(ctx);
OPENSSL_assert(dlen == 32);
newsig = DSA_SIG_new();
@@ -111,11 +146,25 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
goto err;
}
group = EC_KEY_get0_group(eckey);
+ if(!group) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
order = BN_CTX_get(ctx);
- EC_GROUP_get_order(group, order, ctx);
+ if(!order || !EC_GROUP_get_order(group, order, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
priv_key = EC_KEY_get0_private_key(eckey);
+ if(!priv_key) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
e = BN_CTX_get(ctx);
- BN_mod(e, md, order, ctx);
+ if(!e || !BN_mod(e, md, order, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
#ifdef DEBUG_SIGN
fprintf(stderr, "digest as bignum=");
BN_print_fp(stderr, md);
@@ -128,55 +177,80 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
}
k = BN_CTX_get(ctx);
C = EC_POINT_new(group);
+ if(!k || !C) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
do {
do {
if (!BN_rand_range(k, order)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN,
GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
- DSA_SIG_free(newsig);
- newsig = NULL;
goto err;
}
if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
- DSA_SIG_free(newsig);
- newsig = NULL;
goto err;
}
if (!X)
X = BN_CTX_get(ctx);
+ if (!r)
+ r = BN_CTX_get(ctx);
+ if (!X || !r) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
- DSA_SIG_free(newsig);
- newsig = NULL;
goto err;
}
- if (!r)
- r = BN_CTX_get(ctx);
- BN_nnmod(r, X, order, ctx);
+
+ if(!BN_nnmod(r, X, order, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
}
while (BN_is_zero(r));
/* s = (r*priv_key+k*e) mod order */
if (!tmp)
tmp = BN_CTX_get(ctx);
- BN_mod_mul(tmp, priv_key, r, order, ctx);
if (!tmp2)
tmp2 = BN_CTX_get(ctx);
- BN_mod_mul(tmp2, k, e, order, ctx);
if (!s)
s = BN_CTX_get(ctx);
- BN_mod_add(s, tmp, tmp2, order, ctx);
+ if (!tmp || !tmp2 || !s) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);

+ goto err;
+ }
+

+ if(!BN_mod_mul(tmp, priv_key, r, order, ctx)
+ || !BN_mod_mul(tmp2, k, e, order, ctx)
+ || !BN_mod_add(s, tmp, tmp2, order, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
}
while (BN_is_zero(s));

newsig->s = BN_dup(s);
newsig->r = BN_dup(r);
+ if(!newsig->s || !newsig->r) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);

+ goto err;
+ }
+

+ ret = newsig;
err:
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- EC_POINT_free(C);
- BN_free(md);
- return newsig;
+ if(ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (C) EC_POINT_free(C);
+ if (md) BN_free(md);
+ if (!ret && newsig) {
+ DSA_SIG_free(newsig);
+ }
+ return ret;
}

/*
@@ -196,6 +270,11 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
const EC_POINT *pub_key = NULL;
int ok = 0;

+ if(!ctx || !group) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);

+ goto err;
+ }
+

BN_CTX_start(ctx);
order = BN_CTX_get(ctx);
e = BN_CTX_get(ctx);
@@ -205,9 +284,17 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
X = BN_CTX_get(ctx);
R = BN_CTX_get(ctx);
v = BN_CTX_get(ctx);
+ if(!order || !e || !z1 || !z2 || !tmp || !X || !R || !v) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }

- EC_GROUP_get_order(group, order, ctx);
pub_key = EC_KEY_get0_public_key(ec);
+ if(!pub_key || !EC_GROUP_get_order(group, order, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);

+ goto err;
+ }
+

if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
(BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY,
@@ -217,19 +304,28 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
}
md = hashsum2bn(dgst);

- BN_mod(e, md, order, ctx);
+ if(!md || !BN_mod(e, md, order, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
#ifdef DEBUG_SIGN
fprintf(stderr, "digest as bignum: ");
BN_print_fp(stderr, md);
fprintf(stderr, "\ndigest mod q: ");
BN_print_fp(stderr, e);
#endif
- if (BN_is_zero(e))
- BN_one(e);
+ if (BN_is_zero(e) && !BN_one(e)) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
v = BN_mod_inverse(v, e, order, ctx);
- BN_mod_mul(z1, sig->s, v, order, ctx);
- BN_sub(tmp, order, sig->r);
- BN_mod_mul(z2, tmp, v, order, ctx);
+ if(!v
+ || !BN_mod_mul(z1, sig->s, v, order, ctx)
+ || !BN_sub(tmp, order, sig->r)
+ || !BN_mod_mul(z2, tmp, v, order, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
#ifdef DEBUG_SIGN
fprintf(stderr, "\nInverted digest value: ");
BN_print_fp(stderr, v);
@@ -239,6 +335,10 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
BN_print_fp(stderr, z2);
#endif
C = EC_POINT_new(group);
+ if (!C) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
goto err;
@@ -247,7 +347,10 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
- BN_mod(R, X, order, ctx);
+ if(!BN_mod(R, X, order, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
#ifdef DEBUG_SIGN
fprintf(stderr, "\nX=");
BN_print_fp(stderr, X);
@@ -261,10 +364,12 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
ok = 1;
}
err:
- EC_POINT_free(C);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- BN_free(md);
+ if (C) EC_POINT_free(C);
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (md) BN_free(md);
return ok;
}

@@ -287,6 +392,10 @@ int gost2001_compute_public(EC_KEY *ec)
return 0;
}
ctx = BN_CTX_new();
+ if(!ctx) {
+ GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
BN_CTX_start(ctx);
if (!(priv_key = EC_KEY_get0_private_key(ec))) {
GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
@@ -294,6 +403,10 @@ int gost2001_compute_public(EC_KEY *ec)
}

pub_key = EC_POINT_new(group);
+ if(!pub_key) {
+ GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
goto err;
@@ -304,9 +417,11 @@ int gost2001_compute_public(EC_KEY *ec)
}
ok = 256;
err:
- BN_CTX_end(ctx);
- EC_POINT_free(pub_key);
- BN_CTX_free(ctx);
+ if (pub_key) EC_POINT_free(pub_key);
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
return ok;
}

@@ -320,7 +435,13 @@ int gost2001_keygen(EC_KEY *ec)
{
BIGNUM *order = BN_new(), *d = BN_new();
const EC_GROUP *group = EC_KEY_get0_group(ec);
- EC_GROUP_get_order(group, order, NULL);
+
+ if(!group || !EC_GROUP_get_order(group, order, NULL)) {
+ GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
+ BN_free(d);
+ BN_free(order);
+ return 0;
+ }

do {
if (!BN_rand_range(d, order)) {
@@ -332,7 +453,13 @@ int gost2001_keygen(EC_KEY *ec)
}
}
while (BN_is_zero(d));
- EC_KEY_set_private_key(ec, d);
+
+ if(!EC_KEY_set_private_key(ec, d)) {
+ GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
+ BN_free(d);
+ BN_free(order);
+ return 0;
+ }
BN_free(d);
BN_free(order);
return gost2001_compute_public(ec);
diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index a5d80a1..bc45325 100644
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -115,7 +115,10 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
}
param_nid = OBJ_obj2nid(gkp->key_params);
GOST_KEY_PARAMS_free(gkp);
- EVP_PKEY_set_type(pkey, pkey_nid);
+ if(!EVP_PKEY_set_type(pkey, pkey_nid)) {
+ GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
switch (pkey_nid) {
case NID_id_GostR3410_94:
{
@@ -548,9 +551,19 @@ static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
}
if (!eto) {
eto = EC_KEY_new();
- EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto);
+ if(!eto) {
+ GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) {
+ GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ }
+ if(!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) {
+ GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR);
+ return 0;
}
- EC_KEY_set_group(eto, EC_KEY_get0_group(efrom));
if (EC_KEY_get0_private_key(eto)) {
gost2001_compute_public(eto);
}
@@ -745,8 +758,21 @@ static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
}
X = BN_new();
Y = BN_new();
- EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
- pub_key, X, Y, NULL);
+ if(!X || !Y) {
+ GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
+ if(X) BN_free(X);
+ if(Y) BN_free(Y);
+ BN_free(order);
+ return 0;
+ }
+ if(!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
+ pub_key, X, Y, NULL)) {
+ GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR);
+ BN_free(X);
+ BN_free(Y);
+ BN_free(order);
+ return 0;
+ }
data_len = 2 * BN_num_bytes(order);
BN_free(order);
databuf = OPENSSL_malloc(data_len);
diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c
index f1220e8..673b538 100644
--- a/engines/ccgost/gost_pmeth.c
+++ b/engines/ccgost/gost_pmeth.c
@@ -509,7 +509,7 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
long keylen;
int ret;
unsigned char *keybuf = string_to_hex(value, &keylen);
- if (keylen != 32) {
+ if (!keybuf || keylen != 32) {
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
GOST_R_INVALID_MAC_KEY_LENGTH);
OPENSSL_free(keybuf);
diff --git a/engines/ccgost/gost_sign.c b/engines/ccgost/gost_sign.c
index 5bcc296..b3e1007 100644
--- a/engines/ccgost/gost_sign.c
+++ b/engines/ccgost/gost_sign.c
@@ -13,6 +13,7 @@
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/evp.h>
+#include <openssl/err.h>

#include "gost_params.h"
#include "gost_lcl.h"
@@ -53,11 +54,16 @@ void dump_dsa_sig(const char *message, DSA_SIG *sig)
DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
- DSA_SIG *newsig = DSA_SIG_new();
+ DSA_SIG *newsig, *ret = NULL;
BIGNUM *md = hashsum2bn(dgst);
/* check if H(M) mod q is zero */
BN_CTX *ctx = BN_CTX_new();
+ if(!ctx) {
+ GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
BN_CTX_start(ctx);
+ newsig = DSA_SIG_new();
if (!newsig) {
GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
@@ -65,6 +71,10 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
tmp = BN_CTX_get(ctx);
k = BN_CTX_get(ctx);
tmp2 = BN_CTX_get(ctx);
+ if(!tmp || !k || !tmp2) {
+ GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
BN_mod(tmp, md, dsa->q, ctx);
if (BN_is_zero(tmp)) {
BN_one(md);
@@ -77,24 +87,41 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
BN_rand_range(k, dsa->q);
/* generate r = (a^x mod p) mod q */
BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
- if (!(newsig->r))
+ if (!(newsig->r)) {
newsig->r = BN_new();
+ if(!newsig->r) {
+ GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);

+ goto err;
+ }
+ }

BN_mod(newsig->r, tmp, dsa->q, ctx);
}
while (BN_is_zero(newsig->r));
/* generate s = (xr + k(Hm)) mod q */
BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
BN_mod_mul(tmp2, k, md, dsa->q, ctx);
- if (!newsig->s)
+ if (!newsig->s) {
newsig->s = BN_new();
+ if(!newsig->s) {
+ GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);

+ goto err;
+ }
+ }

BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
}
while (BN_is_zero(newsig->s));
+
+ ret = newsig;
err:
BN_free(md);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return newsig;
+ if(ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if(!ret && newsig) {
+ DSA_SIG_free(newsig);
+ }
+ return ret;
}

/*
@@ -136,17 +163,21 @@ int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
int gost_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
- BIGNUM *md, *tmp = NULL;
+ BIGNUM *md = NULL, *tmp = NULL;
BIGNUM *q2 = NULL;
BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
BIGNUM *tmp2 = NULL, *tmp3 = NULL;
int ok;
BN_CTX *ctx = BN_CTX_new();
+ if(!ctx) {
+ GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }

BN_CTX_start(ctx);
if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
- return 0;
+ goto err;
}
md = hashsum2bn(dgst);

@@ -158,6 +189,10 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
tmp2 = BN_CTX_get(ctx);
tmp3 = BN_CTX_get(ctx);
u = BN_CTX_get(ctx);
+ if(!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
+ GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }

BN_mod(tmp, md, dsa->q, ctx);
if (BN_is_zero(tmp)) {
@@ -175,12 +210,15 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
BN_mod(u, tmp3, dsa->q, ctx);
ok = BN_cmp(u, sig->r);

- BN_free(md);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
if (ok != 0) {
GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
}
+err:
+ if(md) BN_free(md);
+ if(ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
return (ok == 0);
}

@@ -191,13 +229,24 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
int gost94_compute_public(DSA *dsa)
{
/* Now fill algorithm parameters with correct values */
- BN_CTX *ctx = BN_CTX_new();
+ BN_CTX *ctx;
if (!dsa->g) {
GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
return 0;
}
- /* Compute public key y = a^x mod p */
+ ctx = BN_CTX_new();
+ if(!ctx) {
+ GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);

+ return 0;
+ }
+

dsa->pub_key = BN_new();
+ if(!dsa->pub_key) {
+ GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
+ BN_CTX_free(ctx);
+ return 0;
+ }
+ /* Compute public key y = a^x mod p */
BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
BN_CTX_free(ctx);
return 1;
@@ -244,6 +293,10 @@ int fill_GOST94_params(DSA *dsa, int nid)
int gost_sign_keygen(DSA *dsa)
{
dsa->priv_key = BN_new();
+ if(!dsa->priv_key) {
+ GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
BN_rand_range(dsa->priv_key, dsa->q);
return gost94_compute_public(dsa);
}
diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index 262766c..3c7b2b2 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -713,10 +713,12 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
/* set public big nums */
rsatmp->e = BN_new();
rsatmp->n = BN_new();
+ if(!rsatmp->e || !rsatmp->n)
+ goto err;
bn_expand2(rsatmp->e, el / sizeof(BN_ULONG));
bn_expand2(rsatmp->n, el / sizeof(BN_ULONG));
- if (!rsatmp->e || rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) ||
- !rsatmp->n || rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG)))
+ if (rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) ||
+ rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG)))
goto err;
ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el,
(unsigned long *)rsatmp->n->d,
@@ -753,15 +755,16 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
dsatmp->p = BN_new();
dsatmp->q = BN_new();
dsatmp->g = BN_new();
+ if(!dsatmp->pub_key || !dsatmp->p || !dsatmp->q || !dsatmp->g)
+ goto err;
bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG));
bn_expand2(dsatmp->p, el / sizeof(BN_ULONG));
bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG));
bn_expand2(dsatmp->g, el / sizeof(BN_ULONG));
- if (!dsatmp->pub_key
- || dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG))
- || !dsatmp->p || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG))
- || !dsatmp->q || dsatmp->q->dmax != 20 / sizeof(BN_ULONG)
- || !dsatmp->g || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG)))
+ if (dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG))
+ || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG))
+ || dsatmp->q->dmax != 20 / sizeof(BN_ULONG)
+ || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG)))
goto err;

ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el,
@@ -1018,10 +1021,12 @@ static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen,
}
psign->r = BN_new();
psign->s = BN_new();
+ if(!psign->r || !psign->s)
+ goto err;
bn_expand2(psign->r, 20 / sizeof(BN_ULONG));
bn_expand2(psign->s, 20 / sizeof(BN_ULONG));
- if (!psign->r || psign->r->dmax != 20 / sizeof(BN_ULONG) ||
- !psign->s || psign->s->dmax != 20 / sizeof(BN_ULONG))
+ if (psign->r->dmax != 20 / sizeof(BN_ULONG) ||
+ psign->s->dmax != 20 / sizeof(BN_ULONG))
goto err;
ret = p_surewarehk_Dsa_Sign(msg, flen, from,
(unsigned long *)psign->r->d,
@@ -1050,9 +1055,9 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
char msg[64] = "ENGINE_modexp";
if (!p_surewarehk_Mod_Exp) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED);
- } else {
+ } else if (r) {
bn_expand2(r, m->top);
- if (r && r->dmax == m->top) {
+ if (r->dmax == m->top) {
/* do it */
ret = p_surewarehk_Mod_Exp(msg,
m->top * sizeof(BN_ULONG),

Matt Caswell

unread,

Mar 25, 2015, 8:40:44 AM3/25/15

to

The branch master has been updated

via 302d38e3f73d5fd2ba2fd30bb7798778cb9f18dd (commit)
via 266483d2f56b0764849797f31866bfd84f9c3aa8 (commit)
from 8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (commit)

- Log -----------------------------------------------------------------
commit 302d38e3f73d5fd2ba2fd30bb7798778cb9f18dd
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Feb 26 13:52:30 2015 +0000

Deprecate RAND_pseudo_bytes

The justification for RAND_pseudo_bytes is somewhat dubious, and the reality
is that it is frequently being misused. RAND_bytes and RAND_pseudo_bytes in
the default implementation both end up calling ssleay_rand_bytes. Both may
return -1 in an error condition. If there is insufficient entropy then
both will return 0, but RAND_bytes will additionally add an error to the
error queue. They both return 1 on success.
Therefore the fundamental difference between the two is that one will add an
error to the error queue with insufficient entory whilst the other will not.
Frequently there are constructions of this form:

if(RAND_pseudo_bytes(...) <= 1)
goto err;

In the above form insufficient entropy is treated as an error anyway, so
RAND_bytes is probably the better form to use.

This form is also seen:
if(!RAND_pseudo_bytes(...))
goto err;

This is technically not correct at all since a -1 return value is
incorrectly handled - but this form will also treat insufficient entropy as
an error.

Within libssl it is required that you have correctly seeded your entropy
pool and so there seems little benefit in using RAND_pseudo_bytes.
Similarly in libcrypto many operations also require a correctly seeded
entropy pool and so in most interesting cases you would be better off
using RAND_bytes anyway. There is a significant risk of RAND_pseudo_bytes
being incorrectly used in scenarios where security can be compromised by
insufficient entropy.

If you are not using the default implementation, then most engines use the
same function to implement RAND_bytes and RAND_pseudo_bytes in any case.

Given its misuse, limited benefit, and potential to compromise security,
RAND_pseudo_bytes has been deprecated.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 266483d2f56b0764849797f31866bfd84f9c3aa8
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Feb 26 11:57:37 2015 +0000

RAND_bytes updates

Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 2 ++
apps/enc.c | 2 +-
apps/passwd.c | 4 ++--
apps/s_cb.c | 2 +-
apps/s_server.c | 3 ++-
apps/speed.c | 4 ++--
crypto/asn1/asn_mime.c | 3 ++-
crypto/asn1/p5_pbe.c | 2 +-
crypto/asn1/p5_pbev2.c | 4 ++--
crypto/bio/bf_nbio.c | 6 ++++--
crypto/bn/bn_lcl.h | 2 +-
crypto/bn/bn_rand.c | 5 +++--
crypto/cms/cms_enc.c | 2 +-
crypto/cms/cms_ess.c | 3 +--
crypto/cms/cms_pwri.c | 7 ++++---
crypto/des/enc_writ.c | 3 ++-
crypto/dsa/dsa_gen.c | 4 ++--
crypto/ecdsa/ecdsatest.c | 3 +--
crypto/evp/bio_ok.c | 3 ++-
crypto/evp/e_des3.c | 3 ++-
crypto/evp/p_seal.c | 5 +++--
crypto/ocsp/ocsp_ext.c | 4 ++--
crypto/pem/pem_lib.c | 2 +-
crypto/pkcs12/p12_mutl.c | 2 +-
crypto/pkcs7/pk7_doit.c | 2 +-
crypto/rand/md_rand.c | 8 ++++++++
crypto/rand/rand.h | 4 +++-
crypto/rand/rand_lib.c | 2 ++
crypto/rand/randtest.c | 4 ++--
crypto/srp/srp_vfy.c | 9 ++++++---
crypto/srp/srptest.c | 4 ++--
demos/easy_tls/easy-tls.c | 3 ++-
doc/crypto/RAND_bytes.pod | 3 +++
ssl/d1_both.c | 18 ++++++++++++++----
ssl/s23_clnt.c | 5 +++--
ssl/s3_clnt.c | 7 ++++++-
ssl/s3_srvr.c | 5 +----
ssl/ssl_lib.c | 2 +-
ssl/ssl_sess.c | 2 +-
ssl/t1_lib.c | 19 ++++++++++++++-----
test/igetest.c | 8 ++++----
41 files changed, 118 insertions(+), 67 deletions(-)

diff --git a/CHANGES b/CHANGES
index ab5b482..7c57410 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,8 @@

Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]

+ *) RAND_pseudo_bytes has been deprecated. Users should use RAND bytes instead.
+
*) Added support for TLS extended master secret from
draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
initial patch which was a great help during development.
diff --git a/apps/enc.c b/apps/enc.c
index 3bf4a6e..1739b7e 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -505,7 +505,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
- } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
+ } else if (RAND_bytes(salt, sizeof salt) <= 0)
goto end;
/*
* If -P option then don't bother writing
diff --git a/apps/passwd.c b/apps/passwd.c
index 5ff53b5..798a6d5 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -416,7 +416,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL)
goto err;
}
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+ if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
goto err;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
@@ -437,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL)
goto err;
}
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+ if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
goto err;

for (i = 0; i < 8; i++)
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 8bc4b81..ea7d35c 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -949,7 +949,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,

/* Initialize a random secret */
if (!cookie_initialized) {
- if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
+ if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
BIO_printf(bio_err, "error setting random cookie secret\n");
return 0;
}
diff --git a/apps/s_server.c b/apps/s_server.c
index 97aa23d..c3884d2 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3199,7 +3199,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
{
unsigned int count = 0;
do {
- RAND_pseudo_bytes(id, *id_len);
+ if (RAND_bytes(id, *id_len) <= 0)
+ return 0;
/*
* Prefix the session_id with the required prefix. NB: If our prefix
* is too long, clip it - but there will be worse effects anyway, eg.
diff --git a/apps/speed.c b/apps/speed.c
index b023f28..d2034a4 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1967,7 +1967,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_SYS_WIN32
#endif
- RAND_pseudo_bytes(buf, 36);
+ RAND_bytes(buf, 36);
#ifndef OPENSSL_NO_RSA
for (j = 0; j < RSA_NUM; j++) {
int ret;
@@ -2039,7 +2039,7 @@ int MAIN(int argc, char **argv)
}
#endif

- RAND_pseudo_bytes(buf, 20);
+ RAND_bytes(buf, 20);
#ifndef OPENSSL_NO_DSA
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 28622f2..e96fb02 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -286,7 +286,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if ((flags & SMIME_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
- RAND_pseudo_bytes((unsigned char *)bound, 32);
+ if (RAND_bytes((unsigned char *)bound, 32) <= 0)
+ return 0;
for (i = 0; i < 32; i++) {
c = bound[i] & 0xf;
if (c < 10)
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index d54b094..a65b659 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -101,7 +101,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
sstr = ASN1_STRING_data(pbe->salt);
if (salt)
memcpy(sstr, salt, saltlen);
- else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
+ else if (RAND_bytes(sstr, saltlen) <= 0)
goto err;

if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index c56d850..60abbe2 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -120,7 +120,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
if (EVP_CIPHER_iv_length(cipher)) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
- else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+ else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
goto err;
}

@@ -225,7 +225,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,

if (salt)
memcpy(osalt->data, salt, saltlen);
- else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0)
+ else if (RAND_bytes(osalt->data, saltlen) <= 0)
goto merr;

if (iter <= 0)
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index 3af58bd..0ba6055 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -136,7 +136,8 @@ static int nbiof_read(BIO *b, char *out, int outl)
return (0);

BIO_clear_retry_flags(b);
- RAND_pseudo_bytes(&n, 1);
+ if (RAND_bytes(&n, 1) <= 0)
+ return -1;
num = (n & 0x07);

if (outl > num)
@@ -172,7 +173,8 @@ static int nbiof_write(BIO *b, const char *in, int inl)
num = nt->lwn;
nt->lwn = 0;
} else {
- RAND_pseudo_bytes(&n, 1);
+ if (RAND_bytes(&n, 1) <= 0)
+ return -1;
num = (n & 7);
}

diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index ba22f3a..a24ae7f 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -168,7 +168,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
* wouldn't be constructed with top!=dmax. */ \
BN_ULONG *_not_const; \
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
- RAND_pseudo_bytes(&_tmp_char, 1); \
+ RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
} \
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 9488454..be58a5a 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -142,7 +142,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
RAND_add(&tim, sizeof(tim), 0.0);

if (pseudorand) {
- if (RAND_pseudo_bytes(buf, bytes) == -1)
+ if (RAND_bytes(buf, bytes) <= 0)
goto err;
} else {
if (RAND_bytes(buf, bytes) <= 0)
@@ -157,7 +157,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
unsigned char c;

for (i = 0; i < bytes; i++) {
- RAND_pseudo_bytes(&c, 1);
+ if (RAND_bytes(&c, 1) <= 0)
+ goto err;
if (c >= 128 && i > 0)
buf[i] = buf[i - 1];
else if (c < 42)
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 85ae928..ffa85fc 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -119,7 +119,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ if (RAND_bytes(iv, ivlen) <= 0)
goto err;
piv = iv;
}
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 8631a2e..8212560 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -107,8 +107,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
else {
if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
goto merr;
- if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
- <= 0)
+ if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
goto err;
}

diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index dd5f636..83a65d2 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -131,7 +131,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
ivlen = EVP_CIPHER_CTX_iv_length(&ctx);

if (ivlen > 0) {
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ if (RAND_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
@@ -299,8 +299,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
out[3] = in[2] ^ 0xFF;
memcpy(out + 4, in, inlen);
/* Add random padding to end */
- if (olen > inlen + 4)
- RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
+ if (olen > inlen + 4
+ && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
+ return 0;
/* Encrypt twice */
if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
|| !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
index b4eecc3..55cc7fc 100644
--- a/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
@@ -132,7 +132,8 @@ int DES_enc_write(int fd, const void *_buf, int len,
if (len < 8) {
cp = shortbuf;
memcpy(shortbuf, buf, len);
- RAND_pseudo_bytes(shortbuf + len, 8 - len);
+ if (RAND_bytes(shortbuf + len, 8 - len) <= 0)
+ return -1;
rnum = 8;
} else {
cp = buf;
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 37b23c9..3506bc3 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -173,7 +173,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto err;

if (!seed_len) {
- if (RAND_pseudo_bytes(seed, qsize) < 0)
+ if (RAND_bytes(seed, qsize) <= 0)
goto err;
seed_is_random = 1;
} else {
@@ -448,7 +448,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
goto err;

if (!seed_in) {
- if (RAND_pseudo_bytes(seed, seed_len) < 0)
+ if (RAND_bytes(seed, seed_len) <= 0)
goto err;
}
/* step 2 */
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index 31d9c84..c2132da 100644
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -311,8 +311,7 @@ int test_builtin(BIO *out)
int nid, ret = 0;

/* fill digest values with some random data */
- if (!RAND_pseudo_bytes(digest, 20) ||
- !RAND_pseudo_bytes(wrong_digest, 20)) {
+ if (RAND_bytes(digest, 20) <= 0 || RAND_bytes(wrong_digest, 20) <= 0) {
BIO_printf(out, "ERROR: unable to get random data\n");
goto builtin_err;
}
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index b097a4d..ffdde6c 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -491,7 +491,8 @@ static int sig_out(BIO *b)
* FIXME: there's absolutely no guarantee this makes any sense at all,
* particularly now EVP_MD_CTX has been restructured.
*/
- RAND_pseudo_bytes(md->md_data, md->digest->md_size);
+ if (RAND_bytes(md->md_data, md->digest->md_size) <= 0)
+ goto berr;
memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
ctx->buf_len += md->digest->md_size;
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 73d7923..c720242 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -439,7 +439,8 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy(out + inl + 8, sha1tmp, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
- RAND_bytes(ctx->iv, 8);
+ if (RAND_bytes(ctx->iv, 8) <= 0)
+ return -1;
memcpy(out, ctx->iv, 8);
/* Encrypt everything after IV in place */
des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index caabbf4..ba9dfff 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
- if (EVP_CIPHER_CTX_iv_length(ctx))
- RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx));
+ if (EVP_CIPHER_CTX_iv_length(ctx)
+ && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+ return 0;

if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0;
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 4c6edb1..b564259 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -319,8 +319,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
if (val)
memcpy(tmpval, val, len);
- else
- RAND_pseudo_bytes(tmpval, len);
+ else if (RAND_bytes(tmpval, len) <= 0)
+ goto err;
if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
&os, 0, X509V3_ADD_REPLACE))
goto err;
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 410c2b2..70e6a70 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -387,7 +387,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
}
RAND_add(data, i, 0); /* put in the RSA key. */
OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
- if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */
+ if (RAND_bytes(iv, enc->iv_len) <= 0) /* Generate a salt */
goto err;
/*
* The 'iv' is used as the iv and as a salt. It is NOT taken from
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index d5eb8ff..252aca0 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -177,7 +177,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
return 0;
}
if (!salt) {
- if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0)
+ if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 0200b3b..f77326b 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -340,7 +340,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
ivlen = EVP_CIPHER_iv_length(evp_cipher);
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
if (ivlen > 0)
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ if (RAND_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
goto err;
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index ef43966..27e785d 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -173,7 +173,9 @@ static int ssleay_rand_seed(const void *buf, int num);
static int ssleay_rand_add(const void *buf, int num, double add_entropy);
static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo);
static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
+#ifndef OPENSSL_NO_DEPRECATED
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
+#endif
static int ssleay_rand_status(void);

static RAND_METHOD rand_ssleay_meth = {
@@ -181,7 +183,11 @@ static RAND_METHOD rand_ssleay_meth = {
ssleay_rand_nopseudo_bytes,
ssleay_rand_cleanup,
ssleay_rand_add,
+#ifndef OPENSSL_NO_DEPRECATED
ssleay_rand_pseudo_bytes,
+#else
+ NULL,
+#endif
ssleay_rand_status
};

@@ -601,6 +607,7 @@ static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
return ssleay_rand_bytes(buf, num, 0);
}

+#ifndef OPENSSL_NO_DEPRECATED
/*
* pseudo-random bytes that are guaranteed to be unique but not unpredictable
*/
@@ -608,6 +615,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
{
return ssleay_rand_bytes(buf, num, 1);
}
+#endif

static int ssleay_rand_status(void)
{
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h
index 145edb2..14b4793 100644
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -95,7 +95,9 @@ int RAND_set_rand_engine(ENGINE *engine);
RAND_METHOD *RAND_SSLeay(void);
void RAND_cleanup(void);
int RAND_bytes(unsigned char *buf, int num);
-int RAND_pseudo_bytes(unsigned char *buf, int num);
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(int RAND_pseudo_bytes(unsigned char *buf, int num));
+#endif
void RAND_seed(const void *buf, int num);
void RAND_add(const void *buf, int num, double entropy);
int RAND_load_file(const char *file, long max_bytes);
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 2f4dc09..0bbaf67 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -159,6 +159,7 @@ int RAND_bytes(unsigned char *buf, int num)
return (-1);
}

+#ifndef OPENSSL_NO_DEPRECATED
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
@@ -166,6 +167,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num)
return meth->pseudorand(buf, num);
return (-1);
}
+#endif

int RAND_status(void)
{
diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c
index 267752e..67acf70 100644
--- a/crypto/rand/randtest.c
+++ b/crypto/rand/randtest.c
@@ -77,8 +77,8 @@ int main(int argc, char **argv)
*/
long d;

- i = RAND_pseudo_bytes(buf, 2500);
- if (i < 0) {
+ i = RAND_bytes(buf, 2500);
+ if (i <= 0) {
printf("init failed, the rand method is not properly installed\n");
err++;
goto err;
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 4aed5b4..9d83a8f 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -498,7 +498,8 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
if (!SRP_user_pwd_set_ids(user, username, NULL))
goto err;

- RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH);
+ if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+ goto err;
EVP_MD_CTX_init(&ctxt);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
@@ -550,7 +551,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
}

if (*salt == NULL) {
- RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
+ if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+ goto err;

s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
} else {
@@ -608,7 +610,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
goto err;

if (*salt == NULL) {
- RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
+ if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+ goto err;

*salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
}
diff --git a/crypto/srp/srptest.c b/crypto/srp/srptest.c
index 17a8256..1d463cd 100644
--- a/crypto/srp/srptest.c
+++ b/crypto/srp/srptest.c
@@ -59,7 +59,7 @@ static int run_srp(const char *username, const char *client_pass,
showbn("Verifier", v);

/* Server random */
- RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp));
+ RAND_bytes(rand_tmp, sizeof(rand_tmp));
b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
/* TODO - check b != 0 */
showbn("b", b);
@@ -74,7 +74,7 @@ static int run_srp(const char *username, const char *client_pass,
}

/* Client random */
- RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp));
+ RAND_bytes(rand_tmp, sizeof(rand_tmp));
a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
/* TODO - check a != 0 */
showbn("a", a);
diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
index 33303cc..3475551 100644
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -760,7 +760,8 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
if (tls_dhe1024 == NULL) {
int i;

- RAND_bytes((unsigned char *)&i, sizeof i);
+ if (RAND_bytes((unsigned char *)&i, sizeof i) <= 0)
+ goto err_return;
/*
* make sure that i is non-negative -- pick one of the provided
* seeds
diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod
index 1a9b91e..f3a5ed2 100644
--- a/doc/crypto/RAND_bytes.pod
+++ b/doc/crypto/RAND_bytes.pod
@@ -10,6 +10,8 @@ RAND_bytes, RAND_pseudo_bytes - generate random data

int RAND_bytes(unsigned char *buf, int num);

+Deprecated:
+
int RAND_pseudo_bytes(unsigned char *buf, int num);

=head1 DESCRIPTION
@@ -18,6 +20,7 @@ RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
into B<buf>. An error occurs if the PRNG has not been seeded with
enough randomness to ensure an unpredictable byte sequence.

+RAND_pseudo_bytes() has been deprecated. Users should use RAND_bytes() instead.
RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
unique if they are of sufficient length, but are not necessarily
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 22626f1..8d15f70 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1396,7 +1396,10 @@ int dtls1_process_heartbeat(SSL *s)
memcpy(bp, pl, payload);
bp += payload;
/* Random padding */
- RAND_pseudo_bytes(bp, padding);
+ if (RAND_bytes(bp, padding) <= 0) {
+ OPENSSL_free(buffer);
+ return -1;
+ }

r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);

@@ -1430,7 +1433,7 @@ int dtls1_process_heartbeat(SSL *s)
int dtls1_heartbeat(SSL *s)
{
unsigned char *buf, *p;
- int ret;
+ int ret = -1;
unsigned int payload = 18; /* Sequence number + random bytes */
unsigned int padding = 16; /* Use minimum padding */

@@ -1482,10 +1485,16 @@ int dtls1_heartbeat(SSL *s)
/* Sequence number */
s2n(s->tlsext_hb_seq, p);
/* 16 random bytes */
- RAND_pseudo_bytes(p, 16);
+ if (RAND_bytes(p, 16) <= 0) {
+ SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
p += 16;
/* Random padding */
- RAND_pseudo_bytes(p, padding);
+ if (RAND_bytes(p, padding) <= 0) {
+ SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }

ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
if (ret >= 0) {
@@ -1498,6 +1507,7 @@ int dtls1_heartbeat(SSL *s)
s->tlsext_hb_pending = 1;
}

+ err:
OPENSSL_free(buf);

return ret;
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 21a32bc..3451b7c 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -263,6 +263,7 @@ int ssl23_connect(SSL *s)
int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
{
int send_time = 0;
+
if (len < 4)
return 0;
if (server)
@@ -273,9 +274,9 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
unsigned long Time = (unsigned long)time(NULL);
unsigned char *p = result;
l2n(Time, p);
- return RAND_pseudo_bytes(p, len - 4);
+ return RAND_bytes(p, len - 4);
} else
- return RAND_pseudo_bytes(result, len);
+ return RAND_bytes(result, len);
}

static int ssl23_client_hello(SSL *s)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 27f03d4..bab95f3 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2810,7 +2810,12 @@ int ssl3_send_client_key_exchange(SSL *s)

EVP_PKEY_encrypt_init(pkey_ctx);
/* Generate session key */
- RAND_bytes(pms, pmslen);
+ if (RAND_bytes(pms, pmslen) <= 0) {
+ EVP_PKEY_CTX_free(pkey_ctx);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,

+ ERR_R_INTERNAL_ERROR);
+ goto err;

+ };
/*
* If we have client certificate, use its secret as peer key
*/
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ce52854..05dc439 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2168,10 +2168,7 @@ int ssl3_get_client_key_exchange(SSL *s)
* fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
*/

- /*
- * should be RAND_bytes, but we cannot work around a failure.
- */
- if (RAND_pseudo_bytes(rand_premaster_secret,
+ if (RAND_bytes(rand_premaster_secret,
sizeof(rand_premaster_secret)) <= 0)
goto err;
decrypt_len =
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 54974df..29bbc03 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1957,7 +1957,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tlsext_servername_callback = 0;
ret->tlsext_servername_arg = NULL;
/* Setup RFC4507 ticket keys */
- if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
+ if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0)
|| (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
|| (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
ret->options |= SSL_OP_NO_TICKET;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 22d2e66..9273eb6 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -257,7 +257,7 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
{
unsigned int retry = 0;
do
- if (RAND_pseudo_bytes(id, *id_len) <= 0)
+ if (RAND_bytes(id, *id_len) <= 0)
return 0;
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS)) ;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dd28cd6..b5eb4bf 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3634,7 +3634,10 @@ int tls1_process_heartbeat(SSL *s)
memcpy(bp, pl, payload);
bp += payload;
/* Random padding */
- RAND_pseudo_bytes(bp, padding);
+ if (RAND_bytes(bp, padding) <= 0) {
+ OPENSSL_free(buffer);
+ return -1;
+ }

r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,
3 + payload + padding);
@@ -3669,7 +3672,7 @@ int tls1_process_heartbeat(SSL *s)
int tls1_heartbeat(SSL *s)
{
unsigned char *buf, *p;
- int ret;
+ int ret = -1;
unsigned int payload = 18; /* Sequence number + random bytes */
unsigned int padding = 16; /* Use minimum padding */

@@ -3721,10 +3724,16 @@ int tls1_heartbeat(SSL *s)
/* Sequence number */
s2n(s->tlsext_hb_seq, p);
/* 16 random bytes */
- RAND_pseudo_bytes(p, 16);
+ if (RAND_bytes(p, 16) <= 0) {
+ SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
p += 16;
/* Random padding */
- RAND_pseudo_bytes(p, padding);
+ if (RAND_bytes(p, padding) <= 0) {
+ SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }

ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
if (ret >= 0) {
@@ -3736,8 +3745,8 @@ int tls1_heartbeat(SSL *s)
s->tlsext_hb_pending = 1;
}

+ err:
OPENSSL_free(buf);
-
return ret;
}
# endif
diff --git a/test/igetest.c b/test/igetest.c
index f3d10a9..96e9884 100644
--- a/test/igetest.c
+++ b/test/igetest.c
@@ -289,9 +289,9 @@ int main(int argc, char **argv)

assert(BIG_TEST_SIZE >= TEST_SIZE);

- RAND_pseudo_bytes(rkey, sizeof rkey);
- RAND_pseudo_bytes(plaintext, sizeof plaintext);
- RAND_pseudo_bytes(iv, sizeof iv);
+ RAND_bytes(rkey, sizeof rkey);
+ RAND_bytes(plaintext, sizeof plaintext);
+ RAND_bytes(iv, sizeof iv);
memcpy(saved_iv, iv, sizeof saved_iv);

/* Forward IGE only... */
@@ -390,7 +390,7 @@ int main(int argc, char **argv)
*/
/* possible with biIGE, so the IV is not updated. */

- RAND_pseudo_bytes(rkey2, sizeof rkey2);
+ RAND_bytes(rkey2, sizeof rkey2);

/* Straight encrypt/decrypt */
AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);

Matt Caswell

unread,

Mar 25, 2015, 8:51:00 AM3/25/15

to

The branch master has been updated

via 969467466cde0049aa7157fad6ca3753e7aa0493 (commit)
from 302d38e3f73d5fd2ba2fd30bb7798778cb9f18dd (commit)

- Log -----------------------------------------------------------------
commit 969467466cde0049aa7157fad6ca3753e7aa0493
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Feb 5 16:04:58 2015 +0000

SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG was disabled in 0.9.8q and 1.0.0c.
This commit sets the value of SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG to
zero.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/ssl.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index dec3abc..84de6a8 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -390,7 +390,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,

/* Allow initial connection to servers that don't support RI */
# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
-# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
+/* Removed from OpenSSL 0.9.8q and 1.0.0c */
+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0L
# define SSL_OP_TLSEXT_PADDING 0x00000010L
# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L

Matt Caswell

unread,

Mar 25, 2015, 9:03:28 AM3/25/15

to

The branch master has been updated

via c62e94d805fa2900a0d6d723715aaf45f75b6c14 (commit)
via b352160f816585d2be1bcd8862efae647968f406 (commit)
via e2095c6531da1207a936b65730db0222831a93ed (commit)
via 2cfbdd71dde0c3ddf4597eb20cc3e3fb8485fc15 (commit)
from 969467466cde0049aa7157fad6ca3753e7aa0493 (commit)

- Log -----------------------------------------------------------------
commit c62e94d805fa2900a0d6d723715aaf45f75b6c14
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Feb 10 13:15:25 2015 +0000

Fix HMAC to pass invalid key len test

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit b352160f816585d2be1bcd8862efae647968f406
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Feb 10 13:15:05 2015 +0000

Add HMAC test for invalid key len

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit e2095c6531da1207a936b65730db0222831a93ed
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Feb 10 11:39:52 2015 +0000

Ensure that both the MD and key have been initialised before attempting to
create an HMAC

Inspired by BoringSSL commit 2fe7f2d0d9a6fcc75b4e594eeec306cc55acd594

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 2cfbdd71dde0c3ddf4597eb20cc3e3fb8485fc15
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Feb 10 12:38:04 2015 +0000

Add more HMAC tests

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/hmac/hmac.c | 26 ++++++--
crypto/hmac/hmac.h | 1 +
crypto/hmac/hmactest.c | 174 +++++++++++++++++++++++++++++++++++++++++++++++--
3 files changed, 190 insertions(+), 11 deletions(-)

diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 3a4dfa4..8ee5b2a 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -71,8 +71,14 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
if (md != NULL) {
reset = 1;
ctx->md = md;
- } else
+ } else if(ctx->md) {
md = ctx->md;
+ } else {

+ return 0;
+ }
+

+ if(!ctx->key_init && key == NULL)
+ return 0;

if (key != NULL) {
reset = 1;
@@ -87,13 +93,15 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
&ctx->key_length))
goto err;
} else {
- OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key));
+ if(len < 0 || len > (int)sizeof(ctx->key))
+ return 0;
memcpy(ctx->key, key, len);
ctx->key_length = len;
}
if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
memset(&ctx->key[ctx->key_length], 0,
HMAC_MAX_MD_CBLOCK - ctx->key_length);
+ ctx->key_init = 1;
}

if (reset) {
@@ -129,6 +137,8 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)

int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
{
+ if(!ctx->key_init)
+ return 0;
return EVP_DigestUpdate(&ctx->md_ctx, data, len);
}

@@ -137,6 +147,9 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
unsigned int i;
unsigned char buf[EVP_MAX_MD_SIZE];

+ if(!ctx->key_init)
+ goto err;
+
if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
goto err;
if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))
@@ -155,6 +168,8 @@ void HMAC_CTX_init(HMAC_CTX *ctx)
EVP_MD_CTX_init(&ctx->i_ctx);
EVP_MD_CTX_init(&ctx->o_ctx);
EVP_MD_CTX_init(&ctx->md_ctx);
+ ctx->key_init = 0;
+ ctx->md = NULL;
}

int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
@@ -166,8 +181,11 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
goto err;
if (!EVP_MD_CTX_copy_ex(&dctx->md_ctx, &sctx->md_ctx))
goto err;
- memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
- dctx->key_length = sctx->key_length;
+ dctx->key_init = sctx->key_init;
+ if(sctx->key_init) {
+ memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+ dctx->key_length = sctx->key_length;
+ }
dctx->md = sctx->md;
return 1;
err:
diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h
index 81aa49d..61946fc 100644
--- a/crypto/hmac/hmac.h
+++ b/crypto/hmac/hmac.h
@@ -75,6 +75,7 @@ typedef struct hmac_ctx_st {
EVP_MD_CTX o_ctx;
unsigned int key_length;
unsigned char key[HMAC_MAX_MD_CBLOCK];
+ int key_init;
} HMAC_CTX;

# define HMAC_size(e) (EVP_MD_size((e)->md))
diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c
index de8d1c9..5e90dba 100644
--- a/crypto/hmac/hmactest.c
+++ b/crypto/hmac/hmactest.c
@@ -78,7 +78,7 @@ static struct test_st {
unsigned char data[64];
int data_len;
unsigned char *digest;
-} test[4] = {
+} test[8] = {
{
"", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54,
(unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
@@ -106,10 +106,27 @@ static struct test_st {
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd
}, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
},
+ {
+ "", 0, "My test data", 12,
+ (unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc"
+ },
+ {
+ "", 0, "My test data", 12,
+ (unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776"
+ },
+ {
+ "123456", 6, "My test data", 12,
+ (unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd"
+ },
+ {
+ "12345", 5, "My test data again", 12,
+ (unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb"
+ }
};
# endif

-static char *pt(unsigned char *md);
+static char *pt(unsigned char *md, unsigned int len);
+

int main(int argc, char *argv[])

{
# ifndef OPENSSL_NO_MD5
@@ -117,6 +134,9 @@ int main(int argc, char *argv[])
char *p;
# endif
int err = 0;
+ HMAC_CTX ctx, ctx2;
+ unsigned char buf[EVP_MAX_MD_SIZE];
+ unsigned int len;

# ifdef OPENSSL_NO_MD5
printf("test skipped: MD5 disabled\n");
@@ -132,26 +152,166 @@ int main(int argc, char *argv[])
for (i = 0; i < 4; i++) {
p = pt(HMAC(EVP_md5(),
test[i].key, test[i].key_len,
- test[i].data, test[i].data_len, NULL, NULL));
+ test[i].data, test[i].data_len, NULL, NULL),
+ MD5_DIGEST_LENGTH);

if (strcmp(p, (char *)test[i].digest) != 0) {
- printf("error calculating HMAC on %d entry'\n", i);
+ printf("Error calculating HMAC on %d entry'\n", i);
printf("got %s instead of %s\n", p, test[i].digest);
err++;
} else
printf("test %d ok\n", i);
}
# endif /* OPENSSL_NO_MD5 */
+
+/* test4 */
+ HMAC_CTX_init(&ctx);
+ if(HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) {
+ printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
+ err++;
+ goto test5;
+ }
+ if(HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
+ printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
+ err++;
+ goto test5;
+ }
+ if(HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) {
+ printf("Should fail to initialise HMAC with empty key (test 4)\n");
+ err++;
+ goto test5;
+ }
+ if(HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
+ printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
+ err++;
+ goto test5;
+ }
+ printf("test 4 ok\n");
+test5:
+ HMAC_CTX_init(&ctx);
+ if(HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) {
+ printf("Should fail to initialise HMAC with empty MD (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if(HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
+ printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if(HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) {
+ printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
+ err++;
+ goto test6;
+ }
+ if(!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
+ printf("Failed to initialise HMAC (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if(!HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
+ printf("Error updating HMAC with data (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if(!HMAC_Final(&ctx, buf, &len)) {
+ printf("Error finalising data (test 5)\n");
+ err++;
+ goto test6;
+ }
+ p = pt(buf, len);
+ if (strcmp(p, (char *)test[4].digest) != 0) {
+ printf("Error calculating interim HMAC on test 5\n");
+ printf("got %s instead of %s\n", p, test[4].digest);
+ err++;
+ goto test6;
+ }
+ if(!HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
+ printf("Failed to reinitialise HMAC (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if(!HMAC_Update(&ctx, test[5].data, test[5].data_len)) {
+ printf("Error updating HMAC with data (sha256) (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if(!HMAC_Final(&ctx, buf, &len)) {
+ printf("Error finalising data (sha256) (test 5)\n");
+ err++;
+ goto test6;
+ }
+ p = pt(buf, len);
+ if (strcmp(p, (char *)test[5].digest) != 0) {
+ printf("Error calculating 2nd interim HMAC on test 5\n");
+ printf("got %s instead of %s\n", p, test[5].digest);
+ err++;
+ goto test6;
+ }
+ if(!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) {
+ printf("Failed to reinitialise HMAC with key (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if(!HMAC_Update(&ctx, test[6].data, test[6].data_len)) {
+ printf("Error updating HMAC with data (new key) (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if(!HMAC_Final(&ctx, buf, &len)) {
+ printf("Error finalising data (new key) (test 5)\n");
+ err++;
+ goto test6;
+ }
+ p = pt(buf, len);
+ if (strcmp(p, (char *)test[6].digest) != 0) {
+ printf("error calculating HMAC on test 5\n");
+ printf("got %s instead of %s\n", p, test[6].digest);
+ err++;
+ } else {
+ printf("test 5 ok\n");
+ }
+test6:
+ HMAC_CTX_init(&ctx);
+ if(!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
+ printf("Failed to initialise HMAC (test 6)\n");
+ err++;
+ goto end;
+ }
+ if(!HMAC_Update(&ctx, test[7].data, test[7].data_len)) {
+ printf("Error updating HMAC with data (test 6)\n");
+ err++;
+ goto end;
+ }
+ if(!HMAC_CTX_copy(&ctx2, &ctx)) {
+ printf("Failed to copy HMAC_CTX (test 6)\n");
+ err++;
+ goto end;
+ }
+ if(!HMAC_Final(&ctx2, buf, &len)) {
+ printf("Error finalising data (test 6)\n");
+ err++;
+ goto end;
+ }
+ p = pt(buf, len);
+ if (strcmp(p, (char *)test[7].digest) != 0) {
+ printf("Error calculating HMAC on test 6\n");
+ printf("got %s instead of %s\n", p, test[7].digest);
+ err++;
+ } else {
+ printf("test 6 ok\n");
+ }
+end:
EXIT(err);
}

# ifndef OPENSSL_NO_MD5
-static char *pt(unsigned char *md)
+static char *pt(unsigned char *md, unsigned int len)
{
- int i;
+ unsigned int i;
static char buf[80];

- for (i = 0; i < MD5_DIGEST_LENGTH; i++)
+ for (i = 0; i < len; i++)
sprintf(&(buf[i * 2]), "%02x", md[i]);
return (buf);

Matt Caswell

unread,

Mar 25, 2015, 9:11:53 AM3/25/15

to

The branch master has been updated

via 70e5fd877890489a3972bf8bf50bfec1fca3875e (commit)
from c62e94d805fa2900a0d6d723715aaf45f75b6c14 (commit)

- Log -----------------------------------------------------------------
commit 70e5fd877890489a3972bf8bf50bfec1fca3875e
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Feb 25 11:30:43 2015 +0000

Fix bug in s_client. Previously default verify locations would only be loaded
if CAfile or CApath were also supplied and successfully loaded first.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/s_client.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index c02ed3c..cdea322 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1352,13 +1352,12 @@ int MAIN(int argc, char **argv)

SSL_CTX_set_verify(ctx, verify, verify_callback);

- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx))) {
- /*
- * BIO_printf(bio_err,"error setting default verify locations\n");
- */
+ if ((CAfile || CApath)
+ && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
ERR_print_errors(bio_err);
- /* goto end; */
}

ssl_ctx_add_crls(ctx, crls, crl_download);

Dr. Stephen Henson

unread,

Mar 25, 2015, 10:17:54 AM3/25/15

to

The branch master has been updated

via 9837bfbfc7a53dd531081b4ba8fe369d9c99116e (commit)
via 2743e38c2f4bcb00142d8c65e48a66f547033a64 (commit)
from 70e5fd877890489a3972bf8bf50bfec1fca3875e (commit)

- Log -----------------------------------------------------------------
commit 9837bfbfc7a53dd531081b4ba8fe369d9c99116e

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Mar 25 12:25:16 2015 +0000

make depend

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 2743e38c2f4bcb00142d8c65e48a66f547033a64

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Mar 16 17:43:17 2015 +0000

make X509_NAME opaque

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/ca.c | 2 +-
crypto/asn1/Makefile | 28 ++++++------------
crypto/asn1/a_strex.c | 4 +--
crypto/asn1/asn1_locl.h | 10 -------
crypto/asn1/tasn_prn.c | 2 +-
crypto/include/internal/asn1_int.h | 10 +++++++
.../v3_akeya.c => include/internal/x509_int.h} | 34 ++++++++++++----------
crypto/objects/Makefile | 5 ++--
crypto/x509/Makefile | 29 ++++++++++++++----
crypto/x509/x509.h | 18 ++----------
crypto/x509/x509_cmp.c | 1 +
crypto/x509/x509_obj.c | 1 +
crypto/x509/x509name.c | 6 ++++
crypto/{asn1 => x509}/x_name.c | 3 +-
crypto/x509v3/Makefile | 5 ++--
crypto/x509v3/v3_crld.c | 2 ++
crypto/x509v3/v3_ncons.c | 2 ++
17 files changed, 88 insertions(+), 74 deletions(-)
copy crypto/{x509v3/v3_akeya.c => include/internal/x509_int.h} (80%)
rename crypto/{asn1 => x509}/x_name.c (99%)

diff --git a/apps/ca.c b/apps/ca.c
index 9ef0ce3..b498b0a 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1688,7 +1688,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,

if (msie_hack) {
/* assume all type should be strings */
- nid = OBJ_obj2nid(ne->object);
+ nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));

if (str->type == V_ASN1_UNIVERSALSTRING)
ASN1_UNIVERSALSTRING_to_string(str);
diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index 6c7c22a..9f00de6 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -21,7 +21,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \
- x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+ x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \

tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \

@@ -35,7 +35,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
a_print.o a_type.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \
- x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+ x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \

tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \

@@ -193,7 +193,8 @@ a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h
+a_object.o: ../include/internal/asn1_int.h a_object.c
a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
a_octet.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -371,7 +372,8 @@ asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
asn_moid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-asn_moid.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn_moid.c
+asn_moid.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+asn_moid.o: ../include/internal/asn1_int.h asn_moid.c
asn_mstbl.o: ../../e_os.h ../../include/openssl/asn1.h
asn_mstbl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
asn_mstbl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -665,7 +667,8 @@ tasn_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h tasn_enc.c
+tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h
+tasn_enc.o: ../include/internal/asn1_int.h tasn_enc.c
tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
@@ -695,7 +698,7 @@ tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-tasn_prn.o: ../cryptlib.h asn1_locl.h tasn_prn.c
+tasn_prn.o: ../cryptlib.h ../include/internal/asn1_int.h tasn_prn.c
tasn_scn.o: ../../e_os.h ../../include/openssl/asn1.h
tasn_scn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tasn_scn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
@@ -781,19 +784,6 @@ x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_long.o: ../cryptlib.h x_long.c
-x_name.o: ../../e_os.h ../../include/openssl/asn1.h
-x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h x_name.c
x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 1744853..243e29a 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -501,7 +501,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
else
ent = X509_NAME_get_entry(n, i);
if (prev != -1) {
- if (prev == ent->set) {
+ if (prev == X509_NAME_ENTRY_set(ent)) {
if (!io_ch(arg, sep_mv, sep_mv_len))
return -1;
outlen += sep_mv_len;
@@ -514,7 +514,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
outlen += indent;
}
}
- prev = ent->set;
+ prev = X509_NAME_ENTRY_set(ent);
fn = X509_NAME_ENTRY_get_object(ent);
val = X509_NAME_ENTRY_get_data(ent);
fn_nid = OBJ_obj2nid(fn);
diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
index a7569e7..ec4c0e8 100644
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/asn1/asn1_locl.h
@@ -62,16 +62,6 @@

int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);

int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);

-/* ASN1 print context structure */
-
-struct asn1_pctx_st {
- unsigned long flags;
- unsigned long nm_flags;
- unsigned long cert_flags;
- unsigned long oid_flags;
- unsigned long str_flags;
-} /* ASN1_PCTX */ ;
-

/* ASN1 scan context structure */

struct asn1_sctx_st {
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
index d8450b3..cb3d35b 100644
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@@ -65,7 +65,7 @@
#include <openssl/buffer.h>
#include <openssl/err.h>

#include <openssl/x509v3.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"

/*
* Print routines.
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
index 20c8f40..9e74f47 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -119,3 +119,13 @@ struct asn1_object_st {

const unsigned char *data; /* data remains const after init */

int flags; /* Should we free this one */
};
+

+/* ASN1 print context structure */
+
+struct asn1_pctx_st {
+ unsigned long flags;
+ unsigned long nm_flags;
+ unsigned long cert_flags;
+ unsigned long oid_flags;
+ unsigned long str_flags;
+} /* ASN1_PCTX */ ;
diff --git a/crypto/x509v3/v3_akeya.c b/crypto/include/internal/x509_int.h
similarity index 80%
copy from crypto/x509v3/v3_akeya.c
copy to crypto/include/internal/x509_int.h
index 2cc85b7..761f702 100644
--- a/crypto/x509v3/v3_akeya.c
+++ b/crypto/include/internal/x509_int.h
@@ -1,10 +1,10 @@
-/* v3_akey_asn1.c */
+/* x509_int.h */

/*
* Written by Dr Stephen N Henson (st...@openssl.org) for the OpenSSL project

- * 1999.
+ * 2015.
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2015 The OpenSSL Project. All rights reserved.

*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

@@ -57,17 +57,21 @@
*
*/

-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
+/* Internal X509 structures and functions: not for application use */

-ASN1_SEQUENCE(AUTHORITY_KEYID) = {
- ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
- ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
- ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
-} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
+struct X509_name_entry_st {
+ ASN1_OBJECT *object;
+ ASN1_STRING *value;
+ int set;
+ int size; /* temp variable */
+};

-IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
+/* we always keep X509_NAMEs in 2 forms. */
+struct X509_name_st {
+ STACK_OF(X509_NAME_ENTRY) *entries;
+ int modified; /* true if 'bytes' needs to be built */
+ BUF_MEM *bytes;
+/* unsigned long hash; Keep the hash around for lookups */
+ unsigned char *canon_enc;
+ int canon_enclen;
+} /* X509_NAME */ ;
diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile
index a8aedbd..c6ea71e 100644
--- a/crypto/objects/Makefile
+++ b/crypto/objects/Makefile
@@ -103,7 +103,8 @@ obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h
+obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h
+obj_dat.o: ../include/internal/asn1_int.h obj_dat.c obj_dat.h
obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
obj_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -120,7 +121,7 @@ obj_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-obj_lib.o: ../cryptlib.h obj_lib.c
+obj_lib.o: ../cryptlib.h ../include/internal/asn1_int.h obj_lib.c
obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile
index 2a576e0..9572ed2 100644
--- a/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
@@ -22,13 +22,15 @@ LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \

x509_set.c x509cset.c x509rset.c x509_err.c \
x509name.c x509_v3.c x509_ext.c x509_att.c \
x509type.c x509_lu.c x_all.c x509_txt.c \

- x509_trs.c by_file.c by_dir.c x509_vpm.c x_attrib.c x_exten.c
+ x509_trs.c by_file.c by_dir.c x509_vpm.c \
+ x_attrib.c x_exten.c x_name.c

LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
x509_obj.o x509_req.o x509spki.o x509_vfy.o \
x509_set.o x509cset.o x509rset.o x509_err.o \
x509name.o x509_v3.o x509_ext.o x509_att.o \
x509type.o x509_lu.o x_all.o x509_txt.o \

- x509_trs.o by_file.o by_dir.o x509_vpm.o x_attrib.o x_exten.o
+ x509_trs.o by_file.o by_dir.o x509_vpm.o \
+ x_attrib.o x_exten.o x_name.o

SRC= $(LIBSRC)

@@ -137,7 +139,7 @@ x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_cmp.o: ../cryptlib.h x509_cmp.c
+x509_cmp.o: ../cryptlib.h ../include/internal/x509_int.h x509_cmp.c
x509_d2.o: ../../e_os.h ../../include/openssl/asn1.h
x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -216,7 +218,8 @@ x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_obj.c
+x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_obj.o: ../include/internal/x509_int.h x509_obj.c
x509_r2x.o: ../../e_os.h ../../include/openssl/asn1.h
x509_r2x.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -352,7 +355,8 @@ x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509name.c
+x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509name.o: ../include/internal/x509_int.h x509name.c
x509rset.o: ../../e_os.h ../../include/openssl/asn1.h
x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -433,3 +437,18 @@ x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_exten.o: ../../include/openssl/x509_vfy.h x509_lcl.h x_exten.c
+x_name.o: ../../e_os.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_name.o: ../include/internal/asn1_int.h ../include/internal/x509_int.h
+x_name.o: x_name.c
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 5fcea0c..7a59dab 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -148,25 +148,10 @@ typedef struct X509_sig_st {
ASN1_OCTET_STRING *digest;
} X509_SIG;

-typedef struct X509_name_entry_st {
- ASN1_OBJECT *object;
- ASN1_STRING *value;
- int set;
- int size; /* temp variable */
-} X509_NAME_ENTRY;
+typedef struct X509_name_entry_st X509_NAME_ENTRY;

DECLARE_STACK_OF(X509_NAME_ENTRY)

-/* we always keep X509_NAMEs in 2 forms. */
-struct X509_name_st {
- STACK_OF(X509_NAME_ENTRY) *entries;
- int modified; /* true if 'bytes' needs to be built */
- BUF_MEM *bytes;
-/* unsigned long hash; Keep the hash around for lookups */
- unsigned char *canon_enc;
- int canon_enclen;
-} /* X509_NAME */ ;
-

DECLARE_STACK_OF(X509_NAME)

# define X509_EX_V_NETSCAPE_HACK 0x8000

@@ -980,6 +965,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
const unsigned char *bytes, int len);
ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);

int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index eb46a67..51c47cc 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -63,6 +63,7 @@

#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>

+#include "internal/x509_int.h"

int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
{
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index d317f3a..4e80c1b 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -62,6 +62,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/buffer.h>
+#include "internal/x509_int.h"

char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 6ea601f..6bb1e5d 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -63,6 +63,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"

int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
{
@@ -395,3 +396,8 @@ ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
return (NULL);
return (ne->value);
}
+
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+{
+ return ne->set;
+}
diff --git a/crypto/asn1/x_name.c b/crypto/x509/x_name.c
similarity index 99%
rename from crypto/asn1/x_name.c
rename to crypto/x509/x_name.c
index b915050..e6a862e 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/x509/x_name.c
@@ -61,7 +61,8 @@

#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
-#include "asn1_locl.h"

+#include "internal/x509_int.h"
+#include "internal/asn1_int.h"

typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile
index 284dfa8..f232e67 100644
--- a/crypto/x509v3/Makefile
+++ b/crypto/x509v3/Makefile
@@ -310,7 +310,8 @@ v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c
+v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_crld.o: ../include/internal/x509_int.h v3_crld.c
v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h
v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -421,7 +422,7 @@ v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
v3_ncons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
v3_ncons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_ncons.o: ../cryptlib.h v3_ncons.c
+v3_ncons.o: ../cryptlib.h ../include/internal/x509_int.h v3_ncons.c
v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index 9363541..e38632f 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -64,6 +64,8 @@
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>

+#include "internal/x509_int.h"
+
static void *v2i_crld(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 3672b68..c66e080 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -63,6 +63,8 @@
#include <openssl/conf.h>
#include <openssl/x509v3.h>

+#include "internal/x509_int.h"
+
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval);

Dr. Stephen Henson

unread,

Mar 25, 2015, 10:20:14 AM3/25/15

to

The branch master has been updated

via 2011b169fa90edd4d986e7dbbd3d64587d316a22 (commit)
from 9837bfbfc7a53dd531081b4ba8fe369d9c99116e (commit)

- Log -----------------------------------------------------------------
commit 2011b169fa90edd4d986e7dbbd3d64587d316a22

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Feb 16 13:44:22 2015 +0000

Support key loading from certificate file

Support loading of key and certificate from the same file if
SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the
filename used for each certificate type and attempting to load a private
key from the file when SSL_CONF_CTX_finish is called.

Update docs.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/ssl/SSL_CONF_CTX_set_flags.pod | 7 ++++++
doc/ssl/SSL_CONF_cmd.pod | 6 ++---
ssl/ssl.h | 1 +
ssl/ssl_conf.c | 47 ++++++++++++++++++++++++++++++++++++--
4 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/doc/ssl/SSL_CONF_CTX_set_flags.pod b/doc/ssl/SSL_CONF_CTX_set_flags.pod
index 4e34280..fdff470 100644
--- a/doc/ssl/SSL_CONF_CTX_set_flags.pod
+++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod
@@ -40,6 +40,13 @@ both of these flags must be set.

recognise certificate and private key options.

+=item SSL_CONF_FLAG_REQUIRE_PRIVATE
+
+If this option is set then if a private key is not specified for a certificate
+it will attempt to load a private key from the certificate file when
+SSL_CONF_CTX_finish() is called. If a key cannot be loaded from the certificate
+file an error occurs.
+
=item SSL_CONF_FLAG_SHOW_ERRORS

indicate errors relating to unrecognised options or missing arguments in
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 90a20d6..c4f1309 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -101,7 +101,7 @@ are permitted.
Attempts to use the file B<value> as the private key for the appropriate
context. This option is only supported if certificate operations
are permitted. Note: if no B<-key> option is set then a private key is
-not loaded: it does not currently use the B<-cert> file.
+not loaded unless the flag B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set.

=item B<-dhparam>

@@ -192,8 +192,8 @@ are permitted.

Attempts to use the file B<value> as the private key for the appropriate
context. This option is only supported if certificate operations
-are permitted. Note: if no B<-key> option is set then a private key is
-not loaded: it does not currently use the B<Certificate> file.
+are permitted. Note: if no B<PrivateKey> option is set then a private key is
+not loaded unless the B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set.

=item B<ServerInfoFile>

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 84de6a8..c0a368b 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -588,6 +588,7 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
# define SSL_CONF_FLAG_SERVER 0x8
# define SSL_CONF_FLAG_SHOW_ERRORS 0x10
# define SSL_CONF_FLAG_CERTIFICATE 0x20
+# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40
/* Configuration value types */
# define SSL_CONF_TYPE_UNKNOWN 0x0
# define SSL_CONF_TYPE_STRING 0x1
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 25af065..0fd6c1f 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -119,6 +119,8 @@ struct ssl_conf_ctx_st {
SSL *ssl;
/* Pointer to SSL or SSL_CTX options field or NULL if none */
unsigned long *poptions;
+ /* Certificate filenames for each type */
+ char *cert_filename[SSL_PKEY_NUM];
/* Pointer to SSL or SSL_CTX cert_flags or NULL if none */
unsigned int *pcert_flags;
/* Current flag table being worked on */
@@ -364,12 +366,26 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
{
int rv = 1;
+ CERT *c = NULL;
if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
return -2;
- if (cctx->ctx)
+ if (cctx->ctx) {
rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value);
- if (cctx->ssl)
+ c = cctx->ctx->cert;
+ }
+ if (cctx->ssl) {
rv = SSL_use_certificate_file(cctx->ssl, value, SSL_FILETYPE_PEM);
+ c = cctx->ssl->cert;
+ }
+ if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+ char **pfilename = &cctx->cert_filename[c->key - c->pkeys];
+ if (*pfilename)
+ OPENSSL_free(*pfilename);
+ *pfilename = BUF_strdup(value);
+ if (!*pfilename)
+ rv = 0;
+ }
+
return rv > 0;
}

@@ -595,6 +611,7 @@ int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd)
SSL_CONF_CTX *SSL_CONF_CTX_new(void)
{
SSL_CONF_CTX *ret;
+ size_t i;
ret = OPENSSL_malloc(sizeof(SSL_CONF_CTX));
if (ret) {
ret->flags = 0;
@@ -606,18 +623,44 @@ SSL_CONF_CTX *SSL_CONF_CTX_new(void)
ret->pcert_flags = NULL;
ret->tbl = NULL;
ret->ntbl = 0;
+ for (i = 0; i < SSL_PKEY_NUM; i++)
+ ret->cert_filename[i] = NULL;
}
return ret;
}

int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
{
+ /* See if any certificates are missing private keys */
+ size_t i;
+ CERT *c = NULL;
+ if (cctx->ctx)
+ c = cctx->ctx->cert;
+ else if (cctx->ssl)
+ c = cctx->ssl->cert;
+ if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ const char *p = cctx->cert_filename[i];
+ /*
+ * If missing private key try to load one from certificate file
+ */
+ if (p && !c->pkeys[i].privatekey) {
+ if (!cmd_PrivateKey(cctx, p))

+ return 0;
+ }
+ }
+ }

return 1;
}

void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx)
{
if (cctx) {
+ size_t i;
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ if (cctx->cert_filename[i])
+ OPENSSL_free(cctx->cert_filename[i]);
+ }
if (cctx->prefix)
OPENSSL_free(cctx->prefix);
OPENSSL_free(cctx);

Rich Salz

unread,

Mar 25, 2015, 11:32:13 AM3/25/15

to

The branch master has been updated

via ca3a82c3b364e1e584546f0f3bbb938b0b472580 (commit)
from 2011b169fa90edd4d986e7dbbd3d64587d316a22 (commit)

- Log -----------------------------------------------------------------
commit ca3a82c3b364e1e584546f0f3bbb938b0b472580
Author: Rich Salz <rs...@openssl.org>
Date: Wed Mar 25 11:31:18 2015 -0400

free NULL cleanup

This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/apps.c | 12 ++++--------
apps/asn1pars.c | 9 +++------
apps/ca.c | 3 +--
apps/ciphers.c | 3 +--
apps/crl2p7.c | 9 +++------
apps/dgst.c | 6 ++----
apps/dh.c | 6 ++----
apps/dhparam.c | 6 ++----
apps/dsa.c | 6 ++----
apps/dsaparam.c | 6 ++----
apps/ec.c | 6 ++----
apps/ecparam.c | 6 ++----
apps/enc.c | 15 +++++----------
apps/engine.c | 3 +--
apps/errstr.c | 3 +--
apps/gendh.c | 3 +--
apps/gendsa.c | 6 ++----
apps/genpkey.c | 3 +--
apps/genrsa.c | 3 +--
apps/ocsp.c | 3 +--
apps/openssl.c | 6 ++----
apps/passwd.c | 6 ++----
apps/pkcs7.c | 6 ++----
apps/rand.c | 3 +--
apps/rsa.c | 3 +--
apps/s_client.c | 12 ++++--------
apps/s_server.c | 25 ++++++++-----------------
apps/sess_id.c | 6 ++----
apps/ts.c | 2 +-
crypto/asn1/asn_mime.c | 3 +--
crypto/asn1/bio_asn1.c | 4 ++--
crypto/asn1/bio_ndef.c | 3 +--
crypto/bio/bio_lib.c | 3 +--
crypto/bio/bss_acpt.c | 12 ++++--------
crypto/bio/bss_bio.c | 12 ++++--------
crypto/bio/bss_conn.c | 6 ++----
crypto/cms/cms_lib.c | 3 +--
crypto/cms/cms_sd.c | 3 +--
crypto/cms/cms_smime.c | 8 +++-----
crypto/dsa/dsatest.c | 6 ++----
crypto/ecdsa/ecdsatest.c | 3 +--
crypto/ocsp/ocsp_ht.c | 3 +--
crypto/pkcs7/pk7_doit.c | 29 ++++++++++-------------------
crypto/srp/srp_vfy.c | 3 +--
crypto/threads/mttest.c | 14 +++++---------
crypto/x509/by_file.c | 6 ++----
demos/b64.c | 12 ++++--------
demos/bio/saccept.c | 6 ++----
demos/bio/server-arg.c | 3 +--
demos/bio/server-conf.c | 3 +--
demos/cms/cms_comp.c | 6 ++----
demos/cms/cms_ddec.c | 12 ++++--------
demos/cms/cms_dec.c | 9 +++------
demos/cms/cms_denc.c | 12 ++++--------
demos/cms/cms_enc.c | 9 +++------
demos/cms/cms_sign.c | 9 +++------
demos/cms/cms_sign2.c | 9 +++------
demos/cms/cms_uncomp.c | 6 ++----
demos/cms/cms_ver.c | 9 +++------
demos/smime/smdec.c | 9 +++------
demos/smime/smenc.c | 9 +++------
demos/smime/smsign.c | 9 +++------
demos/smime/smsign2.c | 9 +++------
demos/smime/smver.c | 9 +++------
doc/crypto/BIO_new.pod | 5 ++++-
engines/e_chil.c | 9 +++------
engines/e_sureware.c | 9 +++------
ssl/bio_ssl.c | 9 +++------
ssl/s3_enc.c | 3 +--
ssl/s3_lib.c | 10 +++-------
ssl/ssl_cert.c | 6 ++----
ssl/ssl_conf.c | 3 +--
ssl/ssl_lib.c | 9 ++++-----
ssl/ssl_rsa.c | 24 ++++++++----------------
ssl/ssl_task.c | 12 ++++--------
ssl/ssltest.c | 36 ++++++++++++------------------------
76 files changed, 202 insertions(+), 390 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 233d382..1dcaabf 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1114,8 +1114,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
goto end;
}
end:
- if (key != NULL)
- BIO_free(key);
+ BIO_free(key);
if (pkey == NULL)
BIO_printf(err, "unable to load %s\n", key_descrip);
return (pkey);
@@ -1682,8 +1681,7 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
ai = NULL;
}
err:
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);

if (ai != NULL)
ASN1_INTEGER_free(ai);
return (ret);

@@ -1741,8 +1739,7 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
ai = NULL;
}
err:
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free_all(out);

if (ai != NULL)
ASN1_INTEGER_free(ai);
return (ret);

@@ -1896,8 +1893,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
NCONF_free(dbattr_conf);
if (tmpdb)
TXT_DB_free(tmpdb);
- if (in)
- BIO_free_all(in);
+ BIO_free_all(in);
return retdb;
}

diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index da95011..1576f1c 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -370,12 +370,9 @@ int MAIN(int argc, char **argv)
ret = 0;
end:
BIO_free(derout);
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
- if (b64 != NULL)
- BIO_free(b64);
+ BIO_free(in);
+ BIO_free_all(out);
+ BIO_free(b64);
if (ret != 0)
ERR_print_errors(bio_err);
if (buf != NULL)
diff --git a/apps/ca.c b/apps/ca.c
index b498b0a..89bece8 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1566,8 +1566,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
err:
if (req != NULL)
X509_REQ_free(req);
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ok);
}

diff --git a/apps/ciphers.c b/apps/ciphers.c
index 803b021..6c7ff01 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -227,8 +227,7 @@ int MAIN(int argc, char **argv)
SSL_CTX_free(ctx);
if (ssl != NULL)
SSL_free(ssl);
- if (STDout != NULL)
- BIO_free_all(STDout);
+ BIO_free_all(STDout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 0763817..ab0c3d6 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -268,10 +268,8 @@ int MAIN(int argc, char **argv)
}
ret = 0;
end:
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);
if (p7 != NULL)
PKCS7_free(p7);
if (crl != NULL)
@@ -326,8 +324,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
ret = count;
end:
/* never need to OPENSSL_free x */
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
if (sk != NULL)
sk_X509_INFO_free(sk);
return (ret);
diff --git a/apps/dgst.c b/apps/dgst.c
index 95e5fa3..ac3b583 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -518,8 +518,7 @@ int MAIN(int argc, char **argv)
OPENSSL_cleanse(buf, BUFSIZE);
OPENSSL_free(buf);
}
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
if (passin)
OPENSSL_free(passin);
BIO_free_all(out);
@@ -530,8 +529,7 @@ int MAIN(int argc, char **argv)
sk_OPENSSL_STRING_free(macopts);
if (sigbuf)
OPENSSL_free(sigbuf);
- if (bmd != NULL)
- BIO_free(bmd);
+ BIO_free(bmd);
apps_shutdown();
OPENSSL_EXIT(err);
}
diff --git a/apps/dh.c b/apps/dh.c
index a921633..1b653f5 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -310,10 +310,8 @@ int MAIN(int argc, char **argv)
}
ret = 0;
end:
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);

DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
diff --git a/apps/dhparam.c b/apps/dhparam.c

index 12a2be6..fc5962a 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -515,10 +515,8 @@ int MAIN(int argc, char **argv)
}
ret = 0;
end:
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);

DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
diff --git a/apps/dsa.c b/apps/dsa.c

index 8d085bc..1ea0d73 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -356,10 +356,8 @@ int MAIN(int argc, char **argv)
} else
ret = 0;
end:
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);
DSA_free(dsa);
if (passin)
OPENSSL_free(passin);
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index fc1c817..f63ecb2 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -434,10 +434,8 @@ int MAIN(int argc, char **argv)
end:

if (cb != NULL)
BN_GENCB_free(cb);

- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);
DSA_free(dsa);
apps_shutdown();
OPENSSL_EXIT(ret);
diff --git a/apps/ec.c b/apps/ec.c
index b04dada..2064723 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -343,10 +343,8 @@ int MAIN(int argc, char **argv)
} else
ret = 0;
end:
- if (in)
- BIO_free(in);
- if (out)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);
if (eckey)
EC_KEY_free(eckey);
if (passin)
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 06ac77b..d417747 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -621,10 +621,8 @@ int MAIN(int argc, char **argv)
BN_free(ec_cofactor);
if (buffer)
OPENSSL_free(buffer);
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);
if (group != NULL)
EC_GROUP_free(group);
apps_shutdown();
diff --git a/apps/enc.c b/apps/enc.c
index 1739b7e..b95a6a2 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -657,17 +657,12 @@ int MAIN(int argc, char **argv)
OPENSSL_free(strbuf);
if (buff != NULL)
OPENSSL_free(buff);
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
- if (benc != NULL)
- BIO_free(benc);
- if (b64 != NULL)
- BIO_free(b64);
+ BIO_free(in);
+ BIO_free_all(out);
+ BIO_free(benc);
+ BIO_free(b64);
#ifdef ZLIB
- if (bzl != NULL)
- BIO_free(bzl);
+ BIO_free(bzl);
#endif
if (pass)
OPENSSL_free(pass);
diff --git a/apps/engine.c b/apps/engine.c
index 8a1e746..5386465 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -497,8 +497,7 @@ int MAIN(int argc, char **argv)
sk_OPENSSL_STRING_pop_free(engines, identity);
sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
sk_OPENSSL_STRING_pop_free(post_cmds, identity);
- if (bio_out != NULL)
- BIO_free_all(bio_out);
+ BIO_free_all(bio_out);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/errstr.c b/apps/errstr.c
index c2d4fde..668c5f3 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -100,8 +100,7 @@ int MAIN(int argc, char **argv)
lh_ERR_STRING_DATA_node_usage_stats_bio(ERR_get_string_table(),
out);
}
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free_all(out);
argc--;
argv++;
}
diff --git a/apps/gendh.c b/apps/gendh.c
index 6102b79..904bcf3 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -210,8 +210,7 @@ int MAIN(int argc, char **argv)
end:
if (ret != 0)
ERR_print_errors(bio_err);
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free_all(out);

DH_free(dh);
if (cb != NULL)
BN_GENCB_free(cb);

diff --git a/apps/gendsa.c b/apps/gendsa.c
index d330a01..8288eb9 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -267,10 +267,8 @@ int MAIN(int argc, char **argv)
end:
if (ret != 0)
ERR_print_errors(bio_err);
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);
DSA_free(dsa);
if (passout)
OPENSSL_free(passout);
diff --git a/apps/genpkey.c b/apps/genpkey.c
index fc19a92..5b7f433 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -272,8 +272,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(pkey);
if (ctx)
EVP_PKEY_CTX_free(ctx);
- if (out)
- BIO_free_all(out);
+ BIO_free_all(out);
BIO_free(in);
if (pass)
OPENSSL_free(pass);
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 1b06c82..cf60219 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -312,8 +312,7 @@ int MAIN(int argc, char **argv)
if (cb)
BN_GENCB_free(cb);
RSA_free(rsa);
- if (out)
- BIO_free_all(out);
+ BIO_free_all(out);
if (passout)
OPENSSL_free(passout);
if (ret != 0)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 83a7175..9538096 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1362,8 +1362,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
if (!resp)
BIO_printf(bio_err, "Error querying OCSP responder\n");
end:
- if (cbio)
- BIO_free_all(cbio);
+ BIO_free_all(cbio);
if (ctx)
SSL_CTX_free(ctx);
return resp;
diff --git a/apps/openssl.c b/apps/openssl.c
index e070a44..e93aed7 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -431,10 +431,8 @@ int main(int Argc, char *ARGV[])
#endif
apps_shutdown();
CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL) {
- BIO_free(bio_err);
- bio_err = NULL;
- }
+ BIO_free(bio_err);
+ bio_err = NULL;

OPENSSL_EXIT(ret);
}
diff --git a/apps/passwd.c b/apps/passwd.c
index 798a6d5..2814b32 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -273,10 +273,8 @@ int MAIN(int argc, char **argv)
OPENSSL_free(salt_malloc);
if (passwd_malloc)
OPENSSL_free(passwd_malloc);
- if (in)
- BIO_free(in);
- if (out)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 643507f..1b07c02 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -299,10 +299,8 @@ int MAIN(int argc, char **argv)
end:
if (p7 != NULL)
PKCS7_free(p7);
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free(in);
+ BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/rand.c b/apps/rand.c
index e159da3..45f16b9 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -222,8 +222,7 @@ int MAIN(int argc, char **argv)

err:
ERR_print_errors(bio_err);
- if (out)
- BIO_free_all(out);
+ BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/rsa.c b/apps/rsa.c
index ac4a3c4..2f3f871 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -422,8 +422,7 @@ int MAIN(int argc, char **argv)
} else
ret = 0;
end:
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free_all(out);
RSA_free(rsa);
if (passin)
OPENSSL_free(passin);
diff --git a/apps/s_client.c b/apps/s_client.c
index cdea322..0874983 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2059,14 +2059,10 @@ int MAIN(int argc, char **argv)
OPENSSL_cleanse(mbuf, BUFSIZZ);
OPENSSL_free(mbuf);
}
- if (bio_c_out != NULL) {
- BIO_free(bio_c_out);
- bio_c_out = NULL;
- }
- if (bio_c_msg != NULL) {
- BIO_free(bio_c_msg);
- bio_c_msg = NULL;
- }
+ BIO_free(bio_c_out);
+ bio_c_out = NULL;
+ BIO_free(bio_c_msg);
+ bio_c_msg = NULL;
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/s_server.c b/apps/s_server.c
index c3884d2..37c40cb 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2039,8 +2039,7 @@ int MAIN(int argc, char *argv[])
X509_free(s_cert2);
if (s_key2)
EVP_PKEY_free(s_key2);
- if (serverinfo_in != NULL)
- BIO_free(serverinfo_in);
+ BIO_free(serverinfo_in);
# ifndef OPENSSL_NO_NEXTPROTONEG
if (next_proto.data)
OPENSSL_free(next_proto.data);
@@ -2057,14 +2056,10 @@ int MAIN(int argc, char *argv[])
if (jpake_secret && psk_key)
OPENSSL_free(psk_key);
#endif
- if (bio_s_out != NULL) {
- BIO_free(bio_s_out);
- bio_s_out = NULL;
- }
- if (bio_s_msg != NULL) {
- BIO_free(bio_s_msg);
- bio_s_msg = NULL;
- }
+ BIO_free(bio_s_out);
+ bio_s_out = NULL;
+ BIO_free(bio_s_msg);
+ bio_s_msg = NULL;
apps_shutdown();
OPENSSL_EXIT(ret);
}
@@ -2661,8 +2656,7 @@ static DH *load_dh_param(const char *dhfile)
goto err;
ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
err:
- if (bio != NULL)
- BIO_free(bio);
+ BIO_free(bio);
return (ret);
}
#endif
@@ -3021,9 +3015,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)

if (buf != NULL)
OPENSSL_free(buf);
- if (io != NULL)
- BIO_free_all(io);
-/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
+ BIO_free_all(io);
return (ret);
}

@@ -3159,8 +3151,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)

if (buf != NULL)
OPENSSL_free(buf);
- if (io != NULL)
- BIO_free_all(io);
+ BIO_free_all(io);
return (ret);
}

diff --git a/apps/sess_id.c b/apps/sess_id.c
index 9400af9..53ccbb3 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -237,8 +237,7 @@ int MAIN(int argc, char **argv)
}
ret = 0;
end:
- if (out != NULL)
- BIO_free_all(out);
+ BIO_free_all(out);
if (x != NULL)
SSL_SESSION_free(x);
apps_shutdown();
@@ -279,7 +278,6 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
}

end:
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (x);
}
diff --git a/apps/ts.c b/apps/ts.c
index fb77d6a..4c32ada 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -162,8 +162,8 @@ int MAIN(int argc, char **argv)
apps_startup();

if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL) {
- free_bio_err = 1;
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ free_bio_err = 1;
}

if (!load_config(bio_err, NULL))
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index e96fb02..e810345 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -650,8 +650,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
BIO_write(bpart, linebuf, len);
}
}
- if (bpart != NULL)
- BIO_free(bpart);
+ BIO_free(bpart);
return 0;
}

diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
index 0b4fd1d..d4be23c 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -179,8 +179,8 @@ static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)

static int asn1_bio_free(BIO *b)
{
- BIO_ASN1_BUF_CTX *ctx;
- ctx = (BIO_ASN1_BUF_CTX *)b->ptr;
+ BIO_ASN1_BUF_CTX *ctx = (BIO_ASN1_BUF_CTX *)b->ptr;
+
if (ctx == NULL)
return 0;
if (ctx->buf)
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index 4a73ca9..1018787 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -142,8 +142,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
return sarg.ndef_bio;

err:
- if (asn_bio)
- BIO_free(asn_bio);
+ BIO_free(asn_bio);
if (ndef_aux)
OPENSSL_free(ndef_aux);
return NULL;
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 11e0142..a5d8680 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -549,8 +549,7 @@ BIO *BIO_dup_chain(BIO *in)
}
return (ret);

err:
- if (ret != NULL)

- BIO_free(ret);
+ BIO_free(ret);
return (NULL);
}

diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 5aa06cf..72f7bd2 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -155,8 +155,7 @@ static void BIO_ACCEPT_free(BIO_ACCEPT *a)
OPENSSL_free(a->param_addr);
if (a->addr != NULL)
OPENSSL_free(a->addr);
- if (a->bio_chain != NULL)
- BIO_free(a->bio_chain);
+ BIO_free(a->bio_chain);
OPENSSL_free(a);
}

@@ -360,8 +359,7 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
} else if (num == 1) {
data->accept_nbio = (ptr != NULL);
} else if (num == 2) {
- if (data->bio_chain != NULL)
- BIO_free(data->bio_chain);
+ BIO_free(data->bio_chain);
data->bio_chain = (BIO *)ptr;
}
}
@@ -448,10 +446,8 @@ BIO *BIO_new_accept(const char *str)
return (NULL);
if (BIO_set_accept_port(ret, str))
return (ret);
- else {
- BIO_free(ret);
- return (NULL);
- }
+ BIO_free(ret);
+ return (NULL);
}

#endif
diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
index d629a37..c6bb3d6 100644
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -788,14 +788,10 @@ int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,

err:
if (ret == 0) {
- if (bio1) {
- BIO_free(bio1);
- bio1 = NULL;
- }
- if (bio2) {
- BIO_free(bio2);
- bio2 = NULL;
- }
+ BIO_free(bio1);
+ bio1 = NULL;
+ BIO_free(bio2);
+ bio2 = NULL;
}

*bio1_p = bio1;
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index c7f57f1..e95b4b3 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -588,10 +588,8 @@ BIO *BIO_new_connect(const char *str)
return (NULL);
if (BIO_set_conn_hostname(ret, str))
return (ret);
- else {
- BIO_free(ret);
- return (NULL);
- }
+ BIO_free(ret);
+ return (NULL);
}

#endif
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 7e1c1e8..6d2a0e8 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -354,8 +354,7 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
}
return mdbio;
err:
- if (mdbio)
- BIO_free(mdbio);
+ BIO_free(mdbio);
return NULL;
}

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index b8ed1a1..c45d30e 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -806,8 +806,7 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
}
return chain;
err:
- if (chain)
- BIO_free_all(chain);
+ BIO_free_all(chain);
return NULL;
}

diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 6f6f20d..f491ec9 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -114,7 +114,7 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
r = 1;

err:
- if (tmpout && (tmpout != out))
+ if (tmpout != out)
BIO_free(tmpout);
return r;

@@ -446,14 +446,13 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
if (tmpin != dcont)
BIO_free(tmpin);
} else {
-
if (dcont && (tmpin == dcont))
do_free_upto(cmsbio, dcont);
else
BIO_free_all(cmsbio);
}

- if (tmpout && out != tmpout)
+ if (out != tmpout)
BIO_free_all(tmpout);

if (cms_certs)
@@ -580,8 +579,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
r = 1;

err:
- if (rct_cont)
- BIO_free(rct_cont);
+ BIO_free(rct_cont);
if (r)
return cms;
CMS_ContentInfo_free(cms);
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index bf47816..a5d40f1 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -218,10 +218,8 @@ int main(int argc, char **argv)
ERR_remove_thread_state(NULL);
ERR_free_strings();
CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL) {
- BIO_free(bio_err);
- bio_err = NULL;
- }
+ BIO_free(bio_err);
+ bio_err = NULL;
# ifdef OPENSSL_SYS_NETWARE
if (!ret)
printf("ERROR\n");
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index c2132da..346ccd0 100644
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -563,8 +563,7 @@ int main(void)
ERR_remove_thread_state(NULL);
ERR_free_strings();
CRYPTO_mem_leaks(out);
- if (out != NULL)
- BIO_free(out);
+ BIO_free(out);
return ret;
}
#endif
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
index aca0d48..4a06a8e 100644
--- a/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
@@ -136,8 +136,7 @@ OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline)

void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
{
- if (rctx->mem)
- BIO_free(rctx->mem);
+ BIO_free(rctx->mem);
if (rctx->iobuf)
OPENSSL_free(rctx->iobuf);
OPENSSL_free(rctx);
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index f77326b..b7c66a3 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -128,8 +128,7 @@ static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
return 1;

err:
- if (btmp)
- BIO_free(btmp);
+ BIO_free(btmp);
return 0;

}
@@ -390,16 +389,12 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
BIO_push(out, bio);
else
out = bio;
- bio = NULL;
- if (0) {
+ return out;
+
err:
- if (out != NULL)
- BIO_free_all(out);
- if (btmp != NULL)
- BIO_free_all(btmp);
- out = NULL;
- }
- return (out);
+ BIO_free_all(out);
+ BIO_free_all(btmp);
+ return NULL;
}

static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
@@ -637,14 +632,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
OPENSSL_cleanse(tkey, tkeylen);
OPENSSL_free(tkey);
}
- if (out != NULL)
- BIO_free_all(out);
- if (btmp != NULL)
- BIO_free_all(btmp);
- if (etmp != NULL)
- BIO_free_all(etmp);
- if (bio != NULL)
- BIO_free_all(bio);
+ BIO_free_all(out);
+ BIO_free_all(btmp);
+ BIO_free_all(etmp);
+ BIO_free_all(bio);
out = NULL;
}
return (out);
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 9d83a8f..82b9a77 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -460,8 +460,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)

if (tmpdb)
TXT_DB_free(tmpdb);
- if (in)
- BIO_free_all(in);
+ BIO_free_all(in);

sk_SRP_gN_free(SRP_gN_tab);

diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c
index ea3784c..f6f8df2 100644
--- a/crypto/threads/mttest.c
+++ b/crypto/threads/mttest.c
@@ -612,15 +612,11 @@ int doit(char *ctx[4])
}

/* The SSL's are optionally freed in the following calls */
- if (c_to_s != NULL)
- BIO_free(c_to_s);
- if (s_to_c != NULL)
- BIO_free(s_to_c);
-
- if (c_bio != NULL)
- BIO_free(c_bio);
- if (s_bio != NULL)
- BIO_free(s_bio);
+ BIO_free(c_to_s);
+ BIO_free(s_to_c);
+
+ BIO_free(c_bio);
+ BIO_free(s_bio);
return (0);
}

diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 43a0730..bc1c90c 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -176,8 +176,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
err:
if (x != NULL)
X509_free(x);
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ret);
}

@@ -235,8 +234,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
err:
if (x != NULL)
X509_CRL_free(x);
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ret);
}

diff --git a/demos/b64.c b/demos/b64.c
index d8ed2a6..fcc6956 100644
--- a/demos/b64.c
+++ b/demos/b64.c
@@ -243,13 +243,9 @@ char **argv;
OPENSSL_free(strbuf);
if (buff != NULL)
OPENSSL_free(buff);
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free(out);
- if (benc != NULL)
- BIO_free(benc);
- if (b64 != NULL)
- BIO_free(b64);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(benc);
+ BIO_free(b64);
EXIT(ret);
}
diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
index 8c75029..505d98b 100644
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@@ -22,8 +22,7 @@ BIO *in = NULL;

void close_up()
{
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);

}

int main(int argc, char *argv[])

@@ -101,8 +100,7 @@ int main(int argc, char *argv[])
if (ret) {
ERR_print_errors_fp(stderr);
}
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
exit(ret);
return (!ret);
}
diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c
index 7ba54db..4f65227 100644
--- a/demos/bio/server-arg.c
+++ b/demos/bio/server-arg.c
@@ -137,8 +137,7 @@ int main(int argc, char *argv[])
if (ret) {
ERR_print_errors_fp(stderr);
}
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
exit(ret);
return (!ret);
}
diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c
index a09bc93..5355839 100644
--- a/demos/bio/server-conf.c
+++ b/demos/bio/server-conf.c
@@ -131,8 +131,7 @@ int main(int argc, char *argv[])
if (ret) {
ERR_print_errors_fp(stderr);
}
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
exit(ret);
return (!ret);
}
diff --git a/demos/cms/cms_comp.c b/demos/cms/cms_comp.c
index 059152f..e117d37 100644
--- a/demos/cms/cms_comp.c
+++ b/demos/cms/cms_comp.c
@@ -50,10 +50,8 @@ int main(int argc, char **argv)

if (cms)
CMS_ContentInfo_free(cms);
- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
+ BIO_free(in);
+ BIO_free(out);

return ret;

diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c
index 37ac97f..7247e57 100644
--- a/demos/cms/cms_ddec.c
+++ b/demos/cms/cms_ddec.c
@@ -75,14 +75,10 @@ int main(int argc, char **argv)
if (rkey)
EVP_PKEY_free(rkey);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
- if (dcont)
- BIO_free(dcont);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);
+ BIO_free(dcont);

return ret;

diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c
index 3291eac..e9782d7 100644
--- a/demos/cms/cms_dec.c
+++ b/demos/cms/cms_dec.c
@@ -66,12 +66,9 @@ int main(int argc, char **argv)
if (rkey)
EVP_PKEY_free(rkey);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c
index c86a5fd..8526717 100644
--- a/demos/cms/cms_denc.c
+++ b/demos/cms/cms_denc.c
@@ -84,14 +84,10 @@ int main(int argc, char **argv)
if (recips)
sk_X509_pop_free(recips, X509_free);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (dout)
- BIO_free(dout);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(dout);
+ BIO_free(tbio);

return ret;

diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c
index e8ecb48..4395e6b 100644
--- a/demos/cms/cms_enc.c
+++ b/demos/cms/cms_enc.c
@@ -80,12 +80,9 @@ int main(int argc, char **argv)
if (recips)
sk_X509_pop_free(recips, X509_free);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c
index 4bf85d1..9f2cff0 100644
--- a/demos/cms/cms_sign.c
+++ b/demos/cms/cms_sign.c
@@ -76,12 +76,9 @@ int main(int argc, char **argv)
if (skey)
EVP_PKEY_free(skey);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c
index 7e98a51..23c6eb8 100644
--- a/demos/cms/cms_sign2.c
+++ b/demos/cms/cms_sign2.c
@@ -90,12 +90,9 @@ int main(int argc, char **argv)
if (skey)
EVP_PKEY_free(skey2);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/demos/cms/cms_uncomp.c b/demos/cms/cms_uncomp.c
index 392f4b4..8d45834 100644
--- a/demos/cms/cms_uncomp.c
+++ b/demos/cms/cms_uncomp.c
@@ -45,10 +45,8 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
+ BIO_free(in);
+ BIO_free(out);

return ret;

diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c
index ca93551..4227531 100644
--- a/demos/cms/cms_ver.c
+++ b/demos/cms/cms_ver.c
@@ -73,12 +73,9 @@ int main(int argc, char **argv)
if (cacert)
X509_free(cacert);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c
index 6814d51..b50f8df 100644
--- a/demos/smime/smdec.c
+++ b/demos/smime/smdec.c
@@ -66,12 +66,9 @@ int main(int argc, char **argv)
if (rkey)
EVP_PKEY_free(rkey);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/demos/smime/smenc.c b/demos/smime/smenc.c
index 18bf7b1..5a85537 100644
--- a/demos/smime/smenc.c
+++ b/demos/smime/smenc.c
@@ -80,12 +80,9 @@ int main(int argc, char **argv)
if (recips)
sk_X509_pop_free(recips, X509_free);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c
index c7bf86d..6b9dfdd 100644
--- a/demos/smime/smsign.c
+++ b/demos/smime/smsign.c
@@ -76,12 +76,9 @@ int main(int argc, char **argv)
if (skey)
EVP_PKEY_free(skey);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c
index a116094..5d9de35 100644
--- a/demos/smime/smsign2.c
+++ b/demos/smime/smsign2.c
@@ -90,12 +90,9 @@ int main(int argc, char **argv)
if (skey)
EVP_PKEY_free(skey2);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/demos/smime/smver.c b/demos/smime/smver.c
index 21937df..4088d3c 100644
--- a/demos/smime/smver.c
+++ b/demos/smime/smver.c
@@ -73,12 +73,9 @@ int main(int argc, char **argv)
if (cacert)
X509_free(cacert);

- if (in)
- BIO_free(in);
- if (out)
- BIO_free(out);
- if (tbio)
- BIO_free(tbio);
+ BIO_free(in);
+ BIO_free(out);
+ BIO_free(tbio);

return ret;

diff --git a/doc/crypto/BIO_new.pod b/doc/crypto/BIO_new.pod
index 2a245fc..76679f3 100644
--- a/doc/crypto/BIO_new.pod
+++ b/doc/crypto/BIO_new.pod
@@ -21,13 +21,16 @@ The BIO_new() function returns a new BIO using method B<type>.
BIO_set() sets the method of an already existing BIO.

BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO
-but it does not return a value. Calling BIO_free() may also have some effect
+but it does not return a value.
+If B<a> is NULL nothing is done.
+Calling BIO_free() may also have some effect
on the underlying I/O structure, for example it may close the file being
referred to under certain circumstances. For more details see the individual
BIO_METHOD descriptions.

BIO_free_all() frees up an entire BIO chain, it does not halt if an error
occurs freeing up an individual BIO in the chain.
+If B<a> is NULL nothing is done.

=head1 RETURN VALUES

diff --git a/engines/e_chil.c b/engines/e_chil.c
index 19d29d7..c06ab1a 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -656,8 +656,7 @@ static int hwcrhk_finish(ENGINE *e)
goto err;
}
err:
- if (logstream)
- BIO_free(logstream);
+ BIO_free(logstream);
hwcrhk_dso = NULL;
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
@@ -693,10 +692,8 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
BIO *bio = (BIO *)p;

CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if (logstream) {
- BIO_free(logstream);
- logstream = NULL;
- }
+ BIO_free(logstream);
+ logstream = NULL;
if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
logstream = bio;
else
diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index 3c7b2b2..5e1786c 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -404,10 +404,8 @@ static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
{
BIO *bio = (BIO *)p;
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if (logstream) {
- BIO_free(logstream);
- logstream = NULL;
- }
+ BIO_free(logstream);
+ logstream = NULL;
if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
logstream = bio;
else
@@ -596,8 +594,7 @@ static int surewarehk_finish(ENGINE *e)
goto err;
}
err:
- if (logstream)
- BIO_free(logstream);
+ BIO_free(logstream);
surewarehk_dso = NULL;
p_surewarehk_Init = NULL;
p_surewarehk_Finish = NULL;
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 99f8b5e..11a2aad 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -503,10 +503,8 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
goto err;
return (ret);
err:
- if (buf != NULL)
- BIO_free(buf);
- if (ssl != NULL)
- BIO_free(ssl);
+ BIO_free(buf);
+ BIO_free(ssl);
#endif
return (NULL);
}
@@ -524,8 +522,7 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
goto err;
return (ret);
err:
- if (con != NULL)
- BIO_free(con);
+ BIO_free(con);
#endif
return (NULL);
}
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index bcefe12..94f6dd0 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -558,8 +558,7 @@ int ssl3_enc(SSL *s, int send)

void ssl3_init_finished_mac(SSL *s)
{
- if (s->s3->handshake_buffer)
- BIO_free(s->s3->handshake_buffer);
+ BIO_free(s->s3->handshake_buffer);
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
s->s3->handshake_buffer = BIO_new(BIO_s_mem());
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 9893930..bed4a4e 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3147,9 +3147,7 @@ void ssl3_free(SSL *s)

if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
- if (s->s3->handshake_buffer) {
- BIO_free(s->s3->handshake_buffer);
- }
+ BIO_free(s->s3->handshake_buffer);
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
#ifndef OPENSSL_NO_TLSEXT
@@ -3200,10 +3198,8 @@ void ssl3_clear(SSL *s)
rlen = s->s3->rbuf.len;
wlen = s->s3->wbuf.len;
init_extra = s->s3->init_extra;
- if (s->s3->handshake_buffer) {
- BIO_free(s->s3->handshake_buffer);
- s->s3->handshake_buffer = NULL;
- }
+ BIO_free(s->s3->handshake_buffer);
+ s->s3->handshake_buffer = NULL;
if (s->s3->handshake_dgst) {
ssl3_free_digest_list(s);
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index cbfe7bb..367f7a9 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -877,8 +877,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
}
if (sk != NULL)
sk_X509_NAME_free(sk);
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
if (x != NULL)
X509_free(x);
if (ret != NULL)
@@ -938,8 +937,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
err:
ret = 0;
}
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
if (x != NULL)
X509_free(x);

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 0fd6c1f..43821f6 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -438,8 +438,7 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)

rv = SSL_set_tmp_dh(cctx->ssl, dh);
end:

DH_free(dh);
- if (in)
- BIO_free(in);
+ BIO_free(in);
return rv > 0;
}
#endif
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 29bbc03..1e9ad91 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -543,9 +543,8 @@ void SSL_free(SSL *s)
BIO_free(s->bbio);
s->bbio = NULL;
}
- if (s->rbio != NULL)
- BIO_free_all(s->rbio);
- if ((s->wbio != NULL) && (s->wbio != s->rbio))
+ BIO_free_all(s->rbio);
+ if (s->wbio != s->rbio)
BIO_free_all(s->wbio);

if (s->init_buf != NULL)
@@ -621,7 +620,7 @@ void SSL_free(SSL *s)

void SSL_set_rbio(SSL *s, BIO *rbio)

{
- if ((s->rbio != NULL) && (s->rbio != rbio))
+ if (s->rbio != rbio)
BIO_free_all(s->rbio);
s->rbio = rbio;
}
@@ -637,7 +636,7 @@ void SSL_set_wbio(SSL *s, BIO *wbio)
s->bbio->next_bio = NULL;
}
}
- if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
+ if (s->wbio != wbio && s->rbio != s->wbio)
BIO_free_all(s->wbio);
s->wbio = wbio;
}
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 60a6834..90fe8c8 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -121,8 +121,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
end:
if (x != NULL)
X509_free(x);
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ret);
}
#endif
@@ -262,8 +261,7 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
ret = SSL_use_RSAPrivateKey(ssl, rsa);
RSA_free(rsa);
end:
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ret);
}
# endif
@@ -335,8 +333,7 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
ret = SSL_use_PrivateKey(ssl, pkey);
EVP_PKEY_free(pkey);
end:
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ret);
}
#endif
@@ -470,8 +467,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
end:
if (x != NULL)
X509_free(x);
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ret);
}
#endif
@@ -552,8 +548,7 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
RSA_free(rsa);
end:
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ret);
}
# endif
@@ -622,8 +617,7 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
EVP_PKEY_free(pkey);
end:
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ret);
}
#endif
@@ -726,8 +720,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
end:
if (x != NULL)
X509_free(x);
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
return (ret);
}
#endif
@@ -991,8 +984,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
OPENSSL_free(header);
OPENSSL_free(extension);
OPENSSL_free(serverinfo);
- if (bin != NULL)
- BIO_free(bin);
+ BIO_free(bin);
return ret;
}
# endif /* OPENSSL_NO_STDIO */
diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c
index ab37cc6..d5ca89f 100644
--- a/ssl/ssl_task.c
+++ b/ssl/ssl_task.c
@@ -381,13 +381,9 @@ int doit(io_channel chan, SSL_CTX *s_ctx)
s_ssl->rbio = NULL;
s_ssl->wbio = NULL;

- if (c_to_s != NULL)
- BIO_free(c_to_s);
- if (s_to_c != NULL)
- BIO_free(s_to_c);
- if (c_bio != NULL)
- BIO_free(c_bio);
- if (s_bio != NULL)
- BIO_free(s_bio);
+ BIO_free(c_to_s);
+ BIO_free(s_to_c);
+ BIO_free(c_bio);
+ BIO_free(s_bio);
return (0);
}
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index d244ba3..508fedd 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -1798,8 +1798,7 @@ int main(int argc, char *argv[])
SSL_CONF_CTX_free(c_cctx);
sk_OPENSSL_STRING_free(conf_args);

- if (bio_stdout != NULL)
- BIO_free(bio_stdout);
+ BIO_free(bio_stdout);

#ifndef OPENSSL_NO_RSA
free_tmp_rsa();
@@ -1812,8 +1811,7 @@ int main(int argc, char *argv[])
ERR_remove_thread_state(NULL);
EVP_cleanup();
CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL)
- BIO_free(bio_err);
+ BIO_free(bio_err);
EXIT(ret);
}

@@ -2173,18 +2171,12 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
err:
ERR_print_errors(bio_err);

- if (server)
- BIO_free(server);
- if (server_io)
- BIO_free(server_io);
- if (client)
- BIO_free(client);
- if (client_io)
- BIO_free(client_io);
- if (s_ssl_bio)
- BIO_free(s_ssl_bio);
- if (c_ssl_bio)
- BIO_free(c_ssl_bio);
+ BIO_free(server);
+ BIO_free(server_io);
+ BIO_free(client);
+ BIO_free(client_io);
+ BIO_free(s_ssl_bio);
+ BIO_free(c_ssl_bio);

return ret;
}
@@ -2468,14 +2460,10 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
c_ssl->wbio = NULL;
}

- if (c_to_s != NULL)
- BIO_free(c_to_s);
- if (s_to_c != NULL)
- BIO_free(s_to_c);
- if (c_bio != NULL)
- BIO_free_all(c_bio);
- if (s_bio != NULL)
- BIO_free_all(s_bio);
+ BIO_free(c_to_s);
+ BIO_free(s_to_c);
+ BIO_free_all(c_bio);
+ BIO_free_all(s_bio);

if (cbuf)
OPENSSL_free(cbuf);

Dr. Stephen Henson

unread,

Mar 25, 2015, 11:47:45 AM3/25/15

to

The branch master has been updated

via e20b57270dece66ce2c68aeb5d14dd6d9f3c5d68 (commit)
from ca3a82c3b364e1e584546f0f3bbb938b0b472580 (commit)

- Log -----------------------------------------------------------------
commit e20b57270dece66ce2c68aeb5d14dd6d9f3c5d68

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Mar 25 15:08:55 2015 +0000

Remove X509_ATTRIBUTE hack.

The X509_ATTRIBUTE structure includes a hack to tolerate malformed
attributes that encode as the type instead of SET OF type. This form
is never created by OpenSSL and shouldn't be needed any more.

Reviewed-by: Rich Salz <rs...@openssl.org>

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/x509/x509_att.c | 20 +++++---------------
crypto/x509/x509_lcl.h | 12 +-----------
crypto/x509/x_attrib.c | 25 +++----------------------
3 files changed, 9 insertions(+), 48 deletions(-)

diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 212c422..292546b 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -317,9 +317,6 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
goto err;
atype = attrtype;
}
- if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
- goto err;
- attr->single = 0;
/*
* This is a bit naughty because the attribute should really have at
* least one value but some types use and zero length SET and require
@@ -334,7 +331,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
goto err;
} else
ASN1_TYPE_set(ttmp, atype, stmp);
- if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
+ if (!sk_ASN1_TYPE_push(attr->set, ttmp))
goto err;
return 1;
err:
@@ -344,11 +341,9 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,

int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
{
- if (!attr->single)
- return sk_ASN1_TYPE_num(attr->value.set);
- if (attr->value.single)
- return 1;
- return 0;
+ if (attr == NULL)
+ return 0;
+ return sk_ASN1_TYPE_num(attr->set);
}

ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
@@ -375,11 +370,6 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
{
if (attr == NULL)
- return (NULL);
- if (idx >= X509_ATTRIBUTE_count(attr))
return NULL;
- if (!attr->single)
- return sk_ASN1_TYPE_value(attr->value.set, idx);
- else
- return attr->value.single;
+ return sk_ASN1_TYPE_value(attr->set, idx);
}
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index 5e38f5f..427d8ca 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -74,17 +74,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
/* a sequence of these are used */
struct x509_attributes_st {
ASN1_OBJECT *object;
- int single; /* 0 for a set, 1 for a single item (which is
- * wrong) */
- union {
- char *ptr;
- /*
- * 0
- */ STACK_OF(ASN1_TYPE) *set;
- /*
- * 1
- */ ASN1_TYPE *single;
- } value;
+ STACK_OF(ASN1_TYPE) *set;
};

struct X509_extension_st {
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index 335a85b..a07a5da 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -69,30 +69,14 @@
* typedef struct x509_attributes_st
* {
* ASN1_OBJECT *object;
- * int single;
- * union {
- * char *ptr;
- * STACK_OF(ASN1_TYPE) *set;
- * ASN1_TYPE *single;
- * } value;
+ * STACK_OF(ASN1_TYPE) *set;
* } X509_ATTRIBUTE;
*
- * this needs some extra thought because the CHOICE type is
- * merged with the main structure and because the value can
- * be anything at all we *must* try the SET OF first because
- * the ASN1_ANY type will swallow anything including the whole
- * SET OF structure.
*/

-ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
- ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
- ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
-} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
-
ASN1_SEQUENCE(X509_ATTRIBUTE) = {
ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
- /* CHOICE type merged with parent */
- ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+ ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
} ASN1_SEQUENCE_END(X509_ATTRIBUTE)

IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
@@ -106,12 +90,9 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
if ((ret = X509_ATTRIBUTE_new()) == NULL)
return (NULL);
ret->object = OBJ_nid2obj(nid);
- ret->single = 0;
- if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
- goto err;
if ((val = ASN1_TYPE_new()) == NULL)
goto err;
- if (!sk_ASN1_TYPE_push(ret->value.set, val))
+ if (!sk_ASN1_TYPE_push(ret->set, val))
goto err;

ASN1_TYPE_set(val, atrtype, value);

Dr. Stephen Henson

unread,

Mar 25, 2015, 12:12:07 PM3/25/15

to

The branch master has been updated

via cb14aec713ccab92d1c21d3d5b066570c4bca5ee (commit)
via c1ee50aac26c3b2261d04d61bb4154639e284b0d (commit)
from e20b57270dece66ce2c68aeb5d14dd6d9f3c5d68 (commit)

- Log -----------------------------------------------------------------
commit cb14aec713ccab92d1c21d3d5b066570c4bca5ee

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Mar 25 15:44:45 2015 +0000

make update

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit c1ee50aac26c3b2261d04d61bb4154639e284b0d

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Mar 25 15:42:56 2015 +0000

Move internal only ASN.1 functions to asn1_locl.h

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/Makefile | 12 ++++++------
crypto/asn1/asn1_locl.h | 23 +++++++++++++++++++++++
crypto/asn1/asn1t.h | 23 -----------------------
crypto/asn1/tasn_dec.c | 1 +
crypto/asn1/tasn_enc.c | 1 +
crypto/asn1/tasn_fre.c | 1 +
crypto/asn1/tasn_new.c | 1 +
crypto/asn1/tasn_prn.c | 1 +
crypto/asn1/tasn_utl.c | 1 +
util/libeay.num | 25 +++++++++++++------------
10 files changed, 48 insertions(+), 41 deletions(-)

diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index 9f00de6..2a15f16 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -658,7 +658,7 @@ tasn_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
tasn_dec.o: ../../include/openssl/opensslconf.h
tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_dec.o: ../../include/openssl/symhacks.h asn1_locl.h tasn_dec.c
tasn_enc.o: ../../e_os.h ../../include/openssl/asn1.h
tasn_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tasn_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -668,14 +668,14 @@ tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h
-tasn_enc.o: ../include/internal/asn1_int.h tasn_enc.c
+tasn_enc.o: ../include/internal/asn1_int.h asn1_locl.h tasn_enc.c

tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h

tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_fre.o: ../../include/openssl/symhacks.h asn1_locl.h tasn_fre.c
tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -683,7 +683,7 @@ tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_new.o: ../../include/openssl/symhacks.h asn1_locl.h tasn_new.c
tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
@@ -698,7 +698,7 @@ tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-tasn_prn.o: ../cryptlib.h ../include/internal/asn1_int.h tasn_prn.c
+tasn_prn.o: ../cryptlib.h ../include/internal/asn1_int.h asn1_locl.h tasn_prn.c

tasn_scn.o: ../../e_os.h ../../include/openssl/asn1.h
tasn_scn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tasn_scn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

@@ -727,7 +727,7 @@ tasn_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
tasn_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+tasn_utl.o: ../../include/openssl/symhacks.h asn1_locl.h tasn_utl.c
x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
index ec4c0e8..79d76ec 100644
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/asn1/asn1_locl.h
@@ -104,3 +104,26 @@ struct x509_crl_method_st {
ASN1_INTEGER *ser, X509_NAME *issuer);

int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);

};
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+ const ASN1_ITEM *it);
+
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+ int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+ const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+ const ASN1_ITEM *it);
diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h
index 3dcca32..e6f6d79 100644
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@@ -910,29 +910,6 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
const ASN1_TEMPLATE *tt);
void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
- const ASN1_ITEM *it);
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
- int utype, char *free_cont, const ASN1_ITEM *it);
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
- const ASN1_ITEM *it);
-
-ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
- int nullerr);
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
- const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
- const ASN1_ITEM *it);
-
#ifdef __cplusplus
}
#endif
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index b96c1b5..5111c12 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -64,6 +64,7 @@
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "asn1_locl.h"

static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf);
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 1d1f838..251a8f1 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -64,6 +64,7 @@
#include <openssl/asn1t.h>
#include <openssl/objects.h>
#include "internal/asn1_int.h"
+#include "asn1_locl.h"

static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
const ASN1_ITEM *it, int tag, int aclass);

diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index bdc26f9..6f62fd4 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -61,6 +61,7 @@

#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>

+#include "asn1_locl.h"

static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,

int combine);
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 3884897..996a4d5 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -63,6 +63,7 @@
#include <openssl/err.h>
#include <openssl/asn1t.h>
#include <string.h>
+#include "asn1_locl.h"

static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,

int combine);
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
index cb3d35b..d1e5ba5 100644
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@@ -66,6 +66,7 @@
#include <openssl/err.h>
#include <openssl/x509v3.h>
#include "internal/asn1_int.h"
+#include "asn1_locl.h"

/*
* Print routines.
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index 2e14c2f..da7b029 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -63,6 +63,7 @@
#include <openssl/asn1t.h>
#include <openssl/objects.h>
#include <openssl/err.h>
+#include "asn1_locl.h"

/* Utility functions for manipulating fields and offsets */

diff --git a/util/libeay.num b/util/libeay.num
index 8930f2c..bfea39f 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1729,7 +1729,7 @@ BIO_number_written 2202 EXIST::FUNCTION:
BIO_number_read 2203 EXIST::FUNCTION:
X509_STORE_CTX_get1_chain 2204 EXIST::FUNCTION:
ERR_load_RAND_strings 2205 EXIST::FUNCTION:
-RAND_pseudo_bytes 2206 EXIST::FUNCTION:
+RAND_pseudo_bytes 2206 EXIST::FUNCTION:DEPRECATED
X509_REQ_get_attr_by_NID 2207 EXIST::FUNCTION:
X509_REQ_get_attr 2208 EXIST::FUNCTION:
X509_REQ_add1_attr_by_NID 2209 EXIST::FUNCTION:
@@ -2011,7 +2011,7 @@ OCSP_SINGLERESP_get_ext_count 2579 EXIST::FUNCTION:
UI_ctrl 2580 EXIST::FUNCTION:
_shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
_shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
-asn1_do_adb 2582 EXIST::FUNCTION:
+asn1_do_adb 2582 NOEXIST::FUNCTION:
ASN1_template_i2d 2583 EXIST::FUNCTION:
ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE
UI_construct_prompt 2585 EXIST::FUNCTION:
@@ -2107,7 +2107,7 @@ ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE
EVP_EncryptFinal_ex 2660 EXIST::FUNCTION:
ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE
X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION:
-asn1_ex_i2c 2663 EXIST::FUNCTION:
+asn1_ex_i2c 2663 NOEXIST::FUNCTION:
ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE
ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE
_ossl_old_des_key_sched 2666 NOEXIST::FUNCTION:
@@ -2385,10 +2385,10 @@ OCSP_REQINFO_free 2884 EXIST::FUNCTION:
EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC
OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION:
PKCS12_item_pack_safebag 2887 EXIST::FUNCTION:
-asn1_ex_c2i 2888 EXIST::FUNCTION:
+asn1_ex_c2i 2888 NOEXIST::FUNCTION:
ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE
i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION:
-asn1_enc_restore 2891 EXIST::FUNCTION:
+asn1_enc_restore 2891 NOEXIST::FUNCTION:
UI_free 2892 EXIST::FUNCTION:
UI_new_method 2893 EXIST::FUNCTION:
EVP_EncryptInit_ex 2894 EXIST::FUNCTION:
@@ -2504,7 +2504,7 @@ BN_swap 2990 EXIST::FUNCTION:
POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE
-asn1_enc_free 2993 EXIST::FUNCTION:
+asn1_enc_free 2993 NOEXIST::FUNCTION:
OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EC_GROUP_new 2995 EXIST::FUNCTION:EC
@@ -2564,7 +2564,7 @@ _ossl_old_des_ncbc_encrypt 3037 NOEXIST::FUNCTION:
i2d_KRB5_TKTBODY 3038 EXIST::FUNCTION:
EC_POINT_clear_free 3039 EXIST::FUNCTION:EC
AES_decrypt 3040 EXIST::FUNCTION:AES
-asn1_enc_init 3041 EXIST::FUNCTION:
+asn1_enc_init 3041 NOEXIST::FUNCTION:
UI_get_result_maxsize 3042 EXIST::FUNCTION:
OCSP_CERTID_new 3043 EXIST::FUNCTION:
ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE
@@ -2577,13 +2577,13 @@ ASN1_item_d2i 3050 EXIST::FUNCTION:
ASN1_primitive_free 3051 EXIST::FUNCTION:
i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
-asn1_enc_save 3054 EXIST::FUNCTION:
+asn1_enc_save 3054 NOEXIST::FUNCTION:
ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
_ossl_old_des_pcbc_encrypt 3056 NOEXIST::FUNCTION:
PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_accept_responses_new 3058 EXIST::FUNCTION:
-asn1_do_lock 3059 EXIST::FUNCTION:
+asn1_do_lock 3059 NOEXIST::FUNCTION:
PKCS7_ATTR_VERIFY_it 3060 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ATTR_VERIFY_it 3060 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
KRB5_APREQBODY_it 3061 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2598,7 +2598,7 @@ EVP_DecryptInit_ex 3067 EXIST::FUNCTION:
i2d_OCSP_CERTID 3068 EXIST::FUNCTION:
ASN1_item_d2i_bio 3069 EXIST::FUNCTION:
EC_POINT_dbl 3070 EXIST::FUNCTION:EC
-asn1_get_choice_selector 3071 EXIST::FUNCTION:
+asn1_get_choice_selector 3071 NOEXIST::FUNCTION:
i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE
AES_options 3074 EXIST::FUNCTION:AES
@@ -2660,10 +2660,10 @@ UI_dup_verify_string 3119 EXIST::FUNCTION:
BN_mod_lshift 3120 EXIST::FUNCTION:
KRB5_AUTHDATA_it 3121 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
KRB5_AUTHDATA_it 3121 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-asn1_set_choice_selector 3122 EXIST::FUNCTION:
+asn1_set_choice_selector 3122 NOEXIST::FUNCTION:
OCSP_basic_add1_status 3123 EXIST::FUNCTION:
OCSP_RESPID_free 3124 EXIST::FUNCTION:
-asn1_get_field_ptr 3125 EXIST::FUNCTION:
+asn1_get_field_ptr 3125 NOEXIST::FUNCTION:
UI_add_input_string 3126 EXIST::FUNCTION:
OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -4552,3 +4552,4 @@ EVP_camellia_192_ctr 4910 EXIST::FUNCTION:CAMELLIA
OCSP_resp_get0_signature 4911 EXIST::FUNCTION:
OBJ_length 4912 EXIST::FUNCTION:
OBJ_get0_data 4913 EXIST::FUNCTION:
+X509_NAME_ENTRY_set 4914 EXIST::FUNCTION:

Matt Caswell

unread,

Mar 25, 2015, 2:54:40 PM3/25/15

to

The branch master has been updated

via 17dd65e6e1f888b4561d559b4d44fbbe0a0aa3e7 (commit)
from cb14aec713ccab92d1c21d3d5b066570c4bca5ee (commit)

- Log -----------------------------------------------------------------
commit 17dd65e6e1f888b4561d559b4d44fbbe0a0aa3e7
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Mar 24 15:10:15 2015 +0000

Resolve swallowed returns codes

The recent updates to libssl to enforce stricter return code checking, left
a small number of instances behind where return codes were being swallowed
(typically because the function they were being called from was declared as
void). This commit fixes those instances to handle the return codes more
appropriately.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/ssl/ssl.pod | 8 +++++++-
ssl/bio_ssl.c | 3 ++-
ssl/d1_pkt.c | 3 +--
ssl/ssl.h | 2 +-
ssl/ssl_lib.c | 13 +++++++------
ssl/ssl_locl.h | 4 ++--
ssl/t1_lib.c | 13 ++++++-------
7 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 3634fa9..5af0fc6 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -453,7 +453,10 @@ connection defined in the B<SSL> structure.

=item int B<SSL_connect>(SSL *ssl);

-=item void B<SSL_copy_session_id>(SSL *t, const SSL *f);
+=item int B<SSL_copy_session_id>(SSL *t, const SSL *f);
+
+Sets the session details for B<t> to be the same as in B<f>. Returns 1 on
+success or 0 on failure.

=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);

@@ -756,5 +759,8 @@ The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2
B<SSLv2_client_method>, B<SSLv2_server_method> and B<SSLv2_method> where removed
in OpenSSL 1.1.0.

+The return type of B<SSL_copy_session_id> was changed from void to int in
+OpenSSL 1.1.0.
+
=cut

diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 11a2aad..0344b7e 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -556,7 +556,8 @@ int BIO_ssl_copy_session_id(BIO *t, BIO *f)
if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
(((BIO_SSL *)f->ptr)->ssl == NULL))
return (0);
- SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl);
+ if(!SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl))
+ return 0;
return (1);
}

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 5463acf..19e60b7 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1249,8 +1249,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
if (dtls1_check_timeout_num(s) < 0)
return -1;

- /* Ignore retransmit failures - swallow return code */
- if(dtls1_retransmit_buffered_messages(s));
+ dtls1_retransmit_buffered_messages(s);
rr->length = 0;
goto start;
}
diff --git a/ssl/ssl.h b/ssl/ssl.h
index c0a368b..55aa6a6 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1467,7 +1467,7 @@ __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
size_t *len);
-void SSL_copy_session_id(SSL *to, const SSL *from);
+__owur int SSL_copy_session_id(SSL *to, const SSL *from);
__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 1e9ad91..0b2d8de 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -880,12 +880,11 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
* Now in theory, since the calling process own 't' it should be safe to
* modify. We need to be able to read f without being hassled
*/
-void SSL_copy_session_id(SSL *t, const SSL *f)
+int SSL_copy_session_id(SSL *t, const SSL *f)
{

/* Do we need to to SSL locking? */
if(!SSL_set_session(t, SSL_get_session(f))) {

- /* How do we handle this!! void function */
- return;
+ return 0;
}

/*
@@ -901,9 +900,10 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
ssl_cert_free(t->cert);

t->cert = f->cert;
if(!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {

- /* Really should do something about this..but void function - ignore */
- ;
+ return 0;
}
+
+ return 1;
}

/* Fix this so it checks all the valid key/cert options */
@@ -2757,7 +2757,8 @@ SSL *SSL_dup(SSL *s)

if (s->session != NULL) {
/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
- SSL_copy_session_id(ret, s);
+ if(!SSL_copy_session_id(ret, s))
+ goto err;
} else {
/*
* No session has been established yet, so we have to expect that
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 3b3f298..40c42a8 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2215,7 +2215,7 @@ __owur int dtls1_buffer_message(SSL *s, int ccs);
__owur int dtls1_retransmit_message(SSL *s, unsigned short seq,
unsigned long frag_off, int *found);
__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
-__owur int dtls1_retransmit_buffered_messages(SSL *s);
+int dtls1_retransmit_buffered_messages(SSL *s);
void dtls1_clear_record_buffer(SSL *s);
void dtls1_get_message_header(unsigned char *data,
struct hm_header_st *msg_hdr);
@@ -2369,7 +2369,7 @@ void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op);

__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
-__owur int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
int idx);
void tls1_set_cert_validity(SSL *s);

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b5eb4bf..40d6490 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4157,13 +4157,12 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
/* Set validity of certificates in an SSL structure */
void tls1_set_cert_validity(SSL *s)
{
- /* Deliberately ignore all return values */
- if(tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC));
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
}

/* User level utiity function to check a chain is suitable */

Rich Salz

unread,

Mar 25, 2015, 6:36:08 PM3/25/15

to

The branch master has been updated

via 8fdc3734c063146b038608c2412a0f2c9b21b6d6 (commit)
from 17dd65e6e1f888b4561d559b4d44fbbe0a0aa3e7 (commit)

- Log -----------------------------------------------------------------
commit 8fdc3734c063146b038608c2412a0f2c9b21b6d6
Author: Rich Salz <rs...@openssl.org>
Date: Wed Mar 25 18:35:24 2015 -0400

free NULL cleanup.

This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free

Reviewed-by: Kurt Roeckx <ku...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
apps/ec.c | 3 +--
apps/ecparam.c | 3 +--
apps/speed.c | 9 +++------
crypto/ec/ec2_mult.c | 6 ++----
crypto/ec/ec_ameth.c | 12 ++++--------
crypto/ec/ec_asn1.c | 21 +++++++++-----------
crypto/ec/ec_check.c | 3 +--
crypto/ec/ec_curve.c | 3 +--
crypto/ec/ec_key.c | 26 +++++++++---------------
crypto/ec/ec_lib.c | 21 ++++++++------------
crypto/ec/ec_mult.c | 9 +++------
crypto/ec/ec_pmeth.c | 11 ++++-------
crypto/ec/ec_print.c | 2 +-
crypto/ec/ecp_nistp224.c | 6 ++----
crypto/ec/ecp_nistp256.c | 6 ++----
crypto/ec/ecp_nistp521.c | 6 ++----
crypto/ec/ecp_nistz256.c | 6 ++----
crypto/ec/ectest.c | 48 +++++++++++++++------------------------------
crypto/ecdh/ecdhtest.c | 18 ++++++-----------
crypto/ecdh/ech_ossl.c | 3 +--
crypto/ecdsa/ecdsatest.c | 12 ++++--------
crypto/ecdsa/ecs_ossl.c | 6 ++----
doc/crypto/EC_GROUP_new.pod | 2 ++
doc/crypto/EC_KEY_new.pod | 1 +
doc/crypto/EC_POINT_new.pod | 2 ++
engines/ccgost/gost_ameth.c | 4 +---
ssl/s3_clnt.c | 15 +++++---------
ssl/s3_lib.c | 16 +++++----------
ssl/s3_srvr.c | 3 +--
ssl/ssl_cert.c | 6 ++----
30 files changed, 103 insertions(+), 186 deletions(-)

diff --git a/apps/ec.c b/apps/ec.c
index 2064723..aca2854 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -345,8 +345,7 @@ int MAIN(int argc, char **argv)
end:
BIO_free(in);
BIO_free_all(out);
- if (eckey)
- EC_KEY_free(eckey);
+ EC_KEY_free(eckey);

if (passin)
OPENSSL_free(passin);
if (passout)

diff --git a/apps/ecparam.c b/apps/ecparam.c
index d417747..c6a1751 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -623,8 +623,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(buffer);
BIO_free(in);
BIO_free_all(out);
- if (group != NULL)
- EC_GROUP_free(group);
+ EC_GROUP_free(group);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/speed.c b/apps/speed.c
index d2034a4..df972a3 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2457,13 +2457,10 @@ int MAIN(int argc, char **argv)

#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
- if (ecdsa[i] != NULL)
- EC_KEY_free(ecdsa[i]);
+ EC_KEY_free(ecdsa[i]);
for (i = 0; i < EC_NUM; i++) {
- if (ecdh_a[i] != NULL)
- EC_KEY_free(ecdh_a[i]);
- if (ecdh_b[i] != NULL)
- EC_KEY_free(ecdh_b[i]);
+ EC_KEY_free(ecdh_a[i]);
+ EC_KEY_free(ecdh_b[i]);
}
#endif

diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
index 1fa0a53..635c0a5 100644
--- a/crypto/ec/ec2_mult.c
+++ b/crypto/ec/ec2_mult.c
@@ -437,10 +437,8 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
ret = 1;

err:
- if (p)
- EC_POINT_free(p);
- if (acc)
- EC_POINT_free(acc);
+ EC_POINT_free(p);
+ EC_POINT_free(acc);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
return ret;
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index de56c89..4be85a9 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -176,8 +176,7 @@ static EC_KEY *eckey_type2param(int ptype, void *pval)
return eckey;

ecerr:
- if (eckey)
- EC_KEY_free(eckey);
+ EC_KEY_free(eckey);
return NULL;
}

@@ -210,8 +209,7 @@ static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
return 1;

ecerr:
- if (eckey)
- EC_KEY_free(eckey);
+ EC_KEY_free(eckey);
return 0;
}

@@ -292,8 +290,7 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
ecliberr:
ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
ecerr:
- if (eckey)
- EC_KEY_free(eckey);
+ EC_KEY_free(eckey);
return 0;
}

@@ -706,8 +703,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
rv = 1;
err:
- if (ecpeer)
- EC_KEY_free(ecpeer);
+ EC_KEY_free(ecpeer);
if (pkpeer)
EVP_PKEY_free(pkpeer);
return rv;
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 90de23b..9bba26e 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -910,9 +910,9 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)

ok = 1;

- err:if (!ok) {
- if (ret)
- EC_GROUP_clear_free(ret);
+ err:
+ if (!ok) {
+ EC_GROUP_clear_free(ret);
ret = NULL;
}

@@ -922,8 +922,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
BN_free(a);
if (b)
BN_free(b);
- if (point)
- EC_POINT_free(point);
+ EC_POINT_free(point);
return (ret);
}

@@ -982,10 +981,10 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
return NULL;
}

- if (a && *a)
+ if (a) {
EC_GROUP_clear_free(*a);
- if (a)
*a = group;
+ }

ECPKPARAMETERS_free(params);
return (group);
@@ -1030,8 +1029,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
ret = *a;

if (priv_key->parameters) {
- if (ret->group)
- EC_GROUP_clear_free(ret->group);
+ EC_GROUP_clear_free(ret->group);
ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
}

@@ -1055,8 +1053,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
goto err;
}

- if (ret->pub_key)
- EC_POINT_clear_free(ret->pub_key);
+ EC_POINT_clear_free(ret->pub_key);
ret->pub_key = EC_POINT_new(ret->group);
if (ret->pub_key == NULL) {
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
@@ -1098,7 +1095,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
ok = 1;
err:
if (!ok) {
- if (ret && (a == NULL || *a != ret))
+ if (a == NULL || *a != ret)
EC_KEY_free(ret);
ret = NULL;
}
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index d3f5349..422ca87 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -114,7 +114,6 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
BN_CTX_end(ctx);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
- if (point)
- EC_POINT_free(point);
+ EC_POINT_free(point);
return ret;
}
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 6199e25..d79637d 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -3114,8 +3114,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
EC_GROUP_free(group);
group = NULL;
}
- if (P)
- EC_POINT_free(P);
+ EC_POINT_free(P);
if (ctx)
BN_CTX_free(ctx);
if (p)
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 96d4897..a74ccf7 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -120,10 +120,8 @@ void EC_KEY_free(EC_KEY *r)
}
#endif

- if (r->group != NULL)
- EC_GROUP_free(r->group);
- if (r->pub_key != NULL)
- EC_POINT_free(r->pub_key);
+ EC_GROUP_free(r->group);
+ EC_POINT_free(r->pub_key);
if (r->priv_key != NULL)
BN_clear_free(r->priv_key);

@@ -146,8 +144,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
if (src->group) {
const EC_METHOD *meth = EC_GROUP_method_of(src->group);
/* clear the old group */
- if (dest->group)
- EC_GROUP_free(dest->group);
+ EC_GROUP_free(dest->group);
dest->group = EC_GROUP_new(meth);
if (dest->group == NULL)
return NULL;
@@ -156,8 +153,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
}
/* copy the public key */
if (src->pub_key && src->group) {
- if (dest->pub_key)
- EC_POINT_free(dest->pub_key);
+ EC_POINT_free(dest->pub_key);
dest->pub_key = EC_POINT_new(src->group);
if (dest->pub_key == NULL)
return NULL;
@@ -274,7 +270,7 @@ int EC_KEY_generate_key(EC_KEY *eckey)
err:
if (order)
BN_free(order);
- if (pub_key != NULL && eckey->pub_key == NULL)
+ if (eckey->pub_key == NULL)
EC_POINT_free(pub_key);
if (priv_key != NULL && eckey->priv_key == NULL)
BN_free(priv_key);
@@ -347,8 +343,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
err:
if (ctx != NULL)
BN_CTX_free(ctx);
- if (point != NULL)
- EC_POINT_free(point);
+ EC_POINT_free(point);
return (ok);
}

@@ -422,8 +417,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
err:
if (ctx)
BN_CTX_free(ctx);
- if (point)
- EC_POINT_free(point);
+ EC_POINT_free(point);
return ok;

}
@@ -435,8 +429,7 @@ const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)

int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
{
- if (key->group != NULL)
- EC_GROUP_free(key->group);
+ EC_GROUP_free(key->group);
key->group = EC_GROUP_dup(group);
return (key->group == NULL) ? 0 : 1;
}
@@ -461,8 +454,7 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)

int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
{
- if (key->pub_key != NULL)
- EC_POINT_free(key->pub_key);
+ EC_POINT_free(key->pub_key);
key->pub_key = EC_POINT_dup(pub_key, key->group);
return (key->pub_key == NULL) ? 0 : 1;
}
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 2dcdb40..0e850d6 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -138,8 +138,7 @@ void EC_GROUP_free(EC_GROUP *group)
if (group->mont_data)
BN_MONT_CTX_free(group->mont_data);

- if (group->generator != NULL)
- EC_POINT_free(group->generator);
+ EC_POINT_free(group->generator);
BN_free(group->order);
BN_free(group->cofactor);

@@ -164,8 +163,7 @@ void EC_GROUP_clear_free(EC_GROUP *group)
if (group->mont_data)
BN_MONT_CTX_free(group->mont_data);

- if (group->generator != NULL)
- EC_POINT_clear_free(group->generator);
+ EC_POINT_clear_free(group->generator);
BN_clear_free(group->order);
BN_clear_free(group->cofactor);

@@ -232,10 +230,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
return 0;
} else {
/* src->generator == NULL */
- if (dest->generator != NULL) {
- EC_POINT_clear_free(dest->generator);
- dest->generator = NULL;
- }
+ EC_POINT_clear_free(dest->generator);
+ dest->generator = NULL;
}

if (!BN_copy(dest->order, src->order))
@@ -283,10 +279,9 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)

err:
if (!ok) {
- if (t)
- EC_GROUP_free(t);
+ EC_GROUP_free(t);
return NULL;
- } else
+ }
return t;
}

@@ -790,8 +785,8 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
if (!r) {
EC_POINT_free(t);
return NULL;
- } else
- return t;
+ }
+ return t;
}

const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 16b37db..243b539 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -556,8 +556,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
err:
if (new_ctx != NULL)
BN_CTX_free(new_ctx);

- if (tmp != NULL)

- EC_POINT_free(tmp);
+ EC_POINT_free(tmp);
if (wsize != NULL)
OPENSSL_free(wsize);
if (wNAF_len != NULL)
@@ -759,10 +758,8 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
EC_POINT_free(*p);
OPENSSL_free(points);
}
- if (tmp_point)
- EC_POINT_free(tmp_point);
- if (base)
- EC_POINT_free(base);
+ EC_POINT_free(tmp_point);
+ EC_POINT_free(base);
return ret;
}

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 4eda2ef..37f8fa1 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -146,10 +146,8 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
{
EC_PKEY_CTX *dctx = ctx->data;
if (dctx) {
- if (dctx->gen_group)
- EC_GROUP_free(dctx->gen_group);
- if (dctx->co_key)
- EC_KEY_free(dctx->co_key);
+ EC_GROUP_free(dctx->gen_group);
+ EC_KEY_free(dctx->co_key);

if (dctx->kdf_ukm)
OPENSSL_free(dctx->kdf_ukm);

OPENSSL_free(dctx);
@@ -289,8 +287,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
return 0;
}
- if (dctx->gen_group)
- EC_GROUP_free(dctx->gen_group);
+ EC_GROUP_free(dctx->gen_group);
dctx->gen_group = group;
return 1;

@@ -331,7 +328,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
EC_KEY_set_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
else
EC_KEY_clear_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
- } else if (dctx->co_key) {
+ } else {
EC_KEY_free(dctx->co_key);
dctx->co_key = NULL;
}
diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c
index 96b294d..7c34694 100644
--- a/crypto/ec/ec_print.c
+++ b/crypto/ec/ec_print.c
@@ -110,7 +110,7 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
ret = point;

if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
- if (point == NULL)
+ if (ret != point)
EC_POINT_clear_free(ret);
OPENSSL_free(buf);
return NULL;
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index a0c7bec..2f1213f 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -1602,8 +1602,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,

err:
BN_CTX_end(ctx);
- if (generator != NULL)
- EC_POINT_free(generator);
+ EC_POINT_free(generator);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
if (secrets != NULL)
@@ -1739,8 +1738,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
pre = NULL;
err:
BN_CTX_end(ctx);
- if (generator != NULL)
- EC_POINT_free(generator);
+ EC_POINT_free(generator);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
if (pre)
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
index d485a97..9ec0346 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -2193,8 +2193,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,

err:
BN_CTX_end(ctx);
- if (generator != NULL)
- EC_POINT_free(generator);
+ EC_POINT_free(generator);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
if (secrets != NULL)
@@ -2340,8 +2339,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
pre = NULL;
err:
BN_CTX_end(ctx);
- if (generator != NULL)
- EC_POINT_free(generator);
+ EC_POINT_free(generator);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
if (pre)
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 360b9a3..c8f9d1e 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -2006,8 +2006,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,

err:
BN_CTX_end(ctx);
- if (generator != NULL)
- EC_POINT_free(generator);
+ EC_POINT_free(generator);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
if (secrets != NULL)
@@ -2123,8 +2122,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
pre = NULL;
err:
BN_CTX_end(ctx);
- if (generator != NULL)
- EC_POINT_free(generator);
+ EC_POINT_free(generator);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
if (pre)
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 0370ae6..ea692b8 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -874,10 +874,8 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
ecp_nistz256_pre_comp_free(pre_comp);
if (precomp_storage)
OPENSSL_free(precomp_storage);
- if (P)
- EC_POINT_free(P);
- if (T)
- EC_POINT_free(T);
+ EC_POINT_free(P);
+ EC_POINT_free(T);
return ret;
}

diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c
index 2290c8e..79ec21f 100644
--- a/crypto/ec/ectest.c
+++ b/crypto/ec/ectest.c
@@ -864,18 +864,12 @@ static void prime_field_tests(void)
BN_free(y);
BN_free(z);

- if (P_160)
- EC_GROUP_free(P_160);
- if (P_192)
- EC_GROUP_free(P_192);
- if (P_224)
- EC_GROUP_free(P_224);
- if (P_256)
- EC_GROUP_free(P_256);
- if (P_384)
- EC_GROUP_free(P_384);
- if (P_521)
- EC_GROUP_free(P_521);
+ EC_GROUP_free(P_160);
+ EC_GROUP_free(P_192);
+ EC_GROUP_free(P_224);
+ EC_GROUP_free(P_256);
+ EC_GROUP_free(P_384);
+ EC_GROUP_free(P_521);

}

@@ -1346,26 +1340,16 @@ static void char2_field_tests(void)
BN_free(z);
BN_free(cof);

- if (C2_K163)
- EC_GROUP_free(C2_K163);
- if (C2_B163)
- EC_GROUP_free(C2_B163);
- if (C2_K233)
- EC_GROUP_free(C2_K233);
- if (C2_B233)
- EC_GROUP_free(C2_B233);
- if (C2_K283)
- EC_GROUP_free(C2_K283);
- if (C2_B283)
- EC_GROUP_free(C2_B283);
- if (C2_K409)
- EC_GROUP_free(C2_K409);
- if (C2_B409)
- EC_GROUP_free(C2_B409);
- if (C2_K571)
- EC_GROUP_free(C2_K571);
- if (C2_B571)
- EC_GROUP_free(C2_B571);
+ EC_GROUP_free(C2_K163);
+ EC_GROUP_free(C2_B163);
+ EC_GROUP_free(C2_K233);
+ EC_GROUP_free(C2_B233);
+ EC_GROUP_free(C2_K283);
+ EC_GROUP_free(C2_B283);
+ EC_GROUP_free(C2_K409);
+ EC_GROUP_free(C2_B409);
+ EC_GROUP_free(C2_K571);
+ EC_GROUP_free(C2_B571);

}
# endif
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
index 578de31..a89177e 100644
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -290,10 +290,8 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
BN_free(x_b);
if (y_b)
BN_free(y_b);
- if (b)
- EC_KEY_free(b);
- if (a)
- EC_KEY_free(a);
+ EC_KEY_free(b);
+ EC_KEY_free(a);
return (ret);
}

@@ -394,12 +392,10 @@ static EC_KEY *mk_eckey(int nid, const unsigned char *p, size_t plen)
err:
if (priv)
BN_clear_free(priv);
- if (pub)
- EC_POINT_free(pub);
+ EC_POINT_free(pub);
if (ok)
return k;
- else if (k)
- EC_KEY_free(k);
+ EC_KEY_free(k);
return NULL;
}

@@ -440,10 +436,8 @@ static int ecdh_kat(BIO *out, const char *cname, int nid,
goto err;
rv = 1;
err:
- if (key1)
- EC_KEY_free(key1);
- if (key2)
- EC_KEY_free(key2);
+ EC_KEY_free(key1);
+ EC_KEY_free(key2);
if (Ztmp)
OPENSSL_free(Ztmp);
if (rv)
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index 278c41b..b8ccf5a 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -202,8 +202,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
}

err:
- if (tmp)
- EC_POINT_free(tmp);
+ EC_POINT_free(tmp);
if (ctx)
BN_CTX_end(ctx);
if (ctx)
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index 346ccd0..3a455b4 100644
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -240,8 +240,7 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
x962_int_err:
if (!ret)
BIO_printf(out, " failed\n");
- if (key)
- EC_KEY_free(key);
+ EC_KEY_free(key);
if (signature)
ECDSA_SIG_free(signature);
if (r)
@@ -354,9 +353,8 @@ int test_builtin(BIO *out)
goto builtin_err;
EC_GROUP_free(group);
degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
- if (degree < 160)
+ if (degree < 160) {
/* drop the curve */
- {
EC_KEY_free(eckey);
eckey = NULL;
continue;
@@ -506,10 +504,8 @@ int test_builtin(BIO *out)

ret = 1;
builtin_err:
- if (eckey)
- EC_KEY_free(eckey);
- if (wrong_eckey)
- EC_KEY_free(wrong_eckey);
+ EC_KEY_free(eckey);
+ EC_KEY_free(wrong_eckey);
if (ecdsa_sig)
ECDSA_SIG_free(ecdsa_sig);
if (signature)
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index 1343850..ce2973d 100644
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -242,8 +242,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
BN_CTX_free(ctx);
if (order != NULL)
BN_free(order);
- if (tmp_point != NULL)
- EC_POINT_free(tmp_point);
+ EC_POINT_free(tmp_point);
if (X)
BN_clear_free(X);
return (ret);
@@ -475,7 +474,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
- if (point)
- EC_POINT_free(point);
+ EC_POINT_free(point);
return ret;
}
diff --git a/doc/crypto/EC_GROUP_new.pod b/doc/crypto/EC_GROUP_new.pod
index ff55bf3..44599e2 100644
--- a/doc/crypto/EC_GROUP_new.pod
+++ b/doc/crypto/EC_GROUP_new.pod
@@ -75,8 +75,10 @@ In order to construct a builtin curve use the function EC_GROUP_new_by_curve_nam
be constructed.

EC_GROUP_free frees the memory associated with the EC_GROUP.
+If B<group> is NULL nothing is done.

EC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory.
+If B<group> is NULL nothing is done.

=head1 RETURN VALUES

diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod
index e859689..c737058 100644
--- a/doc/crypto/EC_KEY_new.pod
+++ b/doc/crypto/EC_KEY_new.pod
@@ -47,6 +47,7 @@ EC_GROUP_new_by_curve_name.

Calling EC_KEY_free decrements the reference count for the EC_KEY object, and if it has dropped to zero then frees the memory associated
with it.
+If B<key> is NULL nothing is done.

EC_KEY_copy copies the contents of the EC_KEY in B<src> into B<dest>.

diff --git a/doc/crypto/EC_POINT_new.pod b/doc/crypto/EC_POINT_new.pod
index 858baf4..0a20fce 100644
--- a/doc/crypto/EC_POINT_new.pod
+++ b/doc/crypto/EC_POINT_new.pod
@@ -53,8 +53,10 @@ An EC_POINT represents a point on a curve. A new point is constructed by calling
object that the point relates to.

EC_POINT_free frees the memory associated with the EC_POINT.
+if B<point> is NULL nothing is done.

EC_POINT_clear_free destroys any sensitive data held within the EC_POINT and then frees its memory.
+if B<point> is NULL nothing is done.

EC_POINT_copy copies the point B<src> into B<dst>. Both B<src> and B<dst> must use the same EC_METHOD.

diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index bc45325..c5ca44f 100644
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -284,9 +284,7 @@ static void pkey_free_gost94(EVP_PKEY *key)

static void pkey_free_gost01(EVP_PKEY *key)
{
- if (key->pkey.ec) {
- EC_KEY_free(key->pkey.ec);
- }
+ EC_KEY_free(key->pkey.ec);
}

/* ------------------ private key functions -----------------------------*/
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index bab95f3..6da1258 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1388,10 +1388,8 @@ int ssl3_get_key_exchange(SSL *s)

s->session->sess_cert->peer_dh_tmp = NULL;
#endif
#ifndef OPENSSL_NO_EC

- if (s->session->sess_cert->peer_ecdh_tmp) {
- EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
- s->session->sess_cert->peer_ecdh_tmp = NULL;
- }
+ EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
+ s->session->sess_cert->peer_ecdh_tmp = NULL;
#endif
} else {
s->session->sess_cert = ssl_sess_cert_new();
@@ -1959,8 +1957,7 @@ int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_EC
BN_CTX_free(bn_ctx);
EC_POINT_free(srvr_ecpoint);
- if (ecdh != NULL)
- EC_KEY_free(ecdh);
+ EC_KEY_free(ecdh);
#endif
EVP_MD_CTX_cleanup(&md_ctx);
return (-1);
@@ -2760,8 +2757,7 @@ int ssl3_send_client_key_exchange(SSL *s)
BN_CTX_free(bn_ctx);
if (encodedPoint != NULL)
OPENSSL_free(encodedPoint);
- if (clnt_ecdh != NULL)
- EC_KEY_free(clnt_ecdh);
+ EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
}
#endif /* !OPENSSL_NO_EC */
@@ -3069,8 +3065,7 @@ int ssl3_send_client_key_exchange(SSL *s)
BN_CTX_free(bn_ctx);
if (encodedPoint != NULL)
OPENSSL_free(encodedPoint);
- if (clnt_ecdh != NULL)
- EC_KEY_free(clnt_ecdh);
+ EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
#endif
return (-1);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bed4a4e..69f3d5d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3141,8 +3141,7 @@ void ssl3_free(SSL *s)

DH_free(s->s3->tmp.dh);
#endif
#ifndef OPENSSL_NO_EC

- if (s->s3->tmp.ecdh != NULL)
- EC_KEY_free(s->s3->tmp.ecdh);
+ EC_KEY_free(s->s3->tmp.ecdh);
#endif

if (s->s3->tmp.ca_names != NULL)

@@ -3182,10 +3181,8 @@ void ssl3_clear(SSL *s)

s->s3->tmp.dh = NULL;
#endif
#ifndef OPENSSL_NO_EC

- if (s->s3->tmp.ecdh != NULL) {
- EC_KEY_free(s->s3->tmp.ecdh);
- s->s3->tmp.ecdh = NULL;
- }
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
#endif
#ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
@@ -3356,8 +3353,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return (ret);
}
}
- if (s->cert->ecdh_tmp != NULL)
- EC_KEY_free(s->cert->ecdh_tmp);
+ EC_KEY_free(s->cert->ecdh_tmp);
s->cert->ecdh_tmp = ecdh;
ret = 1;
}
@@ -3829,9 +3825,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
}
}

- if (cert->ecdh_tmp != NULL) {
- EC_KEY_free(cert->ecdh_tmp);
- }
+ EC_KEY_free(cert->ecdh_tmp);
cert->ecdh_tmp = ecdh;
return 1;
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 05dc439..68a8c81 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2886,8 +2886,7 @@ int ssl3_get_client_key_exchange(SSL *s)
#ifndef OPENSSL_NO_EC
EVP_PKEY_free(clnt_pub_pkey);
EC_POINT_free(clnt_ecpoint);
- if (srvr_ecdh != NULL)
- EC_KEY_free(srvr_ecdh);
+ EC_KEY_free(srvr_ecdh);
BN_CTX_free(bn_ctx);
#endif
return (-1);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 367f7a9..f05a60a 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -449,8 +449,7 @@ void ssl_cert_free(CERT *c)

DH_free(c->dh_tmp);
#endif
#ifndef OPENSSL_NO_EC

- if (c->ecdh_tmp)
- EC_KEY_free(c->ecdh_tmp);
+ EC_KEY_free(c->ecdh_tmp);
#endif

ssl_cert_clear_certs(c);
@@ -655,8 +654,7 @@ void ssl_sess_cert_free(SESS_CERT *sc)

DH_free(sc->peer_dh_tmp);
#endif
#ifndef OPENSSL_NO_EC

- if (sc->peer_ecdh_tmp != NULL)
- EC_KEY_free(sc->peer_ecdh_tmp);
+ EC_KEY_free(sc->peer_ecdh_tmp);
#endif

OPENSSL_free(sc);

Dr. Stephen Henson

unread,

Mar 25, 2015, 8:44:54 PM3/25/15

to

The branch master has been updated

via 8e3f0c988fabf60b65f7109b7f47daec0fde9c39 (commit)
via c315a547e62fc8f1bdc3e9d57138871117dca6f7 (commit)
from 8fdc3734c063146b038608c2412a0f2c9b21b6d6 (commit)

- Log -----------------------------------------------------------------
commit 8e3f0c988fabf60b65f7109b7f47daec0fde9c39

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Mar 25 22:21:39 2015 +0000

update ordinals

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit c315a547e62fc8f1bdc3e9d57138871117dca6f7

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Mar 25 22:02:42 2015 +0000

Move more internal only functions to asn1_locl.h

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/a_bitstr.c | 1 +
crypto/asn1/a_int.c | 1 +
crypto/asn1/a_object.c | 1 +
crypto/asn1/a_type.c | 3 ++-
crypto/asn1/asn1.h | 8 --------
crypto/asn1/asn1_locl.h | 12 ++++++++++++
crypto/asn1/asn1t.h | 8 --------
crypto/asn1/tasn_dec.c | 21 ++++++---------------
crypto/asn1/tasn_enc.c | 6 ------
crypto/asn1/tasn_fre.c | 16 ++++++++--------
crypto/asn1/tasn_new.c | 14 ++++++++------
util/libeay.num | 22 +++++++++++-----------
12 files changed, 50 insertions(+), 63 deletions(-)

diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 4078be4..24cdb0f 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
+#include "asn1_locl.h"

int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
{
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 65fac75..f7f90ff 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -60,6 +60,7 @@
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/bn.h>
+#include "asn1_locl.h"

ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index ddc3aaf..845413c 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c

@@ -64,6 +64,7 @@
#include <openssl/objects.h>

#include <openssl/bn.h>
#include "internal/asn1_int.h"
+#include "asn1_locl.h"

int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{

diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index e7ec49d..d52ed46 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -60,6 +60,7 @@
#include "cryptlib.h"

#include <openssl/asn1t.h>
#include <openssl/objects.h>
+#include "asn1_locl.h"

int ASN1_TYPE_get(ASN1_TYPE *a)
{
@@ -73,7 +74,7 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
{
if (a->value.ptr != NULL) {
ASN1_TYPE **tmp_a = &a;
- ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+ asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
}
a->type = type;
if (type == V_ASN1_BOOLEAN)
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index a00c08a..0cf5c46 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -595,8 +595,6 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
ASN1_OBJECT *ASN1_OBJECT_new(void);
void ASN1_OBJECT_free(ASN1_OBJECT *a);
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
- long length);
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
long length);

@@ -623,9 +621,6 @@ int ASN1_STRING_type(ASN1_STRING *x);
unsigned char *ASN1_STRING_data(ASN1_STRING *x);

DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
- const unsigned char **pp, long length);
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
@@ -639,9 +634,6 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
BIT_STRING_BITNAME *tbl);

DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
- long length);
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
long length);
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
index 79d76ec..aa10bea 100644
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/asn1/asn1_locl.h
@@ -127,3 +127,15 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
const ASN1_ITEM *it);

int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,

const ASN1_ITEM *it);
+
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long length);
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+ const unsigned char **pp, long length);
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ long length);
diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h
index e6f6d79..c54d3d4 100644
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@@ -894,21 +894,13 @@ DECLARE_STACK_OF(ASN1_VALUE)

int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);

-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
- const ASN1_TEMPLATE *tt);
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_ITEM *it, int tag, int aclass, char opt,
ASN1_TLC *ctx);

int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,

const ASN1_ITEM *it, int tag, int aclass);

-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
- const ASN1_TEMPLATE *tt);
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

#ifdef __cplusplus
}
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 5111c12..531fad9 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -149,15 +149,6 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
return NULL;
}

-int ASN1_template_d2i(ASN1_VALUE **pval,
- const unsigned char **in, long len,
- const ASN1_TEMPLATE *tt)
-{
- ASN1_TLC c;
- asn1_tlc_clear_nc(&c);
- return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
-}
-
/*
* Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
* tag mismatch return -1 to handle OPTIONAL
@@ -248,7 +239,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,

if ((i >= 0) && (i < it->tcount)) {

tt = it->templates + i;

pchptr = asn1_get_field_ptr(pval, tt);
- ASN1_template_free(pchptr, tt);
+ asn1_template_free(pchptr, tt);
asn1_set_choice_selector(pval, -1, it);
}
} else if (!ASN1_item_ex_new(pval, it)) {
@@ -338,7 +329,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1);
pseqval = asn1_get_field_ptr(pval, seqtt);
- ASN1_template_free(pseqval, seqtt);
+ asn1_template_free(pseqval, seqtt);
}
}

@@ -386,7 +377,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
/*
* OPTIONAL component absent. Free and zero the field.
*/
- ASN1_template_free(pseqval, seqtt);
+ asn1_template_free(pseqval, seqtt);
continue;
}
/* Update length */
@@ -417,7 +408,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
ASN1_VALUE **pseqval;
pseqval = asn1_get_field_ptr(pval, seqtt);
- ASN1_template_free(pseqval, seqtt);
+ asn1_template_free(pseqval, seqtt);
} else {
errtt = seqtt;
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
@@ -520,7 +511,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
return 1;

err:
- ASN1_template_free(val, tt);
+ asn1_template_free(val, tt);
return 0;
}

@@ -639,7 +630,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
return 1;

err:
- ASN1_template_free(val, tt);
+ asn1_template_free(val, tt);
return 0;
}

diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 251a8f1..d758861 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -238,12 +238,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
return 0;
}

-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
- const ASN1_TEMPLATE *tt)
-{
- return asn1_template_ex_i2d(pval, out, tt, -1, 0);
-}
-
static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
const ASN1_TEMPLATE *tt, int tag, int iclass)
{
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index 6f62fd4..fd9f046 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -100,13 +100,13 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,

case ASN1_ITYPE_PRIMITIVE:
if (it->templates)

- ASN1_template_free(pval, it->templates);
+ asn1_template_free(pval, it->templates);
else
- ASN1_primitive_free(pval, it);
+ asn1_primitive_free(pval, it);
break;

case ASN1_ITYPE_MSTRING:
- ASN1_primitive_free(pval, it);
+ asn1_primitive_free(pval, it);
break;

case ASN1_ITYPE_CHOICE:
@@ -121,7 +121,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,

tt = it->templates + i;
pchval = asn1_get_field_ptr(pval, tt);

- ASN1_template_free(pchval, tt);
+ asn1_template_free(pchval, tt);
}
if (asn1_cb)
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
@@ -159,7 +159,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
if (!seqtt)
continue;
pseqval = asn1_get_field_ptr(pval, seqtt);
- ASN1_template_free(pseqval, seqtt);
+ asn1_template_free(pseqval, seqtt);
}
if (asn1_cb)
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
@@ -171,7 +171,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
}
}

-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{

if (tt->flags & ASN1_TFLG_SK_MASK) {
STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;

@@ -190,7 +190,7 @@ void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
}
}

-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
int utype;

@@ -238,7 +238,7 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
break;

case V_ASN1_ANY:
- ASN1_primitive_free(pval, NULL);
+ asn1_primitive_free(pval, NULL);
OPENSSL_free(*pval);
break;

diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 996a4d5..b1f4da2 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -67,7 +67,9 @@

static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);

+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);

@@ -120,14 +122,14 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,

case ASN1_ITYPE_PRIMITIVE:
if (it->templates) {

- if (!ASN1_template_new(pval, it->templates))
+ if (!asn1_template_new(pval, it->templates))
goto memerr;
- } else if (!ASN1_primitive_new(pval, it))
+ } else if (!asn1_primitive_new(pval, it))
goto memerr;
break;

case ASN1_ITYPE_MSTRING:
- if (!ASN1_primitive_new(pval, it))
+ if (!asn1_primitive_new(pval, it))
goto memerr;
break;

@@ -179,7 +181,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
}
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt);
- if (!ASN1_template_new(pseqval, tt))
+ if (!asn1_template_new(pseqval, tt))
goto memerr;
}
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
@@ -244,7 +246,7 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
}
}

-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
{
const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
int ret;
@@ -299,7 +301,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
* all the old functions.
*/

-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
ASN1_TYPE *typ;
ASN1_STRING *str;
diff --git a/util/libeay.num b/util/libeay.num
index bfea39f..b848411 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1837,14 +1837,14 @@ CRYPTO_get_dynlock_destroy_cb 2418 EXIST:VMS:FUNCTION:
CRYPTO_get_dynlock_value 2419 EXIST::FUNCTION:
CRYPTO_get_dynlock_create_callback 2420 EXIST:!VMS:FUNCTION:
CRYPTO_get_dynlock_create_cb 2420 EXIST:VMS:FUNCTION:
-c2i_ASN1_BIT_STRING 2421 EXIST::FUNCTION:
-i2c_ASN1_BIT_STRING 2422 EXIST::FUNCTION:
+c2i_ASN1_BIT_STRING 2421 NOEXIST::FUNCTION:
+i2c_ASN1_BIT_STRING 2422 NOEXIST::FUNCTION:
RAND_poll 2423 EXIST::FUNCTION:
-c2i_ASN1_INTEGER 2424 EXIST::FUNCTION:
-i2c_ASN1_INTEGER 2425 EXIST::FUNCTION:
+c2i_ASN1_INTEGER 2424 NOEXIST::FUNCTION:
+i2c_ASN1_INTEGER 2425 NOEXIST::FUNCTION:
BIO_dump_indent 2426 EXIST::FUNCTION:
ASN1_parse_dump 2427 EXIST::FUNCTION:
-c2i_ASN1_OBJECT 2428 EXIST::FUNCTION:
+c2i_ASN1_OBJECT 2428 NOEXIST::FUNCTION:
X509_NAME_print_ex_fp 2429 EXIST::FUNCTION:STDIO
ASN1_STRING_print_ex_fp 2430 EXIST::FUNCTION:STDIO
X509_NAME_print_ex 2431 EXIST::FUNCTION:
@@ -2012,7 +2012,7 @@ UI_ctrl 2580 EXIST::FUNCTION:

_shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
_shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES

asn1_do_adb 2582 NOEXIST::FUNCTION:
-ASN1_template_i2d 2583 EXIST::FUNCTION:
+ASN1_template_i2d 2583 NOEXIST::FUNCTION:

ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE
UI_construct_prompt 2585 EXIST::FUNCTION:

X509_STORE_set_trust 2586 EXIST::FUNCTION:
@@ -2349,7 +2349,7 @@ ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE
UI_destroy_method 2857 EXIST::FUNCTION:
ASN1_item_i2d_bio 2858 EXIST::FUNCTION:
OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION:
-ASN1_primitive_new 2860 EXIST::FUNCTION:
+ASN1_primitive_new 2860 NOEXIST::FUNCTION:
ASN1_PRINTABLE_it 2861 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_PRINTABLE_it 2861 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EVP_aes_192_ecb 2862 EXIST::FUNCTION:AES
@@ -2482,7 +2482,7 @@ OCSP_check_validity 2971 EXIST::FUNCTION:
PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_url_svcloc_new 2973 EXIST::FUNCTION:
-ASN1_template_free 2974 EXIST::FUNCTION:
+ASN1_template_free 2974 NOEXIST::FUNCTION:
OCSP_SINGLERESP_add_ext 2975 EXIST::FUNCTION:
KRB5_AUTHENTBODY_it 2976 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2497,7 +2497,7 @@ KRB5_TICKET_new 2983 EXIST::FUNCTION:
KRB5_APREQ_new 2984 EXIST::FUNCTION:
EC_GROUP_get_curve_GFp 2985 EXIST::FUNCTION:EC
KRB5_ENCKEY_new 2986 EXIST::FUNCTION:
-ASN1_template_d2i 2987 EXIST::FUNCTION:
+ASN1_template_d2i 2987 NOEXIST::FUNCTION:
_ossl_old_des_quad_cksum 2988 NOEXIST::FUNCTION:
OCSP_single_get0_status 2989 EXIST::FUNCTION:
BN_swap 2990 EXIST::FUNCTION:
@@ -2574,7 +2574,7 @@ OCSP_request_onereq_count 3047 EXIST::FUNCTION:
OCSP_basic_verify 3048 EXIST::FUNCTION:
KRB5_AUTHENTBODY_free 3049 EXIST::FUNCTION:
ASN1_item_d2i 3050 EXIST::FUNCTION:
-ASN1_primitive_free 3051 EXIST::FUNCTION:
+ASN1_primitive_free 3051 NOEXIST::FUNCTION:

i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:

asn1_enc_save 3054 NOEXIST::FUNCTION:
@@ -2623,7 +2623,7 @@ ASN1_OCTET_STRING_it 3090 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
ASN1_OCTET_STRING_it 3090 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ERR_load_UI_strings 3091 EXIST::FUNCTION:
i2d_KRB5_ENCKEY 3092 EXIST::FUNCTION:
-ASN1_template_new 3093 EXIST::FUNCTION:
+ASN1_template_new 3093 NOEXIST::FUNCTION:
OCSP_SIGNATURE_free 3094 EXIST::FUNCTION:
ASN1_item_i2d_fp 3095 EXIST::FUNCTION:STDIO
KRB5_PRINCNAME_free 3096 EXIST::FUNCTION:

Dr. Stephen Henson

unread,

Mar 26, 2015, 6:00:52 PM3/26/15

to

The branch master has been updated

via dd14f911714da77876a3c17e0168b6afef923be8 (commit)
from ee3ef9cbe9b355c460ebb06c3eee0e503fe1fb1a (commit)

- Log -----------------------------------------------------------------
commit dd14f911714da77876a3c17e0168b6afef923be8

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Feb 3 16:09:32 2015 +0000

ASN1_TYPE documentation.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/crypto/ASN1_STRING_length.pod | 2 +-
doc/crypto/ASN1_TYPE_get.pod | 70 +++++++++++++++++++++++++++++++++++++++
2 files changed, 71 insertions(+), 1 deletion(-)
create mode 100644 doc/crypto/ASN1_TYPE_get.pod

diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod
index f651e4f..6fb9c94 100644
--- a/doc/crypto/ASN1_STRING_length.pod
+++ b/doc/crypto/ASN1_STRING_length.pod
@@ -48,7 +48,7 @@ such as B<V_ASN1_OCTET_STRING>.
ASN1_STRING_to_UTF8() converts the string B<in> to UTF8 format, the
converted data is allocated in a buffer in B<*out>. The length of
B<out> is returned or a negative error code. The buffer B<*out>
-should be free using OPENSSL_free().
+should be freed using OPENSSL_free().

=head1 NOTES

diff --git a/doc/crypto/ASN1_TYPE_get.pod b/doc/crypto/ASN1_TYPE_get.pod
new file mode 100644
index 0000000..a6c65aa
--- /dev/null
+++ b/doc/crypto/ASN1_TYPE_get.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp - ASN1_TYPE utility
+functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ int ASN1_TYPE_get(ASN1_TYPE *a);
+ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+=head1 DESCRIPTION
+
+These functions allow an ASN1_TYPE structure to be manipulated. The
+ASN1_TYPE structure can contain any ASN.1 type or constructed type
+such as a SEQUENCE: it is effectively equivalent to the ASN.1 ANY type.
+
+ASN1_TYPE_get() returns the type of B<a>.
+
+ASN1_TYPE_set() sets the value of B<a> to B<type> and B<value>. This
+function uses the pointer B<value> internally so it must B<not> be freed
+up after the call.
+
+ASN1_TYPE_set1() sets the value of B<a> to B<type> a copy of B<value>.
+
+ASN1_TYPE_cmp() compares ASN.1 types B<a> and B<b> and returns 0 if
+they are identical and non-zero otherwise.
+
+=head1 NOTES
+
+The type and meaning of the B<value> parameter for ASN1_TYPE_set() and
+ASN1_TYPE_set1() is determined by the B<type> parameter.
+If B<type> is V_ASN1_NULL B<value> is ignored. If B<type> is V_ASN1_BOOLEAN
+then the boolean is set to TRUE if B<value> is not NULL. If B<type> is
+V_ASN1_OBJECT then value is an ASN1_OBJECT structure. Otherwise B<type>
+is and ASN1_STRING structure. If B<type> corresponds to a primitive type
+(or a string type) then the contents of the ASN1_STRING contain the content
+octets of the type. If B<type> corresponds to a constructed type or
+a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the
+ASN1_STRING contains the entire ASN.1 encoding verbatim (including tag and
+length octets).
+
+ASN1_TYPE_cmp() may not return zero if two types are equivalent but have
+different encodings. For example the single content octet of the boolean TRUE
+value under BER can have any non-zero encoding but ASN1_TYPE_cmp() will
+only return zero if the values are the same.
+
+If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the
+return value is non-zero. Technically if both parameters are NULL the two
+types could be absent OPTIONAL fields and so should match, however passing
+NULL values could also indicate a programming error (for example an
+unparseable type which returns NULL) for types which do B<not> match. So
+applications should handle the case of two absent values separately.
+
+=head1 RETURN VALUES
+
+ASN1_TYPE_get() returns the type of the ASN1_TYPE argument.
+
+ASN1_TYPE_set() does not return a value.
+
+ASN1_TYPE_set1() returns 1 for sucess and 0 for failure.
+
+ASN1_TYPE_cmp() returns 0 if the types are identical and non-zero otherwise.
+
+=cut

Dr. Stephen Henson

unread,

Mar 26, 2015, 6:27:27 PM3/26/15

to

The branch master has been updated

via ee9d76371ae8ea433c19162c2e1522dcd188e556 (commit)
via ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1 (commit)
from dd14f911714da77876a3c17e0168b6afef923be8 (commit)

- Log -----------------------------------------------------------------
commit ee9d76371ae8ea433c19162c2e1522dcd188e556

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Thu Mar 26 15:39:55 2015 +0000

Remove combine option from ASN.1 code.

Remove the combine option. This was used for compatibility with some
non standard behaviour in ancient versions of OpenSSL: specifically
the X509_ATTRIBUTE and DSAPublicKey handling. Since these have now
been revised it is no longer needed.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Thu Mar 26 14:35:49 2015 +0000

Simplify DSA public key handling.

DSA public keys could exist in two forms: a single Integer type or a
SEQUENCE containing the parameters and public key with a field called
"write_params" deciding which form to use. These forms are non standard
and were only used by functions containing "DSAPublicKey" in the name.

Simplify code to only use the parameter form and encode the public key
component directly in the DSA public key method.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/asn1.h | 2 +-
crypto/asn1/asn1_err.c | 2 +-
crypto/asn1/asn1t.h | 14 --------------
crypto/asn1/tasn_fre.c | 28 +++++++---------------------
crypto/asn1/tasn_new.c | 41 ++++++++++++++---------------------------
crypto/asn1/tasn_utl.c | 2 --
crypto/dsa/dsa.h | 1 -
crypto/dsa/dsa_ameth.c | 11 +++++++++--
crypto/dsa/dsa_asn1.c | 9 ++-------
crypto/dsa/dsa_lib.c | 1 -
10 files changed, 34 insertions(+), 77 deletions(-)

diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 0cf5c46..141e630 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -973,7 +973,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_INTEGER_TO_BN 119
# define ASN1_F_ASN1_ITEM_D2I_FP 206
# define ASN1_F_ASN1_ITEM_DUP 191
-# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+# define ASN1_F_ASN1_ITEM_EX_NEW 121
# define ASN1_F_ASN1_ITEM_EX_D2I 120
# define ASN1_F_ASN1_ITEM_I2D_BIO 192
# define ASN1_F_ASN1_ITEM_I2D_FP 193
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index ff7a2eb..b70ddb7 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -101,7 +101,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
- {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_NEW), "ASN1_ITEM_EX_NEW"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h
index c54d3d4..7a2611e 100644
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@@ -299,11 +299,6 @@ extern "C" {
(flags), (tag), offsetof(stname, field),\
#field, ASN1_ITEM_ref(type) }

-/* used when the structure is combined with the parent */
-
-# define ASN1_EX_COMBINE(flags, tag, type) { \
- (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
-
/* implicit and explicit helper macros */

# define ASN1_IMP_EX(stname, field, type, tag, ex) \
@@ -543,15 +538,6 @@ struct ASN1_ADB_TABLE_st {
# define ASN1_TFLG_ADB_INT (0x1<<9)

/*
- * This flag means a parent structure is passed instead of the field: this is
- * useful is a SEQUENCE is being combined with a CHOICE for example. Since
- * this means the structure and item name will differ we need to use the
- * ASN1_CHOICE_END_name() macro for example.
- */
-
-# define ASN1_TFLG_COMBINE (0x1<<10)
-
-/*
* This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes
* indefinite length constructed encoding to be used if required.
*/
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index fd9f046..e846561 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -63,24 +63,15 @@
#include <openssl/objects.h>
#include "asn1_locl.h"

-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine);
-
/* Free up an ASN1 structure */

void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
{
- asn1_item_combine_free(&val, it, 0);
+ ASN1_item_ex_free(&val, it);

}

void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)

{
- asn1_item_combine_free(pval, it, 0);
-}
-
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine)
-{
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;

const ASN1_AUX *aux = it->funcs;

@@ -125,10 +116,8 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,

}
if (asn1_cb)
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);

- if (!combine) {
- OPENSSL_free(*pval);
- *pval = NULL;
- }
+ OPENSSL_free(*pval);
+ *pval = NULL;
break;

case ASN1_ITYPE_EXTERN:
@@ -163,10 +152,8 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,

}
if (asn1_cb)
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);

- if (!combine) {
- OPENSSL_free(*pval);
- *pval = NULL;
- }
+ OPENSSL_free(*pval);
+ *pval = NULL;
break;
}
}
@@ -180,13 +167,12 @@ void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {

ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i);

- asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+ ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
}
sk_ASN1_VALUE_free(sk);
*pval = NULL;
} else {
- asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
- tt->flags & ASN1_TFLG_COMBINE);
+ ASN1_item_ex_free(pval, ASN1_ITEM_ptr(tt->item));
}
}

diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index b1f4da2..1b36ecc 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -65,8 +65,6 @@
#include <string.h>
#include "asn1_locl.h"

-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine);

static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);

static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

@@ -85,12 +83,6 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)

int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)

{
- return asn1_item_ex_combine_new(pval, it, 0);
-}
-
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine)
-{
const ASN1_TEMPLATE *tt = NULL;
const ASN1_EXTERN_FUNCS *ef;

const ASN1_AUX *aux = it->funcs;

@@ -102,8 +94,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
else
asn1_cb = 0;

- if (!combine)
- *pval = NULL;
+ *pval = NULL;

#ifdef CRYPTO_MDEBUG
if (it->sname)
@@ -146,12 +137,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1;
}
}
- if (!combine) {
- *pval = OPENSSL_malloc(it->size);
- if (!*pval)
- goto memerr;
- memset(*pval, 0, it->size);
- }
+ *pval = OPENSSL_malloc(it->size);
+ if (!*pval)
+ goto memerr;
+ memset(*pval, 0, it->size);
asn1_set_choice_selector(pval, -1, it);

if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))

goto auxerr;
@@ -171,14 +160,12 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1;
}
}
- if (!combine) {
- *pval = OPENSSL_malloc(it->size);
- if (!*pval)
- goto memerr;
- memset(*pval, 0, it->size);
- asn1_do_lock(pval, 0, it);
- asn1_enc_init(pval, it);
- }
+ *pval = OPENSSL_malloc(it->size);
+ if (!*pval)
+ goto memerr;
+ memset(*pval, 0, it->size);
+ asn1_do_lock(pval, 0, it);
+ asn1_enc_init(pval, it);

for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt);

if (!asn1_template_new(pseqval, tt))
@@ -195,7 +182,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1;

memerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
+ ASN1err(ASN1_F_ASN1_ITEM_EX_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG
if (it->sname)
CRYPTO_pop_info();
@@ -203,7 +190,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 0;

auxerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
+ ASN1err(ASN1_F_ASN1_ITEM_EX_NEW, ASN1_R_AUX_ERROR);
ASN1_item_ex_free(pval, it);
#ifdef CRYPTO_MDEBUG
if (it->sname)
@@ -278,7 +265,7 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
goto done;
}
/* Otherwise pass it back to the item routine */
- ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+ ret = ASN1_item_ex_new(pval, it);
done:
#ifdef CRYPTO_MDEBUG
if (it->sname)
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index da7b029..17318ea 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -202,8 +202,6 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,

ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)

{
ASN1_VALUE **pvaltmp;
- if (tt->flags & ASN1_TFLG_COMBINE)
- return pval;
pvaltmp = offset2ptr(*pval, tt->offset);
/*
* NOTE for BOOLEAN types the field is just a plain int so we can't
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 949360f..8fd5596 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -160,7 +160,6 @@ struct dsa_st {
*/
int pad;
long version;
- int write_params;
BIGNUM *p;
BIGNUM *q; /* == 20 */
BIGNUM *g;
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 96d5c5a..65e07fd 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -132,6 +132,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
unsigned char *penc = NULL;
int penclen;
ASN1_STRING *str = NULL;
+ ASN1_INTEGER *pubint = NULL;

dsa = pkey->pkey.dsa;
if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
@@ -149,9 +150,15 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
} else
ptype = V_ASN1_UNDEF;

- dsa->write_params = 0;
+ pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);

- penclen = i2d_DSAPublicKey(dsa, &penc);
+ if (pubint == NULL) {
+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);

+ goto err;
+ }
+

+ penclen = i2d_ASN1_INTEGER(pubint, &penc);
+ ASN1_INTEGER_free(pubint);

if (penclen <= 0) {
DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 08ed52b..e7f80a8 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -132,17 +132,12 @@ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
* key as an INTEGER or the parameters and public key in a SEQUENCE
*/

-ASN1_SEQUENCE(dsa_pub_internal) = {
+ASN1_SEQUENCE(DSAPublicKey) = {
ASN1_SIMPLE(DSA, pub_key, BIGNUM),
ASN1_SIMPLE(DSA, p, BIGNUM),
ASN1_SIMPLE(DSA, q, BIGNUM),
ASN1_SIMPLE(DSA, g, BIGNUM)
-} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
-
-ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
- ASN1_SIMPLE(DSA, pub_key, BIGNUM),
- ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
-} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
+} ASN1_SEQUENCE_END_name(DSA, DSAPublicKey)

IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index bfd9106..c94be9d 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -146,7 +146,6 @@ DSA *DSA_new_method(ENGINE *engine)

ret->pad = 0;
ret->version = 0;
- ret->write_params = 1;
ret->p = NULL;
ret->q = NULL;
ret->g = NULL;