diff options
| author | marha <marha@users.sourceforge.net> | 2010-06-17 08:30:55 +0000 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2010-06-17 08:30:55 +0000 |
| commit | eb8e32daea99b6e3ebf134efeeba184c23817f08 (patch) | |
| tree | ffbda57952ba3f40612e6409bd9a95f9a0a892dc /openssl | |
| parent | ed16af1abc515d7cc3ff9c5794aef89551fe7494 (diff) | |
| parent | fef0b61e18b9c7475e4d6e67ddfc55db46573f4e (diff) | |
| download | vcxsrv-eb8e32daea99b6e3ebf134efeeba184c23817f08.tar.gz vcxsrv-eb8e32daea99b6e3ebf134efeeba184c23817f08.tar.bz2 vcxsrv-eb8e32daea99b6e3ebf134efeeba184c23817f08.zip | |
svn merge ^/branches/released .
Diffstat (limited to 'openssl')
66 files changed, 1331 insertions, 745 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES index e8655ab14..b139cf624 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,12 @@ OpenSSL CHANGES _______________ + Changes between 1.0.0 and 1.0.0a [01 Jun 2010] + + *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover + (CVE-2010-1633) + [Steve Henson, Peter-Michael Hager <hager@dortmund.net>] + Changes between 0.9.8n and 1.0.0 [29 Mar 2010] *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher @@ -843,6 +849,17 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] + Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] + + *) Correct a typo in the CMS ASN1 module which can result in invalid memory + access or freeing data twice (CVE-2010-0742) + [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>] + + *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more + common in certificates and some applications which only call + SSL_library_init and not OpenSSL_add_all_algorithms() will fail. + [Steve Henson] + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never diff --git a/openssl/Configure b/openssl/Configure index ec7faae4f..a94ad4fd3 100644 --- a/openssl/Configure +++ b/openssl/Configure @@ -503,7 +503,7 @@ my %table=( "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", # MinGW -"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall:::MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", +"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", # As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll # compiled with one compiler with application compiled with another # compiler. It's possible to engage Applink support in mingw64 build, @@ -511,7 +511,7 @@ my %table=( # handling, one can't seriously consider its binaries for using with # non-mingw64 run-time environment. And as mingw64 is always consistent # with itself, Applink is never engaged and can as well be omitted. -"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE:::MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", +"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", # UWIN "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", @@ -547,7 +547,7 @@ my %table=( ##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", -"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", @@ -1789,11 +1789,11 @@ EOF (system $make_command.$make_targets) == 0 or exit $? if $make_targets ne ""; if ( $perl =~ m@^/@) { - &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); + &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); } else { # No path for Perl known ... - &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); + &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } if ($depflags ne $default_depflags && !$make_depend) { diff --git a/openssl/FAQ b/openssl/FAQ index 2134e3af1..becee6663 100644 --- a/openssl/FAQ +++ b/openssl/FAQ @@ -79,7 +79,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.0 was released on Mar 29th, 2010. +OpenSSL 1.0.0a was released on Jun 1st, 2010. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -722,7 +722,7 @@ file. Multi-threaded applications must provide two callback functions to OpenSSL by calling CRYPTO_set_locking_callback() and CRYPTO_set_id_callback(), for all versions of OpenSSL up to and -including 0.9.8[abc...]. As of version 0.9.9, CRYPTO_set_id_callback() +including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() and associated APIs are deprecated by CRYPTO_THREADID_set_callback() and friends. This is described in the threads(3) manpage. diff --git a/openssl/NEWS b/openssl/NEWS index 4fc76d10f..3a787ea06 100644 --- a/openssl/NEWS +++ b/openssl/NEWS @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: + + o Fix for security issue CVE-2010-1633. + o GOST MAC and CFB fixes. + Major changes between OpenSSL 0.9.8n and OpenSSL 1.0: o RFC3280 path validation: sufficient to process PKITS tests. @@ -28,6 +33,14 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + + o Fix for security issue CVE-2010-0742. + o Various DTLS fixes. + o Recognise SHA2 certificates if only SSL algorithms added. + o Fix for no-rc4 compilation. + o Chil ENGINE unload workaround. + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: o CFB cipher definition fixes. diff --git a/openssl/README b/openssl/README index b649a66d1..c1d0a5fd5 100644 --- a/openssl/README +++ b/openssl/README @@ -1,7 +1,7 @@ - OpenSSL 1.0.0 29 Mar 2010 + OpenSSL 1.0.0a 1 Jun 2010 - Copyright (c) 1998-2009 The OpenSSL Project + Copyright (c) 1998-2010 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/openssl/apps/CA.com b/openssl/apps/CA.com index 02682e424..69b7bb3fd 100644 --- a/openssl/apps/CA.com +++ b/openssl/apps/CA.com @@ -114,8 +114,8 @@ $! $ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. "" $ THEN $ READ '__INPUT' FILE - - /PROMT="CA certificate filename (or enter to create)" -$ IF F$SEARCH(FILE) .NES. "" + /PROMPT="CA certificate filename (or enter to create)" +$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "") $ THEN $ COPY 'FILE' 'CATOP'.private'CAKEY' $ RET=$STATUS diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c index 5dccea70d..acc50df04 100644 --- a/openssl/apps/apps.c +++ b/openssl/apps/apps.c @@ -875,10 +875,17 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, if (format == FORMAT_ENGINE) { if (!e) - BIO_printf(bio_err,"no engine specified\n"); + BIO_printf(err,"no engine specified\n"); else + { pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data); + if (!pkey) + { + BIO_printf(err,"cannot load %s from engine\n",key_descrip); + ERR_print_errors(err); + } + } goto end; } #endif @@ -923,7 +930,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, &pkey, NULL, NULL)) goto end; } -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4) else if (format == FORMAT_MSBLOB) pkey = b2i_PrivateKey_bio(key); else if (format == FORMAT_PVK) @@ -937,8 +944,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, } end: if (key != NULL) BIO_free(key); - if (pkey == NULL) + if (pkey == NULL) + { BIO_printf(err,"unable to load %s\n", key_descrip); + ERR_print_errors(err); + } return(pkey); } diff --git a/openssl/apps/dsa.c b/openssl/apps/dsa.c index 1109346f7..5222487ab 100644 --- a/openssl/apps/dsa.c +++ b/openssl/apps/dsa.c @@ -334,7 +334,7 @@ bad: i=PEM_write_bio_DSA_PUBKEY(out,dsa); else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, NULL,0,NULL, passout); -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); diff --git a/openssl/apps/makeapps.com b/openssl/apps/makeapps.com index b96c4a1c6..58f286562 100644 --- a/openssl/apps/makeapps.com +++ b/openssl/apps/makeapps.com @@ -25,7 +25,7 @@ $! VAXC For VAX C. $! DECC For DEC C. $! GNUC For GNU C. $! -$! If you don't speficy a compiler, it will try to determine which +$! If you don't specify a compiler, it will try to determine which $! "C" compiler to use. $! $! P3, if defined, sets a TCP/IP library to use, through one of the following @@ -52,7 +52,7 @@ $ THEN $! $! The Architecture Is VAX. $! -$ ARCH := VAX +$ ARCH = "VAX" $! $! Else... $! @@ -555,7 +555,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -770,7 +770,7 @@ $! Set up default defines $! $ CCDEFS = """FLAT_INC=1""," + CCDEFS $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -875,7 +875,7 @@ $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/openssl/apps/rsa.c b/openssl/apps/rsa.c index b3c8aff7e..a17708fe9 100644 --- a/openssl/apps/rsa.c +++ b/openssl/apps/rsa.c @@ -409,7 +409,7 @@ bad: } else i=PEM_write_bio_RSAPrivateKey(out,rsa, enc,NULL,0,NULL,passout); -#ifndef OPENSSL_NO_DSA +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); diff --git a/openssl/crypto/aes/asm/aes-ppc.pl b/openssl/crypto/aes/asm/aes-ppc.pl index ce427655e..f82c5e181 100644 --- a/openssl/crypto/aes/asm/aes-ppc.pl +++ b/openssl/crypto/aes/asm/aes-ppc.pl @@ -16,6 +16,19 @@ # at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact - # at 1/3 of ppc_AES_decrypt. +# February 2010 +# +# Rescheduling instructions to favour Power6 pipeline gives 10% +# performance improvement on the platfrom in question (and marginal +# improvement even on others). It should be noted that Power6 fails +# to process byte in 18 cycles, only in 23, because it fails to issue +# 4 load instructions in two cycles, only in 3. As result non-compact +# block subroutines are 25% slower than one would expect. Compact +# functions scale better, because they have pure computational part, +# which scales perfectly with clock frequency. To be specific +# ppc_AES_encrypt_compact operates at 42 cycles per byte, while +# ppc_AES_decrypt_compact - at 55 (in 64-bit build). + $flavour = shift; if ($flavour =~ /64/) { @@ -376,7 +389,7 @@ $code.=<<___; addi $sp,$sp,$FRAME blr -.align 4 +.align 5 Lppc_AES_encrypt: lwz $acc00,240($key) lwz $t0,0($key) @@ -397,46 +410,46 @@ Lppc_AES_encrypt: Lenc_loop: rlwinm $acc00,$s0,`32-24+3`,21,28 rlwinm $acc01,$s1,`32-24+3`,21,28 - lwz $t0,0($key) - lwz $t1,4($key) rlwinm $acc02,$s2,`32-24+3`,21,28 rlwinm $acc03,$s3,`32-24+3`,21,28 - lwz $t2,8($key) - lwz $t3,12($key) + lwz $t0,0($key) + lwz $t1,4($key) rlwinm $acc04,$s1,`32-16+3`,21,28 rlwinm $acc05,$s2,`32-16+3`,21,28 - lwzx $acc00,$Tbl0,$acc00 - lwzx $acc01,$Tbl0,$acc01 + lwz $t2,8($key) + lwz $t3,12($key) rlwinm $acc06,$s3,`32-16+3`,21,28 rlwinm $acc07,$s0,`32-16+3`,21,28 - lwzx $acc02,$Tbl0,$acc02 - lwzx $acc03,$Tbl0,$acc03 + lwzx $acc00,$Tbl0,$acc00 + lwzx $acc01,$Tbl0,$acc01 rlwinm $acc08,$s2,`32-8+3`,21,28 rlwinm $acc09,$s3,`32-8+3`,21,28 - lwzx $acc04,$Tbl1,$acc04 - lwzx $acc05,$Tbl1,$acc05 + lwzx $acc02,$Tbl0,$acc02 + lwzx $acc03,$Tbl0,$acc03 rlwinm $acc10,$s0,`32-8+3`,21,28 rlwinm $acc11,$s1,`32-8+3`,21,28 - lwzx $acc06,$Tbl1,$acc06 - lwzx $acc07,$Tbl1,$acc07 + lwzx $acc04,$Tbl1,$acc04 + lwzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s3,`0+3`,21,28 rlwinm $acc13,$s0,`0+3`,21,28 - lwzx $acc08,$Tbl2,$acc08 - lwzx $acc09,$Tbl2,$acc09 + lwzx $acc06,$Tbl1,$acc06 + lwzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s1,`0+3`,21,28 rlwinm $acc15,$s2,`0+3`,21,28 - lwzx $acc10,$Tbl2,$acc10 - lwzx $acc11,$Tbl2,$acc11 + lwzx $acc08,$Tbl2,$acc08 + lwzx $acc09,$Tbl2,$acc09 xor $t0,$t0,$acc00 xor $t1,$t1,$acc01 - lwzx $acc12,$Tbl3,$acc12 - lwzx $acc13,$Tbl3,$acc13 + lwzx $acc10,$Tbl2,$acc10 + lwzx $acc11,$Tbl2,$acc11 xor $t2,$t2,$acc02 xor $t3,$t3,$acc03 - lwzx $acc14,$Tbl3,$acc14 - lwzx $acc15,$Tbl3,$acc15 + lwzx $acc12,$Tbl3,$acc12 + lwzx $acc13,$Tbl3,$acc13 xor $t0,$t0,$acc04 xor $t1,$t1,$acc05 + lwzx $acc14,$Tbl3,$acc14 + lwzx $acc15,$Tbl3,$acc15 xor $t2,$t2,$acc06 xor $t3,$t3,$acc07 xor $t0,$t0,$acc08 @@ -452,60 +465,60 @@ Lenc_loop: addi $Tbl2,$Tbl0,2048 nop - lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4 - lwz $acc09,`2048+32`($Tbl0) - lwz $acc10,`2048+64`($Tbl0) - lwz $acc11,`2048+96`($Tbl0) - lwz $acc08,`2048+128`($Tbl0) - lwz $acc09,`2048+160`($Tbl0) - lwz $acc10,`2048+192`($Tbl0) - lwz $acc11,`2048+224`($Tbl0) - rlwinm $acc00,$s0,`32-24`,24,31 - rlwinm $acc01,$s1,`32-24`,24,31 lwz $t0,0($key) lwz $t1,4($key) - rlwinm $acc02,$s2,`32-24`,24,31 - rlwinm $acc03,$s3,`32-24`,24,31 + rlwinm $acc00,$s0,`32-24`,24,31 + rlwinm $acc01,$s1,`32-24`,24,31 lwz $t2,8($key) lwz $t3,12($key) + rlwinm $acc02,$s2,`32-24`,24,31 + rlwinm $acc03,$s3,`32-24`,24,31 + lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4 + lwz $acc09,`2048+32`($Tbl0) rlwinm $acc04,$s1,`32-16`,24,31 rlwinm $acc05,$s2,`32-16`,24,31 - lbzx $acc00,$Tbl2,$acc00 - lbzx $acc01,$Tbl2,$acc01 + lwz $acc10,`2048+64`($Tbl0) + lwz $acc11,`2048+96`($Tbl0) rlwinm $acc06,$s3,`32-16`,24,31 rlwinm $acc07,$s0,`32-16`,24,31 - lbzx $acc02,$Tbl2,$acc02 - lbzx $acc03,$Tbl2,$acc03 + lwz $acc12,`2048+128`($Tbl0) + lwz $acc13,`2048+160`($Tbl0) rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc04,$Tbl2,$acc04 - lbzx $acc05,$Tbl2,$acc05 + lwz $acc14,`2048+192`($Tbl0) + lwz $acc15,`2048+224`($Tbl0) rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc06,$Tbl2,$acc06 - lbzx $acc07,$Tbl2,$acc07 + lbzx $acc00,$Tbl2,$acc00 + lbzx $acc01,$Tbl2,$acc01 rlwinm $acc12,$s3,`0`,24,31 rlwinm $acc13,$s0,`0`,24,31 - lbzx $acc08,$Tbl2,$acc08 - lbzx $acc09,$Tbl2,$acc09 + lbzx $acc02,$Tbl2,$acc02 + lbzx $acc03,$Tbl2,$acc03 rlwinm $acc14,$s1,`0`,24,31 rlwinm $acc15,$s2,`0`,24,31 - lbzx $acc10,$Tbl2,$acc10 - lbzx $acc11,$Tbl2,$acc11 + lbzx $acc04,$Tbl2,$acc04 + lbzx $acc05,$Tbl2,$acc05 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc12,$Tbl2,$acc12 - lbzx $acc13,$Tbl2,$acc13 + lbzx $acc06,$Tbl2,$acc06 + lbzx $acc07,$Tbl2,$acc07 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 - lbzx $acc14,$Tbl2,$acc14 - lbzx $acc15,$Tbl2,$acc15 + lbzx $acc08,$Tbl2,$acc08 + lbzx $acc09,$Tbl2,$acc09 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc10,$Tbl2,$acc10 + lbzx $acc11,$Tbl2,$acc11 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 + lbzx $acc12,$Tbl2,$acc12 + lbzx $acc13,$Tbl2,$acc13 rlwimi $s0,$acc08,8,16,23 rlwimi $s1,$acc09,8,16,23 + lbzx $acc14,$Tbl2,$acc14 + lbzx $acc15,$Tbl2,$acc15 rlwimi $s2,$acc10,8,16,23 rlwimi $s3,$acc11,8,16,23 or $s0,$s0,$acc12 @@ -542,40 +555,40 @@ Lenc_compact_loop: rlwinm $acc01,$s1,`32-24`,24,31 rlwinm $acc02,$s2,`32-24`,24,31 rlwinm $acc03,$s3,`32-24`,24,31 - lbzx $acc00,$Tbl1,$acc00 - lbzx $acc01,$Tbl1,$acc01 rlwinm $acc04,$s1,`32-16`,24,31 rlwinm $acc05,$s2,`32-16`,24,31 - lbzx $acc02,$Tbl1,$acc02 - lbzx $acc03,$Tbl1,$acc03 rlwinm $acc06,$s3,`32-16`,24,31 rlwinm $acc07,$s0,`32-16`,24,31 - lbzx $acc04,$Tbl1,$acc04 - lbzx $acc05,$Tbl1,$acc05 + lbzx $acc00,$Tbl1,$acc00 + lbzx $acc01,$Tbl1,$acc01 rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc06,$Tbl1,$acc06 - lbzx $acc07,$Tbl1,$acc07 + lbzx $acc02,$Tbl1,$acc02 + lbzx $acc03,$Tbl1,$acc03 rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc08,$Tbl1,$acc08 - lbzx $acc09,$Tbl1,$acc09 + lbzx $acc04,$Tbl1,$acc04 + lbzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s3,`0`,24,31 rlwinm $acc13,$s0,`0`,24,31 - lbzx $acc10,$Tbl1,$acc10 - lbzx $acc11,$Tbl1,$acc11 + lbzx $acc06,$Tbl1,$acc06 + lbzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s1,`0`,24,31 rlwinm $acc15,$s2,`0`,24,31 - lbzx $acc12,$Tbl1,$acc12 - lbzx $acc13,$Tbl1,$acc13 + lbzx $acc08,$Tbl1,$acc08 + lbzx $acc09,$Tbl1,$acc09 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc14,$Tbl1,$acc14 - lbzx $acc15,$Tbl1,$acc15 + lbzx $acc10,$Tbl1,$acc10 + lbzx $acc11,$Tbl1,$acc11 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 + lbzx $acc12,$Tbl1,$acc12 + lbzx $acc13,$Tbl1,$acc13 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl1,$acc14 + lbzx $acc15,$Tbl1,$acc15 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 rlwimi $s0,$acc08,8,16,23 @@ -725,7 +738,7 @@ Lenc_compact_done: addi $sp,$sp,$FRAME blr -.align 4 +.align 5 Lppc_AES_decrypt: lwz $acc00,240($key) lwz $t0,0($key) @@ -746,46 +759,46 @@ Lppc_AES_decrypt: Ldec_loop: rlwinm $acc00,$s0,`32-24+3`,21,28 rlwinm $acc01,$s1,`32-24+3`,21,28 - lwz $t0,0($key) - lwz $t1,4($key) rlwinm $acc02,$s2,`32-24+3`,21,28 rlwinm $acc03,$s3,`32-24+3`,21,28 - lwz $t2,8($key) - lwz $t3,12($key) + lwz $t0,0($key) + lwz $t1,4($key) rlwinm $acc04,$s3,`32-16+3`,21,28 rlwinm $acc05,$s0,`32-16+3`,21,28 - lwzx $acc00,$Tbl0,$acc00 - lwzx $acc01,$Tbl0,$acc01 + lwz $t2,8($key) + lwz $t3,12($key) rlwinm $acc06,$s1,`32-16+3`,21,28 rlwinm $acc07,$s2,`32-16+3`,21,28 - lwzx $acc02,$Tbl0,$acc02 - lwzx $acc03,$Tbl0,$acc03 + lwzx $acc00,$Tbl0,$acc00 + lwzx $acc01,$Tbl0,$acc01 rlwinm $acc08,$s2,`32-8+3`,21,28 rlwinm $acc09,$s3,`32-8+3`,21,28 - lwzx $acc04,$Tbl1,$acc04 - lwzx $acc05,$Tbl1,$acc05 + lwzx $acc02,$Tbl0,$acc02 + lwzx $acc03,$Tbl0,$acc03 rlwinm $acc10,$s0,`32-8+3`,21,28 rlwinm $acc11,$s1,`32-8+3`,21,28 - lwzx $acc06,$Tbl1,$acc06 - lwzx $acc07,$Tbl1,$acc07 + lwzx $acc04,$Tbl1,$acc04 + lwzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s1,`0+3`,21,28 rlwinm $acc13,$s2,`0+3`,21,28 - lwzx $acc08,$Tbl2,$acc08 - lwzx $acc09,$Tbl2,$acc09 + lwzx $acc06,$Tbl1,$acc06 + lwzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s3,`0+3`,21,28 rlwinm $acc15,$s0,`0+3`,21,28 - lwzx $acc10,$Tbl2,$acc10 - lwzx $acc11,$Tbl2,$acc11 + lwzx $acc08,$Tbl2,$acc08 + lwzx $acc09,$Tbl2,$acc09 xor $t0,$t0,$acc00 xor $t1,$t1,$acc01 - lwzx $acc12,$Tbl3,$acc12 - lwzx $acc13,$Tbl3,$acc13 + lwzx $acc10,$Tbl2,$acc10 + lwzx $acc11,$Tbl2,$acc11 xor $t2,$t2,$acc02 xor $t3,$t3,$acc03 - lwzx $acc14,$Tbl3,$acc14 - lwzx $acc15,$Tbl3,$acc15 + lwzx $acc12,$Tbl3,$acc12 + lwzx $acc13,$Tbl3,$acc13 xor $t0,$t0,$acc04 xor $t1,$t1,$acc05 + lwzx $acc14,$Tbl3,$acc14 + lwzx $acc15,$Tbl3,$acc15 xor $t2,$t2,$acc06 xor $t3,$t3,$acc07 xor $t0,$t0,$acc08 @@ -801,56 +814,56 @@ Ldec_loop: addi $Tbl2,$Tbl0,2048 nop - lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4 - lwz $acc09,`2048+32`($Tbl0) - lwz $acc10,`2048+64`($Tbl0) - lwz $acc11,`2048+96`($Tbl0) - lwz $acc08,`2048+128`($Tbl0) - lwz $acc09,`2048+160`($Tbl0) - lwz $acc10,`2048+192`($Tbl0) - lwz $acc11,`2048+224`($Tbl0) - rlwinm $acc00,$s0,`32-24`,24,31 - rlwinm $acc01,$s1,`32-24`,24,31 lwz $t0,0($key) lwz $t1,4($key) - rlwinm $acc02,$s2,`32-24`,24,31 - rlwinm $acc03,$s3,`32-24`,24,31 + rlwinm $acc00,$s0,`32-24`,24,31 + rlwinm $acc01,$s1,`32-24`,24,31 lwz $t2,8($key) lwz $t3,12($key) + rlwinm $acc02,$s2,`32-24`,24,31 + rlwinm $acc03,$s3,`32-24`,24,31 + lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4 + lwz $acc09,`2048+32`($Tbl0) rlwinm $acc04,$s3,`32-16`,24,31 rlwinm $acc05,$s0,`32-16`,24,31 + lwz $acc10,`2048+64`($Tbl0) + lwz $acc11,`2048+96`($Tbl0) lbzx $acc00,$Tbl2,$acc00 lbzx $acc01,$Tbl2,$acc01 + lwz $acc12,`2048+128`($Tbl0) + lwz $acc13,`2048+160`($Tbl0) rlwinm $acc06,$s1,`32-16`,24,31 rlwinm $acc07,$s2,`32-16`,24,31 - lbzx $acc02,$Tbl2,$acc02 - lbzx $acc03,$Tbl2,$acc03 + lwz $acc14,`2048+192`($Tbl0) + lwz $acc15,`2048+224`($Tbl0) rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc04,$Tbl2,$acc04 - lbzx $acc05,$Tbl2,$acc05 + lbzx $acc02,$Tbl2,$acc02 + lbzx $acc03,$Tbl2,$acc03 rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc06,$Tbl2,$acc06 - lbzx $acc07,$Tbl2,$acc07 + lbzx $acc04,$Tbl2,$acc04 + lbzx $acc05,$Tbl2,$acc05 rlwinm $acc12,$s1,`0`,24,31 rlwinm $acc13,$s2,`0`,24,31 - lbzx $acc08,$Tbl2,$acc08 - lbzx $acc09,$Tbl2,$acc09 + lbzx $acc06,$Tbl2,$acc06 + lbzx $acc07,$Tbl2,$acc07 rlwinm $acc14,$s3,`0`,24,31 rlwinm $acc15,$s0,`0`,24,31 - lbzx $acc10,$Tbl2,$acc10 - lbzx $acc11,$Tbl2,$acc11 + lbzx $acc08,$Tbl2,$acc08 + lbzx $acc09,$Tbl2,$acc09 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc12,$Tbl2,$acc12 - lbzx $acc13,$Tbl2,$acc13 + lbzx $acc10,$Tbl2,$acc10 + lbzx $acc11,$Tbl2,$acc11 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 - lbzx $acc14,$Tbl2,$acc14 - lbzx $acc15,$Tbl2,$acc15 + lbzx $acc12,$Tbl2,$acc12 + lbzx $acc13,$Tbl2,$acc13 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl2,$acc14 + lbzx $acc15,$Tbl2,$acc15 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 rlwimi $s0,$acc08,8,16,23 @@ -897,40 +910,40 @@ Ldec_compact_loop: rlwinm $acc01,$s1,`32-24`,24,31 rlwinm $acc02,$s2,`32-24`,24,31 rlwinm $acc03,$s3,`32-24`,24,31 - lbzx $acc00,$Tbl1,$acc00 - lbzx $acc01,$Tbl1,$acc01 rlwinm $acc04,$s3,`32-16`,24,31 rlwinm $acc05,$s0,`32-16`,24,31 - lbzx $acc02,$Tbl1,$acc02 - lbzx $acc03,$Tbl1,$acc03 rlwinm $acc06,$s1,`32-16`,24,31 rlwinm $acc07,$s2,`32-16`,24,31 - lbzx $acc04,$Tbl1,$acc04 - lbzx $acc05,$Tbl1,$acc05 + lbzx $acc00,$Tbl1,$acc00 + lbzx $acc01,$Tbl1,$acc01 rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc06,$Tbl1,$acc06 - lbzx $acc07,$Tbl1,$acc07 + lbzx $acc02,$Tbl1,$acc02 + lbzx $acc03,$Tbl1,$acc03 rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc08,$Tbl1,$acc08 - lbzx $acc09,$Tbl1,$acc09 + lbzx $acc04,$Tbl1,$acc04 + lbzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s1,`0`,24,31 rlwinm $acc13,$s2,`0`,24,31 - lbzx $acc10,$Tbl1,$acc10 - lbzx $acc11,$Tbl1,$acc11 + lbzx $acc06,$Tbl1,$acc06 + lbzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s3,`0`,24,31 rlwinm $acc15,$s0,`0`,24,31 - lbzx $acc12,$Tbl1,$acc12 - lbzx $acc13,$Tbl1,$acc13 + lbzx $acc08,$Tbl1,$acc08 + lbzx $acc09,$Tbl1,$acc09 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc14,$Tbl1,$acc14 - lbzx $acc15,$Tbl1,$acc15 + lbzx $acc10,$Tbl1,$acc10 + lbzx $acc11,$Tbl1,$acc11 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 + lbzx $acc12,$Tbl1,$acc12 + lbzx $acc13,$Tbl1,$acc13 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl1,$acc14 + lbzx $acc15,$Tbl1,$acc15 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 rlwimi $s0,$acc08,8,16,23 diff --git a/openssl/crypto/bio/b_sock.c b/openssl/crypto/bio/b_sock.c index 5ea621c0c..12b0a53a8 100644 --- a/openssl/crypto/bio/b_sock.c +++ b/openssl/crypto/bio/b_sock.c @@ -731,7 +731,14 @@ again: #ifdef SO_REUSEADDR err_num=get_last_socket_error(); if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && +#ifdef OPENSSL_SYS_WINDOWS + /* Some versions of Windows define EADDRINUSE to + * a dummy value. + */ + (err_num == WSAEADDRINUSE)) +#else (err_num == EADDRINUSE)) +#endif { client = server; if (h == NULL || strcmp(h,"*") == 0) diff --git a/openssl/crypto/bio/bss_file.c b/openssl/crypto/bio/bss_file.c index ba4f8e994..8bfa0bcd9 100644 --- a/openssl/crypto/bio/bss_file.c +++ b/openssl/crypto/bio/bss_file.c @@ -118,10 +118,47 @@ static BIO_METHOD methods_filep= BIO *BIO_new_file(const char *filename, const char *mode) { - BIO *ret; - FILE *file; + BIO *ret; + FILE *file=NULL; + +#if defined(_WIN32) && defined(CP_UTF8) + int sz, len_0 = (int)strlen(filename)+1; + + /* + * Basically there are three cases to cover: a) filename is + * pure ASCII string; b) actual UTF-8 encoded string and + * c) locale-ized string, i.e. one containing 8-bit + * characters that are meaningful in current system locale. + * If filename is pure ASCII or real UTF-8 encoded string, + * MultiByteToWideChar succeeds and _wfopen works. If + * filename is locale-ized string, chances are that + * MultiByteToWideChar fails reporting + * ERROR_NO_UNICODE_TRANSLATION, in which case we fall + * back to fopen... + */ + if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + filename,len_0,NULL,0))>0) + { + WCHAR wmode[8]; + WCHAR *wfilename = _alloca(sz*sizeof(WCHAR)); - if ((file=fopen(filename,mode)) == NULL) + if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + filename,len_0,wfilename,sz) && + MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1, + wmode,sizeof(wmode)/sizeof(wmode[0])) && + (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT + ) /* UTF-8 decode succeeded, but no file, filename + * could still have been locale-ized... */ + file = fopen(filename,mode); + } + else if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION) + { + file = fopen(filename,mode); + } +#else + file=fopen(filename,mode); +#endif + if (file == NULL) { SYSerr(SYS_F_FOPEN,get_last_sys_error()); ERR_add_error_data(5,"fopen('",filename,"','",mode,"')"); diff --git a/openssl/crypto/bn/asm/alpha-mont.pl b/openssl/crypto/bn/asm/alpha-mont.pl index 7a2cc3173..f7e0ca164 100644 --- a/openssl/crypto/bn/asm/alpha-mont.pl +++ b/openssl/crypto/bn/asm/alpha-mont.pl @@ -53,15 +53,15 @@ $code=<<___; .align 5 .ent bn_mul_mont bn_mul_mont: - lda sp,-40(sp) + lda sp,-48(sp) stq ra,0(sp) stq s3,8(sp) stq s4,16(sp) stq s5,24(sp) stq fp,32(sp) mov sp,fp - .mask 0x0400f000,-40 - .frame fp,40,ra + .mask 0x0400f000,-48 + .frame fp,48,ra .prologue 0 .align 4 @@ -306,7 +306,7 @@ bn_mul_mont: ldq s4,16(sp) ldq s5,24(sp) ldq fp,32(sp) - lda sp,40(sp) + lda sp,48(sp) ret (ra) .end bn_mul_mont .rdata diff --git a/openssl/crypto/cms/cms_asn1.c b/openssl/crypto/cms/cms_asn1.c index 7f7132c3b..fcba4dcbc 100644 --- a/openssl/crypto/cms/cms_asn1.c +++ b/openssl/crypto/cms/cms_asn1.c @@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } ASN1_SEQUENCE_END(CMS_OriginatorInfo) ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { diff --git a/openssl/crypto/cryptlib.c b/openssl/crypto/cryptlib.c index 9a39d7e17..b4449b86d 100644 --- a/openssl/crypto/cryptlib.c +++ b/openssl/crypto/cryptlib.c @@ -749,6 +749,18 @@ int OPENSSL_isservice(void) { HWINSTA h; DWORD len; WCHAR *name; + static union { void *p; int (*f)(void); } _OPENSSL_isservice = { NULL }; + + if (_OPENSSL_isservice.p == NULL) { + HANDLE h = GetModuleHandle(NULL); + if (h != NULL) + _OPENSSL_isservice.p = GetProcAddress(h,"_OPENSSL_isservice"); + if (_OPENSSL_isservice.p == NULL) + _OPENSSL_isservice.p = (void *)-1; + } + + if (_OPENSSL_isservice.p != (void *)-1) + return (*_OPENSSL_isservice.f)(); (void)GetDesktopWindow(); /* return value is ignored */ diff --git a/openssl/crypto/crypto-lib.com b/openssl/crypto/crypto-lib.com index 8fa56dd2e..a4b663509 100644 --- a/openssl/crypto/crypto-lib.com +++ b/openssl/crypto/crypto-lib.com @@ -60,7 +60,7 @@ $ THEN $! $! The Architecture Is VAX $! -$ ARCH := VAX +$ ARCH = "VAX" $! $! Else... $! @@ -80,9 +80,11 @@ $! NOTE: Some might think this list ugly. However, it's made this way to $! reflect the SDIRS variable in [-]Makefile.org as closely as possible, $! thereby making it fairly easy to verify that the lists are the same. $! +$ ET_WHIRLPOOL = "WHRLPOOL" +$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = "" $ ENCRYPT_TYPES = "Basic,"+ - "OBJECTS,"+ - - "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,"+ - + "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ - "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - @@ -367,7 +369,7 @@ $! $ IF F$TYPE('LIB_MODULE') .EQS. "" $ THEN $ WRITE SYS$ERROR "" -$ WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist. Continuing..." +$ WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist. Continuing..." $ WRITE SYS$ERROR "" $ GOTO MODULE_NEXT $ ENDIF @@ -777,12 +779,12 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If P1 Has A Valid Arguement. +$! Else, Check To See If P1 Has A Valid Argument. $! $ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDALL = P1 $! @@ -810,7 +812,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -863,7 +865,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -1034,7 +1036,7 @@ $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. @@ -1068,7 +1070,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! @@ -1100,7 +1102,7 @@ $! $! Use GNU C... $! $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. @@ -1150,7 +1152,7 @@ $! Show user the result $! $ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -1168,7 +1170,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -1263,7 +1265,7 @@ $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/openssl/crypto/des/des-lib.com b/openssl/crypto/des/des-lib.com index afc260764..348f1c047 100644 --- a/openssl/crypto/des/des-lib.com +++ b/openssl/crypto/des/des-lib.com @@ -659,13 +659,13 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If P1 Has A Valid Arguement. +$! Else, Check To See If P1 Has A Valid Argument. $! $ IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") - .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDALL = P1 $! @@ -678,7 +678,7 @@ $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALL : Just Build Everything. +$ WRITE SYS$OUTPUT " ALL : Just Build Everything." $ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library." $ WRITE SYS$OUTPUT " DESTEST : To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program." $ WRITE SYS$OUTPUT " SPEED : To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program." @@ -697,7 +697,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -754,7 +754,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -978,7 +978,7 @@ $! Show user the result $! $ WRITE SYS$OUTPUT "Main Compiling Command: ",CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/openssl/crypto/des/rpc_des.h b/openssl/crypto/des/rpc_des.h index 4cbb4d2dc..41328d796 100644 --- a/openssl/crypto/des/rpc_des.h +++ b/openssl/crypto/des/rpc_des.h @@ -122,10 +122,10 @@ struct desparams { /* * Encrypt an arbitrary sized buffer */ -#define DESIOCBLOCK _IOWR(d, 6, struct desparams) +#define DESIOCBLOCK _IOWR('d', 6, struct desparams) /* * Encrypt of small amount of data, quickly */ -#define DESIOCQUICK _IOWR(d, 7, struct desparams) +#define DESIOCQUICK _IOWR('d', 7, struct desparams) diff --git a/openssl/crypto/dsa/dsa_ameth.c b/openssl/crypto/dsa/dsa_ameth.c index 5482330c8..6413aae46 100644 --- a/openssl/crypto/dsa/dsa_ameth.c +++ b/openssl/crypto/dsa/dsa_ameth.c @@ -209,7 +209,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { ASN1_TYPE *t1, *t2; - if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))); + if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) goto decerr; if (sk_ASN1_TYPE_num(ndsa) != 2) goto decerr; diff --git a/openssl/crypto/err/err_prn.c b/openssl/crypto/err/err_prn.c index de32f332c..a0168ac8e 100644 --- a/openssl/crypto/err/err_prn.c +++ b/openssl/crypto/err/err_prn.c @@ -81,7 +81,8 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), ERR_error_string_n(l, buf, sizeof buf); BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, file, line, (flags & ERR_TXT_STRING) ? data : ""); - cb(buf2, strlen(buf2), u); + if (cb(buf2, strlen(buf2), u) <= 0) + break; /* abort outputting the error report */ } } diff --git a/openssl/crypto/evp/bio_b64.c b/openssl/crypto/evp/bio_b64.c index fa5cbc7eb..72a2a6727 100644 --- a/openssl/crypto/evp/bio_b64.c +++ b/openssl/crypto/evp/bio_b64.c @@ -64,7 +64,7 @@ static int b64_write(BIO *h, const char *buf, int num); static int b64_read(BIO *h, char *buf, int size); -/*static int b64_puts(BIO *h, const char *str); */ +static int b64_puts(BIO *h, const char *str); /*static int b64_gets(BIO *h, char *str, int size); */ static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int b64_new(BIO *h); @@ -96,7 +96,7 @@ static BIO_METHOD methods_b64= BIO_TYPE_BASE64,"base64 encoding", b64_write, b64_read, - NULL, /* b64_puts, */ + b64_puts, NULL, /* b64_gets, */ b64_ctrl, b64_new, @@ -127,6 +127,7 @@ static int b64_new(BIO *bi) bi->init=1; bi->ptr=(char *)ctx; bi->flags=0; + bi->num = 0; return(1); } @@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl) if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + BIO_clear_retry_flags(b); + if (ctx->encode != B64_DECODE) { ctx->encode=B64_DECODE; @@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl) /* First check if there are bytes decoded/encoded */ if (ctx->buf_len > 0) { + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); @@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl) ret_code=0; while (outl > 0) { - if (ctx->cont <= 0) break; @@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl) { ret_code=i; - /* Should be continue next time we are called? */ + /* Should we continue next time we are called? */ if (!BIO_should_retry(b->next_bio)) { ctx->cont=i; @@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl) continue; } else + { ctx->tmp_len=0; } - /* If buffer isn't full and we can retry then - * restart to read in more data. - */ + } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) + { + /* If buffer isn't full and we can retry then + * restart to read in more data. + */ continue; + } if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { int z,jj; +#if 0 jj=(i>>2)<<2; +#else + jj = i & ~3; /* process per 4 */ +#endif z=EVP_DecodeBlock((unsigned char *)ctx->buf, (unsigned char *)ctx->tmp,jj); if (jj > 2) @@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl) * number consumed */ if (jj != i) { - memcpy((unsigned char *)ctx->tmp, - (unsigned char *)&(ctx->tmp[jj]),i-jj); + memmove(ctx->tmp, &ctx->tmp[jj], i-jj); ctx->tmp_len=i-jj; } ctx->buf_len=0; if (z > 0) { ctx->buf_len=z; - i=1; } - else - i=z; + i=z; } else { @@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl) outl-=i; out+=i; } - BIO_clear_retry_flags(b); + /* BIO_clear_retry_flags(b); */ BIO_copy_next_retry(b); return((ret == 0)?ret_code:ret); } static int b64_write(BIO *b, const char *in, int inl) { - int ret=inl,n,i; + int ret=0; + int n; + int i; BIO_B64_CTX *ctx; ctx=(BIO_B64_CTX *)b->ptr; @@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl) EVP_EncodeInit(&(ctx->base64)); } + OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); n=ctx->buf_len-ctx->buf_off; while (n > 0) { @@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl) BIO_copy_next_retry(b); return(i); } + OPENSSL_assert(i <= n); ctx->buf_off+=i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); n-=i; } /* at this point all pending data has been written */ @@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl) { if (ctx->tmp_len > 0) { + OPENSSL_assert(ctx->tmp_len <= 3); n=3-ctx->tmp_len; - /* There's a teoretical possibility for this */ + /* There's a theoretical possibility for this */ if (n > inl) n=inl; memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); ctx->tmp_len+=n; + ret += n; if (ctx->tmp_len < 3) break; - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, - ctx->tmp_len); + ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); /* Since we're now done using the temporary buffer, the length should be 0'd */ ctx->tmp_len=0; @@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl) { if (n < 3) { - memcpy(&(ctx->tmp[0]),in,n); + memcpy(ctx->tmp,in,n); ctx->tmp_len=n; + ret += n; break; } n-=n%3; - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)in,n); + ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; } } else @@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl) EVP_EncodeUpdate(&(ctx->base64), (unsigned char *)ctx->buf,&ctx->buf_len, (unsigned char *)in,n); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; } inl-=n; in+=n; @@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl) BIO_copy_next_retry(b); return((ret == 0)?i:ret); } + OPENSSL_assert(i <= n); n-=i; ctx->buf_off+=i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); } ctx->buf_len=0; ctx->buf_off=0; @@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; case BIO_CTRL_WPENDING: /* More to write in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret=ctx->buf_len-ctx->buf_off; if ((ret == 0) && (ctx->encode != B64_NONE) && (ctx->base64.num != 0)) @@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; case BIO_CTRL_PENDING: /* More to read in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret=ctx->buf_len-ctx->buf_off; if (ret <= 0) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); @@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) return(ret); } +static int b64_puts(BIO *b, const char *str) + { + return b64_write(b,str,strlen(str)); + } diff --git a/openssl/crypto/evp/pmeth_lib.c b/openssl/crypto/evp/pmeth_lib.c index 4a05f0b13..b2d8de3a8 100644 --- a/openssl/crypto/evp/pmeth_lib.c +++ b/openssl/crypto/evp/pmeth_lib.c @@ -177,6 +177,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) ret->operation = EVP_PKEY_OP_UNDEFINED; ret->pkey = pkey; ret->peerkey = NULL; + ret->pkey_gencb = 0; if (pkey) CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); ret->data = NULL; diff --git a/openssl/crypto/md5/asm/md5-ia64.S b/openssl/crypto/md5/asm/md5-ia64.S index 2f9818aec..e7de08d46 100644 --- a/openssl/crypto/md5/asm/md5-ia64.S +++ b/openssl/crypto/md5/asm/md5-ia64.S @@ -914,7 +914,7 @@ md5_digest_block##offset: \ nop 0x0 ; \ br.cond.sptk.many md5_digest_GHI ; \ } ;; \ - .endp md5digestBlock ## offset + .endp md5_digest_block##offset MD5FBLOCK(1) MD5FBLOCK(2) diff --git a/openssl/crypto/modes/cfb128.c b/openssl/crypto/modes/cfb128.c index 98f4cf315..e5938c613 100644 --- a/openssl/crypto/modes/cfb128.c +++ b/openssl/crypto/modes/cfb128.c @@ -96,15 +96,15 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, #endif while (len>=16) { (*block)(ivec, ivec, key); - for (n=0; n<16; n+=sizeof(size_t)) { + for (; n<16; n+=sizeof(size_t)) { *(size_t*)(out+n) = *(size_t*)(ivec+n) ^= *(size_t*)(in+n); } len -= 16; out += 16; in += 16; + n = 0; } - n = 0; if (len) { (*block)(ivec, ivec, key); while (len--) { @@ -141,7 +141,7 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, #endif while (len>=16) { (*block)(ivec, ivec, key); - for (n=0; n<16; n+=sizeof(size_t)) { + for (; n<16; n+=sizeof(size_t)) { size_t t = *(size_t*)(in+n); *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t; *(size_t*)(ivec+n) = t; @@ -149,8 +149,8 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, len -= 16; out += 16; in += 16; + n = 0; } - n = 0; if (len) { (*block)(ivec, ivec, key); while (len--) { diff --git a/openssl/crypto/modes/ctr128.c b/openssl/crypto/modes/ctr128.c index bd84f4152..932037f55 100644 --- a/openssl/crypto/modes/ctr128.c +++ b/openssl/crypto/modes/ctr128.c @@ -61,14 +61,11 @@ typedef unsigned int u32; typedef unsigned char u8; -# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } - #define STRICT_ALIGNMENT -#if defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) # undef STRICT_ALIGNMENT #endif @@ -77,18 +74,19 @@ typedef unsigned char u8; /* increment counter (128-bit int) by 1 */ static void ctr128_inc(unsigned char *counter) { - u32 c,n=16; + u32 n=16; + u8 c; do { - n -= 4; - c = GETU32(counter+n); - ++c; c &= 0xFFFFFFFF; - PUTU32(counter + n, c); + --n; + c = counter[n]; + ++c; + counter[n] = c; if (c) return; } while (n); } -#if !defined(OPENSSL_SMALL_FOORPRINT) +#if !defined(OPENSSL_SMALL_FOOTPRINT) static void ctr128_inc_aligned(unsigned char *counter) { size_t *data,c,n; const union { long one; char little; } is_endian = {1}; @@ -151,14 +149,14 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, while (len>=16) { (*block)(ivec, ecount_buf, key); ctr128_inc_aligned(ivec); - for (n=0; n<16; n+=sizeof(size_t)) + for (; n<16; n+=sizeof(size_t)) *(size_t *)(out+n) = *(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n); len -= 16; out += 16; in += 16; + n = 0; } - n = 0; if (len) { (*block)(ivec, ecount_buf, key); ctr128_inc_aligned(ivec); diff --git a/openssl/crypto/modes/ofb128.c b/openssl/crypto/modes/ofb128.c index 09b343003..c732e2ec5 100644 --- a/openssl/crypto/modes/ofb128.c +++ b/openssl/crypto/modes/ofb128.c @@ -95,14 +95,14 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, #endif while (len>=16) { (*block)(ivec, ivec, key); - for (n=0; n<16; n+=sizeof(size_t)) + for (; n<16; n+=sizeof(size_t)) *(size_t*)(out+n) = *(size_t*)(in+n) ^ *(size_t*)(ivec+n); len -= 16; out += 16; in += 16; + n = 0; } - n = 0; if (len) { (*block)(ivec, ivec, key); while (len--) { diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h index cbe52648d..2fb110fa0 100644 --- a/openssl/crypto/opensslv.h +++ b/openssl/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000000fL +#define OPENSSL_VERSION_NUMBER 0x1000001fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0 29 Mar 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a 1 Jun 2010" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl/crypto/pem/pem.h b/openssl/crypto/pem/pem.h index 22231c26d..8a6ababe3 100644 --- a/openssl/crypto/pem/pem.h +++ b/openssl/crypto/pem/pem.h @@ -548,10 +548,11 @@ EVP_PKEY *b2i_PrivateKey_bio(BIO *in); EVP_PKEY *b2i_PublicKey_bio(BIO *in); int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); - +#ifndef OPENSSL_NO_RC4 EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u); +#endif /* BEGIN ERROR CODES */ diff --git a/openssl/crypto/pem/pvkfmt.c b/openssl/crypto/pem/pvkfmt.c index 11e1f10f5..d998a67fa 100644 --- a/openssl/crypto/pem/pvkfmt.c +++ b/openssl/crypto/pem/pvkfmt.c @@ -654,6 +654,8 @@ int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk) return do_i2b_bio(out, pk, 1); } +#ifndef OPENSSL_NO_RC4 + static int do_PVK_header(const unsigned char **in, unsigned int length, int skip_magic, unsigned int *psaltlen, unsigned int *pkeylen) @@ -934,4 +936,7 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, } return -1; } + +#endif + #endif diff --git a/openssl/crypto/perlasm/x86_64-xlate.pl b/openssl/crypto/perlasm/x86_64-xlate.pl index d89765d7e..354673acc 100644 --- a/openssl/crypto/perlasm/x86_64-xlate.pl +++ b/openssl/crypto/perlasm/x86_64-xlate.pl @@ -55,6 +55,8 @@ # Win64 prologue copies %rsp value to %rax. For further details # see SEH paragraph at the end. # 9. .init segment is allowed to contain calls to functions only. +# a. If function accepts more than 4 arguments *and* >4th argument +# is declared as non 64-bit value, do clear its upper part. my $flavour = shift; my $output = shift; @@ -80,7 +82,10 @@ my $PTR=" PTR"; my $nasmref=2.03; my $nasm=0; -if ($flavour eq "mingw64") { $gas=1; $elf=0; $win64=1; $prefix="_"; } +if ($flavour eq "mingw64") { $gas=1; $elf=0; $win64=1; + $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`; + chomp($prefix); + } elsif ($flavour eq "macosx") { $gas=1; $elf=0; $prefix="_"; $decor="L\$"; } elsif ($flavour eq "masm") { $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; } elsif ($flavour eq "nasm") { $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; } @@ -115,7 +120,9 @@ my %globals; $self->{op} = $1; $self->{sz} = "b"; } elsif ($self->{op} =~ /call|jmp/) { - $self->{sz} = "" + $self->{sz} = ""; + } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op)/) { # SSEn + $self->{sz} = ""; } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) { $self->{op} = $1; $self->{sz} = $2; @@ -191,7 +198,7 @@ my %globals; if ($gas) { # Solaris /usr/ccs/bin/as can't handle multiplications # in $self->{value} - $self->{value} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi; + $self->{value} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi; $self->{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; sprintf "\$%s",$self->{value}; } else { @@ -243,7 +250,7 @@ my %globals; # Solaris /usr/ccs/bin/as can't handle multiplications # in $self->{label}, new gas requires sign extension... use integer; - $self->{label} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi; + $self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi; $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; $self->{label} =~ s/([0-9]+)/$1<<32>>32/eg; $self->{label} =~ s/^___imp_/__imp__/ if ($flavour eq "mingw64"); @@ -259,7 +266,7 @@ my %globals; %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR", q=>"QWORD$PTR" ); $self->{label} =~ s/\./\$/g; - $self->{label} =~ s/0x([0-9a-f]+)/0$1h/ig; + $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig; $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/); $sz="q" if ($self->{asterisk}); @@ -574,11 +581,11 @@ my %globals; /\.align/ && do { $self->{value} = "ALIGN\t".$line; last; }; /\.(value|long|rva|quad)/ && do { my $sz = substr($1,0,1); - my @arr = split(',',$line); + my @arr = split(/,\s*/,$line); my $last = pop(@arr); my $conv = sub { my $var=shift; $var=~s/^(0b[0-1]+)/oct($1)/eig; - $var=~s/0x([0-9a-f]+)/0$1h/ig if ($masm); + $var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm); if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva")) { $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; } $var; @@ -590,7 +597,7 @@ my %globals; $self->{value} .= &$conv($last); last; }; - /\.byte/ && do { my @str=split(",",$line); + /\.byte/ && do { my @str=split(/,\s*/,$line); map(s/(0b[0-1]+)/oct($1)/eig,@str); map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm); while ($#str>15) { @@ -664,7 +671,7 @@ while($line=<>) { $insn = $opcode->out($#args>=1?$args[$#args]->size():$sz); } else { $insn = $opcode->out(); - $insn .= $sz if (map($_->out() =~ /xmm|mmx/,@args)); + $insn .= $sz if (map($_->out() =~ /x?mm/,@args)); @args = reverse(@args); undef $sz if ($nasm && $opcode->mnemonic() eq "lea"); } diff --git a/openssl/crypto/rsa/rsa_pmeth.c b/openssl/crypto/rsa/rsa_pmeth.c index 297e17cdc..c6892ecd0 100644 --- a/openssl/crypto/rsa/rsa_pmeth.c +++ b/openssl/crypto/rsa/rsa_pmeth.c @@ -246,6 +246,8 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, ret = int_rsa_verify(EVP_MD_type(rctx->md), NULL, 0, rout, &sltmp, sig, siglen, ctx->pkey->pkey.rsa); + if (ret <= 0) + return 0; ret = sltmp; } else diff --git a/openssl/crypto/sparccpuid.S b/openssl/crypto/sparccpuid.S index bcf46f209..aa8b11efc 100644 --- a/openssl/crypto/sparccpuid.S +++ b/openssl/crypto/sparccpuid.S @@ -179,7 +179,7 @@ OPENSSL_atomic_add: ba .enter nop #ifdef __sun -! Note that you don't have to link with libthread to call thr_yield, +! Note that you do not have to link with libthread to call thr_yield, ! as libc provides a stub, which is overloaded the moment you link ! with *either* libpthread or libthread... #define YIELD_CPU thr_yield diff --git a/openssl/crypto/stack/safestack.h b/openssl/crypto/stack/safestack.h index d616b4aab..891cb84a5 100644 --- a/openssl/crypto/stack/safestack.h +++ b/openssl/crypto/stack/safestack.h @@ -179,7 +179,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) sk_is_sorted(CHECKED_STACK_OF(type, st)) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_STACK_OF(type, st), \ + (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \ pp, length, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ diff --git a/openssl/crypto/symhacks.h b/openssl/crypto/symhacks.h index 151b68314..3fd4a8169 100644 --- a/openssl/crypto/symhacks.h +++ b/openssl/crypto/symhacks.h @@ -399,6 +399,12 @@ #undef dtls1_retransmit_buffered_messages #define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs +/* Hack some long UI names */ +#undef UI_method_get_prompt_constructor +#define UI_method_get_prompt_constructor UI_method_get_prompt_constructr +#undef UI_method_set_prompt_constructor +#define UI_method_set_prompt_constructor UI_method_set_prompt_constructr + #endif /* defined OPENSSL_SYS_VMS */ diff --git a/openssl/crypto/ts/Makefile b/openssl/crypto/ts/Makefile index ad29b67bd..c18234555 100644 --- a/openssl/crypto/ts/Makefile +++ b/openssl/crypto/ts/Makefile @@ -60,7 +60,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ diff --git a/openssl/crypto/x509v3/v3_pci.c b/openssl/crypto/x509v3/v3_pci.c index c254b2ff9..0dcfa004f 100644 --- a/openssl/crypto/x509v3/v3_pci.c +++ b/openssl/crypto/x509v3/v3_pci.c @@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val, unsigned char *tmp_data2 = string_to_hex(val->value + 4, &val_len); - if (!tmp_data2) goto err; + if (!tmp_data2) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT); + X509V3_conf_err(val); + goto err; + } tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + val_len + 1); @@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + OPENSSL_free(tmp_data2); + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + OPENSSL_free(tmp_data2); } else if (strncmp(val->value, "file:", 5) == 0) { @@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += n; (*policy)->data[(*policy)->length] = '\0'; } + BIO_free_all(b); if (n < 0) { @@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } } else { diff --git a/openssl/crypto/x86_64cpuid.pl b/openssl/crypto/x86_64cpuid.pl index a7f98b3fd..c96821a3c 100644 --- a/openssl/crypto/x86_64cpuid.pl +++ b/openssl/crypto/x86_64cpuid.pl @@ -152,7 +152,8 @@ OPENSSL_cleanse: sub \$1,$arg2 lea 1($arg1),$arg1 jnz .Little -.Lret: ret +.Lret: + ret .align 16 .Lot: test \$7,$arg1 diff --git a/openssl/doc/crypto/BIO_f_buffer.pod b/openssl/doc/crypto/BIO_f_buffer.pod index c9093c6a5..c0dccf1ab 100644 --- a/openssl/doc/crypto/BIO_f_buffer.pod +++ b/openssl/doc/crypto/BIO_f_buffer.pod @@ -31,7 +31,7 @@ BIO_get_buffer_num_lines() returns the number of lines currently buffered. BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() set the read, write or both read and write buffer sizes to B<size>. The initial -buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the +buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared when the buffer is resized. @@ -66,4 +66,9 @@ there was an error. =head1 SEE ALSO -TBA +L<BIO(3)|BIO(3)>, +L<BIO_reset(3)|BIO_reset(3)>, +L<BIO_flush(3)|BIO_flush(3)>, +L<BIO_pop(3)|BIO_pop(3)>, +L<BIO_ctrl(3)|BIO_ctrl(3)>, +L<BIO_int_ctrl(3)|BIO_ctrl(3)> diff --git a/openssl/doc/crypto/BIO_s_file.pod b/openssl/doc/crypto/BIO_s_file.pod index b2a29263f..188aea347 100644 --- a/openssl/doc/crypto/BIO_s_file.pod +++ b/openssl/doc/crypto/BIO_s_file.pod @@ -76,6 +76,10 @@ normally be closed so the BIO_NOCLOSE flag should be set. Because the file BIO calls the underlying stdio functions any quirks in stdio behaviour will be mirrored by the corresponding BIO. +On Windows BIO_new_files reserves for the filename argument to be +UTF-8 encoded. In other words if you have to make it work in multi- +lingual environment, encode file names in UTF-8. + =head1 EXAMPLES File BIO "hello world": diff --git a/openssl/doc/crypto/BIO_should_retry.pod b/openssl/doc/crypto/BIO_should_retry.pod index 539c39127..b6d51f719 100644 --- a/openssl/doc/crypto/BIO_should_retry.pod +++ b/openssl/doc/crypto/BIO_should_retry.pod @@ -45,7 +45,7 @@ needs to read data. BIO_should_io_special() is true if some "special" condition, that is a reason other than reading or writing is the cause of the condition. -BIO_get_retry_reason() returns a mask of the cause of a retry condition +BIO_retry_type() returns a mask of the cause of a retry condition consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>, B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of these. diff --git a/openssl/doc/ssl/SSL_library_init.pod b/openssl/doc/ssl/SSL_library_init.pod index eed526e47..8766776fe 100644 --- a/openssl/doc/ssl/SSL_library_init.pod +++ b/openssl/doc/ssl/SSL_library_init.pod @@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms =head1 DESCRIPTION -SSL_library_init() registers the available ciphers and digests. +SSL_library_init() registers the available SSL/TLS ciphers and digests. OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms for SSL_library_init(). @@ -27,24 +27,28 @@ SSL_library_init() is not reentrant. =head1 WARNING -SSL_library_init() only registers ciphers. Another important initialization -is the seeding of the PRNG (Pseudo Random Number Generator), which has to -be performed separately. +SSL_library_init() adds ciphers and digests used directly and indirectly by +SSL/TLS. =head1 EXAMPLES A typical TLS/SSL application will start with the library initialization, -will provide readable error messages and will seed the PRNG. +and provide readable error messages. SSL_load_error_strings(); /* readable error messages */ SSL_library_init(); /* initialize library */ - actions_to_seed_PRNG(); =head1 RETURN VALUES SSL_library_init() always returns "1", so it is safe to discard the return value. +=head1 NOTES + +OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). +Applications which need to use SHA2 in earlier versions of OpenSSL should call +OpenSSL_add_all_algorithms() as well. + =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>, diff --git a/openssl/e_os.h b/openssl/e_os.h index 0f4b7994f..5ceeeeb95 100644 --- a/openssl/e_os.h +++ b/openssl/e_os.h @@ -150,7 +150,6 @@ extern "C" { #define clear_socket_error() WSASetLastError(0) #define readsocket(s,b,n) recv((s),(b),(n),0) #define writesocket(s,b,n) send((s),(b),(n),0) -#define EADDRINUSE WSAEADDRINUSE #elif defined(__DJGPP__) #define WATT32 #define get_last_socket_error() errno diff --git a/openssl/engines/ccgost/gost94_keyx.c b/openssl/engines/ccgost/gost94_keyx.c index a183edbe8..624be586a 100644 --- a/openssl/engines/ccgost/gost94_keyx.c +++ b/openssl/engines/ccgost/gost94_keyx.c @@ -177,7 +177,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); *outlen = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL); - if (*outlen == 0) + if (*outlen <= 0) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); goto err; diff --git a/openssl/engines/ccgost/gost_ameth.c b/openssl/engines/ccgost/gost_ameth.c index 16a99ac2b..f620a216c 100644 --- a/openssl/engines/ccgost/gost_ameth.c +++ b/openssl/engines/ccgost/gost_ameth.c @@ -801,7 +801,7 @@ static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) switch (op) { case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_undef; + *(int *)arg2 = NID_id_Gost28147_89_MAC; return 2; } return -2; diff --git a/openssl/engines/ccgost/gost_crypt.c b/openssl/engines/ccgost/gost_crypt.c index eb11f0e32..4977d1dcf 100644 --- a/openssl/engines/ccgost/gost_crypt.c +++ b/openssl/engines/ccgost/gost_crypt.c @@ -299,7 +299,7 @@ int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, if (i<inl) { gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf); - if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,j); + if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,inl-i); for (j=0;i<inl;j++,i++) { out_ptr[j]=ctx->buf[j]^in_ptr[j]; @@ -459,13 +459,15 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params) int ret = -1; int len; GOST_CIPHER_PARAMS *gcp = NULL; - unsigned char *p = params->value.sequence->data; + unsigned char *p; struct ossl_gost_cipher_ctx *c=ctx->cipher_data; if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) { return ret; } + p = params->value.sequence->data; + gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p, params->value.sequence->length); diff --git a/openssl/engines/e_chil.c b/openssl/engines/e_chil.c index 30693353d..9c2729c96 100644 --- a/openssl/engines/e_chil.c +++ b/openssl/engines/e_chil.c @@ -111,11 +111,10 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, #ifndef OPENSSL_NO_RSA /* RSA stuff */ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -#endif -#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +static int hwcrhk_rsa_finish(RSA *rsa); #endif #ifndef OPENSSL_NO_DH @@ -135,10 +134,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, void *callback_data); static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, void *callback_data); -#ifndef OPENSSL_NO_RSA -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int ind,long argl, void *argp); -#endif /* Interaction stuff */ static int hwcrhk_insert_card(const char *prompt_info, @@ -193,7 +188,7 @@ static RSA_METHOD hwcrhk_rsa = hwcrhk_rsa_mod_exp, hwcrhk_mod_exp_mont, NULL, - NULL, + hwcrhk_rsa_finish, 0, NULL, NULL, @@ -602,7 +597,7 @@ static int hwcrhk_init(ENGINE *e) if (hndidx_rsa == -1) hndidx_rsa = RSA_get_ex_new_index(0, "nFast HWCryptoHook RSA key handle", - NULL, NULL, hwcrhk_ex_free); + NULL, NULL, NULL); #endif return 1; err: @@ -1078,6 +1073,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, { return hwcrhk_mod_exp(r, a, p, m, ctx); } + +static int hwcrhk_rsa_finish(RSA *rsa) + { + HWCryptoHook_RSAKeyHandle *hptr; + int ret; + hptr = RSA_get_ex_data(rsa, hndidx_rsa); + if (hptr) + { + ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); + OPENSSL_free(hptr); + RSA_set_ex_data(rsa, hndidx_rsa, NULL); + } + return 1; + } + #endif #ifndef OPENSSL_NO_DH @@ -1136,34 +1146,6 @@ static int hwcrhk_rand_status(void) return 1; } -/* This cleans up an RSA KM key, called when ex_data is freed */ -#ifndef OPENSSL_NO_RSA -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int ind,long argl, void *argp) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; -#ifndef OPENSSL_NO_RSA - HWCryptoHook_RSAKeyHandle *hptr; -#endif -#if !defined(OPENSSL_NO_RSA) - int ret; -#endif - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - -#ifndef OPENSSL_NO_RSA - hptr = (HWCryptoHook_RSAKeyHandle *) item; - if(hptr) - { - ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); - OPENSSL_free(hptr); - } -#endif -} -#endif - /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model * these just wrap the POSIX functions and add some logging. */ diff --git a/openssl/engines/e_ubsec.c b/openssl/engines/e_ubsec.c index b68541083..9b747b9ae 100644 --- a/openssl/engines/e_ubsec.c +++ b/openssl/engines/e_ubsec.c @@ -302,8 +302,8 @@ static t_UBSEC_diffie_hellman_generate_ioctl *p_UBSEC_diffie_hellman_generate_ioctl = NULL; static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL; #endif -static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL; #ifndef OPENSSL_NO_RSA +static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL; static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; #endif #ifndef OPENSSL_NO_DSA diff --git a/openssl/engines/makeengines.com b/openssl/engines/makeengines.com index 5f9b8d4d9..6cf423607 100644 --- a/openssl/engines/makeengines.com +++ b/openssl/engines/makeengines.com @@ -30,17 +30,6 @@ $! all available engines are built. $! $!----------------------------------------------------------------------------- $! -$! Set the names of the engines we want to build -$! NOTE: Some might think this list ugly. However, it's made this way to -$! reflect the LIBNAMES variable in Makefile as closely as possible, -$! thereby making it fairly easy to verify that the lists are the same. -$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another -$! library that isn't necessarely ported to VMS. -$! -$ ENGINES = "," + P6 -$ IF ENGINES .EQS. "," THEN - - ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,ccgost" -$! $! Set the default TCP/IP library to link against if needed $! $ TCPIP_LIB = "" @@ -52,7 +41,7 @@ $ THEN $! $! The Architecture Is VAX. $! -$ ARCH := VAX +$ ARCH = "VAX" $! $! Else... $! @@ -67,7 +56,23 @@ $! End The Architecture Check. $! $ ENDIF $! -$! Set the goal directories, and creat them if necessary +$! Set the names of the engines we want to build +$! NOTE: Some might think this list ugly. However, it's made this way to +$! reflect the LIBNAMES variable in Makefile as closely as possible, +$! thereby making it fairly easy to verify that the lists are the same. +$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another +$! library that isn't necessarely ported to VMS. +$! +$ ENGINES = "," + P6 +$ IF ENGINES .EQS. "," THEN - + ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock," +$! +$! GOST requires a 64-bit integer type, unavailable on VAX. +$! +$ IF (ARCH .NES. "VAX") THEN - + ENGINES = ENGINES+ ",ccgost" +$! +$! Set the goal directories, and create them if necessary $! $ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES] $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES] @@ -110,7 +115,7 @@ $ ENGINE_chil = "e_chil" $ ENGINE_nuron = "e_nuron" $ ENGINE_sureware = "e_sureware" $ ENGINE_ubsec = "e_ubsec" -$ ENGINE_ubsec = "e_padlock" +$ ENGINE_padlock = "e_padlock" $ $ ENGINE_ccgost_SUBDIR = "ccgost" $ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ - @@ -163,9 +168,12 @@ $ ELSE $ WRITE SYS$OUTPUT "Compiling Support Files. (",BUILDALL,")" $ ENDIF $! -$! Create a .OPT file for the object files +$! Create a .OPT file for the object files (for a real engine name). $! -$ OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT +$ IF ENGINE_NAME .NES. "" +$ THEN +$ OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT +$ ENDIF $! $! Here's the start of per-engine module loop. $! @@ -217,22 +225,27 @@ $ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ENDIF -$ WRITE OBJECTS OBJECT_FILE +$! +$! Write the entry to the .OPT file (for a real engine name). +$! +$ IF ENGINE_NAME .NES. "" +$ THEN +$ WRITE OBJECTS OBJECT_FILE +$ ENDIF $! $! Next file $! $ GOTO FILE_NEXT $! $ FILE_DONE: -$ CLOSE OBJECTS $! $! Do not link the support files. $! $ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT $! -$! Do not link the support files. +$! Close the linker options file (for a real engine name). $! -$ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT +$ CLOSE OBJECTS $! $! Now, there are two ways to handle this. We can either build $! shareable images or stick the engine object file into libcrypto. @@ -412,13 +425,13 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If OPT_PHASE Has A Valid Arguement. +$! Else, Check To See If OPT_PHASE Has A Valid Argument. $! $ IF ("," + ACCEPT_PHASE + ",") - ("," + OPT_PHASE + ",") - .NES. ("," + ACCEPT_PHASE + ",") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDALL = OPT_PHASE $! @@ -449,7 +462,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -502,7 +515,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -771,7 +784,7 @@ $! Show user the result $! $ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -789,7 +802,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -885,7 +898,7 @@ $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/openssl/makevms.com b/openssl/makevms.com index 3005a4583..b46e69a42 100644 --- a/openssl/makevms.com +++ b/openssl/makevms.com @@ -18,8 +18,8 @@ $! $! Specify one of the following build options for P1. $! $! ALL Just build "everything". -$! CONFIG Just build the "[.xxx.CRYPTO]OPENSSLCONF.H" file. -$! BUILDINF Just build the "[.xxx.CRYPTO]BUILDINF.H" file. +$! CONFIG Just build the "[.CRYPTO._xxx]OPENSSLCONF.H" file. +$! BUILDINF Just build the "[.CRYPTO._xxx]BUILDINF.H" file. $! SOFTLINKS Just fix the Unix soft links. $! BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done. $! CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library. @@ -35,7 +35,7 @@ $! $! P2 is ignored (it was used to denote if RSAref should be used or not, $! and is simply kept so surrounding scripts don't get confused) $! -$! Speficy DEBUG or NODEBUG as P3 to compile with or without debugging +$! Specify DEBUG or NODEBUG as P3 to compile with or without debugging $! information. $! $! Specify which compiler as P4 to try to compile under. @@ -46,7 +46,7 @@ $! GNUC For GNU C. $! LINK To only link the programs from existing object files. $! (not yet implemented) $! -$! If you don't speficy a compiler, it will try to determine which +$! If you don't specify a compiler, it will try to determine which $! "C" compiler to use. $! $! P5, if defined, sets a TCP/IP library to use, through one of the following @@ -84,7 +84,7 @@ $ THEN $! $! The Architecture Is VAX. $! -$ ARCH := VAX +$ ARCH = "VAX" $! $! Else... $! @@ -99,6 +99,10 @@ $! End The Architecture Check. $! $ ENDIF $! +$! Get VMS version. +$! +$ VMS_VERSION = f$edit( f$getsyi( "VERSION"), "TRIM") +$! $! Check To Make Sure We Have Valid Command Line Parameters. $! $ GOSUB CHECK_OPTIONS @@ -163,32 +167,53 @@ $! Time To EXIT. $! $ GOTO TIDY $! -$! Rebuild The [.xxx.CRYPTO]OPENSSLCONF.H" file. +$! Rebuild The [.CRYPTO._xxx]OPENSSLCONF.H" file. $! $ CONFIG: $! -$! Tell The User We Are Creating The [.xxx.CRYPTO]OPENSSLCONF.H File. +$! Tell The User We Are Creating The [.CRYPTO._xxx]OPENSSLCONF.H File. $! -$ WRITE SYS$OUTPUT "Creating [.''ARCH'.CRYPTO]OPENSSLCONF.H Include File." +$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']OPENSSLCONF.H Include File." $! $! First, make sure the directory exists. $! -$ IF F$PARSE("SYS$DISK:[.''ARCH'.CRYPTO]") .EQS. "" THEN - - CREATE/DIRECTORY SYS$DISK:[.'ARCH'.CRYPTO] +$ IF F$PARSE("SYS$DISK:[.CRYPTO._''ARCH']") .EQS. "" THEN - + CREATE/DIRECTORY SYS$DISK:[.CRYPTO._'ARCH'] $! -$! Create The [.xxx.CRYPTO]OPENSSLCONF.H File. +$! Different tar/UnZip versions/option may have named the file differently +$ IF F$SEARCH("[.crypto]opensslconf.h_in") .NES. "" +$ THEN +$ OPENSSLCONF_H_IN = "[.crypto]opensslconf.h_in" +$ ELSE +$ IF F$SEARCH( "[.crypto]opensslconf_h.in") .NES. "" +$ THEN +$ OPENSSLCONF_H_IN = "[.crypto]opensslconf_h.in" +$ ELSE +$ ! For ODS-5 +$ IF F$SEARCH( "[.crypto]opensslconf.h.in") .NES. "" +$ THEN +$ OPENSSLCONF_H_IN = "[.crypto]opensslconf.h.in" +$ ELSE +$ WRITE SYS$ERROR "Couldn't find a [.crypto]opensslconf.h.in. Exiting!" +$ $STATUS = %X00018294 ! "%RMS-F-FNF, file not found". +$ GOTO TIDY +$ ENDIF +$ ENDIF +$ ENDIF +$! +$! Create The [.CRYPTO._xxx]OPENSSLCONF.H File. $! Make sure it has the right format. $! -$ OSCH_NAME = "SYS$DISK:[.''ARCH'.CRYPTO]OPENSSLCONF.H" +$ OSCH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']OPENSSLCONF.H" $ CREATE /FDL=SYS$INPUT: 'OSCH_NAME' RECORD FORMAT stream_lf $ OPEN /APPEND H_FILE 'OSCH_NAME' $! -$! Write The [.xxx.CRYPTO]OPENSSLCONF.H File. +$! Write The [.CRYPTO._xxx]OPENSSLCONF.H File. $! $ WRITE H_FILE "/* This file was automatically built using makevms.com */" -$ WRITE H_FILE "/* and [.''ARCH'.CRYPTO]OPENSSLCONF.H_IN */" +$ WRITE H_FILE "/* and ''OPENSSLCONF_H_IN' */" $! $! Write a few macros that indicate how this system was built. $! @@ -196,75 +221,249 @@ $ WRITE H_FILE "" $ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS" $ WRITE H_FILE "# define OPENSSL_SYS_VMS" $ WRITE H_FILE "#endif" -$ CONFIG_LOGICALS := NO_ASM,NO_RSA,NO_DSA,NO_DH,NO_MD2,NO_MD5,NO_RIPEMD,WHRLPOOL,- - NO_SHA,NO_SHA0,NO_SHA1,NO_DES/NO_MDC2;NO_MDC2,NO_RC2,NO_RC4,NO_RC5,- - NO_IDEA,NO_BF,NO_CAST,NO_CAMELLIA,NO_SEED,NO_HMAC,NO_SSL2 +$ +$! One of the best way to figure out what the list should be is to do +$! the followin on a Unix system: +$! grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq +$! For that reason, the list will also always end up in alphabetical order +$ CONFIG_LOGICALS := AES,- + ASM,INLINE_ASM,- + BF,- + BIO,- + BUFFER,- + BUF_FREELISTS,- + CAMELLIA,- + CAST,- + CMS,- + COMP,- + DEPRECATED,- + DES,- + DGRAM,- + DH,- + DSA,- + EC,- + ECDH,- + ECDSA,- + ENGINE,- + ERR,- + EVP,- + FP_API,- + GMP,- + GOST,- + HASH_COMP,- + HMAC,- + IDEA,- + JPAKE,- + KRB5,- + LHASH,- + MD2,- + MD4,- + MD5,- + MDC2,- + OCSP,- + PSK,- + RC2,- + RC4,- + RC5,- + RFC3779,- + RIPEMD,- + RSA,- + SEED,- + SHA,- + SHA0,- + SHA1,- + SHA256,- + SHA512,- + SOCK,- + SSL2,- + STACK,- + STATIC_ENGINE,- + STDIO,- + STORE,- + TLSEXT,- + WHIRLPOOL,- + X509 +$! Add a few that we know about +$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',- + THREADS +$! The following rules, which dictate how some algorithm choices affect +$! others, are picked from Configure. +$! Quick syntax: +$! list = item[ ; list] +$! item = algos / dependents +$! algos = algo [, algos] +$! dependents = dependent [, dependents] +$! When a list of algos is specified in one item, it means that they must +$! all be disabled for the rule to apply. +$! When a list of dependents is specified in one item, it means that they +$! will all be disabled if the rule applies. +$! Rules are checked sequentially. If a rule disables an algorithm, it will +$! affect all following rules that depend on that algorithm being disabled. +$! To force something to be enabled or disabled, have no algorithms in the +$! algos part. +$ CONFIG_DISABLE_RULES := RIJNDAEL/AES;- + DES/MDC2;- + EC/ECDSA,ECDH;- + MD5/SSL2,SSL3,TLS1;- + SHA/SSL3,TLS1;- + RSA/SSL2;- + RSA,DSA/SSL2;- + DH/SSL3,TLS1;- + TLS1/TLSEXT;- + EC/GOST;- + DSA/GOST;- + DH/GOST;- + /STATIC_ENGINE;- + /KRB5 +$ CONFIG_ENABLE_RULES := ZLIB_DYNAMIC/ZLIB;- + /THREADS +$ +$! Architecture specific rule addtions +$ IF ARCH .EQS. "VAX" +$ THEN +$ ! Disable algorithms that require 64 bit integers in C +$ CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + - + ";/GOST" + - + ";/WHIRLPOOL" +$ ENDIF +$ $ CONFIG_LOG_I = 0 -$ CONFIG_LOG_LOOP: -$ CONFIG_LOG_E1 = F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS) +$ CONFIG_LOG_LOOP1: +$ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM") $ CONFIG_LOG_I = CONFIG_LOG_I + 1 -$ IF CONFIG_LOG_E1 .EQS. "" THEN GOTO CONFIG_LOG_LOOP -$ IF CONFIG_LOG_E1 .EQS. "," THEN GOTO CONFIG_LOG_LOOP_END -$ CONFIG_LOG_E2 = F$EDIT(CONFIG_LOG_E1,"TRIM") -$ CONFIG_LOG_E1 = F$ELEMENT(0,";",CONFIG_LOG_E2) -$ CONFIG_LOG_E2 = F$ELEMENT(1,";",CONFIG_LOG_E2) -$ CONFIG_LOG_E0 = F$ELEMENT(0,"/",CONFIG_LOG_E1) -$ CONFIG_LOG_E1 = F$ELEMENT(1,"/",CONFIG_LOG_E1) -$ IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E0) +$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP1 +$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP1_END +$ IF F$TRNLNM("OPENSSL_NO_"+CONFIG_LOG_E) $ THEN -$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E0 -$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E0 -$ WRITE H_FILE "#endif" -$ IF CONFIG_LOG_E1 .NES. "/" +$ CONFIG_DISABLED_'CONFIG_LOG_E' := YES +$ CONFIG_ENABLED_'CONFIG_LOG_E' := NO +$ CONFIG_CHANGED_'CONFIG_LOG_E' := YES +$ ELSE +$ CONFIG_DISABLED_'CONFIG_LOG_E' := NO +$ CONFIG_ENABLED_'CONFIG_LOG_E' := YES +$ ! Because all algorithms are assumed enabled by default +$ CONFIG_CHANGED_'CONFIG_LOG_E' := NO +$ ENDIF +$ GOTO CONFIG_LOG_LOOP1 +$ CONFIG_LOG_LOOP1_END: +$ +$! Apply cascading disable rules +$ CONFIG_DISABLE_I = 0 +$ CONFIG_DISABLE_LOOP0: +$ CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";",CONFIG_DISABLE_RULES),"TRIM") +$ CONFIG_DISABLE_I = CONFIG_DISABLE_I + 1 +$ IF CONFIG_DISABLE_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP0 +$ IF CONFIG_DISABLE_E .EQS. ";" THEN GOTO CONFIG_DISABLE_LOOP0_END +$ +$ CONFIG_DISABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_DISABLE_E),"TRIM") +$ CONFIG_DISABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_DISABLE_E),"TRIM") +$ TO_DISABLE := YES +$ CONFIG_ALGO_I = 0 +$ CONFIG_DISABLE_LOOP1: +$ CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_DISABLE_ALGOS),"TRIM") +$ CONFIG_ALGO_I = CONFIG_ALGO_I + 1 +$ IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP1 +$ IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP1_END +$ IF F$TYPE(CONFIG_DISABLED_'CONFIG_ALGO_E') .EQS. "" $ THEN -$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E1 -$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E1 -$ WRITE H_FILE "#endif" +$ TO_DISABLE := NO +$ ELSE +$ IF .NOT. CONFIG_DISABLED_'CONFIG_ALGO_E' THEN TO_DISABLE := NO $ ENDIF -$ ELSE -$ IF CONFIG_LOG_E2 .NES. ";" +$ GOTO CONFIG_DISABLE_LOOP1 +$ CONFIG_DISABLE_LOOP1_END: +$ +$ IF TO_DISABLE +$ THEN +$ CONFIG_DEPENDENT_I = 0 +$ CONFIG_DISABLE_LOOP2: +$ CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_DISABLE_DEPENDENTS),"TRIM") +$ CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1 +$ IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP2 +$ IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP2_END +$ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES +$ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO +$ ! Better not to assume defaults at this point... +$ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES +$ WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'" +$ GOTO CONFIG_DISABLE_LOOP2 +$ CONFIG_DISABLE_LOOP2_END: +$ ENDIF +$ GOTO CONFIG_DISABLE_LOOP0 +$ CONFIG_DISABLE_LOOP0_END: +$ +$! Apply cascading enable rules +$ CONFIG_ENABLE_I = 0 +$ CONFIG_ENABLE_LOOP0: +$ CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";",CONFIG_ENABLE_RULES),"TRIM") +$ CONFIG_ENABLE_I = CONFIG_ENABLE_I + 1 +$ IF CONFIG_ENABLE_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP0 +$ IF CONFIG_ENABLE_E .EQS. ";" THEN GOTO CONFIG_ENABLE_LOOP0_END +$ +$ CONFIG_ENABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_ENABLE_E),"TRIM") +$ CONFIG_ENABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_ENABLE_E),"TRIM") +$ TO_ENABLE := YES +$ CONFIG_ALGO_I = 0 +$ CONFIG_ENABLE_LOOP1: +$ CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_ENABLE_ALGOS),"TRIM") +$ CONFIG_ALGO_I = CONFIG_ALGO_I + 1 +$ IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP1 +$ IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP1_END +$ IF F$TYPE(CONFIG_ENABLED_'CONFIG_ALGO_E') .EQS. "" $ THEN -$ IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E2) -$ THEN -$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E2 -$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E2 -$ WRITE H_FILE "#endif" -$ ENDIF +$ TO_ENABLE := NO +$ ELSE +$ IF .NOT. CONFIG_ENABLED_'CONFIG_ALGO_E' THEN TO_ENABLE := NO $ ENDIF +$ GOTO CONFIG_ENABLE_LOOP1 +$ CONFIG_ENABLE_LOOP1_END: +$ +$ IF TO_ENABLE +$ THEN +$ CONFIG_DEPENDENT_I = 0 +$ CONFIG_ENABLE_LOOP2: +$ CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_ENABLE_DEPENDENTS),"TRIM") +$ CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1 +$ IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP2 +$ IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP2_END +$ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO +$ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES +$ ! Better not to assume defaults at this point... +$ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES +$ WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'" +$ GOTO CONFIG_ENABLE_LOOP2 +$ CONFIG_ENABLE_LOOP2_END: $ ENDIF -$ GOTO CONFIG_LOG_LOOP -$ CONFIG_LOG_LOOP_END: -$ WRITE H_FILE "#ifndef OPENSSL_NO_STATIC_ENGINE" -$ WRITE H_FILE "# define OPENSSL_NO_STATIC_ENGINE" -$ WRITE H_FILE "#endif" -$ WRITE H_FILE "#ifndef OPENSSL_THREADS" -$ WRITE H_FILE "# define OPENSSL_THREADS" -$ WRITE H_FILE "#endif" -$ WRITE H_FILE "#ifndef OPENSSL_NO_KRB5" -$ WRITE H_FILE "# define OPENSSL_NO_KRB5" -$ WRITE H_FILE "#endif" -$ WRITE H_FILE "" -$! -$! Different tar version may have named the file differently -$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H_IN") .NES. "" -$ THEN -$ TYPE [.CRYPTO]OPENSSLCONF.H_IN /OUTPUT=H_FILE: -$ ELSE -$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF_H.IN") .NES. "" +$ GOTO CONFIG_ENABLE_LOOP0 +$ CONFIG_ENABLE_LOOP0_END: +$ +$! Write to the configuration +$ CONFIG_LOG_I = 0 +$ CONFIG_LOG_LOOP2: +$ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM") +$ CONFIG_LOG_I = CONFIG_LOG_I + 1 +$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP2 +$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP2_END +$ IF CONFIG_CHANGED_'CONFIG_LOG_E' $ THEN -$ TYPE [.CRYPTO]OPENSSLCONF_H.IN /OUTPUT=H_FILE: -$ ELSE -$ ! For ODS-5 -$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H.IN") .NES. "" +$ IF CONFIG_DISABLED_'CONFIG_LOG_E' $ THEN -$ TYPE [.CRYPTO]OPENSSLCONF.H.IN /OUTPUT=H_FILE: +$ WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E +$ WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E +$ WRITE H_FILE "#endif" $ ELSE -$ WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN. Exiting!" -$ $STATUS = %X00018294 ! "%RMS-F-FNF, file not found". -$ GOTO TIDY +$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E +$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E +$ WRITE H_FILE "#endif" $ ENDIF $ ENDIF -$ ENDIF +$ GOTO CONFIG_LOG_LOOP2 +$ CONFIG_LOG_LOOP2_END: +$! +$! Add in the common "crypto/opensslconf.h.in". +$! +$ TYPE 'OPENSSLCONF_H_IN' /OUTPUT=H_FILE: +$! $ IF ARCH .NES. "VAX" $ THEN $! @@ -347,29 +546,29 @@ $! End $! $ ENDIF $! -$! Close the [.xxx.CRYPTO]OPENSSLCONF.H file +$! Close the [.CRYPTO._xxx]OPENSSLCONF.H file $! $ CLOSE H_FILE $! -$! Purge The [.xxx.CRYPTO]OPENSSLCONF.H file +$! Purge The [.CRYPTO._xxx]OPENSSLCONF.H file $! -$ PURGE SYS$DISK:[.'ARCH'.CRYPTO]OPENSSLCONF.H +$ PURGE SYS$DISK:[.CRYPTO._'ARCH']OPENSSLCONF.H $! $! That's All, Time To RETURN. $! $ RETURN $! -$! Rebuild The "[.xxx.CRYPTO]BUILDINF.H" file. +$! Rebuild The "[.CRYPTO._xxx]BUILDINF.H" file. $! $ BUILDINF: $! -$! Tell The User We Are Creating The [.xxx.CRYPTO]BUILDINF.H File. +$! Tell The User We Are Creating The [.CRYPTO._xxx]BUILDINF.H File. $! -$ WRITE SYS$OUTPUT "Creating [.''ARCH'.CRYPTO]BUILDINF.H Include File." +$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']BUILDINF.H Include File." $! -$! Create The [.xxx.CRYPTO]BUILDINF.H File. +$! Create The [.CRYPTO._xxx]BUILDINF.H File. $! -$ BIH_NAME = "SYS$DISK:[.''ARCH'.CRYPTO]BUILDINF.H" +$ BIH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']BUILDINF.H" $ CREATE /FDL=SYS$INPUT: 'BIH_NAME' RECORD FORMAT stream_lf @@ -380,19 +579,19 @@ $! Get The Current Date & Time. $! $ TIME = F$TIME() $! -$! Write The [.xxx.CRYPTO]BUILDINF.H File. +$! Write The [.CRYPTO._xxx]BUILDINF.H File. $! $ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */" -$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VER'""" +$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'""" $ WRITE H_FILE "#define DATE ""''TIME'"" " $! -$! Close The [.xxx.CRYPTO]BUILDINF.H File. +$! Close The [.CRYPTO._xxx]BUILDINF.H File. $! $ CLOSE H_FILE $! -$! Purge The [.xxx.CRYPTO]BUILDINF.H File. +$! Purge The [.CRYPTO._xxx]BUILDINF.H File. $! -$ PURGE SYS$DISK:[.'ARCH'.CRYPTO]BUILDINF.H +$ PURGE SYS$DISK:[.CRYPTO._'ARCH']BUILDINF.H $! $! That's All, Time To RETURN. $! @@ -404,42 +603,14 @@ $ SOFTLINKS: $! $! Tell The User We Are Partly Rebuilding The [.APPS] Directory. $! -$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C', '[.APPS]MD5.C' And '[.APPS]RMD160.C' Files." +$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File." $! -$ DELETE SYS$DISK:[.APPS]MD4.C;*,MD5.C;*,RMD160.C;* +$ DELETE SYS$DISK:[.APPS]MD4.C;* $! $! Copy MD4.C from [.CRYPTO.MD4] into [.APPS] $! $ COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS] $! -$! Copy MD5.C from [.CRYPTO.MD5] into [.APPS] -$! -$ COPY SYS$DISK:[.CRYPTO.MD5]MD5.C SYS$DISK:[.APPS] -$! -$! Copy RMD160.C from [.CRYPTO.RIPEMD] into [.APPS] -$! -$ COPY SYS$DISK:[.CRYPTO.RIPEMD]RMD160.C SYS$DISK:[.APPS] -$! -$! Tell The User We Are Partly Rebuilding The [.TEST] Directory. -$! -$ WRITE SYS$OUTPUT "Rebuilding The '[.TEST]*.C' Files." -$! -$! First, We Have To "Rebuild" The "[.TEST]" Directory, So Delete -$! All The "C" Files That Are Currently There Now. -$! -$ DELETE SYS$DISK:[.TEST]*.C;* -$ DELETE SYS$DISK:[.TEST]EVPTESTS.TXT;* -$! -$! Copy all the *TEST.C files from [.CRYPTO...] into [.TEST] -$! -$ COPY SYS$DISK:[.CRYPTO.*]%*TEST.C SYS$DISK:[.TEST] -$ COPY SYS$DISK:[.CRYPTO.SHA]SHA%%%T.C SYS$DISK:[.TEST] -$ COPY SYS$DISK:[.CRYPTO.EVP]EVPTESTS.TXT SYS$DISK:[.TEST] -$! -$! Copy all the *TEST.C files from [.SSL...] into [.TEST] -$! -$ COPY SYS$DISK:[.SSL]%*TEST.C SYS$DISK:[.TEST] -$! $! Tell The User We Are Rebuilding The [.INCLUDE.OPENSSL] Directory. $! $ WRITE SYS$OUTPUT "Rebuilding The '[.INCLUDE.OPENSSL]' Directory." @@ -532,12 +703,7 @@ $ IF D .EQS. "" $ THEN $ COPY [.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG $ ELSE -$ IF D .EQS. "_''ARCH'" -$ THEN -$ COPY [.'ARCH'.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG -$ ELSE -$ COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG -$ ENDIF +$ COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG $ ENDIF $ GOTO LOOP_SDIRS $ LOOP_SDIRS_END: @@ -736,7 +902,7 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If P1 Has A Valid Arguement. +$! Else, Check To See If P1 Has A Valid Argument. $! $ IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") - .OR.(P1.EQS."BUILDALL") - @@ -745,7 +911,7 @@ $ IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") - .OR.(P1.EQS."ENGINES") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDCOMMAND = P1 $! @@ -758,13 +924,13 @@ $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "USAGE: @MAKEVMS.COM [Target] [not-used option] [Debug option] <Compiler>" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL """" NODEBUG " +$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL NORSAREF NODEBUG " $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Target ",P1," Is Invalid. The Valid Target Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " ALL : Just Build Everything." -$ WRITE SYS$OUTPUT " CONFIG : Just build the [.xxx.CRYPTO]OPENSSLCONF.H file." -$ WRITE SYS$OUTPUT " BUILDINF : Just build the [.xxx.CRYPTO]BUILDINF.H file." +$ WRITE SYS$OUTPUT " CONFIG : Just build the [.CRYPTO._xxx]OPENSSLCONF.H file." +$ WRITE SYS$OUTPUT " BUILDINF : Just build the [.CRYPTO._xxx]BUILDINF.H file." $ WRITE SYS$OUTPUT " SOFTLINKS: Just Fix The Unix soft links." $ WRITE SYS$OUTPUT " BUILDALL : Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done." $ WRITE SYS$OUTPUT " CRYPTO : To Build Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library." @@ -834,7 +1000,7 @@ $! Time To EXIT. $! $ GOTO TIDY $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -973,7 +1139,7 @@ $! End The GNU C Check. $! $ ENDIF $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -991,7 +1157,7 @@ $! Time To EXIT. $! $ GOTO TIDY $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -1098,7 +1264,7 @@ $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $ IF P5 .NES. "" @@ -1153,7 +1319,7 @@ $! $! Get The Version Of VMS We Are Using. $! $ ISSEVEN := -$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION"))) +$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,VMS_VERSION)) $ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP)) $! $! Check To See If The VMS Version Is v7.1 Or Later. diff --git a/openssl/openssl.spec b/openssl/openssl.spec index 9d41cf7e0..bed337b63 100644 --- a/openssl/openssl.spec +++ b/openssl/openssl.spec @@ -2,7 +2,7 @@ %define libmaj 1 %define libmin 0 %define librel 0 -#%define librev a +%define librev a Release: 1 %define openssldir /var/ssl diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c index 0242f1e4d..4ce4064cc 100644 --- a/openssl/ssl/d1_both.c +++ b/openssl/ssl/d1_both.c @@ -123,6 +123,37 @@ #include <openssl/evp.h> #include <openssl/x509.h> +#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) + +#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ + if ((end) - (start) <= 8) { \ + long ii; \ + for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ + } else { \ + long ii; \ + bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ + for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ + bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ + } } + +#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ + long ii; \ + OPENSSL_assert((msg_len) > 0); \ + is_complete = 1; \ + if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ + if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ + if (bitmask[ii] != 0xff) { is_complete = 0; break; } } + +#if 0 +#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ + long ii; \ + printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ + printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ + printf("\n"); } +#endif + +static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; +static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; /* XDTLS: figure out the right values */ static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; @@ -140,10 +171,11 @@ static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok); static hm_fragment * -dtls1_hm_fragment_new(unsigned long frag_len) +dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) { hm_fragment *frag = NULL; unsigned char *buf = NULL; + unsigned char *bitmask = NULL; frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); if ( frag == NULL) @@ -162,6 +194,21 @@ dtls1_hm_fragment_new(unsigned long frag_len) /* zero length fragment gets zero frag->fragment */ frag->fragment = buf; + /* Initialize reassembly bitmask if necessary */ + if (reassembly) + { + bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); + if (bitmask == NULL) + { + if (buf != NULL) OPENSSL_free(buf); + OPENSSL_free(frag); + return NULL; + } + memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); + } + + frag->reassembly = bitmask; + return frag; } @@ -169,6 +216,7 @@ static void dtls1_hm_fragment_free(hm_fragment *frag) { if (frag->fragment) OPENSSL_free(frag->fragment); + if (frag->reassembly) OPENSSL_free(frag->reassembly); OPENSSL_free(frag); } @@ -363,6 +411,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) { int i, al; struct hm_header_st *msg_hdr; + unsigned char *p; + unsigned long msg_len; /* s3->tmp is used to store messages that are unexpected, caused * by the absence of an optional handshake message */ @@ -382,77 +432,55 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) } msg_hdr = &s->d1->r_msg_hdr; - do - { - if ( msg_hdr->frag_off == 0) - { - /* s->d1->r_message_header.msg_len = 0; */ - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - } + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - i = dtls1_get_message_fragment(s, st1, stn, max, ok); - if ( i == DTLS1_HM_BAD_FRAGMENT || - i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ - continue; - else if ( i <= 0 && !*ok) - return i; +again: + i = dtls1_get_message_fragment(s, st1, stn, max, ok); + if ( i == DTLS1_HM_BAD_FRAGMENT || + i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ + goto again; + else if ( i <= 0 && !*ok) + return i; - /* Note that s->init_sum is used as a counter summing - * up fragments' lengths: as soon as they sum up to - * handshake packet length, we assume we have got all - * the fragments. Overlapping fragments would cause - * premature termination, so we don't expect overlaps. - * Well, handling overlaps would require something more - * drastic. Indeed, as it is now there is no way to - * tell if out-of-order fragment from the middle was - * the last. '>=' is the best/least we can do to control - * the potential damage caused by malformed overlaps. */ - if ((unsigned int)s->init_num >= msg_hdr->msg_len) - { - unsigned char *p = (unsigned char *)s->init_buf->data; - unsigned long msg_len = msg_hdr->msg_len; - - /* reconstruct message header as if it was - * sent in single fragment */ - *(p++) = msg_hdr->type; - l2n3(msg_len,p); - s2n (msg_hdr->seq,p); - l2n3(0,p); - l2n3(msg_len,p); - if (s->version != DTLS1_BAD_VER) { - p -= DTLS1_HM_HEADER_LENGTH; - msg_len += DTLS1_HM_HEADER_LENGTH; - } + p = (unsigned char *)s->init_buf->data; + msg_len = msg_hdr->msg_len; + + /* reconstruct message header */ + *(p++) = msg_hdr->type; + l2n3(msg_len,p); + s2n (msg_hdr->seq,p); + l2n3(0,p); + l2n3(msg_len,p); + if (s->version != DTLS1_BAD_VER) { + p -= DTLS1_HM_HEADER_LENGTH; + msg_len += DTLS1_HM_HEADER_LENGTH; + } - ssl3_finish_mac(s, p, msg_len); - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, msg_len, - s, s->msg_callback_arg); - - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - - s->d1->handshake_read_seq++; - /* we just read a handshake message from the other side: - * this means that we don't need to retransmit of the - * buffered messages. - * XDTLS: may be able clear out this - * buffer a little sooner (i.e if an out-of-order - * handshake message/record is received at the record - * layer. - * XDTLS: exception is that the server needs to - * know that change cipher spec and finished messages - * have been received by the client before clearing this - * buffer. this can simply be done by waiting for the - * first data segment, but is there a better way? */ - dtls1_clear_record_buffer(s); - - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - return s->init_num; - } - else - msg_hdr->frag_off = i; - } while(1) ; + ssl3_finish_mac(s, p, msg_len); + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, + p, msg_len, + s, s->msg_callback_arg); + + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + + s->d1->handshake_read_seq++; + /* we just read a handshake message from the other side: + * this means that we don't need to retransmit of the + * buffered messages. + * XDTLS: may be able clear out this + * buffer a little sooner (i.e if an out-of-order + * handshake message/record is received at the record + * layer. + * XDTLS: exception is that the server needs to + * know that change cipher spec and finished messages + * have been received by the client before clearing this + * buffer. this can simply be done by waiting for the + * first data segment, but is there a better way? */ + dtls1_clear_record_buffer(s); + + s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + return s->init_num; f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); @@ -528,6 +556,10 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) return 0; frag = (hm_fragment *)item->data; + + /* Don't return if reassembly still in progress */ + if (frag->reassembly != NULL) + return 0; if ( s->d1->handshake_read_seq == frag->msg_header.seq) { @@ -563,6 +595,109 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) static int +dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) + { + hm_fragment *frag = NULL; + pitem *item = NULL; + int i = -1, is_complete; + unsigned char seq64be[8]; + unsigned long frag_len = msg_hdr->frag_len, max_len; + + if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) + goto err; + + /* Determine maximum allowed message size. Depends on (user set) + * maximum certificate length, but 16k is minimum. + */ + if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list) + max_len = s->max_cert_list; + else + max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + + if ((msg_hdr->frag_off+frag_len) > max_len) + goto err; + + /* Try to find item in queue */ + memset(seq64be,0,sizeof(seq64be)); + seq64be[6] = (unsigned char) (msg_hdr->seq>>8); + seq64be[7] = (unsigned char) msg_hdr->seq; + item = pqueue_find(s->d1->buffered_messages, seq64be); + + if (item == NULL) + { + frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); + if ( frag == NULL) + goto err; + memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); + frag->msg_header.frag_len = frag->msg_header.msg_len; + frag->msg_header.frag_off = 0; + } + else + frag = (hm_fragment*) item->data; + + /* If message is already reassembled, this must be a + * retransmit and can be dropped. + */ + if (frag->reassembly == NULL) + { + unsigned char devnull [256]; + + while (frag_len) + { + i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, + devnull, + frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); + if (i<=0) goto err; + frag_len -= i; + } + return DTLS1_HM_FRAGMENT_RETRY; + } + + /* read the body of the fragment (header has already been read */ + i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, + frag->fragment + msg_hdr->frag_off,frag_len,0); + if (i<=0 || (unsigned long)i!=frag_len) + goto err; + + RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, + (long)(msg_hdr->frag_off + frag_len)); + + RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, + is_complete); + + if (is_complete) + { + OPENSSL_free(frag->reassembly); + frag->reassembly = NULL; + } + + if (item == NULL) + { + memset(seq64be,0,sizeof(seq64be)); + seq64be[6] = (unsigned char)(msg_hdr->seq>>8); + seq64be[7] = (unsigned char)(msg_hdr->seq); + + item = pitem_new(seq64be, frag); + if (item == NULL) + { + goto err; + i = -1; + } + + pqueue_insert(s->d1->buffered_messages, item); + } + + return DTLS1_HM_FRAGMENT_RETRY; + +err: + if (frag != NULL) dtls1_hm_fragment_free(frag); + if (item != NULL) OPENSSL_free(item); + *ok = 0; + return i; + } + + +static int dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) { int i=-1; @@ -579,7 +714,13 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) seq64be[6] = (unsigned char) (msg_hdr->seq>>8); seq64be[7] = (unsigned char) msg_hdr->seq; item = pqueue_find(s->d1->buffered_messages, seq64be); - + + /* If we already have an entry and this one is a fragment, + * don't discard it and rather try to reassemble it. + */ + if (item != NULL && frag_len < msg_hdr->msg_len) + item = NULL; + /* Discard the message if sequence number was already there, is * too far in the future, already in the queue or if we received * a FINISHED before the SERVER_HELLO, which then must be a stale @@ -600,20 +741,25 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) frag_len -= i; } } - - if (frag_len) + else { - frag = dtls1_hm_fragment_new(frag_len); + if (frag_len && frag_len < msg_hdr->msg_len) + return dtls1_reassemble_fragment(s, msg_hdr, ok); + + frag = dtls1_hm_fragment_new(frag_len, 0); if ( frag == NULL) goto err; memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - /* read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - frag->fragment,frag_len,0); - if (i<=0 || (unsigned long)i!=frag_len) - goto err; + if (frag_len) + { + /* read the body of the fragment (header has already been read */ + i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, + frag->fragment,frag_len,0); + if (i<=0 || (unsigned long)i!=frag_len) + goto err; + } memset(seq64be,0,sizeof(seq64be)); seq64be[6] = (unsigned char)(msg_hdr->seq>>8); @@ -640,14 +786,14 @@ static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) { unsigned char wire[DTLS1_HM_HEADER_LENGTH]; - unsigned long l, frag_off, frag_len; + unsigned long len, frag_off, frag_len; int i,al; struct hm_header_st msg_hdr; /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { - if (*ok) s->init_num += frag_len; + if (*ok) s->init_num = frag_len; return frag_len; } @@ -672,10 +818,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ( msg_hdr.seq != s->d1->handshake_read_seq) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - l = msg_hdr.msg_len; + len = msg_hdr.msg_len; frag_off = msg_hdr.frag_off; frag_len = msg_hdr.frag_len; + if (frag_len && frag_len < len) + return dtls1_reassemble_fragment(s, &msg_hdr, ok); + if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && wire[0] == SSL3_MT_HELLO_REQUEST) { @@ -735,7 +884,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) * s->init_buf->data, but as a counter summing up fragments' * lengths: as soon as they sum up to handshake packet * length, we assume we have got all the fragments. */ - s->init_num += frag_len; + s->init_num = frag_len; return frag_len; f_err: @@ -1010,7 +1159,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) * been serialized */ OPENSSL_assert(s->init_off == 0); - frag = dtls1_hm_fragment_new(s->init_num); + frag = dtls1_hm_fragment_new(s->init_num, 0); memcpy(frag->fragment, s->init_buf->data, s->init_num); diff --git a/openssl/ssl/d1_lib.c b/openssl/ssl/d1_lib.c index eeffce3cc..96b220e87 100644 --- a/openssl/ssl/d1_lib.c +++ b/openssl/ssl/d1_lib.c @@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) timeleft->tv_usec += 1000000; } + /* If remaining time is less than 15 ms, set it to 0 + * to prevent issues because of small devergences with + * socket timeouts. + */ + if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) + { + memset(timeleft, 0, sizeof(struct timeval)); + } + + return timeleft; } diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c index c9757e1d6..a5439d544 100644 --- a/openssl/ssl/d1_pkt.c +++ b/openssl/ssl/d1_pkt.c @@ -196,6 +196,9 @@ dtls1_copy_record(SSL *s, pitem *item) s->packet_length = rdata->packet_length; memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); + + /* Set proper sequence number for mac calculation */ + memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); return(1); } @@ -414,7 +417,7 @@ dtls1_process_record(SSL *s) goto err; /* otherwise enc_err == -1 */ - goto decryption_failed_or_bad_record_mac; + goto err; } #ifdef TLS_DEBUG @@ -444,7 +447,7 @@ printf("\n"); SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + goto err; #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ @@ -455,14 +458,14 @@ printf("\n"); SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + goto err; #endif } rr->length-=mac_size; i=s->method->ssl3_enc->mac(s,md,0); if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) { - goto decryption_failed_or_bad_record_mac; + goto err; } } @@ -504,14 +507,6 @@ printf("\n"); dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ return(1); -decryption_failed_or_bad_record_mac: - /* Separate 'decryption_failed' alert was introduced with TLS 1.0, - * SSL 3.0 only has 'bad_record_mac'. But unless a decryption - * failure is directly visible from the ciphertext anyway, - * we should not reveal which kind of error occured -- this - * might become visible to an attacker (e.g. via logfile) */ - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: @@ -544,8 +539,7 @@ int dtls1_get_record(SSL *s) /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ - if ( ! dtls1_process_buffered_records(s)) - return 0; + dtls1_process_buffered_records(s); /* if we're renegotiating, then there may be buffered records */ if (dtls1_get_processed_record(s)) @@ -667,21 +661,25 @@ again: if (rr->length == 0) goto again; /* If this record is from the next epoch (either HM or ALERT), - * buffer it since it cannot be processed at this time. Records - * from the next epoch are marked as received even though they - * are not processed, so as to prevent any potential resource - * DoS attack */ + * and a handshake is currently in progress, buffer it since it + * cannot be processed at this time. */ if (is_next_epoch) { - dtls1_record_bitmap_update(s, bitmap); - dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + if (SSL_in_init(s) || s->in_handshake) + { + dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + } rr->length = 0; s->packet_length = 0; goto again; } - if ( ! dtls1_process_record(s)) - return(0); + if (!dtls1_process_record(s)) + { + rr->length = 0; + s->packet_length = 0; /* dump this record */ + goto again; /* get another record */ + } dtls1_clear_timeouts(s); /* done waiting */ return(1); @@ -809,7 +807,7 @@ start: * buffer the application data for later processing rather * than dropping the connection. */ - dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0); + dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); rr->length = 0; goto start; } diff --git a/openssl/ssl/dtls1.h b/openssl/ssl/dtls1.h index af363a984..2900d1d8a 100644 --- a/openssl/ssl/dtls1.h +++ b/openssl/ssl/dtls1.h @@ -167,6 +167,7 @@ typedef struct hm_fragment_st { struct hm_header_st msg_header; unsigned char *fragment; + unsigned char *reassembly; } hm_fragment; typedef struct dtls1_state_st diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com index 85ab2f61f..c5ca9e1df 100644 --- a/openssl/ssl/ssl-lib.com +++ b/openssl/ssl/ssl-lib.com @@ -30,7 +30,7 @@ $! VAXC For VAX C. $! DECC For DEC C. $! GNUC For GNU C. $! -$! If you don't speficy a compiler, it will try to determine which +$! If you don't specify a compiler, it will try to determine which $! "C" compiler to use. $! $! P4, if defined, sets a TCP/IP library to use, through one of the following @@ -55,7 +55,7 @@ $ THEN $! $! The Architecture Is VAX. $! -$ ARCH := VAX +$ ARCH = "VAX" $! $! Else... $! @@ -524,12 +524,12 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If P1 Has A Valid Arguement. +$! Else, Check To See If P1 Has A Valid Argument. $! $ IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDALL = P1 $! @@ -557,7 +557,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -611,7 +611,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -893,7 +893,7 @@ $! Show user the result $! $ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -994,7 +994,7 @@ $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/openssl/ssl/ssl_algs.c b/openssl/ssl/ssl_algs.c index a26ae4395..0967b2dfe 100644 --- a/openssl/ssl/ssl_algs.c +++ b/openssl/ssl/ssl_algs.c @@ -105,6 +105,14 @@ int SSL_library_init(void) EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); #endif +#ifndef OPENSSL_NO_SHA256 + EVP_add_digest(EVP_sha224()); + EVP_add_digest(EVP_sha256()); +#endif +#ifndef OPENSSL_NO_SHA512 + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); +#endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c index d9cb059d0..9719541f2 100644 --- a/openssl/ssl/t1_enc.c +++ b/openssl/ssl/t1_enc.c @@ -148,7 +148,7 @@ #endif /* seed1 through seed5 are virtually concatenated */ -static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, +static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, const void *seed1, int seed1_len, const void *seed2, int seed2_len, @@ -163,55 +163,79 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, HMAC_CTX ctx_tmp; unsigned char A1[EVP_MAX_MD_SIZE]; unsigned int A1_len; + int ret = 0; chunk=EVP_MD_size(md); OPENSSL_assert(chunk >= 0); HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); - HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); - HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); - if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len); - if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len); - if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len); - if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len); - if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len); - HMAC_Final(&ctx,A1,&A1_len); + if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL)) + goto err; + if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL)) + goto err; + if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len)) + goto err; + if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len)) + goto err; + if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len)) + goto err; + if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len)) + goto err; + if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len)) + goto err; + if (!HMAC_Final(&ctx,A1,&A1_len)) + goto err; n=0; for (;;) { - HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ - HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ - HMAC_Update(&ctx,A1,A1_len); - HMAC_Update(&ctx_tmp,A1,A1_len); - if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len); - if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len); - if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len); - if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len); - if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len); + if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */ + goto err; + if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */ + goto err; + if (!HMAC_Update(&ctx,A1,A1_len)) + goto err; + if (!HMAC_Update(&ctx_tmp,A1,A1_len)) + goto err; + if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len)) + goto err; + if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len)) + goto err; + if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len)) + goto err; + if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len)) + goto err; + if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len)) + goto err; if (olen > chunk) { - HMAC_Final(&ctx,out,&j); + if (!HMAC_Final(&ctx,out,&j)) + goto err; out+=j; olen-=j; - HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */ + if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */ + goto err; } else /* last one */ { - HMAC_Final(&ctx,A1,&A1_len); + if (!HMAC_Final(&ctx,A1,&A1_len)) + goto err; memcpy(out,A1,olen); break; } } + ret = 1; +err: HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&ctx_tmp); OPENSSL_cleanse(A1,sizeof(A1)); + return ret; } /* seed1 through seed5 are virtually concatenated */ -static void tls1_PRF(long digest_mask, +static int tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, int seed2_len, const void *seed3, int seed3_len, @@ -225,6 +249,7 @@ static void tls1_PRF(long digest_mask, const unsigned char *S1; long m; const EVP_MD *md; + int ret = 0; /* Count number of digests and partition sec evenly */ count=0; @@ -239,11 +264,12 @@ static void tls1_PRF(long digest_mask, if (!md) { SSLerr(SSL_F_TLS1_PRF, SSL_R_UNSUPPORTED_DIGEST_TYPE); - return; + goto err; } - tls1_P_hash(md ,S1,len+(slen&1), - seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len, - out2,olen); + if (!tls1_P_hash(md ,S1,len+(slen&1), + seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len, + out2,olen)) + goto err; S1+=len; for (i=0; i<olen; i++) { @@ -251,12 +277,15 @@ static void tls1_PRF(long digest_mask, } } } - + ret = 1; +err: + return ret; } -static void tls1_generate_key_block(SSL *s, unsigned char *km, +static int tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num) { - tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + int ret; + ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random,SSL3_RANDOM_SIZE, s->s3->client_random,SSL3_RANDOM_SIZE, @@ -274,6 +303,7 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km, } printf("\n"); } #endif /* KSSL_DEBUG */ + return ret; } int tls1_change_cipher_state(SSL *s, int which) @@ -461,22 +491,24 @@ printf("which = %04X\nmac key=",which); /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ - tls1_PRF(s->s3->tmp.new_cipher->algorithm2, - exp_label,exp_label_len, - s->s3->client_random,SSL3_RANDOM_SIZE, - s->s3->server_random,SSL3_RANDOM_SIZE, - NULL,0,NULL,0, - key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)); + if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + exp_label,exp_label_len, + s->s3->client_random,SSL3_RANDOM_SIZE, + s->s3->server_random,SSL3_RANDOM_SIZE, + NULL,0,NULL,0, + key,j,tmp1,tmp2,EVP_CIPHER_key_length(c))) + goto err2; key=tmp1; if (k > 0) { - tls1_PRF(s->s3->tmp.new_cipher->algorithm2, - TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE, - s->s3->client_random,SSL3_RANDOM_SIZE, - s->s3->server_random,SSL3_RANDOM_SIZE, - NULL,0,NULL,0, - empty,0,iv1,iv2,k*2); + if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE, + s->s3->client_random,SSL3_RANDOM_SIZE, + s->s3->server_random,SSL3_RANDOM_SIZE, + NULL,0,NULL,0, + empty,0,iv1,iv2,k*2)) + goto err2; if (client_write) iv=iv1; else @@ -518,12 +550,13 @@ err2: int tls1_setup_key_block(SSL *s) { - unsigned char *p1,*p2; + unsigned char *p1,*p2=NULL; const EVP_CIPHER *c; const EVP_MD *hash; int num; SSL_COMP *comp; int mac_type= NID_undef,mac_secret_size=0; + int ret=0; #ifdef KSSL_DEBUG printf ("tls1_setup_key_block()\n"); @@ -548,13 +581,19 @@ int tls1_setup_key_block(SSL *s) ssl3_cleanup_key_block(s); if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) + { + SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); goto err; - if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) - goto err; + } s->s3->tmp.key_block_length=num; s->s3->tmp.key_block=p1; + if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) + { + SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); + goto err; + } #ifdef TLS_DEBUG printf("client random\n"); @@ -564,9 +603,8 @@ printf("server random\n"); printf("pre-master\n"); { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif - tls1_generate_key_block(s,p1,p2,num); - OPENSSL_cleanse(p2,num); - OPENSSL_free(p2); + if (!tls1_generate_key_block(s,p1,p2,num)) + goto err; #ifdef TLS_DEBUG printf("\nkey block\n"); { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } @@ -591,10 +629,14 @@ printf("\nkey block\n"); } } - return(1); + ret = 1; err: - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); - return(0); + if (p2) + { + OPENSSL_cleanse(p2,num); + OPENSSL_free(p2); + } + return(ret); } int tls1_enc(SSL *s, int send) @@ -822,10 +864,11 @@ int tls1_final_finish_mac(SSL *s, } } - tls1_PRF(s->s3->tmp.new_cipher->algorithm2, - str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, - s->session->master_key,s->session->master_key_length, - out,buf2,sizeof buf2); + if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, + s->session->master_key,s->session->master_key_length, + out,buf2,sizeof buf2)) + err = 1; EVP_MD_CTX_cleanup(&ctx); if (err) diff --git a/openssl/test/cms-test.pl b/openssl/test/cms-test.pl index 6ad788346..9c50dff3e 100644 --- a/openssl/test/cms-test.pl +++ b/openssl/test/cms-test.pl @@ -54,8 +54,12 @@ # OpenSSL PKCS#7 and CMS implementations. my $ossl_path; - -if ( -f "../apps/openssl$ENV{EXE_EXT}" ) { +my $redir = " 2>cms.err 1>cms.out"; +# Make MSYS work +if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { + $ossl_path = "cmd /c ..\\apps\\openssl"; +} +elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; } elsif ( -f "..\\out32dll\\openssl.exe" ) { @@ -382,14 +386,14 @@ sub run_smime_tests { $rscmd =~ s/-stream//; $rvcmd =~ s/-stream//; } - system("$scmd$rscmd 2>cms.err 1>cms.out"); + system("$scmd$rscmd$redir"); if ($?) { print "$tnam: generation error\n"; $$rv++; exit 1 if $halt_err; next; } - system("$vcmd$rvcmd 2>cms.err 1>cms.out"); + system("$vcmd$rvcmd$redir"); if ($?) { print "$tnam: verify error\n"; $$rv++; diff --git a/openssl/test/igetest.c b/openssl/test/igetest.c index a2578d09c..1ba900244 100644 --- a/openssl/test/igetest.c +++ b/openssl/test/igetest.c @@ -221,9 +221,9 @@ static int run_test_vectors(void) ++errs; } - /* try with in == out */ + /* try with in == out */ memcpy(iv, v->iv, sizeof iv); - memcpy(buf, v->in, v->length); + memcpy(buf, v->in, v->length); AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); if(memcmp(v->out, buf, v->length)) diff --git a/openssl/test/maketests.com b/openssl/test/maketests.com index 7adb82ec3..ca072f1d1 100644 --- a/openssl/test/maketests.com +++ b/openssl/test/maketests.com @@ -42,34 +42,20 @@ $! (That is, If Wee Need To Link To One.) $! $ TCPIP_LIB = "" $! -$! Check What Architecture We Are Using. +$! Check Which Architecture We Are Using. $! -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$! -$! The Architecture Is VAX. -$! -$ ARCH := VAX -$! -$! Else... -$! -$ ELSE -$! -$! The Architecture Is Alpha, IA64 or whatever comes in the future. +$ if (f$getsyi( "HW_MODEL") .lt. 1024) +$ then +$ arch = "VAX" +$ else +$ arch = "" +$ arch = arch+ f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (arch .eqs. "") then arch = "UNK" +$ endif $! -$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") -$ IF (ARCH .EQS. "") THEN ARCH = "UNK" -$! -$! End The Architecture Check. -$! -$ ENDIF -$! -$! Define The OBJ Directory. +$! Define The OBJ and EXE Directories (EXE before CHECK_OPTIONS). $! $ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST] -$! -$! Define The EXE Directory. -$! $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST] $! $! Check To Make Sure We Have Valid Command Line Parameters. @@ -82,7 +68,7 @@ $ GOSUB INITIALISE $! $! Tell The User What Kind of Machine We Run On. $! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." +$ WRITE SYS$OUTPUT "Compiling On ''ARCH'." $! $! Define The CRYPTO-LIB We Are To Use. $! @@ -92,31 +78,12 @@ $! Define The SSL We Are To Use. $! $ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB $! -$! Check To See If The Architecture Specific OBJ Directory Exists. -$! -$ IF (F$PARSE(OBJ_DIR).EQS."") -$ THEN +$! Create the OBJ and EXE Directories, if needed. $! -$! The EXE Directory Dosen't Exist, So Create It. -$! -$ CREATE/DIRECTORY 'OBJ_DIR' -$! -$! End The Architecture Specific OBJ Directory Check. -$! -$ ENDIF -$! -$! Check To See If The Architecture Specific EXE Directory Exists. -$! -$ IF (F$PARSE(EXE_DIR).EQS."") -$ THEN -$! -$! The EXE Directory Dosen't Exist, So Create It. -$! -$ CREATE/DIRECTORY 'EXE_DIR' -$! -$! End The Architecture Specific EXE Directory Check. -$! -$ ENDIF +$ IF (F$PARSE(OBJ_DIR).EQS."") THEN - + CREATE /DIRECTORY 'OBJ_DIR' +$ IF (F$PARSE(EXE_DIR).EQS."") THEN - + CREATE /DIRECTORY 'EXE_DIR' $! $! Check To See If We Have The Proper Libraries. $! @@ -140,12 +107,46 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - "EVP_TEST,JPAKETEST" $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? -$ +$! +$! Additional directory information. +$ T_D_BNTEST := [-.crypto.bn] +$ T_D_ECTEST := [-.crypto.ec] +$ T_D_ECDSATEST := [-.crypto.ecdsa] +$ T_D_ECDHTEST := [-.crypto.ecdh] +$ T_D_IDEATEST := [-.crypto.idea] +$ T_D_MD2TEST := [-.crypto.md2] +$ T_D_MD4TEST := [-.crypto.md4] +$ T_D_MD5TEST := [-.crypto.md5] +$ T_D_HMACTEST := [-.crypto.hmac] +$ T_D_WP_TEST := [-.crypto.whrlpool] +$ T_D_RC2TEST := [-.crypto.rc2] +$ T_D_RC4TEST := [-.crypto.rc4] +$ T_D_RC5TEST := [-.crypto.rc5] +$ T_D_DESTEST := [-.crypto.des] +$ T_D_SHATEST := [-.crypto.sha] +$ T_D_SHA1TEST := [-.crypto.sha] +$ T_D_SHA256T := [-.crypto.sha] +$ T_D_SHA512T := [-.crypto.sha] +$ T_D_MDC2TEST := [-.crypto.mdc2] +$ T_D_RMDTEST := [-.crypto.ripemd] +$ T_D_RANDTEST := [-.crypto.rand] +$ T_D_DHTEST := [-.crypto.dh] +$ T_D_ENGINETEST := [-.crypto.engine] +$ T_D_BFTEST := [-.crypto.bf] +$ T_D_CASTTEST := [-.crypto.cast] +$ T_D_SSLTEST := [-.ssl] +$ T_D_EXPTEST := [-.crypto.bn] +$ T_D_DSATEST := [-.crypto.dsa] +$ T_D_RSA_TEST := [-.crypto.rsa] +$ T_D_EVP_TEST := [-.crypto.evp] +$ T_D_JPAKETEST := [-.crypto.jpake] +$ T_D_IGETEST := [-.test] +$! $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - TCPIP_PROGRAMS = ",SSLTEST," $! -$! Define A File Counter And Set It To "0". +$! Define A File Counter And Set It To "0". $! $ FILE_COUNTER = 0 $! @@ -167,7 +168,7 @@ $ FILE_COUNTER = FILE_COUNTER + 1 $! $! Create The Source File Name. $! -$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C" +$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C" $! $! Create The Object File Name. $! @@ -201,9 +202,7 @@ $! $! Compile The File. $! $ ON ERROR THEN GOTO NEXT_FILE -$ CC/OBJECT='OBJECT_FILE' /PREFIX=ALL - - /INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO],SYS$DISK:[-.CRYPTO.X509V3],SYS$DISK:[-.INCLUDE.OPENSSL]) - - 'SOURCE_FILE' +$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ON WARNING THEN GOTO NEXT_FILE $! $! Check If What We Are About To Compile Works Without A TCP/IP Library. @@ -213,7 +212,8 @@ $ THEN $! $! Inform The User That A TCP/IP Library Is Needed To Compile This Program. $! -$ WRITE SYS$OUTPUT FILE_NAME," Needs A TCP/IP Library. Can't Link. Skipping..." +$ WRITE SYS$OUTPUT - + FILE_NAME," Needs A TCP/IP Library. Can't Link. Skipping..." $ GOTO NEXT_FILE $! $! End The TCP/IP Library Check. @@ -228,10 +228,12 @@ $ THEN $! $! Don't Link With The RSAREF Routines And TCP/IP Library. $! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - +$ LINK /'DEBUGGER' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' - 'OBJECT_FILE', - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION + 'SSL_LIB' /LIBRARY, - + 'CRYPTO_LIB' /LIBRARY, - + 'TCPIP_LIB', - + 'OPT_FILE' /OPTIONS $! $! Else... $! @@ -239,10 +241,11 @@ $ ELSE $! $! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. $! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - +$ LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' - 'OBJECT_FILE', - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION + 'SSL_LIB' /LIBRARY, - + 'CRYPTO_LIB' /LIBRARY, - + 'OPT_FILE' /OPTIONS $! $! End The TCP/IP Library Check. $! @@ -281,10 +284,10 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable VAX C Runtime Library. ! -SYS$SHARE:VAXCRTL.EXE/SHARE +SYS$SHARE:VAXCRTL.EXE /SHAREABLE $EOD $! $! End The Option File Check. @@ -313,8 +316,8 @@ $DECK ! Default System Options File To Link Agianst ! The Sharable C Runtime Library. ! -GNU_CC:[000000]GCCLIB/LIBRARY -SYS$SHARE:VAXCRTL/SHARE +GNU_CC:[000000]GCCLIB.OLB /LIBRARY +SYS$SHARE:VAXCRTL.EXE /SHAREABLE $EOD $! $! End The Option File Check. @@ -348,7 +351,7 @@ $DECK ! Default System Options File To Link Agianst ! The Sharable DEC C Runtime Library. ! -SYS$SHARE:DECC$SHR.EXE/SHARE +SYS$SHARE:DECC$SHR.EXE /SHAREABLE $EOD $! $! Else... @@ -363,8 +366,8 @@ $DECK ! Default System Options File For non-VAX To Link Agianst ! The Sharable C Runtime Library. ! -SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE -SYS$SHARE:CMA$OPEN_RTL/SHARE +SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE +SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE $EOD $! $! End The DEC C Option File Check. @@ -622,9 +625,9 @@ $! Use DECC... $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - + THEN CC = "CC /DECC" +$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + - + "/NOLIST /PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. @@ -656,14 +659,14 @@ $ THEN $ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" $ EXIT $ ENDIF -$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC" +$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS $ CCDEFS = CCDEFS + ",""VAXC""" $! $! Define <sys> As SYS$COMMON:[SYSLIB] $! -$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] +$ DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! @@ -688,7 +691,7 @@ $ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." $! $! Use GNU C... $! -$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. @@ -723,7 +726,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $! $! Show user the result $! -$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC +$ WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC $! $! Else The User Entered An Invalid Arguement. $! @@ -757,7 +760,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Done with SOCKETSHR $! @@ -768,7 +771,7 @@ $! $ IF P3.EQS."MULTINET" $ THEN $! -$! Set the library to use UXC emulation. +$! Set the library to use UCX emulation. $! $ P3 = "UCX" $! @@ -783,13 +786,13 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" $ ENDIF $! $! Done with UCX @@ -803,7 +806,7 @@ $ THEN $! $! Set the library to use TCPIP (post UCX). $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Done with TCPIP $! @@ -901,7 +904,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" $! $! Set up the logical name OPENSSL to point at the include directory $! -$ DEFINE OPENSSL/NOLOG '__INCLUDE' +$ DEFINE OPENSSL /NOLOG '__INCLUDE' $! $! Done $! @@ -915,7 +918,7 @@ $ IF __SAVE_OPENSSL .EQS. "" $ THEN $ DEASSIGN OPENSSL $ ELSE -$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL' +$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL' $ ENDIF $! $! Done diff --git a/openssl/tools/c_rehash b/openssl/tools/c_rehash index fef1f60e6..6a20011a4 100644 --- a/openssl/tools/c_rehash +++ b/openssl/tools/c_rehash @@ -7,6 +7,7 @@ my $openssl; my $dir = "/usr/local/ssl"; +my $prefix = "/usr/local/ssl"; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; @@ -24,7 +25,7 @@ if (defined(&Cwd::getcwd)) { } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? -$ENV{PATH} .= "$path_delim$dir/bin"; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path if(! -x $openssl) { my $found = 0; diff --git a/openssl/tools/c_rehash.in b/openssl/tools/c_rehash.in index 6dd3c24fc..bfc4a69ed 100644 --- a/openssl/tools/c_rehash.in +++ b/openssl/tools/c_rehash.in @@ -7,6 +7,7 @@ my $openssl; my $dir; +my $prefix; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; @@ -24,7 +25,7 @@ if (defined(&Cwd::getcwd)) { } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? -$ENV{PATH} .= "$path_delim$dir/bin"; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path if(! -x $openssl) { my $found = 0; diff --git a/openssl/util/libeay.num b/openssl/util/libeay.num index 007e1f8ba..6f3067ae2 100644 --- a/openssl/util/libeay.num +++ b/openssl/util/libeay.num @@ -3752,7 +3752,7 @@ TS_REQ_set_policy_id 4138 EXIST::FUNCTION: d2i_TS_RESP_fp 4139 EXIST::FUNCTION: ENGINE_get_pkey_asn1_meth_engine 4140 EXIST:!VMS:FUNCTION:ENGINE ENGINE_get_pkey_asn1_meth_eng 4140 EXIST:VMS:FUNCTION:ENGINE -WHIRLPOOL_Init 4141 EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL_Init 4141 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL TS_RESP_set_status_info 4142 EXIST::FUNCTION: EVP_PKEY_keygen 4143 EXIST::FUNCTION: EVP_DigestSignInit 4144 EXIST::FUNCTION: @@ -3761,7 +3761,7 @@ TS_REQ_dup 4146 EXIST::FUNCTION: GENERAL_NAME_dup 4147 EXIST::FUNCTION: ASN1_SEQUENCE_ANY_it 4148 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_SEQUENCE_ANY_it 4148 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -WHIRLPOOL 4149 EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL 4149 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL X509_STORE_get1_crls 4150 EXIST::FUNCTION: ENGINE_get_pkey_asn1_meth 4151 EXIST::FUNCTION:ENGINE EVP_PKEY_asn1_new 4152 EXIST::FUNCTION: @@ -3812,7 +3812,7 @@ DSO_global_lookup 4195 EXIST::FUNCTION: TS_CONF_set_tsa_name 4196 EXIST::FUNCTION: i2d_ASN1_SET_ANY 4197 EXIST::FUNCTION: ENGINE_load_gost 4198 EXIST::FUNCTION:ENGINE,GOST,STATIC_ENGINE -WHIRLPOOL_BitUpdate 4199 EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL_BitUpdate 4199 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL ASN1_PCTX_get_flags 4200 EXIST::FUNCTION: TS_TST_INFO_get_ext_by_NID 4201 EXIST::FUNCTION: TS_RESP_new 4202 EXIST::FUNCTION: @@ -3861,10 +3861,10 @@ EVP_PKEY_meth_set_sign 4243 EXIST::FUNCTION: CRYPTO_THREADID_current 4244 EXIST::FUNCTION: EVP_PKEY_decrypt_init 4245 EXIST::FUNCTION: NETSCAPE_X509_free 4246 EXIST::FUNCTION: -i2b_PVK_bio 4247 EXIST::FUNCTION: +i2b_PVK_bio 4247 EXIST::FUNCTION:RC4 EVP_PKEY_print_private 4248 EXIST::FUNCTION: GENERAL_NAME_get0_value 4249 EXIST::FUNCTION: -b2i_PVK_bio 4250 EXIST::FUNCTION: +b2i_PVK_bio 4250 EXIST::FUNCTION:RC4 ASN1_UTCTIME_adj 4251 EXIST::FUNCTION: TS_TST_INFO_new 4252 EXIST::FUNCTION: EVP_MD_do_all_sorted 4253 EXIST::FUNCTION: @@ -3975,7 +3975,7 @@ X509_PUBKEY_get0_param 4356 EXIST::FUNCTION: TS_MSG_IMPRINT_dup 4357 EXIST::FUNCTION: PKCS7_print_ctx 4358 EXIST::FUNCTION: i2d_TS_REQ_bio 4359 EXIST::FUNCTION: -EVP_whirlpool 4360 EXIST::FUNCTION:WHIRLPOOL +EVP_whirlpool 4360 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL EVP_PKEY_asn1_set_param 4361 EXIST::FUNCTION: EVP_PKEY_meth_set_encrypt 4362 EXIST::FUNCTION: ASN1_PCTX_set_flags 4363 EXIST::FUNCTION: @@ -3986,7 +3986,7 @@ ENGINE_register_all_pkey_meths 4367 EXIST::FUNCTION:ENGINE TS_RESP_CTX_set_status_info_cond 4368 EXIST:!VMS:FUNCTION: TS_RESP_CTX_set_stat_info_cond 4368 EXIST:VMS:FUNCTION: EVP_PKEY_verify 4369 EXIST::FUNCTION: -WHIRLPOOL_Final 4370 EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL_Final 4370 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL X509_CRL_METHOD_new 4371 EXIST::FUNCTION: EVP_DigestSignFinal 4372 EXIST::FUNCTION: TS_RESP_CTX_set_def_policy 4373 EXIST::FUNCTION: @@ -4068,7 +4068,7 @@ ERR_remove_thread_state 4445 EXIST::FUNCTION: EVP_PKEY_meth_add0 4446 EXIST::FUNCTION: TS_TST_INFO_set_tsa 4447 EXIST::FUNCTION: EVP_PKEY_meth_new 4448 EXIST::FUNCTION: -WHIRLPOOL_Update 4449 EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL_Update 4449 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL TS_CONF_set_accuracy 4450 EXIST::FUNCTION: ASN1_PCTX_set_oid_flags 4451 EXIST::FUNCTION: ESS_SIGNING_CERT_dup 4452 EXIST::FUNCTION: @@ -4173,6 +4173,8 @@ X509_STORE_CTX_get0_cur_issuer 4546 EXIST:VMS:FUNCTION: X509_issuer_name_hash_old 4547 EXIST::FUNCTION:MD5 X509_subject_name_hash_old 4548 EXIST::FUNCTION:MD5 EVP_CIPHER_CTX_copy 4549 EXIST::FUNCTION: -UI_method_get_prompt_constructor 4550 EXIST::FUNCTION: -UI_method_set_prompt_constructor 4551 EXIST::FUNCTION: +UI_method_get_prompt_constructor 4550 EXIST:!VMS:FUNCTION: +UI_method_get_prompt_constructr 4550 EXIST:VMS:FUNCTION: +UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION: +UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION: EVP_read_pw_string_min 4552 EXIST::FUNCTION: diff --git a/openssl/util/mkdef.pl b/openssl/util/mkdef.pl index 1d579c897..a4a17e3ae 100644 --- a/openssl/util/mkdef.pl +++ b/openssl/util/mkdef.pl @@ -978,6 +978,12 @@ sub do_defs $platform{"SHA512_Update"} = "!VMSVAX"; $platform{"SHA512_Final"} = "!VMSVAX"; $platform{"SHA512"} = "!VMSVAX"; + $platform{"WHIRLPOOL_Init"} = "!VMSVAX"; + $platform{"WHIRLPOOL"} = "!VMSVAX"; + $platform{"WHIRLPOOL_BitUpdate"} = "!VMSVAX"; + $platform{"EVP_whirlpool"} = "!VMSVAX"; + $platform{"WHIRLPOOL_Final"} = "!VMSVAX"; + $platform{"WHIRLPOOL_Update"} = "!VMSVAX"; # Info we know about diff --git a/openssl/util/pl/VC-32.pl b/openssl/util/pl/VC-32.pl index c024f0268..9461d1a25 100644 --- a/openssl/util/pl/VC-32.pl +++ b/openssl/util/pl/VC-32.pl @@ -123,15 +123,15 @@ else # Win32 } $mlflags=''; -$out_def="out32"; $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); -$tmp_def="tmp32"; $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); +$out_def ="\$(OUT_D)"; $out_def.="dll" if ($shlib); + $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); +$tmp_def ="\$(TMP_D)"; $tmp_def.="dll" if ($shlib); + $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); $inc_def="inc32"; if ($debug) { $cflags=$dbg_cflags.$base_cflags; - $lflags.=" /debug"; - $mlflags.=' /debug'; } else { @@ -139,6 +139,11 @@ else $cdflags=$dbg_cflags.$base_cflags; } +# generate symbols.pdb unconditionally +$app_cflag.=" /Zi /Fd$tmp_def/app"; +$lib_cflag.=" /Zi /Fd$tmp_def/lib"; +$lflags.=" /debug"; + $obj='.obj'; $asm_suffix='.asm'; $ofile="/Fo"; @@ -179,18 +184,15 @@ $lfile='/out:'; $shlib_ex_obj=""; $app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/); if ($FLAVOR =~ /WIN64A/) { - if (`nasm -v` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { - $asm='nasm -f win64 -DNEAR -Ox'; - $asm.=' -g' if $debug; + if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { + $asm='nasm -f win64 -DNEAR -Ox -g'; $afile='-o '; } else { - $asm='ml64 /c /Cp /Cx'; - $asm.=" /Zi" if $debug; + $asm='ml64 /c /Cp /Cx /Zi'; $afile='/Fo'; } } elsif ($FLAVOR =~ /WIN64I/) { - $asm='ias'; - $asm.=" -d debug" if $debug; + $asm='ias -d debug'; $afile="-o "; } elsif ($nasm) { my $ver=`nasm -v 2>NUL`; @@ -200,8 +202,7 @@ if ($FLAVOR =~ /WIN64A/) { $asmtype="win32n"; $afile='-o '; } else { - $asm='ml /nologo /Cp /coff /c /Cx'; - $asm.=" /Zi" if $debug; + $asm='ml /nologo /Cp /coff /c /Cx /Zi'; $afile='/Fo'; $asmtype="win32"; } @@ -234,9 +235,7 @@ if (!$no_asm) if ($shlib && $FLAVOR !~ /CE/) { $mlflags.=" $lflags /dll"; - $lib_cflag=" -D_WINDLL"; - $out_def="out32dll"; - $tmp_def="tmp32dll"; + $lib_cflag.=" -D_WINDLL"; # # Engage Applink... # @@ -266,14 +265,9 @@ elsif ($shlib && $FLAVOR =~ /CE/) { $mlflags.=" $lflags /dll"; $lflags.=' /entry:mainCRTstartup' if(defined($ENV{'PORTSDK_LIBPATH'})); - $lib_cflag=" -D_WINDLL -D_DLL"; - $out_def='out32dll_$(TARGETCPU)'; - $tmp_def='tmp32dll_$(TARGETCPU)'; + $lib_cflag.=" -D_WINDLL -D_DLL"; } -$cflags.=" /Fd\$(OUT_D)"; -$cdflags.=" /Fd\$(OUT_D)"; - sub do_lib_rule { local($objs,$target,$name,$shlib)=@_; |