diff options
134 files changed, 1565 insertions, 797 deletions
diff --git a/openssl/ACKNOWLEDGMENTS b/openssl/ACKNOWLEDGMENTS new file mode 100644 index 000000000..fb6dd912c --- /dev/null +++ b/openssl/ACKNOWLEDGMENTS @@ -0,0 +1,25 @@ +The OpenSSL project depends on volunteer efforts and financial support from +the end user community. That support comes in the form of donations and paid +sponsorships, software support contracts, paid consulting services +and commissioned software development. + +Since all these activities support the continued development and improvement +of OpenSSL we consider all these clients and customers as sponsors of the +OpenSSL project. + +We would like to identify and thank the following such sponsors for their past +or current significant support of the OpenSSL project: + +Very significant support: + + OpenGear: www.opengear.com + +Significant support: + + PSW Group: www.psw.net + +Please note that we ask permission to identify sponsors and that some sponsors +we consider eligible for inclusion here have requested to remain anonymous. + +Additional sponsorship or financial support is always welcome: for more +information please contact the OpenSSL Software Foundation. diff --git a/openssl/CHANGES b/openssl/CHANGES index b139cf624..38bfd34aa 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,29 @@ OpenSSL CHANGES _______________ + Changes between 1.0.0b and 1.0.0c [2 Dec 2010] + + *) Disable code workaround for ancient and obsolete Netscape browsers + and servers: an attacker can use it in a ciphersuite downgrade attack. + Thanks to Martin Rex for discovering this bug. CVE-2010-4180 + [Steve Henson] + + *) Fixed J-PAKE implementation error, originally discovered by + Sebastien Martini, further info and confirmation from Stefan + Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 + [Ben Laurie] + + Changes between 1.0.0a and 1.0.0b [16 Nov 2010] + + *) Fix extension code to avoid race conditions which can result in a buffer + overrun vulnerability: resumed sessions must not be modified as they can + be shared by multiple threads. CVE-2010-3864 + [Steve Henson] + + *) Fix WIN32 build system to correctly link an ENGINE directory into + a DLL. + [Steve Henson] + Changes between 1.0.0 and 1.0.0a [01 Jun 2010] *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover @@ -849,7 +872,34 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] + Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] + + *) Fix extension code to avoid race conditions which can result in a buffer + overrun vulnerability: resumed sessions must not be modified as they can + be shared by multiple threads. CVE-2010-3864 + + *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 + [Steve Henson] + + *) Don't reencode certificate when calculating signature: cache and use + the original encoding instead. This makes signature verification of + some broken encodings work correctly. + [Steve Henson] + + *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT + is also one of the inputs. + [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)] + + *) Don't repeatedly append PBE algorithms to table if they already exist. + Sort table on each new add. This effectively makes the table read only + after all algorithms are added and subsequent calls to PKCS12_pbe_add + etc are non-op. + [Steve Henson] + + Changes between 0.9.8n and 0.9.8o [01 Jun 2010] + + [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after + OpenSSL 1.0.0.] *) Correct a typo in the CMS ASN1 module which can result in invalid memory access or freeing data twice (CVE-2010-0742) @@ -860,6 +910,12 @@ SSL_library_init and not OpenSSL_add_all_algorithms() will fail. [Steve Henson] + *) VMS fixes: + Reduce copying into .apps and .test in makevms.com + Don't try to use blank CA certificate in CA.com + Allow use of C files from original directories in maketests.com + [Steven M. Schweda" <sms@antinode.info>] + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never @@ -868,8 +924,8 @@ - OpenSSL 0.9.8f if 'short' is longer than 16 bits, the previous behavior could result in a read attempt at NULL when receiving specific incorrect SSL/TLS records once record payload - protection is active. (CVE-2010-####) - [Bodo Moeller, Adam Langley] + protection is active. (CVE-2010-0740) + [Bodo Moeller, Adam Langley <agl@chromium.org>] *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). diff --git a/openssl/Configure b/openssl/Configure index e3b13b9d4..429ab2e5e 100644 --- a/openssl/Configure +++ b/openssl/Configure @@ -492,6 +492,8 @@ my %table=( # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", "VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", +"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", +"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' "VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", @@ -583,6 +585,7 @@ my %table=( ); my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A + debug-VC-WIN64I debug-VC-WIN64A VC-NT VC-CE VC-WIN32 debug-VC-WIN32 BC-32 netware-clib netware-clib-bsdsock @@ -1093,6 +1096,12 @@ my $ar = $ENV{'AR'} || "ar"; my $arflags = $fields[$idx_arflags]; my $multilib = $fields[$idx_multilib]; +# if $prefix/lib$multilib is not an existing directory, then +# assume that it's not searched by linker automatically, in +# which case adding $multilib suffix causes more grief than +# we're ready to tolerate, so don't... +$multilib="" if !-d "$prefix/lib$multilib"; + $libdir="lib$multilib" if $libdir eq ""; $cflags = "$cflags$exp_cflags"; @@ -1102,6 +1111,12 @@ my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } else { $lflags=$prelflags; undef $prelflags; } +if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) + { + $cflags =~ s/\-mno\-cygwin\s*//; + $shared_ldflag =~ s/\-mno\-cygwin\s*//; + } + my $no_shared_warn=0; my $no_user_cflags=0; diff --git a/openssl/FAQ b/openssl/FAQ index becee6663..50e931408 100644 --- a/openssl/FAQ +++ b/openssl/FAQ @@ -52,6 +52,9 @@ OpenSSL - Frequently Asked Questions * Why does the OpenSSL test suite fail in sha512t on x86 CPU? * Why does compiler fail to compile sha512.c? * Test suite still fails, what to do? +* I think I've found a bug, what should I do? +* I'm SURE I've found a bug, how do I report it? +* I've found a security issue, how do I report it? [PROG] Questions about programming with OpenSSL @@ -79,7 +82,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.0a was released on Jun 1st, 2010. +OpenSSL 1.0.0c was released on Dec 2nd, 2010. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -131,7 +134,7 @@ OpenSSL. Information on the OpenSSL mailing lists is available from * Where can I get a compiled version of OpenSSL? You can finder pointers to binary distributions in -http://www.openssl.org/related/binaries.html . +<URL: http://www.openssl.org/related/binaries.html> . Some applications that use OpenSSL are distributed in binary form. When using such an application, you don't need to install OpenSSL @@ -463,7 +466,7 @@ administrators. Other projects do have other policies so you can for example extract the CA bundle used by Mozilla and/or modssl as described in this article: - http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html + <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html> [BUILD] ======================================================================= @@ -505,7 +508,7 @@ when you run the test suite (using "make test"). The message returned is "bc: 1 not implemented". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> for download instructions) can be safely used, for example. @@ -516,7 +519,7 @@ that the OpenSSL bntest throws at it. This gets triggered when you run the test suite (using "make test"). The message returned is "bc: stack empty". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> for download instructions) can be safely used, for example. @@ -709,6 +712,46 @@ never make sense, and tend to emerge when you least expect them. In order to identify one, drop optimization level, e.g. by editing CFLAG line in top-level Makefile, recompile and re-run the test. +* I think I've found a bug, what should I do? + +If you are a new user then it is quite likely you haven't found a bug and +something is happening you aren't familiar with. Check this FAQ, the associated +documentation and the mailing lists for similar queries. If you are still +unsure whether it is a bug or not submit a query to the openssl-users mailing +list. + + +* I'm SURE I've found a bug, how do I report it? + +Bug reports with no security implications should be sent to the request +tracker. This can be done by mailing the report to <rt@openssl.org> (or its +alias <openssl-bugs@openssl.org>), please note that messages sent to the +request tracker also appear in the public openssl-dev mailing list. + +The report should be in plain text. Any patches should be sent as +plain text attachments because some mailers corrupt patches sent inline. +If your issue affects multiple versions of OpenSSL check any patches apply +cleanly and, if possible include patches to each affected version. + +The report should be given a meaningful subject line briefly summarising the +issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. + +By sending reports to the request tracker the bug can then be given a priority +and assigned to the appropriate maintainer. The history of discussions can be +accessed and if the issue has been addressed or a reason why not. If patches +are only sent to openssl-dev they can be mislaid if a team member has to +wade through months of old messages to review the discussion. + +See also <URL: http://www.openssl.org/support/rt.html> + + +* I've found a security issue, how do I report it? + +If you think your bug has security implications then please send it to +openssl-security@openssl.org if you don't get a prompt reply at least +acknowledging receipt then resend or mail it directly to one of the +more active team members (e.g. Steve). + [PROG] ======================================================================== * Is OpenSSL thread-safe? diff --git a/openssl/INSTALL.W32 b/openssl/INSTALL.W32 index 77441f1ef..d23c4baf6 100644 --- a/openssl/INSTALL.W32 +++ b/openssl/INSTALL.W32 @@ -185,6 +185,15 @@ required. Run the installers and do whatever magic they say it takes to start MSYS bash shell with GNU tools on its PATH. + N.B. Since source tar-ball can contain symbolic links, it's essential + that you use accompanying MSYS tar to unpack the source. It will + either handle them in one way or another or fail to extract them, + which does the trick too. Latter means that you may safely ignore all + "cannot create symlink" messages, as they will be "re-created" at + configure stage by copying corresponding files. Alternative programs + were observed to create empty files instead, which results in build + failure. + * Compile OpenSSL: $ ./config @@ -297,7 +306,18 @@ desktop, which is not available to service processes. The toolkit is designed to detect in which context it's currently executed, GUI, console app or service, and act accordingly, namely whether or not to - actually make GUI calls. + actually make GUI calls. Additionally those who wish to + /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them + off service process should consider implementing and exporting from + .exe image in question own _OPENSSL_isservice not relying on USER32.DLL. + E.g., on Windows Vista and later you could: + + __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void) + { DWORD sess; + if (ProcessIdToSessionId(GetCurrentProcessId(),&sess)) + return sess==0; + return FALSE; + } If you link with OpenSSL .DLLs, then you're expected to include into your application code small "shim" snippet, which provides glue between diff --git a/openssl/Makefile b/openssl/Makefile index 47bb99c40..009688314 100644 --- a/openssl/Makefile +++ b/openssl/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.0a +VERSION=1.0.0c MAJOR=1 MINOR=0.0 SHLIB_VERSION_NUMBER=1.0.0 diff --git a/openssl/Makefile.shared b/openssl/Makefile.shared index 3569832f1..e753f44e1 100644 --- a/openssl/Makefile.shared +++ b/openssl/Makefile.shared @@ -135,7 +135,7 @@ LINK_SO_A_VIA_O= \ ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \ ( $(SET_X); \ ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \ - $(LINK_SO) && rm -f $(LIBNAME).o + $(LINK_SO) && rm -f lib$(LIBNAME).o LINK_SO_A_UNPACKED= \ UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \ @@ -207,17 +207,29 @@ link_app.bsd: fi; $(LINK_APP) # For Darwin AKA Mac OS/X (dyld) -# link_o.darwin produces .so, because we let it use dso_dlfcn module, -# which has .so extension hard-coded. One can argue that one should -# develop special dso module for MacOS X. At least manual encourages -# to use native NSModule(3) API and refers to dlfcn as termporary hack. +# Originally link_o.darwin produced .so, because it was hard-coded +# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib +# extension in order to allow for run-time linking with vendor- +# supplied shared libraries such as libz, so that link_o.darwin had +# to be harmonized with it. This caused minor controversy, because +# it was believed that dlopen can't be used to dynamically load +# .dylib-s, only so called bundle modules (ones linked with -bundle +# flag). The belief seems to be originating from pre-10.4 release, +# where dlfcn functionality was emulated by dlcompat add-on. In +# 10.4 dlopen was rewritten as native part of dyld and is documented +# to be capable of loading both dynamic libraries and bundles. In +# order to provide compatibility with pre-10.4 dlopen, modules are +# linked with -bundle flag, which makes .dylib extension misleading. +# It works, because dlopen is [and always was] extension-agnostic. +# Alternative to this heuristic approach is to develop specific +# MacOS X dso module relying on whichever "native" dyld interface. link_o.darwin: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME); \ - SHLIB_SUFFIX=.so; \ + SHLIB_SUFFIX=.dylib; \ ALLSYMSFLAGS='-all_load'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \ + SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \ if [ -n "$(LIBVERSION)" ]; then \ SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \ fi; \ diff --git a/openssl/NEWS b/openssl/NEWS index 3a787ea06..139c1e02b 100644 --- a/openssl/NEWS +++ b/openssl/NEWS @@ -5,6 +5,20 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: + + o Fix for security issue CVE-2010-4180 + o Fix for CVE-2010-4252 + o Fix mishandling of absent EC point format extension. + o Fix various platform compilation issues. + o Corrected fix for security issue CVE-2010-3864. + + Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b: + + o Fix for security issue CVE-2010-3864. + o Fix for CVE-2010-2939 + o Fix WIN32 build system for GOST ENGINE. + Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: o Fix for security issue CVE-2010-1633. diff --git a/openssl/PROBLEMS b/openssl/PROBLEMS index ed3c17453..d247470f0 100644 --- a/openssl/PROBLEMS +++ b/openssl/PROBLEMS @@ -36,7 +36,9 @@ may differ on your machine. As long as Apple doesn't fix the problem with ld, this problem building -OpenSSL will remain as is. +OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by +passing -Wl,-search_paths_first, but it's unknown if the flag was +supported from the initial MacOS X release. * Parallell make leads to errors diff --git a/openssl/README b/openssl/README index c1d0a5fd5..509350db7 100644 --- a/openssl/README +++ b/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.0a 1 Jun 2010 + OpenSSL 1.0.0c 2 Dec 2010 Copyright (c) 1998-2010 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c index acc50df04..c2797711a 100644 --- a/openssl/apps/apps.c +++ b/openssl/apps/apps.c @@ -257,6 +257,8 @@ int args_from_file(char *file, int *argc, char **argv[]) int str2fmt(char *s) { + if (s == NULL) + return FORMAT_UNDEF; if ((*s == 'D') || (*s == 'd')) return(FORMAT_ASN1); else if ((*s == 'T') || (*s == 't')) @@ -377,13 +379,12 @@ void program_name(char *in, char *out, int size) int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { - int num,len,i; + int num,i; char *p; *argc=0; *argv=NULL; - len=strlen(buf); i=0; if (arg->count == 0) { diff --git a/openssl/apps/dh.c b/openssl/apps/dh.c index e9609d630..dee9c01fc 100644 --- a/openssl/apps/dh.c +++ b/openssl/apps/dh.c @@ -88,9 +88,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -189,7 +186,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); diff --git a/openssl/apps/dhparam.c b/openssl/apps/dhparam.c index 5fab29eb8..b47097cbb 100644 --- a/openssl/apps/dhparam.c +++ b/openssl/apps/dhparam.c @@ -149,9 +149,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -270,7 +267,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (g && !num) diff --git a/openssl/apps/dsaparam.c b/openssl/apps/dsaparam.c index 4305a739b..fe72c1d3d 100644 --- a/openssl/apps/dsaparam.c +++ b/openssl/apps/dsaparam.c @@ -111,9 +111,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -278,7 +275,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (need_rand) @@ -357,12 +354,10 @@ bad: if (C) { unsigned char *data; - int l,len,bits_p,bits_q,bits_g; + int l,len,bits_p; len=BN_num_bytes(dsa->p); bits_p=BN_num_bits(dsa->p); - bits_q=BN_num_bits(dsa->q); - bits_g=BN_num_bits(dsa->g); data=(unsigned char *)OPENSSL_malloc(len+20); if (data == NULL) { diff --git a/openssl/apps/ec.c b/openssl/apps/ec.c index 31194b48d..896eabc13 100644 --- a/openssl/apps/ec.c +++ b/openssl/apps/ec.c @@ -85,9 +85,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int ret = 1; EC_KEY *eckey = NULL; const EC_GROUP *group; @@ -254,7 +251,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) diff --git a/openssl/apps/ecparam.c b/openssl/apps/ecparam.c index e9aa0a184..465480bed 100644 --- a/openssl/apps/ecparam.c +++ b/openssl/apps/ecparam.c @@ -129,9 +129,6 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL, *prog; BIO *in = NULL, *out = NULL; int informat, outformat, noout = 0, C = 0, ret = 1; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif char *engine = NULL; BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, @@ -340,7 +337,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (list_curves) diff --git a/openssl/apps/enc.c b/openssl/apps/enc.c index 3c2c91e92..c28d8b194 100644 --- a/openssl/apps/enc.c +++ b/openssl/apps/enc.c @@ -101,9 +101,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -328,7 +325,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (md && (dgst=EVP_get_digestbyname(md)) == NULL) diff --git a/openssl/apps/gendh.c b/openssl/apps/gendh.c index caa7327a1..4ec776ba9 100644 --- a/openssl/apps/gendh.c +++ b/openssl/apps/gendh.c @@ -89,9 +89,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { BN_GENCB cb; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; @@ -163,7 +160,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif out=BIO_new(BIO_s_file()); diff --git a/openssl/apps/gendsa.c b/openssl/apps/gendsa.c index 22c39629e..62ea97790 100644 --- a/openssl/apps/gendsa.c +++ b/openssl/apps/gendsa.c @@ -78,9 +78,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -206,7 +203,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { diff --git a/openssl/apps/pkcs7.c b/openssl/apps/pkcs7.c index 86d31b99a..ae6cd33f7 100644 --- a/openssl/apps/pkcs7.c +++ b/openssl/apps/pkcs7.c @@ -82,9 +82,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -182,7 +179,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); diff --git a/openssl/apps/pkeyparam.c b/openssl/apps/pkeyparam.c index 7f18010f9..6f7a357a3 100644 --- a/openssl/apps/pkeyparam.c +++ b/openssl/apps/pkeyparam.c @@ -74,7 +74,6 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey=NULL; int badarg = 0; #ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; char *engine=NULL; #endif int ret = 1; @@ -141,7 +140,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (infile) diff --git a/openssl/apps/pkeyutl.c b/openssl/apps/pkeyutl.c index 22a6c4bf3..7eb3f5c54 100644 --- a/openssl/apps/pkeyutl.c +++ b/openssl/apps/pkeyutl.c @@ -119,17 +119,17 @@ int MAIN(int argc, char **argv) if (!strcmp(*argv,"-in")) { if (--argc < 1) badarg = 1; - infile= *(++argv); + else infile= *(++argv); } else if (!strcmp(*argv,"-out")) { if (--argc < 1) badarg = 1; - outfile= *(++argv); + else outfile= *(++argv); } else if (!strcmp(*argv,"-sigfile")) { if (--argc < 1) badarg = 1; - sigfile= *(++argv); + else sigfile= *(++argv); } else if(!strcmp(*argv, "-inkey")) { @@ -159,17 +159,17 @@ int MAIN(int argc, char **argv) else if (!strcmp(*argv,"-passin")) { if (--argc < 1) badarg = 1; - passargin= *(++argv); + else passargin= *(++argv); } else if (strcmp(*argv,"-peerform") == 0) { if (--argc < 1) badarg = 1; - peerform=str2fmt(*(++argv)); + else peerform=str2fmt(*(++argv)); } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; - keyform=str2fmt(*(++argv)); + else keyform=str2fmt(*(++argv)); } #ifndef OPENSSL_NO_ENGINE else if(!strcmp(*argv, "-engine")) diff --git a/openssl/apps/rand.c b/openssl/apps/rand.c index 44a1d46a0..790e79592 100644 --- a/openssl/apps/rand.c +++ b/openssl/apps/rand.c @@ -77,9 +77,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -178,7 +175,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); diff --git a/openssl/apps/s_server.c b/openssl/apps/s_server.c index 1a06d19bb..8a0c34cf0 100644 --- a/openssl/apps/s_server.c +++ b/openssl/apps/s_server.c @@ -2254,11 +2254,10 @@ static int www_body(char *hostname, int s, unsigned char *context) { char *buf=NULL; int ret=1; - int i,j,k,blank,dot; + int i,j,k,dot; SSL *con; const SSL_CIPHER *c; BIO *io,*ssl_bio,*sbio; - long total_bytes; buf=OPENSSL_malloc(bufsize); if (buf == NULL) return(0); @@ -2329,7 +2328,6 @@ static int www_body(char *hostname, int s, unsigned char *context) SSL_set_msg_callback_arg(con, bio_s_out); } - blank=0; for (;;) { if (hack) @@ -2559,7 +2557,6 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); } /* send the file */ - total_bytes=0; for (;;) { i=BIO_read(file,buf,bufsize); diff --git a/openssl/apps/s_socket.c b/openssl/apps/s_socket.c index 6b8713de6..c08544a13 100644 --- a/openssl/apps/s_socket.c +++ b/openssl/apps/s_socket.c @@ -327,7 +327,7 @@ static int init_server_long(int *sock, int port, char *ip, int type) { int ret=0; struct sockaddr_in server; - int s= -1,i; + int s= -1; if (!ssl_sock_init()) return(0); @@ -366,7 +366,6 @@ static int init_server_long(int *sock, int port, char *ip, int type) } /* Make it 128 for linux */ if (type==SOCK_STREAM && listen(s,128) == -1) goto err; - i=0; *sock=s; ret=1; err: @@ -384,7 +383,7 @@ static int init_server(int *sock, int port, int type) static int do_accept(int acc_sock, int *sock, char **host) { - int ret,i; + int ret; struct hostent *h1,*h2; static struct sockaddr_in from; int len; @@ -407,6 +406,7 @@ redoit: if (ret == INVALID_SOCKET) { #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) + int i; i=WSAGetLastError(); BIO_printf(bio_err,"accept error %d\n",i); #else @@ -461,7 +461,6 @@ redoit: BIO_printf(bio_err,"gethostbyname failure\n"); return(0); } - i=0; if (h2->h_addrtype != AF_INET) { BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); diff --git a/openssl/apps/speed.c b/openssl/apps/speed.c index 539bfff22..0cb7f24cc 100644 --- a/openssl/apps/speed.c +++ b/openssl/apps/speed.c @@ -334,9 +334,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -430,7 +427,6 @@ int MAIN(int argc, char **argv) unsigned char DES_iv[8]; unsigned char iv[2*MAX_BLOCK_SIZE/8]; #ifndef OPENSSL_NO_DES - DES_cblock *buf_as_des_cblock = NULL; static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; @@ -644,9 +640,6 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"out of memory\n"); goto end; } -#ifndef OPENSSL_NO_DES - buf_as_des_cblock = (DES_cblock *)buf; -#endif if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); @@ -721,7 +714,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"no engine given\n"); goto end; } - e = setup_engine(bio_err, *argv, 0); + setup_engine(bio_err, *argv, 0); /* j will be increased again further down. We just don't want speed to confuse an engine with an algorithm, especially when none is given (which @@ -1237,7 +1230,8 @@ int MAIN(int argc, char **argv) count*=2; Time_F(START); for (it=count; it; it--) - DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, + DES_ecb_encrypt((DES_cblock *)buf, + (DES_cblock *)buf, &sch,DES_ENCRYPT); d=Time_F(STOP); } while (d <3); diff --git a/openssl/apps/x509.c b/openssl/apps/x509.c index e7e46d7b6..ed1e8c69a 100644 --- a/openssl/apps/x509.c +++ b/openssl/apps/x509.c @@ -556,7 +556,6 @@ bad: if (reqfile) { EVP_PKEY *pkey; - X509_CINF *ci; BIO *in; if (!sign_flag && !CA_flag) @@ -624,7 +623,6 @@ bad: print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); if ((x=X509_new()) == NULL) goto end; - ci=x->cert_info; if (sno == NULL) { diff --git a/openssl/crypto/Makefile b/openssl/crypto/Makefile index c1033f6d7..85d9f249c 100644 --- a/openssl/crypto/Makefile +++ b/openssl/crypto/Makefile @@ -74,7 +74,9 @@ x86_64cpuid.s: x86_64cpuid.pl $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@ ia64cpuid.s: ia64cpuid.S $(CC) $(CFLAGS) -E ia64cpuid.S > $@ -ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ +ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ +alphacpuid.s: alphacpuid.pl + $(PERL) $< | $(CC) -E - | tee $@ > /dev/null testapps: [ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \ diff --git a/openssl/crypto/aes/aes_wrap.c b/openssl/crypto/aes/aes_wrap.c index 9feacd65d..e2d73d37c 100644 --- a/openssl/crypto/aes/aes_wrap.c +++ b/openssl/crypto/aes/aes_wrap.c @@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv, A[7] ^= (unsigned char)(t & 0xff); if (t > 0xff) { - A[6] ^= (unsigned char)((t & 0xff) >> 8); - A[5] ^= (unsigned char)((t & 0xff) >> 16); - A[4] ^= (unsigned char)((t & 0xff) >> 24); + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); } memcpy(R, B + 8, 8); } @@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, A[7] ^= (unsigned char)(t & 0xff); if (t > 0xff) { - A[6] ^= (unsigned char)((t & 0xff) >> 8); - A[5] ^= (unsigned char)((t & 0xff) >> 16); - A[4] ^= (unsigned char)((t & 0xff) >> 24); + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); } memcpy(B + 8, R, 8); AES_decrypt(B, B, key); diff --git a/openssl/crypto/aes/asm/aes-armv4.pl b/openssl/crypto/aes/asm/aes-armv4.pl index 690244111..c51ee1fbf 100644 --- a/openssl/crypto/aes/asm/aes-armv4.pl +++ b/openssl/crypto/aes/asm/aes-armv4.pl @@ -16,12 +16,20 @@ # allows to merge logical or arithmetic operation with shift or rotate # in one instruction and emit combined result every cycle. The module # is endian-neutral. The performance is ~42 cycles/byte for 128-bit -# key. +# key [on single-issue Xscale PXA250 core]. # May 2007. # # AES_set_[en|de]crypt_key is added. +# July 2010. +# +# Rescheduling for dual-issue pipeline resulted in 12% improvement on +# Cortex A8 core and ~25 cycles per byte processed with 128-bit key. + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + $s0="r0"; $s1="r1"; $s2="r2"; @@ -164,24 +172,24 @@ AES_encrypt: ldrb $t2,[$rounds,#1] ldrb $t3,[$rounds,#0] orr $s0,$s0,$t1,lsl#8 - orr $s0,$s0,$t2,lsl#16 - orr $s0,$s0,$t3,lsl#24 ldrb $s1,[$rounds,#7] + orr $s0,$s0,$t2,lsl#16 ldrb $t1,[$rounds,#6] + orr $s0,$s0,$t3,lsl#24 ldrb $t2,[$rounds,#5] ldrb $t3,[$rounds,#4] orr $s1,$s1,$t1,lsl#8 - orr $s1,$s1,$t2,lsl#16 - orr $s1,$s1,$t3,lsl#24 ldrb $s2,[$rounds,#11] + orr $s1,$s1,$t2,lsl#16 ldrb $t1,[$rounds,#10] + orr $s1,$s1,$t3,lsl#24 ldrb $t2,[$rounds,#9] ldrb $t3,[$rounds,#8] orr $s2,$s2,$t1,lsl#8 - orr $s2,$s2,$t2,lsl#16 - orr $s2,$s2,$t3,lsl#24 ldrb $s3,[$rounds,#15] + orr $s2,$s2,$t2,lsl#16 ldrb $t1,[$rounds,#14] + orr $s2,$s2,$t3,lsl#24 ldrb $t2,[$rounds,#13] ldrb $t3,[$rounds,#12] orr $s3,$s3,$t1,lsl#8 @@ -196,24 +204,24 @@ AES_encrypt: mov $t3,$s0,lsr#8 strb $t1,[$rounds,#0] strb $t2,[$rounds,#1] - strb $t3,[$rounds,#2] - strb $s0,[$rounds,#3] mov $t1,$s1,lsr#24 + strb $t3,[$rounds,#2] mov $t2,$s1,lsr#16 + strb $s0,[$rounds,#3] mov $t3,$s1,lsr#8 strb $t1,[$rounds,#4] strb $t2,[$rounds,#5] - strb $t3,[$rounds,#6] - strb $s1,[$rounds,#7] mov $t1,$s2,lsr#24 + strb $t3,[$rounds,#6] mov $t2,$s2,lsr#16 + strb $s1,[$rounds,#7] mov $t3,$s2,lsr#8 strb $t1,[$rounds,#8] strb $t2,[$rounds,#9] - strb $t3,[$rounds,#10] - strb $s2,[$rounds,#11] mov $t1,$s3,lsr#24 + strb $t3,[$rounds,#10] mov $t2,$s3,lsr#16 + strb $s2,[$rounds,#11] mov $t3,$s3,lsr#8 strb $t1,[$rounds,#12] strb $t2,[$rounds,#13] @@ -230,141 +238,137 @@ AES_encrypt: .align 2 _armv4_AES_encrypt: str lr,[sp,#-4]! @ push lr - ldr $t1,[$key],#16 - ldr $t2,[$key,#-12] - ldr $t3,[$key,#-8] - ldr $i1,[$key,#-4] - ldr $rounds,[$key,#240-16] + ldmia $key!,{$t1-$i1} eor $s0,$s0,$t1 + ldr $rounds,[$key,#240-16] eor $s1,$s1,$t2 eor $s2,$s2,$t3 eor $s3,$s3,$i1 sub $rounds,$rounds,#1 mov lr,#255 -.Lenc_loop: + and $i1,lr,$s0 and $i2,lr,$s0,lsr#8 and $i3,lr,$s0,lsr#16 - and $i1,lr,$s0 mov $s0,$s0,lsr#24 +.Lenc_loop: ldr $t1,[$tbl,$i1,lsl#2] @ Te3[s0>>0] - ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24] - ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8] - ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16] - and $i1,lr,$s1,lsr#16 @ i0 + ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8] and $i2,lr,$s1 + ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16] and $i3,lr,$s1,lsr#8 + ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24] mov $s1,$s1,lsr#24 + ldr $i1,[$tbl,$i1,lsl#2] @ Te1[s1>>16] - ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24] ldr $i2,[$tbl,$i2,lsl#2] @ Te3[s1>>0] ldr $i3,[$tbl,$i3,lsl#2] @ Te2[s1>>8] eor $s0,$s0,$i1,ror#8 - eor $s1,$s1,$t1,ror#24 - eor $t2,$t2,$i2,ror#8 - eor $t3,$t3,$i3,ror#8 - + ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24] and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$t2,$i2,ror#8 and $i2,lr,$s2,lsr#16 @ i1 + eor $t3,$t3,$i3,ror#8 and $i3,lr,$s2 - mov $s2,$s2,lsr#24 + eor $s1,$s1,$t1,ror#24 ldr $i1,[$tbl,$i1,lsl#2] @ Te2[s2>>8] + mov $s2,$s2,lsr#24 + ldr $i2,[$tbl,$i2,lsl#2] @ Te1[s2>>16] - ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24] ldr $i3,[$tbl,$i3,lsl#2] @ Te3[s2>>0] eor $s0,$s0,$i1,ror#16 - eor $s1,$s1,$i2,ror#8 - eor $s2,$s2,$t2,ror#16 - eor $t3,$t3,$i3,ror#16 - + ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24] and $i1,lr,$s3 @ i0 + eor $s1,$s1,$i2,ror#8 and $i2,lr,$s3,lsr#8 @ i1 + eor $t3,$t3,$i3,ror#16 and $i3,lr,$s3,lsr#16 @ i2 - mov $s3,$s3,lsr#24 + eor $s2,$s2,$t2,ror#16 ldr $i1,[$tbl,$i1,lsl#2] @ Te3[s3>>0] + mov $s3,$s3,lsr#24 + ldr $i2,[$tbl,$i2,lsl#2] @ Te2[s3>>8] ldr $i3,[$tbl,$i3,lsl#2] @ Te1[s3>>16] - ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24] eor $s0,$s0,$i1,ror#24 + ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24] eor $s1,$s1,$i2,ror#16 + ldr $i1,[$key],#16 eor $s2,$s2,$i3,ror#8 + ldr $t1,[$key,#-12] eor $s3,$s3,$t3,ror#8 - ldr $t1,[$key],#16 - ldr $t2,[$key,#-12] - ldr $t3,[$key,#-8] - ldr $i1,[$key,#-4] - eor $s0,$s0,$t1 - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 + ldr $t2,[$key,#-8] + eor $s0,$s0,$i1 + ldr $t3,[$key,#-4] + and $i1,lr,$s0 + eor $s1,$s1,$t1 + and $i2,lr,$s0,lsr#8 + eor $s2,$s2,$t2 + and $i3,lr,$s0,lsr#16 + eor $s3,$s3,$t3 + mov $s0,$s0,lsr#24 subs $rounds,$rounds,#1 bne .Lenc_loop add $tbl,$tbl,#2 - and $i1,lr,$s0 - and $i2,lr,$s0,lsr#8 - and $i3,lr,$s0,lsr#16 - mov $s0,$s0,lsr#24 ldrb $t1,[$tbl,$i1,lsl#2] @ Te4[s0>>0] - ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24] - ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8] - ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16] - and $i1,lr,$s1,lsr#16 @ i0 + ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8] and $i2,lr,$s1 + ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16] and $i3,lr,$s1,lsr#8 + ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24] mov $s1,$s1,lsr#24 + ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s1>>16] - ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24] ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s1>>0] ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s1>>8] eor $s0,$i1,$s0,lsl#8 - eor $s1,$t1,$s1,lsl#24 - eor $t2,$i2,$t2,lsl#8 - eor $t3,$i3,$t3,lsl#8 - + ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24] and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$i2,$t2,lsl#8 and $i2,lr,$s2,lsr#16 @ i1 + eor $t3,$i3,$t3,lsl#8 and $i3,lr,$s2 - mov $s2,$s2,lsr#24 + eor $s1,$t1,$s1,lsl#24 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s2>>8] + mov $s2,$s2,lsr#24 + ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s2>>16] - ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24] ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s2>>0] eor $s0,$i1,$s0,lsl#8 - eor $s1,$s1,$i2,lsl#16 - eor $s2,$t2,$s2,lsl#24 - eor $t3,$i3,$t3,lsl#8 - + ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24] and $i1,lr,$s3 @ i0 + eor $s1,$s1,$i2,lsl#16 and $i2,lr,$s3,lsr#8 @ i1 + eor $t3,$i3,$t3,lsl#8 and $i3,lr,$s3,lsr#16 @ i2 - mov $s3,$s3,lsr#24 + eor $s2,$t2,$s2,lsl#24 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s3>>0] + mov $s3,$s3,lsr#24 + ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s3>>8] ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s3>>16] - ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24] eor $s0,$i1,$s0,lsl#8 + ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24] + ldr $i1,[$key,#0] eor $s1,$s1,$i2,lsl#8 + ldr $t1,[$key,#4] eor $s2,$s2,$i3,lsl#16 + ldr $t2,[$key,#8] eor $s3,$t3,$s3,lsl#24 + ldr $t3,[$key,#12] - ldr lr,[sp],#4 @ pop lr - ldr $t1,[$key,#0] - ldr $t2,[$key,#4] - ldr $t3,[$key,#8] - ldr $i1,[$key,#12] - eor $s0,$s0,$t1 - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 + eor $s0,$s0,$i1 + eor $s1,$s1,$t1 + eor $s2,$s2,$t2 + eor $s3,$s3,$t3 sub $tbl,$tbl,#2 - mov pc,lr @ return + ldr pc,[sp],#4 @ pop and return .size _armv4_AES_encrypt,.-_armv4_AES_encrypt .global AES_set_encrypt_key @@ -399,31 +403,31 @@ AES_set_encrypt_key: ldrb $t2,[$rounds,#1] ldrb $t3,[$rounds,#0] orr $s0,$s0,$t1,lsl#8 - orr $s0,$s0,$t2,lsl#16 - orr $s0,$s0,$t3,lsl#24 ldrb $s1,[$rounds,#7] + orr $s0,$s0,$t2,lsl#16 ldrb $t1,[$rounds,#6] + orr $s0,$s0,$t3,lsl#24 ldrb $t2,[$rounds,#5] ldrb $t3,[$rounds,#4] orr $s1,$s1,$t1,lsl#8 - orr $s1,$s1,$t2,lsl#16 - orr $s1,$s1,$t3,lsl#24 ldrb $s2,[$rounds,#11] + orr $s1,$s1,$t2,lsl#16 ldrb $t1,[$rounds,#10] + orr $s1,$s1,$t3,lsl#24 ldrb $t2,[$rounds,#9] ldrb $t3,[$rounds,#8] orr $s2,$s2,$t1,lsl#8 - orr $s2,$s2,$t2,lsl#16 - orr $s2,$s2,$t3,lsl#24 ldrb $s3,[$rounds,#15] + orr $s2,$s2,$t2,lsl#16 ldrb $t1,[$rounds,#14] + orr $s2,$s2,$t3,lsl#24 ldrb $t2,[$rounds,#13] ldrb $t3,[$rounds,#12] orr $s3,$s3,$t1,lsl#8 - orr $s3,$s3,$t2,lsl#16 - orr $s3,$s3,$t3,lsl#24 str $s0,[$key],#16 + orr $s3,$s3,$t2,lsl#16 str $s1,[$key,#-12] + orr $s3,$s3,$t3,lsl#24 str $s2,[$key,#-8] str $s3,[$key,#-4] @@ -437,27 +441,26 @@ AES_set_encrypt_key: .L128_loop: and $t2,lr,$s3,lsr#24 and $i1,lr,$s3,lsr#16 - and $i2,lr,$s3,lsr#8 - and $i3,lr,$s3 ldrb $t2,[$tbl,$t2] + and $i2,lr,$s3,lsr#8 ldrb $i1,[$tbl,$i1] + and $i3,lr,$s3 ldrb $i2,[$tbl,$i2] - ldrb $i3,[$tbl,$i3] - ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i1,lsl#24 + ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i3,lsl#8 eor $t2,$t2,$t1 eor $s0,$s0,$t2 @ rk[4]=rk[0]^... eor $s1,$s1,$s0 @ rk[5]=rk[1]^rk[4] - eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5] - eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6] str $s0,[$key],#16 + eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5] str $s1,[$key,#-12] + eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6] str $s2,[$key,#-8] - str $s3,[$key,#-4] - subs $rounds,$rounds,#1 + str $s3,[$key,#-4] bne .L128_loop sub r2,$key,#176 b .Ldone @@ -468,16 +471,16 @@ AES_set_encrypt_key: ldrb $t2,[$rounds,#17] ldrb $t3,[$rounds,#16] orr $i2,$i2,$t1,lsl#8 - orr $i2,$i2,$t2,lsl#16 - orr $i2,$i2,$t3,lsl#24 ldrb $i3,[$rounds,#23] + orr $i2,$i2,$t2,lsl#16 ldrb $t1,[$rounds,#22] + orr $i2,$i2,$t3,lsl#24 ldrb $t2,[$rounds,#21] ldrb $t3,[$rounds,#20] orr $i3,$i3,$t1,lsl#8 orr $i3,$i3,$t2,lsl#16 - orr $i3,$i3,$t3,lsl#24 str $i2,[$key],#8 + orr $i3,$i3,$t3,lsl#24 str $i3,[$key,#-4] teq lr,#192 @@ -491,27 +494,26 @@ AES_set_encrypt_key: .L192_loop: and $t2,lr,$i3,lsr#24 and $i1,lr,$i3,lsr#16 - and $i2,lr,$i3,lsr#8 - and $i3,lr,$i3 ldrb $t2,[$tbl,$t2] + and $i2,lr,$i3,lsr#8 ldrb $i1,[$tbl,$i1] + and $i3,lr,$i3 ldrb $i2,[$tbl,$i2] - ldrb $i3,[$tbl,$i3] - ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i1,lsl#24 + ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i3,lsl#8 eor $i3,$t2,$t1 eor $s0,$s0,$i3 @ rk[6]=rk[0]^... eor $s1,$s1,$s0 @ rk[7]=rk[1]^rk[6] - eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7] - eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8] str $s0,[$key],#24 + eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7] str $s1,[$key,#-20] + eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8] str $s2,[$key,#-16] - str $s3,[$key,#-12] - subs $rounds,$rounds,#1 + str $s3,[$key,#-12] subeq r2,$key,#216 beq .Ldone @@ -529,16 +531,16 @@ AES_set_encrypt_key: ldrb $t2,[$rounds,#25] ldrb $t3,[$rounds,#24] orr $i2,$i2,$t1,lsl#8 - orr $i2,$i2,$t2,lsl#16 - orr $i2,$i2,$t3,lsl#24 ldrb $i3,[$rounds,#31] + orr $i2,$i2,$t2,lsl#16 ldrb $t1,[$rounds,#30] + orr $i2,$i2,$t3,lsl#24 ldrb $t2,[$rounds,#29] ldrb $t3,[$rounds,#28] orr $i3,$i3,$t1,lsl#8 orr $i3,$i3,$t2,lsl#16 - orr $i3,$i3,$t3,lsl#24 str $i2,[$key],#8 + orr $i3,$i3,$t3,lsl#24 str $i3,[$key,#-4] mov $rounds,#14 @@ -550,52 +552,51 @@ AES_set_encrypt_key: .L256_loop: and $t2,lr,$i3,lsr#24 and $i1,lr,$i3,lsr#16 - and $i2,lr,$i3,lsr#8 - and $i3,lr,$i3 ldrb $t2,[$tbl,$t2] + and $i2,lr,$i3,lsr#8 ldrb $i1,[$tbl,$i1] + and $i3,lr,$i3 ldrb $i2,[$tbl,$i2] - ldrb $i3,[$tbl,$i3] - ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i1,lsl#24 + ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i3,lsl#8 eor $i3,$t2,$t1 eor $s0,$s0,$i3 @ rk[8]=rk[0]^... eor $s1,$s1,$s0 @ rk[9]=rk[1]^rk[8] - eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9] - eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10] str $s0,[$key],#32 + eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9] str $s1,[$key,#-28] + eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10] str $s2,[$key,#-24] - str $s3,[$key,#-20] - subs $rounds,$rounds,#1 + str $s3,[$key,#-20] subeq r2,$key,#256 beq .Ldone and $t2,lr,$s3 and $i1,lr,$s3,lsr#8 - and $i2,lr,$s3,lsr#16 - and $i3,lr,$s3,lsr#24 ldrb $t2,[$tbl,$t2] + and $i2,lr,$s3,lsr#16 ldrb $i1,[$tbl,$i1] + and $i3,lr,$s3,lsr#24 ldrb $i2,[$tbl,$i2] - ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i1,lsl#8 + ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$key,#-48] orr $t2,$t2,$i3,lsl#24 - ldr $t1,[$key,#-48] ldr $i1,[$key,#-44] ldr $i2,[$key,#-40] - ldr $i3,[$key,#-36] eor $t1,$t1,$t2 @ rk[12]=rk[4]^... + ldr $i3,[$key,#-36] eor $i1,$i1,$t1 @ rk[13]=rk[5]^rk[12] - eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13] - eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14] str $t1,[$key,#-16] + eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13] str $i1,[$key,#-12] + eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14] str $i2,[$key,#-8] str $i3,[$key,#-4] b .L256_loop @@ -816,24 +817,24 @@ AES_decrypt: ldrb $t2,[$rounds,#1] ldrb $t3,[$rounds,#0] orr $s0,$s0,$t1,lsl#8 - orr $s0,$s0,$t2,lsl#16 - orr $s0,$s0,$t3,lsl#24 ldrb $s1,[$rounds,#7] + orr $s0,$s0,$t2,lsl#16 ldrb $t1,[$rounds,#6] + orr $s0,$s0,$t3,lsl#24 ldrb $t2,[$rounds,#5] ldrb $t3,[$rounds,#4] orr $s1,$s1,$t1,lsl#8 - orr $s1,$s1,$t2,lsl#16 - orr $s1,$s1,$t3,lsl#24 ldrb $s2,[$rounds,#11] + orr $s1,$s1,$t2,lsl#16 ldrb $t1,[$rounds,#10] + orr $s1,$s1,$t3,lsl#24 ldrb $t2,[$rounds,#9] ldrb $t3,[$rounds,#8] orr $s2,$s2,$t1,lsl#8 - orr $s2,$s2,$t2,lsl#16 - orr $s2,$s2,$t3,lsl#24 ldrb $s3,[$rounds,#15] + orr $s2,$s2,$t2,lsl#16 ldrb $t1,[$rounds,#14] + orr $s2,$s2,$t3,lsl#24 ldrb $t2,[$rounds,#13] ldrb $t3,[$rounds,#12] orr $s3,$s3,$t1,lsl#8 @@ -848,24 +849,24 @@ AES_decrypt: mov $t3,$s0,lsr#8 strb $t1,[$rounds,#0] strb $t2,[$rounds,#1] - strb $t3,[$rounds,#2] - strb $s0,[$rounds,#3] mov $t1,$s1,lsr#24 + strb $t3,[$rounds,#2] mov $t2,$s1,lsr#16 + strb $s0,[$rounds,#3] mov $t3,$s1,lsr#8 strb $t1,[$rounds,#4] strb $t2,[$rounds,#5] - strb $t3,[$rounds,#6] - strb $s1,[$rounds,#7] mov $t1,$s2,lsr#24 + strb $t3,[$rounds,#6] mov $t2,$s2,lsr#16 + strb $s1,[$rounds,#7] mov $t3,$s2,lsr#8 strb $t1,[$rounds,#8] strb $t2,[$rounds,#9] - strb $t3,[$rounds,#10] - strb $s2,[$rounds,#11] mov $t1,$s3,lsr#24 + strb $t3,[$rounds,#10] mov $t2,$s3,lsr#16 + strb $s2,[$rounds,#11] mov $t3,$s3,lsr#8 strb $t1,[$rounds,#12] strb $t2,[$rounds,#13] @@ -882,146 +883,143 @@ AES_decrypt: .align 2 _armv4_AES_decrypt: str lr,[sp,#-4]! @ push lr - ldr $t1,[$key],#16 - ldr $t2,[$key,#-12] - ldr $t3,[$key,#-8] - ldr $i1,[$key,#-4] - ldr $rounds,[$key,#240-16] + ldmia $key!,{$t1-$i1} eor $s0,$s0,$t1 + ldr $rounds,[$key,#240-16] eor $s1,$s1,$t2 eor $s2,$s2,$t3 eor $s3,$s3,$i1 sub $rounds,$rounds,#1 mov lr,#255 -.Ldec_loop: and $i1,lr,$s0,lsr#16 and $i2,lr,$s0,lsr#8 and $i3,lr,$s0 mov $s0,$s0,lsr#24 +.Ldec_loop: ldr $t1,[$tbl,$i1,lsl#2] @ Td1[s0>>16] - ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24] - ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8] - ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0] - and $i1,lr,$s1 @ i0 + ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8] and $i2,lr,$s1,lsr#16 + ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0] and $i3,lr,$s1,lsr#8 + ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24] mov $s1,$s1,lsr#24 + ldr $i1,[$tbl,$i1,lsl#2] @ Td3[s1>>0] - ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24] ldr $i2,[$tbl,$i2,lsl#2] @ Td1[s1>>16] ldr $i3,[$tbl,$i3,lsl#2] @ Td2[s1>>8] eor $s0,$s0,$i1,ror#24 - eor $s1,$s1,$t1,ror#8 - eor $t2,$i2,$t2,ror#8 - eor $t3,$i3,$t3,ror#8 - + ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24] and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$i2,$t2,ror#8 and $i2,lr,$s2 @ i1 + eor $t3,$i3,$t3,ror#8 and $i3,lr,$s2,lsr#16 - mov $s2,$s2,lsr#24 + eor $s1,$s1,$t1,ror#8 ldr $i1,[$tbl,$i1,lsl#2] @ Td2[s2>>8] + mov $s2,$s2,lsr#24 + ldr $i2,[$tbl,$i2,lsl#2] @ Td3[s2>>0] - ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24] ldr $i3,[$tbl,$i3,lsl#2] @ Td1[s2>>16] eor $s0,$s0,$i1,ror#16 - eor $s1,$s1,$i2,ror#24 - eor $s2,$s2,$t2,ror#8 - eor $t3,$i3,$t3,ror#8 - + ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24] and $i1,lr,$s3,lsr#16 @ i0 + eor $s1,$s1,$i2,ror#24 and $i2,lr,$s3,lsr#8 @ i1 + eor $t3,$i3,$t3,ror#8 and $i3,lr,$s3 @ i2 - mov $s3,$s3,lsr#24 + eor $s2,$s2,$t2,ror#8 ldr $i1,[$tbl,$i1,lsl#2] @ Td1[s3>>16] + mov $s3,$s3,lsr#24 + ldr $i2,[$tbl,$i2,lsl#2] @ Td2[s3>>8] ldr $i3,[$tbl,$i3,lsl#2] @ Td3[s3>>0] - ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24] eor $s0,$s0,$i1,ror#8 + ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24] eor $s1,$s1,$i2,ror#16 eor $s2,$s2,$i3,ror#24 + ldr $i1,[$key],#16 eor $s3,$s3,$t3,ror#8 - ldr $t1,[$key],#16 - ldr $t2,[$key,#-12] - ldr $t3,[$key,#-8] - ldr $i1,[$key,#-4] - eor $s0,$s0,$t1 - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 + ldr $t1,[$key,#-12] + ldr $t2,[$key,#-8] + eor $s0,$s0,$i1 + ldr $t3,[$key,#-4] + and $i1,lr,$s0,lsr#16 + eor $s1,$s1,$t1 + and $i2,lr,$s0,lsr#8 + eor $s2,$s2,$t2 + and $i3,lr,$s0 + eor $s3,$s3,$t3 + mov $s0,$s0,lsr#24 subs $rounds,$rounds,#1 bne .Ldec_loop add $tbl,$tbl,#1024 - ldr $t1,[$tbl,#0] @ prefetch Td4 - ldr $t2,[$tbl,#32] - ldr $t3,[$tbl,#64] - ldr $i1,[$tbl,#96] - ldr $i2,[$tbl,#128] - ldr $i3,[$tbl,#160] - ldr $t1,[$tbl,#192] - ldr $t2,[$tbl,#224] + ldr $t2,[$tbl,#0] @ prefetch Td4 + ldr $t3,[$tbl,#32] + ldr $t1,[$tbl,#64] + ldr $t2,[$tbl,#96] + ldr $t3,[$tbl,#128] + ldr $t1,[$tbl,#160] + ldr $t2,[$tbl,#192] + ldr $t3,[$tbl,#224] - and $i1,lr,$s0,lsr#16 - and $i2,lr,$s0,lsr#8 - and $i3,lr,$s0 - ldrb $s0,[$tbl,$s0,lsr#24] @ Td4[s0>>24] + ldrb $s0,[$tbl,$s0] @ Td4[s0>>24] ldrb $t1,[$tbl,$i1] @ Td4[s0>>16] - ldrb $t2,[$tbl,$i2] @ Td4[s0>>8] - ldrb $t3,[$tbl,$i3] @ Td4[s0>>0] - and $i1,lr,$s1 @ i0 + ldrb $t2,[$tbl,$i2] @ Td4[s0>>8] and $i2,lr,$s1,lsr#16 + ldrb $t3,[$tbl,$i3] @ Td4[s0>>0] and $i3,lr,$s1,lsr#8 + ldrb $i1,[$tbl,$i1] @ Td4[s1>>0] ldrb $s1,[$tbl,$s1,lsr#24] @ Td4[s1>>24] ldrb $i2,[$tbl,$i2] @ Td4[s1>>16] - ldrb $i3,[$tbl,$i3] @ Td4[s1>>8] eor $s0,$i1,$s0,lsl#24 + ldrb $i3,[$tbl,$i3] @ Td4[s1>>8] eor $s1,$t1,$s1,lsl#8 - eor $t2,$t2,$i2,lsl#8 - eor $t3,$t3,$i3,lsl#8 - and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$t2,$i2,lsl#8 and $i2,lr,$s2 @ i1 - and $i3,lr,$s2,lsr#16 + eor $t3,$t3,$i3,lsl#8 ldrb $i1,[$tbl,$i1] @ Td4[s2>>8] + and $i3,lr,$s2,lsr#16 + ldrb $i2,[$tbl,$i2] @ Td4[s2>>0] ldrb $s2,[$tbl,$s2,lsr#24] @ Td4[s2>>24] - ldrb $i3,[$tbl,$i3] @ Td4[s2>>16] eor $s0,$s0,$i1,lsl#8 + ldrb $i3,[$tbl,$i3] @ Td4[s2>>16] eor $s1,$i2,$s1,lsl#16 - eor $s2,$t2,$s2,lsl#16 - eor $t3,$t3,$i3,lsl#16 - and $i1,lr,$s3,lsr#16 @ i0 + eor $s2,$t2,$s2,lsl#16 and $i2,lr,$s3,lsr#8 @ i1 - and $i3,lr,$s3 @ i2 + eor $t3,$t3,$i3,lsl#16 ldrb $i1,[$tbl,$i1] @ Td4[s3>>16] + and $i3,lr,$s3 @ i2 + ldrb $i2,[$tbl,$i2] @ Td4[s3>>8] ldrb $i3,[$tbl,$i3] @ Td4[s3>>0] ldrb $s3,[$tbl,$s3,lsr#24] @ Td4[s3>>24] eor $s0,$s0,$i1,lsl#16 + ldr $i1,[$key,#0] eor $s1,$s1,$i2,lsl#8 + ldr $t1,[$key,#4] eor $s2,$i3,$s2,lsl#8 + ldr $t2,[$key,#8] eor $s3,$t3,$s3,lsl#24 + ldr $t3,[$key,#12] - ldr lr,[sp],#4 @ pop lr - ldr $t1,[$key,#0] - ldr $t2,[$key,#4] - ldr $t3,[$key,#8] - ldr $i1,[$key,#12] - eor $s0,$s0,$t1 - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 + eor $s0,$s0,$i1 + eor $s1,$s1,$t1 + eor $s2,$s2,$t2 + eor $s3,$s3,$t3 sub $tbl,$tbl,#1024 - mov pc,lr @ return + ldr pc,[sp],#4 @ pop and return .size _armv4_AES_decrypt,.-_armv4_AES_decrypt .asciz "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" .align 2 @@ -1029,3 +1027,4 @@ ___ $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 print $code; +close STDOUT; # enforce flush diff --git a/openssl/crypto/alphacpuid.pl b/openssl/crypto/alphacpuid.pl new file mode 100644 index 000000000..c9474ff49 --- /dev/null +++ b/openssl/crypto/alphacpuid.pl @@ -0,0 +1,128 @@ +#!/usr/bin/env perl +print <<'___'; +.text + +.set noat + +.globl OPENSSL_cpuid_setup +.ent OPENSSL_cpuid_setup +OPENSSL_cpuid_setup: + .frame $30,0,$26 + .prologue 0 + ret ($26) +.end OPENSSL_cpuid_setup + +.globl OPENSSL_wipe_cpu +.ent OPENSSL_wipe_cpu +OPENSSL_wipe_cpu: + .frame $30,0,$26 + .prologue 0 + clr $1 + clr $2 + clr $3 + clr $4 + clr $5 + clr $6 + clr $7 + clr $8 + clr $16 + clr $17 + clr $18 + clr $19 + clr $20 + clr $21 + clr $22 + clr $23 + clr $24 + clr $25 + clr $27 + clr $at + clr $29 + fclr $f0 + fclr $f1 + fclr $f10 + fclr $f11 + fclr $f12 + fclr $f13 + fclr $f14 + fclr $f15 + fclr $f16 + fclr $f17 + fclr $f18 + fclr $f19 + fclr $f20 + fclr $f21 + fclr $f22 + fclr $f23 + fclr $f24 + fclr $f25 + fclr $f26 + fclr $f27 + fclr $f28 + fclr $f29 + fclr $f30 + mov $sp,$0 + ret ($26) +.end OPENSSL_wipe_cpu + +.globl OPENSSL_atomic_add +.ent OPENSSL_atomic_add +OPENSSL_atomic_add: + .frame $30,0,$26 + .prologue 0 +1: ldl_l $0,0($16) + addl $0,$17,$1 + stl_c $1,0($16) + beq $1,1b + addl $0,$17,$0 + ret ($26) +.end OPENSSL_atomic_add + +.globl OPENSSL_rdtsc +.ent OPENSSL_rdtsc +OPENSSL_rdtsc: + .frame $30,0,$26 + .prologue 0 + rpcc $0 + ret ($26) +.end OPENSSL_rdtsc + +.globl OPENSSL_cleanse +.ent OPENSSL_cleanse +OPENSSL_cleanse: + .frame $30,0,$26 + .prologue 0 + beq $17,.Ldone + and $16,7,$0 + bic $17,7,$at + beq $at,.Little + beq $0,.Laligned + +.Little: + ldq_u $1,0($16) + mov $16,$2 +.Lalign: + mskbl $1,$16,$1 + lda $16,1($16) + subq $17,1,$17 + subq $0,1,$0 + beq $17,.Lout + bne $0,.Lalign +.Lout: stq_u $1,0($2) + beq $17,.Ldone + bic $17,7,$at + mov $17,$0 + beq $at,.Little + +.Laligned: + stq $31,0($16) + subq $17,8,$17 + lda $16,8($16) + bic $17,7,$at + bne $at,.Laligned + beq $17,.Ldone + mov $17,$0 + br .Little +.Ldone: ret ($26) +.end OPENSSL_cleanse +___ diff --git a/openssl/crypto/asn1/a_int.c b/openssl/crypto/asn1/a_int.c index c6fd204ae..3348b8762 100644 --- a/openssl/crypto/asn1/a_int.c +++ b/openssl/crypto/asn1/a_int.c @@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, { ASN1_INTEGER *ret=NULL; const unsigned char *p; - unsigned char *to,*s; + unsigned char *s; long len; int inf,tag,xclass; int i; @@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, i=ERR_R_MALLOC_FAILURE; goto err; } - to=s; ret->type=V_ASN1_INTEGER; if(len) { if ((*p == 0) && (len != 1)) diff --git a/openssl/crypto/asn1/n_pkey.c b/openssl/crypto/asn1/n_pkey.c index 60bc43793..e7d043906 100644 --- a/openssl/crypto/asn1/n_pkey.c +++ b/openssl/crypto/asn1/n_pkey.c @@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int sgckey) { RSA *ret=NULL; - const unsigned char *p, *kp; + const unsigned char *p; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; p = *pp; @@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); goto err; } - kp = enckey->enckey->digest->data; if (cb == NULL) cb=EVP_read_pw_string; if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; diff --git a/openssl/crypto/asn1/t_crl.c b/openssl/crypto/asn1/t_crl.c index bdb244c01..ee5a687ce 100644 --- a/openssl/crypto/asn1/t_crl.c +++ b/openssl/crypto/asn1/t_crl.c @@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; - int i, n; + int i; char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); @@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x) else BIO_printf(out,"NONE"); BIO_printf(out,"\n"); - n=X509_CRL_get_ext_count(x); X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); diff --git a/openssl/crypto/asn1/tasn_dec.c b/openssl/crypto/asn1/tasn_dec.c index 3bee43996..87d7dfdf5 100644 --- a/openssl/crypto/asn1/tasn_dec.c +++ b/openssl/crypto/asn1/tasn_dec.c @@ -168,7 +168,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int i; int otag; int ret = 0; - ASN1_VALUE *pchval, **pchptr, *ptmpval; + ASN1_VALUE **pchptr, *ptmpval; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -319,7 +319,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } /* CHOICE type, try each possibility in turn */ - pchval = NULL; p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) { diff --git a/openssl/crypto/asn1/x_x509.c b/openssl/crypto/asn1/x_x509.c index dafd3cc92..de3df9eb5 100644 --- a/openssl/crypto/asn1/x_x509.c +++ b/openssl/crypto/asn1/x_x509.c @@ -63,7 +63,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -ASN1_SEQUENCE(X509_CINF) = { +ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), @@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = { ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -} ASN1_SEQUENCE_END(X509_CINF) +} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) /* X509 top level structure needs a bit of customisation */ diff --git a/openssl/crypto/bio/bf_nbio.c b/openssl/crypto/bio/bf_nbio.c index c72a23c2e..028616c06 100644 --- a/openssl/crypto/bio/bf_nbio.c +++ b/openssl/crypto/bio/bf_nbio.c @@ -125,7 +125,6 @@ static int nbiof_free(BIO *a) static int nbiof_read(BIO *b, char *out, int outl) { - NBIO_TEST *nt; int ret=0; #if 1 int num; @@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl) if (out == NULL) return(0); if (b->next_bio == NULL) return(0); - nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); #if 1 diff --git a/openssl/crypto/bio/bio_lib.c b/openssl/crypto/bio/bio_lib.c index 77f4de9c3..e12bc3a2c 100644 --- a/openssl/crypto/bio/bio_lib.c +++ b/openssl/crypto/bio/bio_lib.c @@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method) int BIO_free(BIO *a) { - int ret=0,i; + int i; if (a == NULL) return(0); @@ -133,7 +133,7 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - ret=a->method->destroy(a); + a->method->destroy(a); OPENSSL_free(a); return(1); } diff --git a/openssl/crypto/bio/bss_acpt.c b/openssl/crypto/bio/bss_acpt.c index 826f76114..5d49e1a72 100644 --- a/openssl/crypto/bio/bss_acpt.c +++ b/openssl/crypto/bio/bss_acpt.c @@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl) static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) { - BIO *dbio; int *ip; long ret=1; BIO_ACCEPT *data; @@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret=(long)data->bind_mode; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; -/* if (data->param_port) EAY EAY +/* dbio=(BIO *)ptr; + if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) BIO_set_hostname(dbio,data->param_hostname); diff --git a/openssl/crypto/bn/asm/alpha-mont.pl b/openssl/crypto/bn/asm/alpha-mont.pl index f7e0ca164..c63458e94 100644 --- a/openssl/crypto/bn/asm/alpha-mont.pl +++ b/openssl/crypto/bn/asm/alpha-mont.pl @@ -41,8 +41,12 @@ $j="s4"; $m1="s5"; $code=<<___; +#indef __linux__ +#include <asm/regdef.h> +#else #include <asm.h> #include <regdef.h> +#endif .text @@ -76,7 +80,7 @@ bn_mul_mont: ldq $aj,8($ap) subq sp,AT,sp ldq $bi,0($bp) # bp[0] - mov -4096,AT + lda AT,-4096(zero) # mov -4096,AT ldq $n0,0($n0) and sp,AT,sp @@ -106,9 +110,9 @@ bn_mul_mont: .align 4 .L1st: .set noreorder - ldq $aj,($aj) + ldq $aj,0($aj) addl $j,1,$j - ldq $nj,($nj) + ldq $nj,0($nj) lda $tp,8($tp) addq $alo,$hi0,$lo0 @@ -159,12 +163,12 @@ bn_mul_mont: .align 4 .Louter: s8addq $i,$bp,$bi - ldq $hi0,($ap) + ldq $hi0,0($ap) ldq $aj,8($ap) - ldq $bi,($bi) - ldq $hi1,($np) + ldq $bi,0($bi) + ldq $hi1,0($np) ldq $nj,8($np) - ldq $tj,(sp) + ldq $tj,0(sp) mulq $hi0,$bi,$lo0 umulh $hi0,$bi,$hi0 @@ -195,10 +199,10 @@ bn_mul_mont: .set noreorder ldq $tj,8($tp) #L0 nop #U1 - ldq $aj,($aj) #L1 + ldq $aj,0($aj) #L1 s8addq $j,$np,$nj #U0 - ldq $nj,($nj) #L0 + ldq $nj,0($nj) #L0 nop #U1 addq $alo,$hi0,$lo0 #L1 lda $tp,8($tp) @@ -247,7 +251,7 @@ bn_mul_mont: addq $hi1,v0,$hi1 addq $hi1,$hi0,$lo1 - stq $j,($tp) + stq $j,0($tp) cmpult $lo1,$hi0,$hi1 addq $lo1,$tj,$lo1 cmpult $lo1,$tj,AT @@ -265,8 +269,8 @@ bn_mul_mont: mov 0,$hi0 # clear borrow bit .align 4 -.Lsub: ldq $lo0,($tp) - ldq $lo1,($np) +.Lsub: ldq $lo0,0($tp) + ldq $lo1,0($np) lda $tp,8($tp) lda $np,8($np) subq $lo0,$lo1,$lo1 # tp[i]-np[i] @@ -274,7 +278,7 @@ bn_mul_mont: subq $lo1,$hi0,$lo0 cmpult $lo1,$lo0,$hi0 or $hi0,AT,$hi0 - stq $lo0,($rp) + stq $lo0,0($rp) cmpult $tp,$tj,v0 lda $rp,8($rp) bne v0,.Lsub @@ -288,7 +292,7 @@ bn_mul_mont: bis $bp,$ap,$ap # ap=borrow?tp:rp .align 4 -.Lcopy: ldq $aj,($ap) # copy or in-place refresh +.Lcopy: ldq $aj,0($ap) # copy or in-place refresh lda $tp,8($tp) lda $rp,8($rp) lda $ap,8($ap) @@ -309,8 +313,8 @@ bn_mul_mont: lda sp,48(sp) ret (ra) .end bn_mul_mont -.rdata -.asciiz "Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>" +.ascii "Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 ___ print $code; diff --git a/openssl/crypto/bn/asm/s390x.S b/openssl/crypto/bn/asm/s390x.S index 8f45f5d51..43fcb79bc 100644 --- a/openssl/crypto/bn/asm/s390x.S +++ b/openssl/crypto/bn/asm/s390x.S @@ -1,4 +1,4 @@ -.ident "s390x.S, version 1.0" +.ident "s390x.S, version 1.1" // ==================================================================== // Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL // project. @@ -24,67 +24,67 @@ bn_mul_add_words: bler %r14 // if (len<=0) return 0; stmg %r6,%r10,48(%r15) + lghi %r10,3 lghi %r8,0 // carry = 0 - srag %r10,%r4,2 // cnt=len/4 - jz .Loop1_madd + nr %r10,%r4 // len%4 + sra %r4,2 // cnt=len/4 + jz .Loop1_madd // carry is incidentally cleared if branch taken + algr zero,zero // clear carry .Loop4_madd: lg %r7,0(%r2,%r3) // ap[i] mlgr %r6,%r5 // *=w - algr %r7,%r8 // +=carry + alcgr %r7,%r8 // +=carry alcgr %r6,zero alg %r7,0(%r2,%r1) // +=rp[i] - alcgr %r6,zero stg %r7,0(%r2,%r1) // rp[i]= lg %r9,8(%r2,%r3) mlgr %r8,%r5 - algr %r9,%r6 + alcgr %r9,%r6 alcgr %r8,zero alg %r9,8(%r2,%r1) - alcgr %r8,zero stg %r9,8(%r2,%r1) lg %r7,16(%r2,%r3) mlgr %r6,%r5 - algr %r7,%r8 + alcgr %r7,%r8 alcgr %r6,zero alg %r7,16(%r2,%r1) - alcgr %r6,zero stg %r7,16(%r2,%r1) lg %r9,24(%r2,%r3) mlgr %r8,%r5 - algr %r9,%r6 + alcgr %r9,%r6 alcgr %r8,zero alg %r9,24(%r2,%r1) - alcgr %r8,zero stg %r9,24(%r2,%r1) la %r2,32(%r2) // i+=4 - brct %r10,.Loop4_madd + brct %r4,.Loop4_madd - lghi %r10,3 - nr %r4,%r10 // cnt=len%4 - jz .Lend_madd + la %r10,1(%r10) // see if len%4 is zero ... + brct %r10,.Loop1_madd // without touching condition code:-) + +.Lend_madd: + alcgr %r8,zero // collect carry bit + lgr %r2,%r8 + lmg %r6,%r10,48(%r15) + br %r14 .Loop1_madd: lg %r7,0(%r2,%r3) // ap[i] mlgr %r6,%r5 // *=w - algr %r7,%r8 // +=carry + alcgr %r7,%r8 // +=carry alcgr %r6,zero alg %r7,0(%r2,%r1) // +=rp[i] - alcgr %r6,zero stg %r7,0(%r2,%r1) // rp[i]= lgr %r8,%r6 la %r2,8(%r2) // i++ - brct %r4,.Loop1_madd + brct %r10,.Loop1_madd -.Lend_madd: - lgr %r2,%r8 - lmg %r6,%r10,48(%r15) - br %r14 + j .Lend_madd .size bn_mul_add_words,.-bn_mul_add_words // BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5); @@ -99,57 +99,57 @@ bn_mul_words: bler %r14 // if (len<=0) return 0; stmg %r6,%r10,48(%r15) + lghi %r10,3 lghi %r8,0 // carry = 0 - srag %r10,%r4,2 // cnt=len/4 - jz .Loop1_mul + nr %r10,%r4 // len%4 + sra %r4,2 // cnt=len/4 + jz .Loop1_mul // carry is incidentally cleared if branch taken + algr zero,zero // clear carry .Loop4_mul: lg %r7,0(%r2,%r3) // ap[i] mlgr %r6,%r5 // *=w - algr %r7,%r8 // +=carry - alcgr %r6,zero + alcgr %r7,%r8 // +=carry stg %r7,0(%r2,%r1) // rp[i]= lg %r9,8(%r2,%r3) mlgr %r8,%r5 - algr %r9,%r6 - alcgr %r8,zero + alcgr %r9,%r6 stg %r9,8(%r2,%r1) lg %r7,16(%r2,%r3) mlgr %r6,%r5 - algr %r7,%r8 - alcgr %r6,zero + alcgr %r7,%r8 stg %r7,16(%r2,%r1) lg %r9,24(%r2,%r3) mlgr %r8,%r5 - algr %r9,%r6 - alcgr %r8,zero + alcgr %r9,%r6 stg %r9,24(%r2,%r1) la %r2,32(%r2) // i+=4 - brct %r10,.Loop4_mul + brct %r4,.Loop4_mul - lghi %r10,3 - nr %r4,%r10 // cnt=len%4 - jz .Lend_mul + la %r10,1(%r10) // see if len%4 is zero ... + brct %r10,.Loop1_mul // without touching condition code:-) + +.Lend_mul: + alcgr %r8,zero // collect carry bit + lgr %r2,%r8 + lmg %r6,%r10,48(%r15) + br %r14 .Loop1_mul: lg %r7,0(%r2,%r3) // ap[i] mlgr %r6,%r5 // *=w - algr %r7,%r8 // +=carry - alcgr %r6,zero + alcgr %r7,%r8 // +=carry stg %r7,0(%r2,%r1) // rp[i]= lgr %r8,%r6 la %r2,8(%r2) // i++ - brct %r4,.Loop1_mul + brct %r10,.Loop1_mul -.Lend_mul: - lgr %r2,%r8 - lmg %r6,%r10,48(%r15) - br %r14 + j .Lend_mul .size bn_mul_words,.-bn_mul_words // void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4) diff --git a/openssl/crypto/bn/bn_exp2.c b/openssl/crypto/bn/bn_exp2.c index b3f43cec8..bd0c34b91 100644 --- a/openssl/crypto/bn/bn_exp2.c +++ b/openssl/crypto/bn/bn_exp2.c @@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, r_is_one = 0; } } - BN_from_montgomery(rr,r,mont,ctx); + if (!BN_from_montgomery(rr,r,mont,ctx)) + goto err; ret=1; err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); diff --git a/openssl/crypto/bn/bn_mul.c b/openssl/crypto/bn/bn_mul.c index a0e9ec3b4..12e5be80e 100644 --- a/openssl/crypto/bn/bn_mul.c +++ b/openssl/crypto/bn/bn_mul.c @@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; - int c1,c2,neg,zero; + int c1,c2,neg; BN_ULONG ln,lo,*p; # ifdef BN_COUNT @@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, /* r=(a[0]-a[1])*(b[1]-b[0]) */ c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); - zero=neg=0; + neg=0; switch (c1*3+c2) { case -4: @@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: - zero=1; /* break; */ case -2: bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ @@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, case -1: case 0: case 1: - zero=1; /* break; */ case 2: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ @@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, neg=1; break; case 3: - zero=1; /* break; */ case 4: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); @@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { if (i >= -1 && i <= 1) { - int sav_j =0; /* Find out the power of two lower or equal to the longest of the two numbers */ if (i >= 0) @@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { j = BN_num_bits_word((BN_ULONG)bl); } - sav_j = j; j = 1<<(j-1); assert(j <= al || j <= bl); k = j+j; diff --git a/openssl/crypto/conf/conf_api.c b/openssl/crypto/conf/conf_api.c index 22617e5fa..0c1ee2b73 100644 --- a/openssl/crypto/conf/conf_api.c +++ b/openssl/crypto/conf/conf_api.c @@ -285,7 +285,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) v->value=(char *)sk; vv=lh_CONF_VALUE_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) diff --git a/openssl/crypto/conf/conf_def.c b/openssl/crypto/conf/conf_def.c index 0b571b039..cf951320a 100644 --- a/openssl/crypto/conf/conf_def.c +++ b/openssl/crypto/conf/conf_def.c @@ -213,13 +213,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; - int again,n; + int again; long eline=0; char btmp[DECIMAL_SIZE(eline)+1]; CONF_VALUE *v=NULL,*tv; CONF_VALUE *sv=NULL; char *section=NULL,*buf; - STACK_OF(CONF_VALUE) *section_sk=NULL,*ts; char *start,*psection,*pname; void *h = (void *)(conf->data); @@ -250,7 +249,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; bufnum=0; again=0; @@ -309,7 +307,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) buf=buff->data; clear_comments(conf, buf); - n=strlen(buf); s=eat_ws(conf, buf); if (IS_EOF(conf,*s)) continue; /* blank line */ if (*s == '[') @@ -343,7 +340,6 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; continue; } else @@ -406,13 +402,9 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - ts=(STACK_OF(CONF_VALUE) *)tv->value; } else - { tv=sv; - ts=section_sk; - } #if 1 if (_CONF_add_string(conf, tv, v) == 0) { @@ -465,9 +457,6 @@ err: static void clear_comments(CONF *conf, char *p) { - char *to; - - to=p; for (;;) { if (IS_FCOMMENT(conf,*p)) diff --git a/openssl/crypto/cryptlib.c b/openssl/crypto/cryptlib.c index b4449b86d..14bae0d08 100644 --- a/openssl/crypto/cryptlib.c +++ b/openssl/crypto/cryptlib.c @@ -743,6 +743,16 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, #if defined(_WIN32) && !defined(__CYGWIN__) #include <tchar.h> #include <signal.h> +#ifdef __WATCOMC__ +#if defined(_UNICODE) || defined(__UNICODE__) +#define _vsntprintf _vsnwprintf +#else +#define _vsntprintf _vsnprintf +#endif +#endif +#ifdef _MSC_VER +#define alloca _alloca +#endif #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 int OPENSSL_isservice(void) @@ -773,11 +783,7 @@ int OPENSSL_isservice(void) if (len>512) return -1; /* paranoia */ len++,len&=~1; /* paranoia */ -#ifdef _MSC_VER - name=(WCHAR *)_alloca(len+sizeof(WCHAR)); -#else name=(WCHAR *)alloca(len+sizeof(WCHAR)); -#endif if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len)) return -1; @@ -822,11 +828,7 @@ void OPENSSL_showfatal (const char *fmta,...) size_t len_0=strlen(fmta)+1,i; WCHAR *fmtw; -#ifdef _MSC_VER - fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); -#else - fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); -#endif + fmtw = (WCHAR *)alloca(len_0*sizeof(WCHAR)); if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } #ifndef OPENSSL_NO_MULTIBYTE diff --git a/openssl/crypto/crypto-lib.com b/openssl/crypto/crypto-lib.com index a4b663509..96d9d5354 100644 --- a/openssl/crypto/crypto-lib.com +++ b/openssl/crypto/crypto-lib.com @@ -193,7 +193,7 @@ $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ - "cmll_cfb,cmll_ctr" $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb" -$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128" +$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128,cts128" $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN - LIB_BN_ASM = "bn_asm" @@ -1036,7 +1036,7 @@ $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. @@ -1070,7 +1070,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! @@ -1102,7 +1102,7 @@ $! $! Use GNU C... $! $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. diff --git a/openssl/crypto/dsa/dsa_gen.c b/openssl/crypto/dsa/dsa_gen.c index 0fcd25f8b..cb0b4538a 100644 --- a/openssl/crypto/dsa/dsa_gen.c +++ b/openssl/crypto/dsa/dsa_gen.c @@ -120,7 +120,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, BIGNUM *r0,*W,*X,*c,*test; BIGNUM *g=NULL,*q=NULL,*p=NULL; BN_MONT_CTX *mont=NULL; - int i, k,n=0,b,m=0, qsize = qbits >> 3; + int i, k, n=0, m=0, qsize = qbits >> 3; int counter=0; int r=0; BN_CTX *ctx=NULL; @@ -232,7 +232,6 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* "offset = 2" */ n=(bits-1)/160; - b=(bits-1)-n*160; for (;;) { diff --git a/openssl/crypto/dsa/dsa_ossl.c b/openssl/crypto/dsa/dsa_ossl.c index 4fead07e8..1fb665ec5 100644 --- a/openssl/crypto/dsa/dsa_ossl.c +++ b/openssl/crypto/dsa/dsa_ossl.c @@ -185,7 +185,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ if (BN_cmp(s,dsa->q) > 0) - BN_sub(s,s,dsa->q); + if (!BN_sub(s,s,dsa->q)) goto err; if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; ret=DSA_SIG_new(); diff --git a/openssl/crypto/ec/ec2_mult.c b/openssl/crypto/ec/ec2_mult.c index ab631a50a..e12b9b284 100644 --- a/openssl/crypto/ec/ec2_mult.c +++ b/openssl/crypto/ec/ec2_mult.c @@ -319,6 +319,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, int ret = 0; size_t i; EC_POINT *p=NULL; + EC_POINT *acc = NULL; if (ctx == NULL) { @@ -338,15 +339,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } if ((p = EC_POINT_new(group)) == NULL) goto err; + if ((acc = EC_POINT_new(group)) == NULL) goto err; - if (!EC_POINT_set_to_infinity(group, r)) goto err; + if (!EC_POINT_set_to_infinity(group, acc)) goto err; if (scalar) { if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err; - if (BN_is_negative(scalar)) + if (BN_is_negative(scalar)) if (!group->meth->invert(group, p, ctx)) goto err; - if (!group->meth->add(group, r, r, p, ctx)) goto err; + if (!group->meth->add(group, acc, acc, p, ctx)) goto err; } for (i = 0; i < num; i++) @@ -354,13 +356,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err; if (BN_is_negative(scalars[i])) if (!group->meth->invert(group, p, ctx)) goto err; - if (!group->meth->add(group, r, r, p, ctx)) goto err; + if (!group->meth->add(group, acc, acc, p, ctx)) goto err; } + if (!EC_POINT_copy(r, acc)) goto err; + ret = 1; err: if (p) EC_POINT_free(p); + if (acc) EC_POINT_free(acc); if (new_ctx != NULL) BN_CTX_free(new_ctx); return ret; diff --git a/openssl/crypto/ec/ec_mult.c b/openssl/crypto/ec/ec_mult.c index f05df5332..19f21675f 100644 --- a/openssl/crypto/ec/ec_mult.c +++ b/openssl/crypto/ec/ec_mult.c @@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_) EC_POINT **p; for (p = pre->points; *p != NULL; p++) + { EC_POINT_clear_free(*p); - OPENSSL_cleanse(pre->points, sizeof pre->points); + OPENSSL_cleanse(p, sizeof *p); + } OPENSSL_free(pre->points); } - OPENSSL_cleanse(pre, sizeof pre); + OPENSSL_cleanse(pre, sizeof *pre); OPENSSL_free(pre); } diff --git a/openssl/crypto/ecdh/ech_lib.c b/openssl/crypto/ecdh/ech_lib.c index e89b1d477..4d8ea03d3 100644 --- a/openssl/crypto/ecdh/ech_lib.c +++ b/openssl/crypto/ecdh/ech_lib.c @@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void) int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) { - const ECDH_METHOD *mtmp; ECDH_DATA *ecdh; ecdh = ecdh_check(eckey); @@ -104,8 +103,8 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) if (ecdh == NULL) return 0; - mtmp = ecdh->meth; #if 0 + mtmp = ecdh->meth; if (mtmp->finish) mtmp->finish(eckey); #endif diff --git a/openssl/crypto/ecdsa/ecs_lib.c b/openssl/crypto/ecdsa/ecs_lib.c index 85e8a3a7e..2ebae3aa2 100644 --- a/openssl/crypto/ecdsa/ecs_lib.c +++ b/openssl/crypto/ecdsa/ecs_lib.c @@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void) int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) { - const ECDSA_METHOD *mtmp; ECDSA_DATA *ecdsa; ecdsa = ecdsa_check(eckey); @@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) if (ecdsa == NULL) return 0; - mtmp = ecdsa->meth; #ifndef OPENSSL_NO_ENGINE if (ecdsa->engine) { diff --git a/openssl/crypto/evp/encode.c b/openssl/crypto/evp/encode.c index b42c74724..28546a84b 100644 --- a/openssl/crypto/evp/encode.c +++ b/openssl/crypto/evp/encode.c @@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; + int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; unsigned char *d; n=ctx->num; @@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, * lines. We process the line and then need to * accept the '\n' */ if ((v != B64_EOF) && (n >= 64)) exp_nl=1; - tmp2=v; if (n > 0) { v=EVP_DecodeBlock(out,d,n); diff --git a/openssl/crypto/evp/evp_enc.c b/openssl/crypto/evp/evp_enc.c index bead6a217..c268d25cb 100644 --- a/openssl/crypto/evp/evp_enc.c +++ b/openssl/crypto/evp/evp_enc.c @@ -204,6 +204,7 @@ skip_to_init: case EVP_CIPH_OFB_MODE: ctx->num = 0; + /* fall-through */ case EVP_CIPH_CBC_MODE: diff --git a/openssl/crypto/evp/m_sigver.c b/openssl/crypto/evp/m_sigver.c index f0b7f9505..7e2731f4a 100644 --- a/openssl/crypto/evp/m_sigver.c +++ b/openssl/crypto/evp/m_sigver.c @@ -137,7 +137,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) sctx = 0; if (sigret) { - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; EVP_MD_CTX_init(&tmp_ctx); @@ -173,7 +173,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen) { - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; unsigned char md[EVP_MAX_MD_SIZE]; int r; unsigned int mdlen; diff --git a/openssl/crypto/evp/p_lib.c b/openssl/crypto/evp/p_lib.c index 1916c6169..e26ccd0d0 100644 --- a/openssl/crypto/evp/p_lib.c +++ b/openssl/crypto/evp/p_lib.c @@ -411,7 +411,10 @@ void EVP_PKEY_free(EVP_PKEY *x) static void EVP_PKEY_free_it(EVP_PKEY *x) { if (x->ameth && x->ameth->pkey_free) + { x->ameth->pkey_free(x); + x->pkey.ptr = NULL; + } #ifndef OPENSSL_NO_ENGINE if (x->engine) { diff --git a/openssl/crypto/evp/p_sign.c b/openssl/crypto/evp/p_sign.c index 8df6d48a7..bb893f5bd 100644 --- a/openssl/crypto/evp/p_sign.c +++ b/openssl/crypto/evp/p_sign.c @@ -81,7 +81,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; *siglen=0; EVP_MD_CTX_init(&tmp_ctx); diff --git a/openssl/crypto/evp/p_verify.c b/openssl/crypto/evp/p_verify.c index 8db46412f..41d4b6713 100644 --- a/openssl/crypto/evp/p_verify.c +++ b/openssl/crypto/evp/p_verify.c @@ -68,7 +68,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; EVP_MD_CTX_init(&tmp_ctx); EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); diff --git a/openssl/crypto/evp/pmeth_lib.c b/openssl/crypto/evp/pmeth_lib.c index b2d8de3a8..5481d4b8a 100644 --- a/openssl/crypto/evp/pmeth_lib.c +++ b/openssl/crypto/evp/pmeth_lib.c @@ -134,6 +134,8 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) id = pkey->ameth->pkey_id; } #ifndef OPENSSL_NO_ENGINE + if (pkey && pkey->engine) + e = pkey->engine; /* Try to find an ENGINE which implements this method */ if (e) { diff --git a/openssl/crypto/hmac/hmac.c b/openssl/crypto/hmac/hmac.c index 45015fe75..6c98fc43a 100644 --- a/openssl/crypto/hmac/hmac.c +++ b/openssl/crypto/hmac/hmac.c @@ -138,12 +138,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { - int j; unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; - j=EVP_MD_block_size(ctx->md); - if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) goto err; if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) diff --git a/openssl/crypto/install.com b/openssl/crypto/install.com index ad3e4d48c..b3290165c 100644 --- a/openssl/crypto/install.com +++ b/openssl/crypto/install.com @@ -120,12 +120,7 @@ $ IF D .EQS. "" $ THEN $ COPY 'tmp' WRK_SSLINCLUDE: /LOG $ ELSE -$ IF D .EQS. "_''ARCH'" -$ THEN -$ COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG -$ ELSE -$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG -$ ENDIF +$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG $ ENDIF $ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp' $ GOTO LOOP_SDIRS diff --git a/openssl/crypto/jpake/jpake.c b/openssl/crypto/jpake/jpake.c index 086d9f47e..8e4b633cc 100644 --- a/openssl/crypto/jpake/jpake.c +++ b/openssl/crypto/jpake/jpake.c @@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) return 1; } +/* g^x is a legal value */ +static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) + { + BIGNUM *t; + int res; + + if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) + return 0; + + t = BN_new(); + BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); + res = BN_is_one(t); + BN_free(t); + + return res; + } + int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) { + if(!is_legal(received->p1.gx, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); + return 0; + } + + if(!is_legal(received->p2.gx, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); + return 0; + } + /* verify their ZKP(xc) */ if(!verify_zkp(&received->p1, ctx->p.g, ctx)) { diff --git a/openssl/crypto/jpake/jpake.h b/openssl/crypto/jpake/jpake.h index 693ea188c..fd143b4d9 100644 --- a/openssl/crypto/jpake/jpake.h +++ b/openssl/crypto/jpake/jpake.h @@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void); #define JPAKE_F_VERIFY_ZKP 100 /* Reason codes. */ +#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 +#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 #define JPAKE_R_G_TO_THE_X4_IS_ONE 105 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 #define JPAKE_R_HASH_OF_KEY_MISMATCH 107 diff --git a/openssl/crypto/jpake/jpake_err.c b/openssl/crypto/jpake/jpake_err.c index 1b9506796..a9a9dee75 100644 --- a/openssl/crypto/jpake/jpake_err.c +++ b/openssl/crypto/jpake/jpake_err.c @@ -1,6 +1,6 @@ /* crypto/jpake/jpake_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]= static ERR_STRING_DATA JPAKE_str_reasons[]= { +{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"}, +{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"}, {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"}, {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"}, {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"}, diff --git a/openssl/crypto/md32_common.h b/openssl/crypto/md32_common.h index 1cb783944..bb7381952 100644 --- a/openssl/crypto/md32_common.h +++ b/openssl/crypto/md32_common.h @@ -165,7 +165,7 @@ asm ( \ "roll %1,%0" \ : "=r"(ret) \ - : "I"(n), "0"(a) \ + : "I"(n), "0"((unsigned int)(a)) \ : "cc"); \ ret; \ }) @@ -383,6 +383,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) } #ifndef MD32_REG_T +#if defined(__alpha) || defined(__sparcv9) || defined(__mips) #define MD32_REG_T long /* * This comment was originaly written for MD5, which is why it @@ -400,9 +401,15 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) * Well, to be honest it should say that this *prevents* * performance degradation. * <appro@fy.chalmers.se> - * Apparently there're LP64 compilers that generate better - * code if A-D are declared int. Most notably GCC-x86_64 - * generates better code. + */ +#else +/* + * Above is not absolute and there are LP64 compilers that + * generate better code if MD32_REG_T is defined int. The above + * pre-processor condition reflects the circumstances under which + * the conclusion was made and is subject to further extension. * <appro@fy.chalmers.se> */ +#define MD32_REG_T int +#endif #endif diff --git a/openssl/crypto/ocsp/ocsp_ht.c b/openssl/crypto/ocsp/ocsp_ht.c index 12bbfcffd..af5fc1669 100644 --- a/openssl/crypto/ocsp/ocsp_ht.c +++ b/openssl/crypto/ocsp/ocsp_ht.c @@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) case OHS_ASN1_HEADER: - /* Now reading ASN1 header: can read at least 6 bytes which - * is more than enough for any valid ASN1 SEQUENCE header + /* Now reading ASN1 header: can read at least 2 bytes which + * is enough for ASN1 SEQUENCE header and either length field + * or at least the length of the length field. */ n = BIO_get_mem_data(rctx->mem, &p); - if (n < 6) + if (n < 2) goto next_io; /* Check it is an ASN1 SEQUENCE */ @@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) /* Check out length field */ if (*p & 0x80) { + /* If MSB set on initial length octet we can now + * always read 6 octets: make sure we have them. + */ + if (n < 6) + goto next_io; n = *p & 0x7F; /* Not NDEF or excessive length */ if (!n || (n > 4)) diff --git a/openssl/crypto/ocsp/ocsp_prn.c b/openssl/crypto/ocsp/ocsp_prn.c index 1695c9c4a..87608ff39 100644 --- a/openssl/crypto/ocsp/ocsp_prn.c +++ b/openssl/crypto/ocsp/ocsp_prn.c @@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { int i, ret = 0; long l; - unsigned char *p; OCSP_CERTID *cid = NULL; OCSP_BASICRESP *br = NULL; OCSP_RESPID *rid = NULL; @@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) return 1; } - p = ASN1_STRING_data(rb->response); i = ASN1_STRING_length(rb->response); if (!(br = OCSP_response_get1_basic(o))) goto err; rd = br->tbsResponseData; diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h index 2fb110fa0..79c679cbf 100644 --- a/openssl/crypto/opensslv.h +++ b/openssl/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000001fL +#define OPENSSL_VERSION_NUMBER 0x1000003f #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0c-fips 2 Dec 2010" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a 1 Jun 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0c 2 Dec 2010" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl/crypto/pem/pem_lib.c b/openssl/crypto/pem/pem_lib.c index 42e4861bc..cfc89a992 100644 --- a/openssl/crypto/pem/pem_lib.c +++ b/openssl/crypto/pem/pem_lib.c @@ -482,7 +482,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) { - int o; const EVP_CIPHER *enc=NULL; char *p,c; char **header_pp = &header; @@ -522,7 +521,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) header++; } *header='\0'; - o=OBJ_sn2nid(p); cipher->cipher=enc=EVP_get_cipherbyname(p); *header=c; header++; diff --git a/openssl/crypto/pem/pvkfmt.c b/openssl/crypto/pem/pvkfmt.c index d998a67fa..5f130c452 100644 --- a/openssl/crypto/pem/pvkfmt.c +++ b/openssl/crypto/pem/pvkfmt.c @@ -662,7 +662,7 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, { const unsigned char *p = *in; - unsigned int pvk_magic, keytype, is_encrypted; + unsigned int pvk_magic, is_encrypted; if (skip_magic) { if (length < 20) @@ -689,7 +689,7 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, } /* Skip reserved */ p += 4; - keytype = read_ledword(&p); + /*keytype = */read_ledword(&p); is_encrypted = read_ledword(&p); *psaltlen = read_ledword(&p); *pkeylen = read_ledword(&p); @@ -839,7 +839,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb, void *u) { - int outlen = 24, noinc, pklen; + int outlen = 24, pklen; unsigned char *p, *salt = NULL; if (enclevel) outlen += PVK_SALTLEN; @@ -850,10 +850,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, if (!out) return outlen; if (*out) - { p = *out; - noinc = 0; - } else { p = OPENSSL_malloc(outlen); @@ -863,7 +860,6 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, return -1; } *out = p; - noinc = 1; } write_ledword(&p, MS_PVKMAGIC); diff --git a/openssl/crypto/perlasm/x86_64-xlate.pl b/openssl/crypto/perlasm/x86_64-xlate.pl index 354673acc..e47116b74 100644 --- a/openssl/crypto/perlasm/x86_64-xlate.pl +++ b/openssl/crypto/perlasm/x86_64-xlate.pl @@ -167,7 +167,7 @@ my %globals; } elsif ($self->{op} =~ /^(pop|push)f/) { $self->{op} .= $self->{sz}; } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") { - $self->{op} = "ALIGN\t8\n\tDQ"; + $self->{op} = "\tDQ"; } $self->{op}; } @@ -545,6 +545,8 @@ my %globals; if ($line=~/\.([px])data/) { $v.=" rdata align="; $v.=$1 eq "p"? 4 : 8; + } elsif ($line=~/\.CRT\$/i) { + $v.=" rdata align=8"; } } else { $v="$current_segment\tENDS\n" if ($current_segment); @@ -552,6 +554,8 @@ my %globals; if ($line=~/\.([px])data/) { $v.=" READONLY"; $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref); + } elsif ($line=~/\.CRT\$/i) { + $v.=" READONLY DWORD"; } } $current_segment = $line; diff --git a/openssl/crypto/pkcs12/p12_key.c b/openssl/crypto/pkcs12/p12_key.c index a29794bbb..424203f64 100644 --- a/openssl/crypto/pkcs12/p12_key.c +++ b/openssl/crypto/pkcs12/p12_key.c @@ -107,6 +107,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, unsigned char *B, *D, *I, *p, *Ai; int Slen, Plen, Ilen, Ijlen; int i, j, u, v; + int ret = 0; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ EVP_MD_CTX ctx; #ifdef DEBUG_KEYGEN @@ -144,10 +145,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, I = OPENSSL_malloc (Ilen); Ij = BN_new(); Bpl1 = BN_new(); - if (!D || !Ai || !B || !I || !Ij || !Bpl1) { - PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); - return 0; - } + if (!D || !Ai || !B || !I || !Ij || !Bpl1) + goto err; for (i = 0; i < v; i++) D[i] = id; p = I; for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; @@ -164,28 +163,22 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, } memcpy (out, Ai, min (n, u)); if (u >= n) { - OPENSSL_free (Ai); - OPENSSL_free (B); - OPENSSL_free (D); - OPENSSL_free (I); - BN_free (Ij); - BN_free (Bpl1); - EVP_MD_CTX_cleanup(&ctx); #ifdef DEBUG_KEYGEN fprintf(stderr, "Output KEY (length %d)\n", tmpn); h__dump(tmpout, tmpn); #endif - return 1; + ret = 1; + goto end; } n -= u; out += u; for (j = 0; j < v; j++) B[j] = Ai[j % u]; /* Work out B + 1 first then can use B as tmp space */ - BN_bin2bn (B, v, Bpl1); - BN_add_word (Bpl1, 1); + if (!BN_bin2bn (B, v, Bpl1)) goto err; + if (!BN_add_word (Bpl1, 1)) goto err; for (j = 0; j < Ilen ; j+=v) { - BN_bin2bn (I + j, v, Ij); - BN_add (Ij, Ij, Bpl1); + if (!BN_bin2bn (I + j, v, Ij)) goto err; + if (!BN_add (Ij, Ij, Bpl1)) goto err; BN_bn2bin (Ij, B); Ijlen = BN_num_bytes (Ij); /* If more than 2^(v*8) - 1 cut off MSB */ @@ -201,6 +194,19 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, } else BN_bn2bin (Ij, I + j); } } + +err: + PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); + +end: + OPENSSL_free (Ai); + OPENSSL_free (B); + OPENSSL_free (D); + OPENSSL_free (I); + BN_free (Ij); + BN_free (Bpl1); + EVP_MD_CTX_cleanup(&ctx); + return ret; } #ifdef DEBUG_KEYGEN void h__dump (unsigned char *p, int len) diff --git a/openssl/crypto/pkcs7/pk7_doit.c b/openssl/crypto/pkcs7/pk7_doit.c index 451de8448..3bf1a367b 100644 --- a/openssl/crypto/pkcs7/pk7_doit.c +++ b/openssl/crypto/pkcs7/pk7_doit.c @@ -422,7 +422,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) X509_ALGOR *enc_alg=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; i=OBJ_obj2nid(p7->type); @@ -445,7 +444,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; break; case NID_pkcs7_enveloped: rsk=p7->d.enveloped->recipientinfo; @@ -457,7 +455,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.enveloped->enc_data->algorithm; break; default: PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); diff --git a/openssl/crypto/pkcs7/pk7_lib.c b/openssl/crypto/pkcs7/pk7_lib.c index 3ca095279..d411269b5 100644 --- a/openssl/crypto/pkcs7/pk7_lib.c +++ b/openssl/crypto/pkcs7/pk7_lib.c @@ -591,7 +591,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) { int i; - ASN1_OBJECT *objtmp; PKCS7_ENC_CONTENT *ec; i=OBJ_obj2nid(p7->type); @@ -614,7 +613,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); return(0); } - objtmp = OBJ_nid2obj(i); ec->cipher = cipher; return 1; diff --git a/openssl/crypto/pqueue/pqueue.c b/openssl/crypto/pqueue/pqueue.c index 99a6fb874..eab13a125 100644 --- a/openssl/crypto/pqueue/pqueue.c +++ b/openssl/crypto/pqueue/pqueue.c @@ -167,14 +167,13 @@ pqueue_pop(pqueue_s *pq) pitem * pqueue_find(pqueue_s *pq, unsigned char *prio64be) { - pitem *next, *prev = NULL; + pitem *next; pitem *found = NULL; if ( pq->items == NULL) return NULL; - for ( next = pq->items; next->next != NULL; - prev = next, next = next->next) + for ( next = pq->items; next->next != NULL; next = next->next) { if ( memcmp(next->priority, prio64be,8) == 0) { diff --git a/openssl/crypto/rand/md_rand.c b/openssl/crypto/rand/md_rand.c index 88088ce73..b2f04ff13 100644 --- a/openssl/crypto/rand/md_rand.c +++ b/openssl/crypto/rand/md_rand.c @@ -476,11 +476,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); #ifndef PURIFY /* purify complains */ - /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + /* The following line uses the supplied buffer as a small + * source of entropy: since this buffer is often uninitialised + * it may cause programs such as purify or valgrind to + * complain. So for those builds it is not used: the removal + * of such a small source of entropy has negligible impact on + * security. + */ MD_Update(&m,buf,j); - /* We know that line may cause programs such as - purify and valgrind to complain about use of - uninitialized data. */ #endif k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; diff --git a/openssl/crypto/rand/rand_nw.c b/openssl/crypto/rand/rand_nw.c index f177ffbe8..8d5b8d2e3 100644 --- a/openssl/crypto/rand/rand_nw.c +++ b/openssl/crypto/rand/rand_nw.c @@ -160,8 +160,8 @@ int RAND_poll(void) rdtsc mov tsc, eax } -#else - asm volatile("rdtsc":"=A" (tsc)); +#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) + asm volatile("rdtsc":"=a"(tsc)::"edx"); #endif RAND_add(&tsc, sizeof(tsc), 1); diff --git a/openssl/crypto/rand/randfile.c b/openssl/crypto/rand/randfile.c index 4ed40b7b7..f9b709e6d 100644 --- a/openssl/crypto/rand/randfile.c +++ b/openssl/crypto/rand/randfile.c @@ -269,7 +269,6 @@ err: const char *RAND_file_name(char *buf, size_t size) { char *s=NULL; - int ok = 0; #ifdef __OpenBSD__ struct stat sb; #endif @@ -298,7 +297,6 @@ const char *RAND_file_name(char *buf, size_t size) BUF_strlcat(buf,"/",size); #endif BUF_strlcat(buf,RFILE,size); - ok = 1; } else buf[0] = '\0'; /* no file name */ @@ -312,7 +310,7 @@ const char *RAND_file_name(char *buf, size_t size) * to something hopefully decent if that isn't available. */ - if (!ok) + if (!buf[0]) if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { return(NULL); } diff --git a/openssl/crypto/rc5/rc5_locl.h b/openssl/crypto/rc5/rc5_locl.h index 282dd3882..d337f73fa 100644 --- a/openssl/crypto/rc5/rc5_locl.h +++ b/openssl/crypto/rc5/rc5_locl.h @@ -154,14 +154,14 @@ # define ROTATE_l32(a,n) ({ register unsigned int ret; \ asm ("roll %%cl,%0" \ : "=r"(ret) \ - : "c"(n),"0"(a) \ + : "c"(n),"0"((unsigned int)(a)) \ : "cc"); \ ret; \ }) # define ROTATE_r32(a,n) ({ register unsigned int ret; \ asm ("rorl %%cl,%0" \ : "=r"(ret) \ - : "c"(n),"0"(a) \ + : "c"(n),"0"((unsigned int)(a)) \ : "cc"); \ ret; \ }) diff --git a/openssl/crypto/rsa/rsa_eay.c b/openssl/crypto/rsa/rsa_eay.c index c5eaeeae6..7c941885f 100644 --- a/openssl/crypto/rsa/rsa_eay.c +++ b/openssl/crypto/rsa/rsa_eay.c @@ -675,7 +675,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, rsa->_method_mod_n)) goto err; if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) - BN_sub(ret, rsa->n, ret); + if (!BN_sub(ret, rsa->n, ret)) goto err; p=buf; i=BN_bn2bin(ret,p); diff --git a/openssl/crypto/sha/asm/sha1-armv4-large.pl b/openssl/crypto/sha/asm/sha1-armv4-large.pl index 88861af64..6e65fe3e0 100644 --- a/openssl/crypto/sha/asm/sha1-armv4-large.pl +++ b/openssl/crypto/sha/asm/sha1-armv4-large.pl @@ -37,9 +37,18 @@ # modes are limited. As result it takes more instructions to do # the same job in Thumb, therefore the code is never twice as # small and always slower. -# [***] which is also ~35% better than compiler generated code. +# [***] which is also ~35% better than compiler generated code. Dual- +# issue Cortex A8 core was measured to process input block in +# ~990 cycles. -$output=shift; +# August 2010. +# +# Rescheduling for dual-issue pipeline resulted in 13% improvement on +# Cortex A8 core and in absolute terms ~870 cycles per input block +# [or 13.6 cycles per byte]. + + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $ctx="r0"; @@ -58,43 +67,22 @@ $t3="r12"; $Xi="r14"; @V=($a,$b,$c,$d,$e); -# One can optimize this for aligned access on big-endian architecture, -# but code's endian neutrality makes it too pretty:-) -sub Xload { -my ($a,$b,$c,$d,$e)=@_; -$code.=<<___; - ldrb $t0,[$inp],#4 - ldrb $t1,[$inp,#-3] - ldrb $t2,[$inp,#-2] - ldrb $t3,[$inp,#-1] - add $e,$K,$e,ror#2 @ E+=K_00_19 - orr $t0,$t1,$t0,lsl#8 - add $e,$e,$a,ror#27 @ E+=ROR(A,27) - orr $t0,$t2,$t0,lsl#8 - eor $t1,$c,$d @ F_xx_xx - orr $t0,$t3,$t0,lsl#8 - add $e,$e,$t0 @ E+=X[i] - str $t0,[$Xi,#-4]! -___ -} sub Xupdate { -my ($a,$b,$c,$d,$e,$flag)=@_; +my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_; $code.=<<___; ldr $t0,[$Xi,#15*4] ldr $t1,[$Xi,#13*4] ldr $t2,[$Xi,#7*4] - ldr $t3,[$Xi,#2*4] add $e,$K,$e,ror#2 @ E+=K_xx_xx + ldr $t3,[$Xi,#2*4] eor $t0,$t0,$t1 - eor $t0,$t0,$t2 - eor $t0,$t0,$t3 - add $e,$e,$a,ror#27 @ E+=ROR(A,27) -___ -$code.=<<___ if (!defined($flag)); - eor $t1,$c,$d @ F_xx_xx, but not in 40_59 -___ -$code.=<<___; + eor $t2,$t2,$t3 + eor $t1,$c,$d @ F_xx_xx mov $t0,$t0,ror#31 + add $e,$e,$a,ror#27 @ E+=ROR(A,27) + eor $t0,$t0,$t2,ror#31 + $opt1 @ F_xx_xx + $opt2 @ F_xx_xx add $e,$e,$t0 @ E+=X[i] str $t0,[$Xi,#-4]! ___ @@ -102,19 +90,29 @@ ___ sub BODY_00_15 { my ($a,$b,$c,$d,$e)=@_; - &Xload(@_); $code.=<<___; + ldrb $t0,[$inp],#4 + ldrb $t1,[$inp,#-1] + ldrb $t2,[$inp,#-2] + add $e,$K,$e,ror#2 @ E+=K_00_19 + ldrb $t3,[$inp,#-3] + add $e,$e,$a,ror#27 @ E+=ROR(A,27) + orr $t0,$t1,$t0,lsl#24 + eor $t1,$c,$d @ F_xx_xx + orr $t0,$t0,$t2,lsl#8 + orr $t0,$t0,$t3,lsl#16 and $t1,$b,$t1,ror#2 + add $e,$e,$t0 @ E+=X[i] eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) + str $t0,[$Xi,#-4]! add $e,$e,$t1 @ E+=F_00_19(B,C,D) ___ } sub BODY_16_19 { my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_); + &Xupdate(@_,"and $t1,$b,$t1,ror#2"); $code.=<<___; - and $t1,$b,$t1,ror#2 eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) add $e,$e,$t1 @ E+=F_00_19(B,C,D) ___ @@ -122,22 +120,18 @@ ___ sub BODY_20_39 { my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_); + &Xupdate(@_,"eor $t1,$b,$t1,ror#2"); $code.=<<___; - eor $t1,$b,$t1,ror#2 @ F_20_39(B,C,D) add $e,$e,$t1 @ E+=F_20_39(B,C,D) ___ } sub BODY_40_59 { my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_,1); + &Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d"); $code.=<<___; - and $t1,$b,$c,ror#2 - orr $t2,$b,$c,ror#2 - and $t2,$t2,$d,ror#2 - orr $t1,$t1,$t2 @ F_40_59(B,C,D) add $e,$e,$t1 @ E+=F_40_59(B,C,D) + add $e,$e,$t2,ror#2 ___ } diff --git a/openssl/crypto/sha/asm/sha1-sparcv9.pl b/openssl/crypto/sha/asm/sha1-sparcv9.pl index 8306fc88c..5c161cecd 100644 --- a/openssl/crypto/sha/asm/sha1-sparcv9.pl +++ b/openssl/crypto/sha/asm/sha1-sparcv9.pl @@ -276,6 +276,7 @@ $code.=<<___; .type sha1_block_data_order,#function .size sha1_block_data_order,(.-sha1_block_data_order) .asciz "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" +.align 4 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/openssl/crypto/sha/asm/sha1-sparcv9a.pl b/openssl/crypto/sha/asm/sha1-sparcv9a.pl index 15eb854ba..85e8d6808 100644 --- a/openssl/crypto/sha/asm/sha1-sparcv9a.pl +++ b/openssl/crypto/sha/asm/sha1-sparcv9a.pl @@ -539,6 +539,7 @@ $code.=<<___; .type sha1_block_data_order,#function .size sha1_block_data_order,(.-sha1_block_data_order) .asciz "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>" +.align 4 ___ # Purpose of these subroutines is to explicitly encode VIS instructions, diff --git a/openssl/crypto/sha/asm/sha256-armv4.pl b/openssl/crypto/sha/asm/sha256-armv4.pl index 48d846dee..492cb62bc 100644 --- a/openssl/crypto/sha/asm/sha256-armv4.pl +++ b/openssl/crypto/sha/asm/sha256-armv4.pl @@ -11,9 +11,14 @@ # Performance is ~2x better than gcc 3.4 generated code and in "abso- # lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per -# byte. +# byte [on single-issue Xscale PXA250 core]. -$output=shift; +# July 2010. +# +# Rescheduling for dual-issue pipeline resulted in 22% improvement on +# Cortex A8 core and ~20 cycles per processed byte. + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $ctx="r0"; $t0="r0"; @@ -52,27 +57,27 @@ $code.=<<___ if ($i<16); ___ $code.=<<___; ldr $t2,[$Ktbl],#4 @ *K256++ - str $T1,[sp,#`$i%16`*4] mov $t0,$e,ror#$Sigma1[0] + str $T1,[sp,#`$i%16`*4] eor $t0,$t0,$e,ror#$Sigma1[1] - eor $t0,$t0,$e,ror#$Sigma1[2] @ Sigma1(e) - add $T1,$T1,$t0 eor $t1,$f,$g + eor $t0,$t0,$e,ror#$Sigma1[2] @ Sigma1(e) and $t1,$t1,$e + add $T1,$T1,$t0 eor $t1,$t1,$g @ Ch(e,f,g) - add $T1,$T1,$t1 add $T1,$T1,$h - add $T1,$T1,$t2 mov $h,$a,ror#$Sigma0[0] + add $T1,$T1,$t1 eor $h,$h,$a,ror#$Sigma0[1] + add $T1,$T1,$t2 eor $h,$h,$a,ror#$Sigma0[2] @ Sigma0(a) orr $t0,$a,$b - and $t0,$t0,$c and $t1,$a,$b + and $t0,$t0,$c + add $h,$h,$T1 orr $t0,$t0,$t1 @ Maj(a,b,c) - add $h,$h,$t0 add $d,$d,$T1 - add $h,$h,$T1 + add $h,$h,$t0 ___ } @@ -80,19 +85,19 @@ sub BODY_16_XX { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; $code.=<<___; - ldr $t1,[sp,#`($i+1)%16`*4] @ $i + ldr $t1,[sp,#`($i+1)%16`*4] @ $i ldr $t2,[sp,#`($i+14)%16`*4] ldr $T1,[sp,#`($i+0)%16`*4] - ldr $inp,[sp,#`($i+9)%16`*4] mov $t0,$t1,ror#$sigma0[0] + ldr $inp,[sp,#`($i+9)%16`*4] eor $t0,$t0,$t1,ror#$sigma0[1] eor $t0,$t0,$t1,lsr#$sigma0[2] @ sigma0(X[i+1]) mov $t1,$t2,ror#$sigma1[0] + add $T1,$T1,$t0 eor $t1,$t1,$t2,ror#$sigma1[1] + add $T1,$T1,$inp eor $t1,$t1,$t2,lsr#$sigma1[2] @ sigma1(X[i+14]) - add $T1,$T1,$t0 add $T1,$T1,$t1 - add $T1,$T1,$inp ___ &BODY_00_15(@_); } diff --git a/openssl/crypto/sha/asm/sha512-armv4.pl b/openssl/crypto/sha/asm/sha512-armv4.pl index 4fbb94a91..3a35861ac 100644 --- a/openssl/crypto/sha/asm/sha512-armv4.pl +++ b/openssl/crypto/sha/asm/sha512-armv4.pl @@ -10,7 +10,13 @@ # SHA512 block procedure for ARMv4. September 2007. # This code is ~4.5 (four and a half) times faster than code generated -# by gcc 3.4 and it spends ~72 clock cycles per byte. +# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue +# Xscale PXA250 core]. +# +# July 2010. +# +# Rescheduling for dual-issue pipeline resulted in 6% improvement on +# Cortex A8 core and ~40 cycles per processed byte. # Byte order [in]dependence. ========================================= # @@ -22,7 +28,7 @@ $hi=0; $lo=4; # ==================================================================== -$output=shift; +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $ctx="r0"; @@ -73,33 +79,31 @@ $code.=<<___; eor $t0,$t0,$Elo,lsl#23 eor $t1,$t1,$Ehi,lsl#23 @ Sigma1(e) adds $Tlo,$Tlo,$t0 - adc $Thi,$Thi,$t1 @ T += Sigma1(e) - adds $Tlo,$Tlo,$t2 - adc $Thi,$Thi,$t3 @ T += h - ldr $t0,[sp,#$Foff+0] @ f.lo + adc $Thi,$Thi,$t1 @ T += Sigma1(e) ldr $t1,[sp,#$Foff+4] @ f.hi + adds $Tlo,$Tlo,$t2 ldr $t2,[sp,#$Goff+0] @ g.lo + adc $Thi,$Thi,$t3 @ T += h ldr $t3,[sp,#$Goff+4] @ g.hi - str $Elo,[sp,#$Eoff+0] - str $Ehi,[sp,#$Eoff+4] - str $Alo,[sp,#$Aoff+0] - str $Ahi,[sp,#$Aoff+4] eor $t0,$t0,$t2 + str $Elo,[sp,#$Eoff+0] eor $t1,$t1,$t3 + str $Ehi,[sp,#$Eoff+4] and $t0,$t0,$Elo + str $Alo,[sp,#$Aoff+0] and $t1,$t1,$Ehi + str $Ahi,[sp,#$Aoff+4] eor $t0,$t0,$t2 - eor $t1,$t1,$t3 @ Ch(e,f,g) - ldr $t2,[$Ktbl,#4] @ K[i].lo + eor $t1,$t1,$t3 @ Ch(e,f,g) ldr $t3,[$Ktbl,#0] @ K[i].hi - ldr $Elo,[sp,#$Doff+0] @ d.lo - ldr $Ehi,[sp,#$Doff+4] @ d.hi adds $Tlo,$Tlo,$t0 + ldr $Elo,[sp,#$Doff+0] @ d.lo adc $Thi,$Thi,$t1 @ T += Ch(e,f,g) + ldr $Ehi,[sp,#$Doff+4] @ d.hi adds $Tlo,$Tlo,$t2 adc $Thi,$Thi,$t3 @ T += K[i] adds $Elo,$Elo,$Tlo diff --git a/openssl/crypto/sha/asm/sha512-sparcv9.pl b/openssl/crypto/sha/asm/sha512-sparcv9.pl index 54241aab5..ec5d78135 100644 --- a/openssl/crypto/sha/asm/sha512-sparcv9.pl +++ b/openssl/crypto/sha/asm/sha512-sparcv9.pl @@ -586,6 +586,7 @@ $code.=<<___; .type sha${label}_block_data_order,#function .size sha${label}_block_data_order,(.-sha${label}_block_data_order) .asciz "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" +.align 4 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/openssl/crypto/sparccpuid.S b/openssl/crypto/sparccpuid.S index aa8b11efc..ae61f7f5c 100644 --- a/openssl/crypto/sparccpuid.S +++ b/openssl/crypto/sparccpuid.S @@ -225,13 +225,95 @@ _sparcv9_rdtick: xor %o0,%o0,%o0 .word 0x91410000 !rd %tick,%o0 retl - .word 0x93323020 !srlx %o2,32,%o1 + .word 0x93323020 !srlx %o0,32,%o1 .notick: retl xor %o1,%o1,%o1 .type _sparcv9_rdtick,#function .size _sparcv9_rdtick,.-_sparcv9_rdtick +.global _sparcv9_vis1_probe +.align 8 +_sparcv9_vis1_probe: + .word 0x81b00d80 !fxor %f0,%f0,%f0 + add %sp,BIAS+2,%o1 + retl + .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0 +.type _sparcv9_vis1_probe,#function +.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe + +! Probe and instrument VIS1 instruction. Output is number of cycles it +! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit +! is slow (documented to be 6 cycles on T2) and the core is in-order +! single-issue, it should be possible to distinguish Tx reliably... +! Observed return values are: +! +! UltraSPARC IIe 7 +! UltraSPARC III 7 +! UltraSPARC T1 24 +! +! Numbers for T2 and SPARC64 V-VII are more than welcomed. +! +! It would be possible to detect specifically US-T1 by instrumenting +! fmul8ulx16, which is emulated on T1 and as such accounts for quite +! a lot of %tick-s, couple of thousand on Linux... +.global _sparcv9_vis1_instrument +.align 8 +_sparcv9_vis1_instrument: + .word 0x91410000 !rd %tick,%o0 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x93410000 !rd %tick,%o1 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x95410000 !rd %tick,%o2 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x97410000 !rd %tick,%o3 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x99410000 !rd %tick,%o4 + + ! calculate intervals + sub %o1,%o0,%o0 + sub %o2,%o1,%o1 + sub %o3,%o2,%o2 + sub %o4,%o3,%o3 + + ! find minumum value + cmp %o0,%o1 + .word 0x38680002 !bgu,a %xcc,.+8 + mov %o1,%o0 + cmp %o0,%o2 + .word 0x38680002 !bgu,a %xcc,.+8 + mov %o2,%o0 + cmp %o0,%o3 + .word 0x38680002 !bgu,a %xcc,.+8 + mov %o3,%o0 + + retl + nop +.type _sparcv9_vis1_instrument,#function +.size _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument + +.global _sparcv9_vis2_probe +.align 8 +_sparcv9_vis2_probe: + retl + .word 0x81b00980 !bshuffle %f0,%f0,%f0 +.type _sparcv9_vis2_probe,#function +.size _sparcv9_vis2_probe,.-_sparcv9_vis2_probe + +.global _sparcv9_fmadd_probe +.align 8 +_sparcv9_fmadd_probe: + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + retl + .word 0x81b80440 !fmaddd %f0,%f0,%f2,%f0 +.type _sparcv9_fmadd_probe,#function +.size _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe + .global OPENSSL_cleanse .align 32 OPENSSL_cleanse: diff --git a/openssl/crypto/sparcv9cap.c b/openssl/crypto/sparcv9cap.c index 5f31d20bd..ed195ab40 100644 --- a/openssl/crypto/sparcv9cap.c +++ b/openssl/crypto/sparcv9cap.c @@ -1,6 +1,8 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <setjmp.h> +#include <signal.h> #include <sys/time.h> #include <openssl/bn.h> @@ -9,6 +11,7 @@ #define SPARCV9_VIS1 (1<<2) #define SPARCV9_VIS2 (1<<3) /* reserved */ #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ + static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED; int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num) @@ -23,10 +26,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U return bn_mul_mont_int(rp,ap,bp,np,n0,num); } +unsigned long _sparcv9_rdtick(void); +void _sparcv9_vis1_probe(void); +unsigned long _sparcv9_vis1_instrument(void); +void _sparcv9_vis2_probe(void); +void _sparcv9_fmadd_probe(void); + unsigned long OPENSSL_rdtsc(void) { - unsigned long _sparcv9_rdtick(void); - if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED) #if defined(__sun) && defined(__SVR4) return gethrtime(); @@ -37,8 +44,11 @@ unsigned long OPENSSL_rdtsc(void) return _sparcv9_rdtick(); } -#if defined(__sun) && defined(__SVR4) - +#if 0 && defined(__sun) && defined(__SVR4) +/* This code path is disabled, because of incompatibility of + * libdevinfo.so.1 and libmalloc.so.1 (see below for details) + */ +#include <malloc.h> #include <dlfcn.h> #include <libdevinfo.h> #include <sys/systeminfo.h> @@ -110,7 +120,21 @@ void OPENSSL_cpuid_setup(void) return; } } - +#ifdef M_KEEP + /* + * Solaris libdevinfo.so.1 is effectively incomatible with + * libmalloc.so.1. Specifically, if application is linked with + * -lmalloc, it crashes upon startup with SIGSEGV in + * free(3LIBMALLOC) called by di_fini. Prior call to + * mallopt(M_KEEP,0) somehow helps... But not always... + */ + if ((h = dlopen(NULL,RTLD_LAZY))) + { + union { void *p; int (*f)(int,int); } sym; + if ((sym.p = dlsym(h,"mallopt"))) (*sym.f)(M_KEEP,0); + dlclose(h); + } +#endif if ((h = dlopen("libdevinfo.so.1",RTLD_LAZY))) do { di_init_t di_init; @@ -137,9 +161,19 @@ void OPENSSL_cpuid_setup(void) #else +static sigjmp_buf common_jmp; +static void common_handler(int sig) { siglongjmp(common_jmp,sig); } + void OPENSSL_cpuid_setup(void) { char *e; + struct sigaction common_act,ill_oact,bus_oact; + sigset_t all_masked,oset; + int sig; + static int trigger=0; + + if (trigger) return; + trigger=1; if ((e=getenv("OPENSSL_sparcv9cap"))) { @@ -147,8 +181,57 @@ void OPENSSL_cpuid_setup(void) return; } - /* For now we assume that the rest supports UltraSPARC-I* only */ - OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU|SPARCV9_VIS1; + /* Initial value, fits UltraSPARC-I&II... */ + OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED; + + sigfillset(&all_masked); + sigdelset(&all_masked,SIGILL); + sigdelset(&all_masked,SIGTRAP); +#ifdef SIGEMT + sigdelset(&all_masked,SIGEMT); +#endif + sigdelset(&all_masked,SIGFPE); + sigdelset(&all_masked,SIGBUS); + sigdelset(&all_masked,SIGSEGV); + sigprocmask(SIG_SETMASK,&all_masked,&oset); + + memset(&common_act,0,sizeof(common_act)); + common_act.sa_handler = common_handler; + common_act.sa_mask = all_masked; + + sigaction(SIGILL,&common_act,&ill_oact); + sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */ + + if (sigsetjmp(common_jmp,1) == 0) + { + _sparcv9_rdtick(); + OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; + } + + if (sigsetjmp(common_jmp,1) == 0) + { + _sparcv9_vis1_probe(); + OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; + /* detect UltraSPARC-Tx, see sparccpud.S for details... */ + if (_sparcv9_vis1_instrument() >= 12) + OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU); + else + { + _sparcv9_vis2_probe(); + OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; + } + } + + if (sigsetjmp(common_jmp,1) == 0) + { + _sparcv9_fmadd_probe(); + OPENSSL_sparcv9cap_P |= SPARCV9_FMADD; + } + + sigaction(SIGBUS,&bus_oact,NULL); + sigaction(SIGILL,&ill_oact,NULL); + + sigprocmask(SIG_SETMASK,&oset,NULL); } #endif diff --git a/openssl/crypto/stack/safestack.h b/openssl/crypto/stack/safestack.h index 891cb84a5..a498f1b10 100644 --- a/openssl/crypto/stack/safestack.h +++ b/openssl/crypto/stack/safestack.h @@ -179,7 +179,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) sk_is_sorted(CHECKED_STACK_OF(type, st)) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \ + (STACK_OF(type) *)d2i_ASN1_SET( \ + (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ pp, length, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ @@ -2030,6 +2031,31 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_void_sort(st) SKM_sk_sort(void, (st)) #define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) +#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i)) +#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) +#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i) +#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr)) +#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st)) +#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) + + #define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) #define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) #define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) @@ -2080,31 +2106,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) -#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) -#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i)) -#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) -#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i) -#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) -#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr)) -#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ - ((int (*)(const char * const *,const char * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp))) -#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st)) -#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) - - #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ diff --git a/openssl/crypto/x509/x509.h b/openssl/crypto/x509/x509.h index 604f4fb27..e6f8a4039 100644 --- a/openssl/crypto/x509/x509.h +++ b/openssl/crypto/x509/x509.h @@ -258,6 +258,7 @@ typedef struct x509_cinf_st ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; } X509_CINF; /* This stuff is certificate "auxiliary info" diff --git a/openssl/crypto/x509/x509_vfy.c b/openssl/crypto/x509/x509_vfy.c index 87ebf6252..bd6695d0c 100644 --- a/openssl/crypto/x509/x509_vfy.c +++ b/openssl/crypto/x509/x509_vfy.c @@ -2034,7 +2034,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, if (store) ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); else - ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; + ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; if (store) { diff --git a/openssl/crypto/x509/x_all.c b/openssl/crypto/x509/x_all.c index ebae30b70..8ec88c215 100644 --- a/openssl/crypto/x509/x_all.c +++ b/openssl/crypto/x509/x_all.c @@ -90,6 +90,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { + x->cert_info->enc.modified = 1; return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, x->sig_alg, x->signature, x->cert_info,pkey,md)); } diff --git a/openssl/crypto/x509v3/pcy_tree.c b/openssl/crypto/x509v3/pcy_tree.c index 92f6b2455..bb9777348 100644 --- a/openssl/crypto/x509v3/pcy_tree.c +++ b/openssl/crypto/x509v3/pcy_tree.c @@ -341,9 +341,8 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache) { int i; - X509_POLICY_LEVEL *last; X509_POLICY_DATA *data; - last = curr - 1; + for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { data = sk_X509_POLICY_DATA_value(cache->data, i); diff --git a/openssl/crypto/x509v3/v3_ncons.c b/openssl/crypto/x509v3/v3_ncons.c index 689df46ac..a01dc64dd 100644 --- a/openssl/crypto/x509v3/v3_ncons.c +++ b/openssl/crypto/x509v3/v3_ncons.c @@ -189,7 +189,6 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, print_nc_ipadd(bp, tree->base->d.ip); else GENERAL_NAME_print(bp, tree->base); - tree = sk_GENERAL_SUBTREE_value(trees, i); BIO_puts(bp, "\n"); } return 1; diff --git a/openssl/doc/apps/smime.pod b/openssl/doc/apps/smime.pod index 42c0733bc..e4e89af84 100644 --- a/openssl/doc/apps/smime.pod +++ b/openssl/doc/apps/smime.pod @@ -343,7 +343,7 @@ Create a cleartext signed message: openssl smime -sign -in message.txt -text -out mail.msg \ -signer mycert.pem -Create an opaque signed message +Create an opaque signed message: openssl smime -sign -in message.txt -text -out mail.msg -nodetach \ -signer mycert.pem @@ -397,11 +397,11 @@ it with: -----BEGIN PKCS7----- -----END PKCS7----- -and using the command, +and using the command: openssl smime -verify -inform PEM -in signature.pem -content content.txt -alternatively you can base64 decode the signature and use +Alternatively you can base64 decode the signature and use: openssl smime -verify -inform DER -in signature.der -content content.txt @@ -427,7 +427,7 @@ Ideally a database should be maintained of a certificates for each email address. The code doesn't currently take note of the permitted symmetric encryption -algorithms as supplied in the SMIMECapabilities signed attribute. this means the +algorithms as supplied in the SMIMECapabilities signed attribute. This means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those. diff --git a/openssl/doc/crypto/EVP_PKEY_verify.pod b/openssl/doc/crypto/EVP_PKEY_verify.pod index 10633da3f..f93e5fc6c 100644 --- a/openssl/doc/crypto/EVP_PKEY_verify.pod +++ b/openssl/doc/crypto/EVP_PKEY_verify.pod @@ -69,7 +69,7 @@ Verify signature using PKCS#1 and SHA256 digest: /* Error */ /* Perform operation */ - ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen); + ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); /* ret == 1 indicates success, 0 verify failure and < 0 for some * other error. diff --git a/openssl/doc/crypto/EVP_PKEY_verifyrecover.pod b/openssl/doc/crypto/EVP_PKEY_verifyrecover.pod index e2a2a8c6f..f3605eb82 100644 --- a/openssl/doc/crypto/EVP_PKEY_verifyrecover.pod +++ b/openssl/doc/crypto/EVP_PKEY_verifyrecover.pod @@ -74,7 +74,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest: /* Error */ /* Determine buffer length */ - if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0) + if (EVP_PKEY_verifyrecover(ctx, NULL, &routlen, sig, siglen) <= 0) /* Error */ rout = OPENSSL_malloc(routlen); diff --git a/openssl/doc/ssl/SSL_CTX_set_options.pod b/openssl/doc/ssl/SSL_CTX_set_options.pod index 310db84b3..cc588f3a7 100644 --- a/openssl/doc/ssl/SSL_CTX_set_options.pod +++ b/openssl/doc/ssl/SSL_CTX_set_options.pod @@ -78,18 +78,7 @@ this breaks this server so 16 bytes is the way to go. =item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG -ssl3.netscape.com:443, first a connection is established with RC4-MD5. -If it is then resumed, we end up using DES-CBC3-SHA. It should be -RC4-MD5 according to 7.6.1.3, 'cipher_suite'. - -Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. -It only really shows up when connecting via SSLv2/v3 then reconnecting -via SSLv3. The cipher list changes.... - -NEW INFORMATION. Try connecting with a cipher list of just -DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses -RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when -doing a re-connect, always takes the first cipher in the cipher list. +As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. =item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG diff --git a/openssl/engines/Makefile b/openssl/engines/Makefile index e0242059b..2fa953440 100644 --- a/openssl/engines/Makefile +++ b/openssl/engines/Makefile @@ -114,7 +114,7 @@ install: if [ "$(PLATFORM)" != "Cygwin" ]; then \ case "$(CFLAGS)" in \ *DSO_BEOS*) sfx=".so";; \ - *DSO_DLFCN*) sfx=".so";; \ + *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ *DSO_DL*) sfx=".sl";; \ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ diff --git a/openssl/engines/ccgost/Makefile b/openssl/engines/ccgost/Makefile index 64be962f3..dadb5230e 100644 --- a/openssl/engines/ccgost/Makefile +++ b/openssl/engines/ccgost/Makefile @@ -48,7 +48,7 @@ install: if [ "$(PLATFORM)" != "Cygwin" ]; then \ case "$(CFLAGS)" in \ *DSO_BEOS*) sfx=".so";; \ - *DSO_DLFCN*) sfx=".so";; \ + *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ *DSO_DL*) sfx=".sl";; \ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ diff --git a/openssl/engines/ccgost/gost_ameth.c b/openssl/engines/ccgost/gost_ameth.c index f620a216c..e6c2839e5 100644 --- a/openssl/engines/ccgost/gost_ameth.c +++ b/openssl/engines/ccgost/gost_ameth.c @@ -39,7 +39,7 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) ASN1_STRING *params = ASN1_STRING_new(); GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); int pkey_param_nid = NID_undef; - int cipher_param_nid = NID_undef; + if (!params || !gkp) { GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, @@ -52,7 +52,6 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) { case NID_id_GostR3410_2001: pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)key))); - cipher_param_nid = get_encryption_params(NULL)->nid; break; case NID_id_GostR3410_94: pkey_param_nid = (int) gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key)); @@ -64,7 +63,6 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) params=NULL; goto err; } - cipher_param_nid = get_encryption_params(NULL)->nid; break; } gkp->key_params = OBJ_nid2obj(pkey_param_nid); diff --git a/openssl/engines/e_aep.c b/openssl/engines/e_aep.c index 742b4f9b1..d7f89e515 100644 --- a/openssl/engines/e_aep.c +++ b/openssl/engines/e_aep.c @@ -68,6 +68,8 @@ typedef int pid_t; #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) #define getpid GetThreadID extern int GetThreadID(void); +#elif defined(_WIN32) && !defined(__WATCOMC__) +#define getpid _getpid #endif #include <openssl/crypto.h> @@ -867,13 +869,7 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -#ifdef NETWARE_CLIB - curr_pid = GetThreadID(); -#elif defined(_WIN32) - curr_pid = _getpid(); -#else curr_pid = getpid(); -#endif /*Check if this is the first time this is being called from the current process*/ diff --git a/openssl/engines/e_capi.c b/openssl/engines/e_capi.c index e2a7cb58b..5871491fd 100644 --- a/openssl/engines/e_capi.c +++ b/openssl/engines/e_capi.c @@ -76,10 +76,16 @@ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is * one of possible values you can pass to function in question. By * checking if it's defined we can see if wincrypt.h and accompanying - * crypt32.lib are in shape. Yes, it's rather "weak" test and if - * compilation fails, then re-configure with -DOPENSSL_NO_CAPIENG. + * crypt32.lib are in shape. The native MingW32 headers up to and + * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the + * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG, + * so we check for these too and avoid compiling. + * Yes, it's rather "weak" test and if compilation fails, + * then re-configure with -DOPENSSL_NO_CAPIENG. */ -#ifdef CERT_KEY_PROV_INFO_PROP_ID +#if defined(CERT_KEY_PROV_INFO_PROP_ID) && \ + defined(CERT_STORE_PROV_SYSTEM_A) && \ + defined(CERT_STORE_READONLY_FLAG) # define __COMPILE_CAPIENG #endif /* CERT_KEY_PROV_INFO_PROP_ID */ #endif /* OPENSSL_NO_CAPIENG */ diff --git a/openssl/engines/e_chil.c b/openssl/engines/e_chil.c index 9c2729c96..fdc2100e3 100644 --- a/openssl/engines/e_chil.c +++ b/openssl/engines/e_chil.c @@ -1077,11 +1077,11 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, static int hwcrhk_rsa_finish(RSA *rsa) { HWCryptoHook_RSAKeyHandle *hptr; - int ret; + hptr = RSA_get_ex_data(rsa, hndidx_rsa); if (hptr) { - ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); + p_hwcrhk_RSAUnloadKey(*hptr, NULL); OPENSSL_free(hptr); RSA_set_ex_data(rsa, hndidx_rsa, NULL); } diff --git a/openssl/engines/e_cswift.c b/openssl/engines/e_cswift.c index bc6517984..2e64ff327 100644 --- a/openssl/engines/e_cswift.c +++ b/openssl/engines/e_cswift.c @@ -811,7 +811,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) SW_PARAM sw_param; SW_STATUS sw_status; SW_LARGENUMBER arg, res; - unsigned char *ptr; BN_CTX *ctx; BIGNUM *dsa_p = NULL; BIGNUM *dsa_q = NULL; @@ -899,7 +898,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } /* Convert the response */ - ptr = (unsigned char *)result->d; if((to_return = DSA_SIG_new()) == NULL) goto err; to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL); diff --git a/openssl/engines/e_ubsec.c b/openssl/engines/e_ubsec.c index 9b747b9ae..aa5709bd8 100644 --- a/openssl/engines/e_ubsec.c +++ b/openssl/engines/e_ubsec.c @@ -630,10 +630,8 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx) { int y_len, - m_len, fd; - m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1; y_len = BN_num_bits(p) + BN_num_bits(q); /* Check if hardware can't handle this argument. */ diff --git a/openssl/makevms.com b/openssl/makevms.com index b46e69a42..20211b73b 100644 --- a/openssl/makevms.com +++ b/openssl/makevms.com @@ -581,7 +581,7 @@ $ TIME = F$TIME() $! $! Write The [.CRYPTO._xxx]BUILDINF.H File. $! -$ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */" +$! WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */" $ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'""" $ WRITE H_FILE "#define DATE ""''TIME'"" " $! @@ -593,6 +593,11 @@ $! Purge The [.CRYPTO._xxx]BUILDINF.H File. $! $ PURGE SYS$DISK:[.CRYPTO._'ARCH']BUILDINF.H $! +$! Delete [.CRYPTO]BUILDINF.H File, as there might be some residue from Unix. +$! +$ IF F$SEARCH("[.CRYPTO]BUILDINF.H") .NES. "" THEN - + DELETE SYS$DISK:[.CRYPTO]BUILDINF.H;* +$! $! That's All, Time To RETURN. $! $ RETURN diff --git a/openssl/openssl.spec b/openssl/openssl.spec index bed337b63..9b9072a7d 100644 --- a/openssl/openssl.spec +++ b/openssl/openssl.spec @@ -2,7 +2,7 @@ %define libmaj 1 %define libmin 0 %define librel 0 -%define librev a +%define librev c Release: 1 %define openssldir /var/ssl diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c index a5439d544..1fd58bf59 100644 --- a/openssl/ssl/d1_pkt.c +++ b/openssl/ssl/d1_pkt.c @@ -296,9 +296,6 @@ dtls1_process_buffered_records(SSL *s) item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { - DTLS1_RECORD_DATA *rdata; - rdata = (DTLS1_RECORD_DATA *)item->data; - /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) return(1); /* Nothing to do. */ @@ -528,14 +525,12 @@ int dtls1_get_record(SSL *s) int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; - SSL_SESSION *sess; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); - sess=s->session; /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ diff --git a/openssl/ssl/s23_lib.c b/openssl/ssl/s23_lib.c index e3fce5343..3bf728318 100644 --- a/openssl/ssl/s23_lib.c +++ b/openssl/ssl/s23_lib.c @@ -92,15 +92,8 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u) * available */ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c; const SSL_CIPHER *cp; - unsigned long id; - int n; - n=ssl3_num_ciphers(); - id=0x03000000|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; cp=ssl3_get_cipher_by_char(p); #ifndef OPENSSL_NO_SSL2 if (cp == NULL) diff --git a/openssl/ssl/s2_srvr.c b/openssl/ssl/s2_srvr.c index 1434e734d..947167687 100644 --- a/openssl/ssl/s2_srvr.c +++ b/openssl/ssl/s2_srvr.c @@ -697,7 +697,6 @@ static int server_hello(SSL *s) { unsigned char *p,*d; int n,hit; - STACK_OF(SSL_CIPHER) *sk; p=(unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) @@ -778,7 +777,6 @@ static int server_hello(SSL *s) /* lets send out the ciphers we like in the * prefered order */ - sk= s->session->ciphers; n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); d+=n; s2n(n,p); /* add cipher length */ diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index 41769feba..c22837d05 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -866,8 +866,11 @@ int ssl3_get_server_hello(SSL *s) s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { +/* Workaround is now obsolete */ +#if 0 if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) +#endif { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); @@ -1508,6 +1511,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); + bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; } diff --git a/openssl/ssl/s3_enc.c b/openssl/ssl/s3_enc.c index 3d7aec97a..58386e1ba 100644 --- a/openssl/ssl/s3_enc.c +++ b/openssl/ssl/s3_enc.c @@ -214,7 +214,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) int ssl3_change_cipher_state(SSL *s, int which) { - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; unsigned char exp_iv[EVP_MAX_IV_LENGTH]; unsigned char *ms,*key,*iv,*er1,*er2; @@ -239,7 +239,6 @@ int ssl3_change_cipher_state(SSL *s, int which) else comp=s->s3->tmp.new_compression->method; #endif - key_block=s->s3->tmp.key_block; if (which & SSL3_CC_READ) { diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c index 92f73b668..514f72c97 100644 --- a/openssl/ssl/s3_srvr.c +++ b/openssl/ssl/s3_srvr.c @@ -985,6 +985,10 @@ int ssl3_get_client_hello(SSL *s) break; } } +/* Disabled because it can be used in a ciphersuite downgrade + * attack: CVE-2010-4180. + */ +#if 0 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { /* Special case as client bug workaround: the previously used cipher may @@ -999,6 +1003,7 @@ int ssl3_get_client_hello(SSL *s) j = 1; } } +#endif if (j == 0) { /* we need to have the cipher in the cipher @@ -2579,12 +2584,19 @@ int ssl3_get_client_key_exchange(SSL *s) { int ret = 0; EVP_PKEY_CTX *pkey_ctx; - EVP_PKEY *client_pub_pkey = NULL; + EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; unsigned char premaster_secret[32], *start; - size_t outlen=32, inlen; + size_t outlen=32, inlen; + unsigned long alg_a; /* Get our certificate private key*/ - pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL); + alg_a = s->s3->tmp.new_cipher->algorithm_auth; + if (alg_a & SSL_aGOST94) + pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; + else if (alg_a & SSL_aGOST01) + pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; + + pkey_ctx = EVP_PKEY_CTX_new(pk,NULL); EVP_PKEY_decrypt_init(pkey_ctx); /* If client certificate is present and is of the same type, maybe * use it for key exchange. Don't mind errors from diff --git a/openssl/ssl/ssl_asn1.c b/openssl/ssl/ssl_asn1.c index 28709978b..d7f4c6087 100644 --- a/openssl/ssl/ssl_asn1.c +++ b/openssl/ssl/ssl_asn1.c @@ -357,7 +357,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { - int version,ssl_version=0,i; + int ssl_version=0,i; long id; ASN1_INTEGER ai,*aip; ASN1_OCTET_STRING os,*osp; @@ -371,7 +371,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ai.data=NULL; ai.length=0; M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - version=(int)ASN1_INTEGER_get(aip); if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } /* we don't care about the version right now :-) */ diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c index bee3507ea..a8ce186b7 100644 --- a/openssl/ssl/ssl_ciph.c +++ b/openssl/ssl/ssl_ciph.c @@ -1027,7 +1027,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, const SSL_CIPHER **ca_list) { unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; - const char *l, *start, *buf; + const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; unsigned long cipher_id = 0; char ch; @@ -1064,7 +1064,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str, alg_ssl = 0; algo_strength = 0; - start=l; for (;;) { ch = *l; @@ -1456,7 +1455,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) int is_export,pkl,kl; const char *ver,*exp_str; const char *kx,*au,*enc,*mac; - unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s; + unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; #ifdef KSSL_DEBUG static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; #else @@ -1469,7 +1468,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) alg_mac = cipher->algorithm_mac; alg_ssl = cipher->algorithm_ssl; - alg_s=cipher->algo_strength; alg2=cipher->algorithm2; is_export=SSL_C_IS_EXPORT(cipher); diff --git a/openssl/ssl/ssl_lib.c b/openssl/ssl/ssl_lib.c index 3157f20ea..912592b8b 100644 --- a/openssl/ssl/ssl_lib.c +++ b/openssl/ssl/ssl_lib.c @@ -2110,23 +2110,12 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) /* THIS NEEDS CLEANING UP */ X509 *ssl_get_server_send_cert(SSL *s) { - unsigned long alg_k,alg_a,mask_k,mask_a; + unsigned long alg_k,alg_a; CERT *c; - int i,is_export; + int i; c=s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); - is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); - if (is_export) - { - mask_k = c->export_mask_k; - mask_a = c->export_mask_a; - } - else - { - mask_k = c->mask_k; - mask_a = c->mask_a; - } alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; diff --git a/openssl/ssl/ssltest.c b/openssl/ssl/ssltest.c index abf214ad7..0bb4fa43b 100644 --- a/openssl/ssl/ssltest.c +++ b/openssl/ssl/ssltest.c @@ -1430,7 +1430,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) BIO *c_bio=NULL; BIO *s_bio=NULL; int c_r,c_w,s_r,s_w; - int c_want,s_want; int i,j; int done=0; int c_write,s_write; @@ -1465,8 +1464,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) c_r=0; s_r=1; c_w=1; s_w=0; - c_want=W_WRITE; - s_want=0; c_write=1,s_write=0; /* We can always do writes */ diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c index 9719541f2..793ea43e9 100644 --- a/openssl/ssl/t1_enc.c +++ b/openssl/ssl/t1_enc.c @@ -157,7 +157,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, const void *seed5, int seed5_len, unsigned char *out, int olen) { - int chunk,n; + int chunk; unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; @@ -187,7 +187,6 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, if (!HMAC_Final(&ctx,A1,&A1_len)) goto err; - n=0; for (;;) { if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */ @@ -309,13 +308,13 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, int tls1_change_cipher_state(SSL *s, int which) { static const unsigned char empty[]=""; - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char *exp_label; unsigned char tmp1[EVP_MAX_KEY_LENGTH]; unsigned char tmp2[EVP_MAX_KEY_LENGTH]; unsigned char iv1[EVP_MAX_IV_LENGTH*2]; unsigned char iv2[EVP_MAX_IV_LENGTH*2]; - unsigned char *ms,*key,*iv,*er1,*er2; + unsigned char *ms,*key,*iv; int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; @@ -337,7 +336,6 @@ int tls1_change_cipher_state(SSL *s, int which) #ifndef OPENSSL_NO_COMP comp=s->s3->tmp.new_compression; #endif - key_block=s->s3->tmp.key_block; #ifdef KSSL_DEBUG printf("tls1_change_cipher_state(which= %d) w/\n", which); @@ -448,8 +446,6 @@ int tls1_change_cipher_state(SSL *s, int which) cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); - er1= &(s->s3->client_random[0]); - er2= &(s->s3->server_random[0]); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { @@ -880,7 +876,7 @@ int tls1_final_finish_mac(SSL *s, int tls1_mac(SSL *ssl, unsigned char *md, int send) { SSL3_RECORD *rec; - unsigned char *mac_sec,*seq; + unsigned char *seq; EVP_MD_CTX *hash; size_t md_size; int i; @@ -892,14 +888,12 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) if (send) { rec= &(ssl->s3->wrec); - mac_sec= &(ssl->s3->write_mac_secret[0]); seq= &(ssl->s3->write_sequence[0]); hash=ssl->write_hash; } else { rec= &(ssl->s3->rrec); - mac_sec= &(ssl->s3->read_mac_secret[0]); seq= &(ssl->s3->read_sequence[0]); hash=ssl->read_hash; } diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c index e8bc34c11..5cdd7e572 100644 --- a/openssl/ssl/t1_lib.c +++ b/openssl/ssl/t1_lib.c @@ -714,14 +714,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (s->session->tlsext_hostname == NULL) + if (!s->hit) { - if (len > TLSEXT_MAXLEN_host_name || - ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + if(s->session->tlsext_hostname) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } + if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { @@ -734,7 +743,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } else - s->servername_done = strlen(s->session->tlsext_hostname) == len + s->servername_done = s->session->tlsext_hostname + && strlen(s->session->tlsext_hostname) == len && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; break; @@ -765,15 +775,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in *al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ecpointformatlist_length = 0; - if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); - if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + if (!s->hit) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; + if(s->session->tlsext_ecpointformatlist) + { + OPENSSL_free(s->session->tlsext_ecpointformatlist); + s->session->tlsext_ecpointformatlist = NULL; + } + s->session->tlsext_ecpointformatlist_length = 0; + if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; + memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; - memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); #if 0 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); sdata = s->session->tlsext_ecpointformatlist; @@ -794,15 +811,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in *al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ellipticcurvelist_length = 0; - if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist); - if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + if (!s->hit) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; + if(s->session->tlsext_ellipticcurvelist) + { + *al = TLS1_AD_DECODE_ERROR; + return 0; + } + s->session->tlsext_ellipticcurvelist_length = 0; + if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; + memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); } - s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; - memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); #if 0 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); sdata = s->session->tlsext_ellipticcurvelist; @@ -983,9 +1007,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { + unsigned short length; unsigned short type; unsigned short size; - unsigned short len; unsigned char *data = *p; int tlsext_servername = 0; int renegotiate_seen = 0; @@ -993,7 +1017,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (data >= (d+n-2)) goto ri_check; - n2s(data,len); + n2s(data,length); + if (data+length != d+n) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } while(data <= (d+n-4)) { @@ -1423,23 +1452,20 @@ int ssl_check_serverhello_tlsext(SSL *s) int al = SSL_AD_UNRECOGNIZED_NAME; #ifndef OPENSSL_NO_EC - /* If we are client and using an elliptic curve cryptography cipher suite, then server - * must return a an EC point formats lists containing uncompressed. + /* If we are client and using an elliptic curve cryptography cipher + * suite, then if server returns an EC point formats lists extension + * it must contain uncompressed. */ unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && + (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list; int found_uncompressed = 0; - if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0)) - { - SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - return -1; - } list = s->session->tlsext_ecpointformatlist; for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) { diff --git a/openssl/test/bctest.com b/openssl/test/bctest.com new file mode 100644 index 000000000..d7e5ec139 --- /dev/null +++ b/openssl/test/bctest.com @@ -0,0 +1,152 @@ +$! +$! Check operation of "bc". +$! +$! 2010-04-05 SMS. New. Based (loosely) on "bctest". +$! +$! +$ tmp_file_name = "tmp.bctest" +$ failure = "" +$! +$! Basic command test. +$! +$ on warning then goto bc_fail +$ bc +$ on error then exit +$! +$! Test for SunOS 5.[78] bc bug. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +obase=16 +ibase=16 +a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ +CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ +10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ +C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ +3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ +4FC3CADF855448B24A9D7640BCF473E +b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ +9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ +8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ +3ED0E2017D60A68775B75481449 +(a/b)*b + (a%b) - a +$ status = $status +$ output_expected = "0" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "SunOStest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$! Test for SCO bc bug. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +obase=16 +ibase=16 +-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ +9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ +11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ +1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ +AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ +F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ +B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ +02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ +85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ +A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ +E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ +8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ +04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ +89C8D71 +AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ +928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ +8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ +37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ +E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ +F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ +9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ +D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ +5296964 +$ status = $status +$ output_expected = "0\0" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "SCOtest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$! Test for working 'print' command. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +print "OK" +$ status = $status +$ output_expected = "OK" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "printtest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$ if (failure .nes. "") +$ then +$ write sys$output - + "No working bc found. Consider installing GNU bc." +$ exit %X00030000 ! %DCL-W-NORMAL +$ endif +$! +$ exit +$! +$! +$! Complete "bc" command failure. +$! +$ bc_fail: +$ write sys$output - + "No ""bc"" program/symbol found. Consider installing GNU bc." +$ exit %X00030000 ! %DCL-W-NORMAL +$! +$! +$! Output check subroutine. +$! +$ check_output: +$ eof = 0 +$ line_nr = 0 +$ open /read tmp_file 'tmp_file_name' +$ c_o_loop: +$ read /error = error_read tmp_file line +$ goto ok_read +$ error_read: +$ eof = 1 +$ ok_read: +$ line_expected = f$element( line_nr, "\", output_expected) +$ line_nr = line_nr+ 1 +$ if ((line_expected .nes. "\") .and. (.not. eof) .and. - + (line_expected .eqs. line)) then goto c_o_loop +$! +$ if ((line_expected .eqs. "\") .and. eof) +$ then +$ output = 1 +$ else +$ output = 0 +$ endif +$ close tmp_file +$ return +$! diff --git a/openssl/test/bntest.com b/openssl/test/bntest.com new file mode 100644 index 000000000..cb6d3abd7 --- /dev/null +++ b/openssl/test/bntest.com @@ -0,0 +1,69 @@ +$! +$! Analyze bntest output file. +$! +$! Exit status = 1 (success) if all tests passed, +$! 0 (warning) if any test failed. +$! +$! 2010-04-05 SMS. New. Based (loosely) on perl code in bntest-vms.sh. +$! +$! Expect data like: +$! test test_name1 +$! 0 +$! [...] +$! test test_name2 +$! 0 +$! [...] +$! [...] +$! +$! Some tests have no following "0" lines. +$! +$ result_file_name = f$edit( p1, "TRIM") +$ if (result_file_name .eqs. "") +$ then +$ result_file_name = "bntest-vms.out" +$ endif +$! +$ fail = 0 +$ passed = 0 +$ tests = 0 +$! +$ on control_c then goto tidy +$ on error then goto tidy +$! +$ open /read result_file 'result_file_name' +$! +$ read_loop: +$ read /end = read_loop_end /error = tidy result_file line +$ t1 = f$element( 0, " ", line) +$ if (t1 .eqs. "test") +$ then +$ passed = passed+ 1 +$ tests = tests+ 1 +$ fail = 1 +$ t2 = f$extract( 5, 1000, line) +$ write sys$output "verify ''t2'" +$ else +$ if (t1 .nes. "0") +$ then +$ write sys$output "Failed! bc: ''line'" +$ passed = passed- fail +$ fail = 0 +$ endif +$ endif +$ goto read_loop +$ read_loop_end: +$ write sys$output "''passed'/''tests' tests passed" +$! +$ tidy: +$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE") +$ then +$ close result_file +$ endif +$! +$ if ((tests .gt. 0) .and. (tests .eq. passed)) +$ then +$ exit 1 +$ else +$ exit 0 +$ endif +$! diff --git a/openssl/test/cms-test.pl b/openssl/test/cms-test.pl index 9c50dff3e..31b84707a 100644 --- a/openssl/test/cms-test.pl +++ b/openssl/test/cms-test.pl @@ -54,9 +54,13 @@ # OpenSSL PKCS#7 and CMS implementations. my $ossl_path; -my $redir = " 2>cms.err 1>cms.out"; +my $redir = " 2> cms.err > cms.out"; +# Make VMS work +if ( $^O eq "VMS" && -f "$ENV{EXE_DIR}openssl.exe" ) { + $ossl_path = "pipe mcr $ENV{EXE_DIR}openssl.exe"; +} # Make MSYS work -if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { +elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { $ossl_path = "cmd /c ..\\apps\\openssl"; } elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { @@ -84,79 +88,79 @@ my @smime_pkcs7_tests = ( [ "signed content DER format, RSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -certfile $smdir/smroot.pem" . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed detached content DER format, RSA key", - "-sign -in smcont.txt -outform DER" + "-sign -in smcont.txt -outform \"DER\"" . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed content test streaming BER format, RSA", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -stream -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content DER format, DSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed detached content DER format, DSA key", - "-sign -in smcont.txt -outform DER" + "-sign -in smcont.txt -outform \"DER\"" . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed detached content DER format, add RSA signer", - "-resign -inform DER -in test.cms -outform DER" + "-resign -inform \"DER\" -in test.cms -outform \"DER\"" . " -signer $smdir/smrsa1.pem -out test2.cms", - "-verify -in test2.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test2.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed content test streaming BER format, DSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -stream -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", - "-sign -in smcont.txt -outform DER -noattr -nodetach" + "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -165,7 +169,7 @@ my @smime_pkcs7_tests = ( . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -174,7 +178,7 @@ my @smime_pkcs7_tests = ( . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -215,12 +219,12 @@ my @smime_cms_tests = ( [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", - "-sign -in smcont.txt -outform DER -nodetach -keyid" + "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -230,7 +234,7 @@ my @smime_cms_tests = ( . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", "-verify -in test.cms -inform PEM " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -239,7 +243,7 @@ my @smime_cms_tests = ( . " -receipt_request_to test\@openssl.org -receipt_request_all" . " -out test.cms", "-verify -in test.cms " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -248,7 +252,7 @@ my @smime_cms_tests = ( . " -signer $smdir/smrsa2.pem" . " -out test2.cms", "-verify_receipt test2.cms -in test.cms" - . " -CAfile $smdir/smroot.pem" + . " \"-CAfile\" $smdir/smroot.pem" ], [ @@ -289,38 +293,38 @@ my @smime_cms_tests = ( [ "encrypted content test streaming PEM format, 128 bit RC2 key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" ], [ "encrypted content test streaming PEM format, 40 bit RC2 key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -rc2 -secretkey 0001020304" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 0001020304 -out smtst.txt" ], [ "encrypted content test streaming PEM format, triple DES key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" . " -out smtst.txt" ], [ "encrypted content test streaming PEM format, 128 bit AES key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" ], diff --git a/openssl/test/maketests.com b/openssl/test/maketests.com index ca072f1d1..3d8129bf2 100644 --- a/openssl/test/maketests.com +++ b/openssl/test/maketests.com @@ -105,7 +105,7 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "MDC2TEST,RMDTEST,"+ - "RANDTEST,DHTEST,ENGINETEST,"+ - "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - - "EVP_TEST,JPAKETEST" + "EVP_TEST,IGETEST,JPAKETEST,ASN1TEST" $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? $! $! Additional directory information. @@ -139,8 +139,9 @@ $ T_D_EXPTEST := [-.crypto.bn] $ T_D_DSATEST := [-.crypto.dsa] $ T_D_RSA_TEST := [-.crypto.rsa] $ T_D_EVP_TEST := [-.crypto.evp] -$ T_D_JPAKETEST := [-.crypto.jpake] $ T_D_IGETEST := [-.test] +$ T_D_JPAKETEST := [-.crypto.jpake] +$ T_D_ASN1TEST := [-.test] $! $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - diff --git a/openssl/test/tests.com b/openssl/test/tests.com index d151cd395..f3193d026 100644 --- a/openssl/test/tests.com +++ b/openssl/test/tests.com @@ -12,11 +12,16 @@ $ if __arch .eqs. "" then __arch := UNK $ texe_dir := sys$disk:[-.'__arch'.exe.test] $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ -$ sslroot = f$parse("sys$disk:[-.apps];",,,,"syntax_only") - "].;"+ ".]" -$ define /translation_attributes = concealed sslroot 'sslroot' -$ $ set default '__here' $ +$ ROOT = F$PARSE("sys$disk:[-]A.;0",,,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" +$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") +$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - + - ".][000000" - "[000000." - "][" - "[" - "]" +$ ROOT = ROOT_DEV + "[" + ROOT_DIR +$ DEFINE/NOLOG SSLROOT 'ROOT'.APPS.] /TRANS=CONC +$ openssl_conf := sslroot:[000000]openssl-vms.cnf +$ $ on control_y then goto exit $ on error then goto exit $ @@ -70,17 +75,19 @@ $ ENGINETEST := enginetest $ EVPTEST := evp_test $ IGETEST := igetest $ JPAKETEST := jpaketest +$ ASN1TEST := asn1test $ $ tests_i = 0 $ loop_tests: $ tests_e = f$element(tests_i,",",tests) $ tests_i = tests_i + 1 $ if tests_e .eqs. "," then goto exit +$ write sys$output "---> ''tests_e'" $ gosub 'tests_e' $ goto loop_tests $ $ test_evp: -$ mcr 'texe_dir''evptest' evptests.txt +$ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt $ return $ test_des: $ mcr 'texe_dir''destest' @@ -173,27 +180,57 @@ $ @tpkcs7d.com $ deassign sys$error $ return $ test_bn: -$ write sys$output "starting big number library test, could take a while..." -$ create bntest-vms.fdl +$ write sys$output - + "starting big number library test, could take a while..." +$ set noon +$ define sys$error nl: +$ define sys$output nl: +$ @ bctest.com +$ status = $status +$ deassign sys$error +$ deassign sys$output +$ on control_y then goto exit +$ on error then goto exit +$ if (status) +$ then +$ create /fdl = sys$input bntest-vms.tmp FILE ORGANIZATION sequential RECORD FORMAT stream_lf -$ create/fdl=bntest-vms.fdl bntest-vms.sh -$ open/append foo bntest-vms.sh -$ type/output=foo: sys$input: +$ define /user_mode sys$output bntest-vms.tmp +$ mcr 'texe_dir''bntest' +$ define /user_mode sys$input bntest-vms.tmp +$ define /user_mode sys$output bntest-vms.out +$ bc +$ @ bntest.com bntest-vms.out +$ status = $status +$ if (status) +$ then +$ delete bntest-vms.out;* +$ delete bntest-vms.tmp;* +$ endif +$ else +$ create /fdl = sys$input bntest-vms.sh +FILE + ORGANIZATION sequential +RECORD + FORMAT stream_lf +$ open /append bntest_file bntest-vms.sh +$ type /output = bntest_file sys$input: << __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"' -$ define/user sys$output bntest-vms.tmp -$ mcr 'texe_dir''bntest' -$ copy bntest-vms.tmp foo: -$ delete bntest-vms.tmp;* -$ type/output=foo: sys$input: +$ define/user sys$output bntest-vms.tmp +$ mcr 'texe_dir''bntest' +$ copy bntest-vms.tmp bntest_file +$ delete bntest-vms.tmp;* +$ type /output = bntest_file sys$input: __FOO__ -$ close foo -$ write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and" -$ write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations" -$ write sys$output "-- went well." -$ write sys$output "" +$ close bntest_file +$ write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and" +$ write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations" +$ write sys$output "-- went well." +$ write sys$output "" +$ endif $ write sys$output "test a^b%c implementations" $ mcr 'texe_dir''exptest' $ return @@ -289,11 +326,14 @@ $ mcr 'texe_dir''jpaketest' $ return $ test_cms: $ write sys$output "CMS consistency test" +$ ! The following makes perl include the DCL symbol table in the env. +$ define/user perl_env_tables clisym_local,lnm$file_dev,ctrl_env $ perl CMS-TEST.PL $ return $ $ $ exit: +$ mcr 'exe_dir'openssl version -a $ set default '__save_default' $ deassign sslroot $ exit diff --git a/openssl/test/testssl.com b/openssl/test/testssl.com index 9c83afba0..88580291f 100644 --- a/openssl/test/testssl.com +++ b/openssl/test/testssl.com @@ -21,10 +21,10 @@ $ cert=p2 $ endif $ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert' $ +$ set noon $ define/user sys$output testssl-x509-output. $ define/user sys$error nla0: $ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout -$ set noon $ define/user sys$error nla0: $ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact $ if $severity .eq. 1 @@ -33,7 +33,6 @@ $ dsa_cert := YES $ else $ dsa_cert := NO $ endif -$ set on $ delete testssl-x509-output.;* $ $ if p3 .eqs. "" @@ -161,14 +160,12 @@ $ if $severity .ne. 1 then goto exit3 $ $!########################################################################### $ -$ set noon $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ no_rsa=$SEVERITY $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-dh $ no_dh=$SEVERITY -$ set on $ $ if no_dh $ then @@ -203,4 +200,5 @@ $ exit3: $ RET = 3 $ exit: $ if p3 .eqs. "" then delete certs.tmp;* +$ set on $ exit 'RET' diff --git a/openssl/test/testtsa.com b/openssl/test/testtsa.com index e3c586f14..2ca1adac5 100644 --- a/openssl/test/testtsa.com +++ b/openssl/test/testtsa.com @@ -167,6 +167,8 @@ $ endsubroutine $ $ ! Main body ---------------------------------------------------------- $ +$ set noon +$ $ write sys$output "Setting up TSA test directory..." $ call setup_dir $ @@ -245,4 +247,6 @@ $ $ write sys$output "Cleaning up..." $ call clean_up_dir $ +$ set on +$ $ exit diff --git a/openssl/util/cygwin.sh b/openssl/util/cygwin.sh index a4f2e740b..d6228521e 100644 --- a/openssl/util/cygwin.sh +++ b/openssl/util/cygwin.sh @@ -8,7 +8,7 @@ #set -x CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5" -INSTALL_PREFIX=/tmp/install +INSTALL_PREFIX=/tmp/install/INSTALL VERSION= SUBVERSION=$1 @@ -124,8 +124,12 @@ strip usr/bin/*.exe usr/bin/*.dll usr/lib/engines/*.so chmod u-w usr/lib/engines/*.so # Runtime package -find etc usr/bin usr/lib/engines usr/share/doc usr/ssl/certs \ - usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private \ +tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \ + usr/bin/cyg*dll +# Base package +find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \ + usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf \ + usr/ssl/private \ -empty -o \! -type d | tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 - # Development package @@ -135,6 +139,7 @@ tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 +ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 cleanup diff --git a/openssl/util/libeay.num b/openssl/util/libeay.num index 6f3067ae2..08808fec5 100644 --- a/openssl/util/libeay.num +++ b/openssl/util/libeay.num @@ -4178,3 +4178,14 @@ UI_method_get_prompt_constructr 4550 EXIST:VMS:FUNCTION: UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION: UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION: EVP_read_pw_string_min 4552 EXIST::FUNCTION: +CRYPTO_cts128_encrypt 4553 EXIST::FUNCTION: +CRYPTO_cts128_decrypt_block 4554 EXIST::FUNCTION: +CRYPTO_cfb128_1_encrypt 4555 EXIST::FUNCTION: +CRYPTO_cbc128_encrypt 4556 EXIST::FUNCTION: +CRYPTO_ctr128_encrypt 4557 EXIST::FUNCTION: +CRYPTO_ofb128_encrypt 4558 EXIST::FUNCTION: +CRYPTO_cts128_decrypt 4559 EXIST::FUNCTION: +CRYPTO_cts128_encrypt_block 4560 EXIST::FUNCTION: +CRYPTO_cbc128_decrypt 4561 EXIST::FUNCTION: +CRYPTO_cfb128_encrypt 4562 EXIST::FUNCTION: +CRYPTO_cfb128_8_encrypt 4563 EXIST::FUNCTION: diff --git a/openssl/util/mk1mf.pl b/openssl/util/mk1mf.pl index 280e9de1a..68a415a39 100644 --- a/openssl/util/mk1mf.pl +++ b/openssl/util/mk1mf.pl @@ -13,6 +13,7 @@ $banner="\t\@echo Building OpenSSL"; my $no_static_engine = 1; my $engines = ""; +my $otherlibs = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; local $perl_asm = 0; # 1 to autobuild asm files from perl scripts @@ -266,6 +267,7 @@ $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; +$cflags.=" -DOPENSSL_NO_GOST" if $no_gost; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; @@ -356,6 +358,12 @@ for (;;) $lib=$val; $lib =~ s/^.*\/([^\/]+)$/$1/; } + if ($key eq "LIBNAME" && $no_static_engine) + { + $lib=$val; + $lib =~ s/^.*\/([^\/]+)$/$1/; + $otherlibs .= " $lib"; + } if ($key eq "EXHEADER") { $exheader.=&var_add($dir,$val, 1); } @@ -658,7 +666,7 @@ foreach (split(/\s+/,$test)) $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); } -$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); +$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp); foreach (split(/\s+/,$engines)) { @@ -671,6 +679,14 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); +foreach (split(/\s+/,$otherlibs)) + { + my $uc = $_; + $uc =~ tr /a-z/A-Z/; + $rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, ""); + + } + $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); print $defs; @@ -708,6 +724,7 @@ sub var_add return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; + return("") if $no_gost && $dir =~ /\/ccgost/; return("") if $no_cms && $dir =~ /\/cms/; return("") if $no_jpake && $dir =~ /\/jpake/; if ($no_des && $dir =~ /\/des/) @@ -1047,6 +1064,7 @@ sub read_options "no-ec" => \$no_ec, "no-ecdsa" => \$no_ecdsa, "no-ecdh" => \$no_ecdh, + "no-gost" => \$no_gost, "no-engine" => \$no_engine, "no-hw" => \$no_hw, "just-ssl" => diff --git a/openssl/util/mkdef.pl b/openssl/util/mkdef.pl index a4a17e3ae..40ed2ddeb 100644 --- a/openssl/util/mkdef.pl +++ b/openssl/util/mkdef.pl @@ -316,6 +316,7 @@ $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; $crypto.=" crypto/jpake/jpake.h"; +$crypto.=" crypto/modes/modes.h"; my $symhacks="crypto/symhacks.h"; diff --git a/openssl/util/pl/VC-32.pl b/openssl/util/pl/VC-32.pl index c3e29fda9..5f25fc41b 100644 --- a/openssl/util/pl/VC-32.pl +++ b/openssl/util/pl/VC-32.pl @@ -138,8 +138,8 @@ else } # generate symbols.pdb unconditionally -$app_cflag.=" /Zi /Fd$tmp_def/app"; -$lib_cflag.=" /Zi /Fd$tmp_def/lib"; +$app_cflag.=" /Zi /Fd\$(TMP_D)/app"; +$lib_cflag.=" /Zi /Fd\$(TMP_D)/lib"; $lflags.=" /debug"; $obj='.obj'; @@ -195,7 +195,7 @@ if ($FLAVOR =~ /WIN64A/) { my $ver=`nasm -v 2>NUL`; my $vew=`nasmw -v 2>NUL`; # pick newest version - $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; + $asm=($ver ge $vew?"nasm":"nasmw")." -f win32"; $asmtype="win32n"; $afile='-o '; } else { diff --git a/packages.txt b/packages.txt index 9307ecc89..a4ea0c024 100644 --- a/packages.txt +++ b/packages.txt @@ -66,7 +66,7 @@ libxcb-1.5 libxkbfile-1.0.6
mesa-7.9
mkfontscale-1.0.7
-openssl-1.0.0a
+openssl-1.0.0c
pixman-0.19.2
pthreads-w32-2-8-0-release
randrproto-1.3.2
|