diff options
68 files changed, 1333 insertions, 746 deletions
| diff --git a/openssl/CHANGES b/openssl/CHANGES index e8655ab14..b139cf624 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,12 @@   OpenSSL CHANGES   _______________ + Changes between 1.0.0 and 1.0.0a  [01 Jun 2010] + +  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover  +     (CVE-2010-1633) +     [Steve Henson, Peter-Michael Hager <hager@dortmund.net>] +   Changes between 0.9.8n and 1.0.0  [29 Mar 2010]    *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher @@ -843,6 +849,17 @@    *) Change 'Configure' script to enable Camellia by default.       [NTT] + Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] + +  *) Correct a typo in the CMS ASN1 module which can result in invalid memory +     access or freeing data twice (CVE-2010-0742) +     [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>] + +  *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more +     common in certificates and some applications which only call +     SSL_library_init and not OpenSSL_add_all_algorithms() will fail. +     [Steve Henson] +   Changes between 0.9.8m and 0.9.8n [24 Mar 2010]    *) When rejecting SSL/TLS records due to an incorrect version number, never diff --git a/openssl/Configure b/openssl/Configure index d15b6895f..e3b13b9d4 100644 --- a/openssl/Configure +++ b/openssl/Configure @@ -503,7 +503,7 @@ my %table=(  "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",  # MinGW -"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall:::MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", +"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",  # As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll  # compiled with one compiler with application compiled with another  # compiler. It's possible to engage Applink support in mingw64 build, @@ -511,7 +511,7 @@ my %table=(  # handling, one can't seriously consider its binaries for using with  # non-mingw64 run-time environment. And as mingw64 is always consistent  # with itself, Applink is never engaged and can as well be omitted. -"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE:::MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", +"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",  # UWIN   "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", @@ -547,7 +547,7 @@ my %table=(  ##### MacOS X (a.k.a. Rhapsody or Darwin) setup  "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", -"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",  "darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",  "darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",  "debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", @@ -1789,11 +1789,11 @@ EOF  	(system $make_command.$make_targets) == 0 or exit $?  		if $make_targets ne "";  	if ( $perl =~ m@^/@) { -	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); +	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');  	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');  	} else {  	    # No path for Perl known ... -	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); +	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";',  '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');  	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');  	}  	if ($depflags ne $default_depflags && !$make_depend) { diff --git a/openssl/FAQ b/openssl/FAQ index 2134e3af1..becee6663 100644 --- a/openssl/FAQ +++ b/openssl/FAQ @@ -79,7 +79,7 @@ OpenSSL  -  Frequently Asked Questions  * Which is the current version of OpenSSL?  The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.0 was released on Mar 29th, 2010. +OpenSSL 1.0.0a was released on Jun 1st, 2010.  In addition to the current stable release, you can also access daily  snapshots of the OpenSSL development version at <URL: @@ -722,7 +722,7 @@ file.  Multi-threaded applications must provide two callback functions to  OpenSSL by calling CRYPTO_set_locking_callback() and  CRYPTO_set_id_callback(), for all versions of OpenSSL up to and -including 0.9.8[abc...]. As of version 0.9.9, CRYPTO_set_id_callback() +including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()  and associated APIs are deprecated by CRYPTO_THREADID_set_callback()  and friends. This is described in the threads(3) manpage. diff --git a/openssl/Makefile b/openssl/Makefile index 830550e58..47bb99c40 100644 --- a/openssl/Makefile +++ b/openssl/Makefile @@ -4,7 +4,7 @@  ## Makefile for OpenSSL  ## -VERSION=1.0.0 +VERSION=1.0.0a  MAJOR=1  MINOR=0.0  SHLIB_VERSION_NUMBER=1.0.0 diff --git a/openssl/NEWS b/openssl/NEWS index 4fc76d10f..3a787ea06 100644 --- a/openssl/NEWS +++ b/openssl/NEWS @@ -5,6 +5,11 @@    This file gives a brief overview of the major changes between each OpenSSL    release. For more details please read the CHANGES file. +  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: + +      o Fix for security issue CVE-2010-1633. +      o GOST MAC and CFB fixes. +    Major changes between OpenSSL 0.9.8n and OpenSSL 1.0:        o RFC3280 path validation: sufficient to process PKITS tests. @@ -28,6 +33,14 @@        o Opaque PRF Input TLS extension support.        o Updated time routines to avoid OS limitations. +  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + +      o Fix for security issue CVE-2010-0742. +      o Various DTLS fixes. +      o Recognise SHA2 certificates if only SSL algorithms added. +      o Fix for no-rc4 compilation. +      o Chil ENGINE unload workaround. +    Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:        o CFB cipher definition fixes. diff --git a/openssl/README b/openssl/README index b649a66d1..c1d0a5fd5 100644 --- a/openssl/README +++ b/openssl/README @@ -1,7 +1,7 @@ - OpenSSL 1.0.0 29 Mar 2010 + OpenSSL 1.0.0a 1 Jun 2010 - Copyright (c) 1998-2009 The OpenSSL Project + Copyright (c) 1998-2010 The OpenSSL Project   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson   All rights reserved. diff --git a/openssl/apps/CA.com b/openssl/apps/CA.com index 02682e424..69b7bb3fd 100644 --- a/openssl/apps/CA.com +++ b/openssl/apps/CA.com @@ -114,8 +114,8 @@ $!  $   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""  $   THEN  $     READ '__INPUT' FILE - -	   /PROMT="CA certificate filename (or enter to create)" -$     IF F$SEARCH(FILE) .NES. "" +	   /PROMPT="CA certificate filename (or enter to create)" +$     IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")  $     THEN  $       COPY 'FILE' 'CATOP'.private'CAKEY'  $	RET=$STATUS diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c index 5dccea70d..acc50df04 100644 --- a/openssl/apps/apps.c +++ b/openssl/apps/apps.c @@ -875,10 +875,17 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,  	if (format == FORMAT_ENGINE)  		{  		if (!e) -			BIO_printf(bio_err,"no engine specified\n"); +			BIO_printf(err,"no engine specified\n");  		else +			{  			pkey = ENGINE_load_private_key(e, file,  				ui_method, &cb_data); +			if (!pkey)  +				{ +				BIO_printf(err,"cannot load %s from engine\n",key_descrip); +				ERR_print_errors(err); +				}	 +			}  		goto end;  		}  #endif @@ -923,7 +930,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,  				&pkey, NULL, NULL))  			goto end;  		} -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)  	else if (format == FORMAT_MSBLOB)  		pkey = b2i_PrivateKey_bio(key);  	else if (format == FORMAT_PVK) @@ -937,8 +944,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,  		}   end:  	if (key != NULL) BIO_free(key); -	if (pkey == NULL) +	if (pkey == NULL)  +		{  		BIO_printf(err,"unable to load %s\n", key_descrip); +		ERR_print_errors(err); +		}	  	return(pkey);  	} diff --git a/openssl/apps/dsa.c b/openssl/apps/dsa.c index 1109346f7..5222487ab 100644 --- a/openssl/apps/dsa.c +++ b/openssl/apps/dsa.c @@ -334,7 +334,7 @@ bad:  			i=PEM_write_bio_DSA_PUBKEY(out,dsa);  		else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,  							NULL,0,NULL, passout); -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)  	} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {  		EVP_PKEY *pk;  		pk = EVP_PKEY_new(); diff --git a/openssl/apps/makeapps.com b/openssl/apps/makeapps.com index b96c4a1c6..58f286562 100644 --- a/openssl/apps/makeapps.com +++ b/openssl/apps/makeapps.com @@ -25,7 +25,7 @@ $!	   VAXC	 For VAX C.  $!	   DECC	 For DEC C.  $!	   GNUC	 For GNU C.  $! -$!  If you don't speficy a compiler, it will try to determine which +$!  If you don't specify a compiler, it will try to determine which  $!  "C" compiler to use.  $!  $!  P3, if defined, sets a TCP/IP library to use, through one of the following @@ -52,7 +52,7 @@ $ THEN  $!  $!  The Architecture Is VAX.  $! -$   ARCH := VAX +$   ARCH = "VAX"  $!  $! Else...  $! @@ -555,7 +555,7 @@ $!    Time To EXIT.  $!  $     EXIT  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -770,7 +770,7 @@ $!  Set up default defines  $!  $   CCDEFS = """FLAT_INC=1""," + CCDEFS  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $! @@ -875,7 +875,7 @@ $!  Print info  $!  $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $! diff --git a/openssl/apps/rsa.c b/openssl/apps/rsa.c index b3c8aff7e..a17708fe9 100644 --- a/openssl/apps/rsa.c +++ b/openssl/apps/rsa.c @@ -409,7 +409,7 @@ bad:  			}  		else i=PEM_write_bio_RSAPrivateKey(out,rsa,  						enc,NULL,0,NULL,passout); -#ifndef OPENSSL_NO_DSA +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)  	} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {  		EVP_PKEY *pk;  		pk = EVP_PKEY_new(); diff --git a/openssl/crypto/aes/asm/aes-ppc.pl b/openssl/crypto/aes/asm/aes-ppc.pl index ce427655e..f82c5e181 100644 --- a/openssl/crypto/aes/asm/aes-ppc.pl +++ b/openssl/crypto/aes/asm/aes-ppc.pl @@ -16,6 +16,19 @@  # at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact -  # at 1/3 of ppc_AES_decrypt. +# February 2010 +# +# Rescheduling instructions to favour Power6 pipeline gives 10% +# performance improvement on the platfrom in question (and marginal +# improvement even on others). It should be noted that Power6 fails +# to process byte in 18 cycles, only in 23, because it fails to issue +# 4 load instructions in two cycles, only in 3. As result non-compact +# block subroutines are 25% slower than one would expect. Compact +# functions scale better, because they have pure computational part, +# which scales perfectly with clock frequency. To be specific +# ppc_AES_encrypt_compact operates at 42 cycles per byte, while +# ppc_AES_decrypt_compact - at 55 (in 64-bit build). +  $flavour = shift;  if ($flavour =~ /64/) { @@ -376,7 +389,7 @@ $code.=<<___;  	addi	$sp,$sp,$FRAME  	blr -.align	4 +.align	5  Lppc_AES_encrypt:  	lwz	$acc00,240($key)  	lwz	$t0,0($key) @@ -397,46 +410,46 @@ Lppc_AES_encrypt:  Lenc_loop:  	rlwinm	$acc00,$s0,`32-24+3`,21,28  	rlwinm	$acc01,$s1,`32-24+3`,21,28 -	lwz	$t0,0($key) -	lwz	$t1,4($key)  	rlwinm	$acc02,$s2,`32-24+3`,21,28  	rlwinm	$acc03,$s3,`32-24+3`,21,28 -	lwz	$t2,8($key) -	lwz	$t3,12($key) +	lwz	$t0,0($key) +	lwz	$t1,4($key)  	rlwinm	$acc04,$s1,`32-16+3`,21,28  	rlwinm	$acc05,$s2,`32-16+3`,21,28 -	lwzx	$acc00,$Tbl0,$acc00 -	lwzx	$acc01,$Tbl0,$acc01 +	lwz	$t2,8($key) +	lwz	$t3,12($key)  	rlwinm	$acc06,$s3,`32-16+3`,21,28  	rlwinm	$acc07,$s0,`32-16+3`,21,28 -	lwzx	$acc02,$Tbl0,$acc02 -	lwzx	$acc03,$Tbl0,$acc03 +	lwzx	$acc00,$Tbl0,$acc00 +	lwzx	$acc01,$Tbl0,$acc01  	rlwinm	$acc08,$s2,`32-8+3`,21,28  	rlwinm	$acc09,$s3,`32-8+3`,21,28 -	lwzx	$acc04,$Tbl1,$acc04 -	lwzx	$acc05,$Tbl1,$acc05 +	lwzx	$acc02,$Tbl0,$acc02 +	lwzx	$acc03,$Tbl0,$acc03  	rlwinm	$acc10,$s0,`32-8+3`,21,28  	rlwinm	$acc11,$s1,`32-8+3`,21,28 -	lwzx	$acc06,$Tbl1,$acc06 -	lwzx	$acc07,$Tbl1,$acc07 +	lwzx	$acc04,$Tbl1,$acc04 +	lwzx	$acc05,$Tbl1,$acc05  	rlwinm	$acc12,$s3,`0+3`,21,28  	rlwinm	$acc13,$s0,`0+3`,21,28 -	lwzx	$acc08,$Tbl2,$acc08 -	lwzx	$acc09,$Tbl2,$acc09 +	lwzx	$acc06,$Tbl1,$acc06 +	lwzx	$acc07,$Tbl1,$acc07  	rlwinm	$acc14,$s1,`0+3`,21,28  	rlwinm	$acc15,$s2,`0+3`,21,28 -	lwzx	$acc10,$Tbl2,$acc10 -	lwzx	$acc11,$Tbl2,$acc11 +	lwzx	$acc08,$Tbl2,$acc08 +	lwzx	$acc09,$Tbl2,$acc09  	xor	$t0,$t0,$acc00  	xor	$t1,$t1,$acc01 -	lwzx	$acc12,$Tbl3,$acc12 -	lwzx	$acc13,$Tbl3,$acc13 +	lwzx	$acc10,$Tbl2,$acc10 +	lwzx	$acc11,$Tbl2,$acc11  	xor	$t2,$t2,$acc02  	xor	$t3,$t3,$acc03 -	lwzx	$acc14,$Tbl3,$acc14 -	lwzx	$acc15,$Tbl3,$acc15 +	lwzx	$acc12,$Tbl3,$acc12 +	lwzx	$acc13,$Tbl3,$acc13  	xor	$t0,$t0,$acc04  	xor	$t1,$t1,$acc05 +	lwzx	$acc14,$Tbl3,$acc14 +	lwzx	$acc15,$Tbl3,$acc15  	xor	$t2,$t2,$acc06  	xor	$t3,$t3,$acc07  	xor	$t0,$t0,$acc08 @@ -452,60 +465,60 @@ Lenc_loop:  	addi	$Tbl2,$Tbl0,2048  	nop -	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Te4 -	lwz	$acc09,`2048+32`($Tbl0) -	lwz	$acc10,`2048+64`($Tbl0) -	lwz	$acc11,`2048+96`($Tbl0) -	lwz	$acc08,`2048+128`($Tbl0) -	lwz	$acc09,`2048+160`($Tbl0) -	lwz	$acc10,`2048+192`($Tbl0) -	lwz	$acc11,`2048+224`($Tbl0) -	rlwinm	$acc00,$s0,`32-24`,24,31 -	rlwinm	$acc01,$s1,`32-24`,24,31  	lwz	$t0,0($key)  	lwz	$t1,4($key) -	rlwinm	$acc02,$s2,`32-24`,24,31 -	rlwinm	$acc03,$s3,`32-24`,24,31 +	rlwinm	$acc00,$s0,`32-24`,24,31 +	rlwinm	$acc01,$s1,`32-24`,24,31  	lwz	$t2,8($key)  	lwz	$t3,12($key) +	rlwinm	$acc02,$s2,`32-24`,24,31 +	rlwinm	$acc03,$s3,`32-24`,24,31 +	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Te4 +	lwz	$acc09,`2048+32`($Tbl0)  	rlwinm	$acc04,$s1,`32-16`,24,31  	rlwinm	$acc05,$s2,`32-16`,24,31 -	lbzx	$acc00,$Tbl2,$acc00 -	lbzx	$acc01,$Tbl2,$acc01 +	lwz	$acc10,`2048+64`($Tbl0) +	lwz	$acc11,`2048+96`($Tbl0)  	rlwinm	$acc06,$s3,`32-16`,24,31  	rlwinm	$acc07,$s0,`32-16`,24,31 -	lbzx	$acc02,$Tbl2,$acc02 -	lbzx	$acc03,$Tbl2,$acc03 +	lwz	$acc12,`2048+128`($Tbl0) +	lwz	$acc13,`2048+160`($Tbl0)  	rlwinm	$acc08,$s2,`32-8`,24,31  	rlwinm	$acc09,$s3,`32-8`,24,31 -	lbzx	$acc04,$Tbl2,$acc04 -	lbzx	$acc05,$Tbl2,$acc05 +	lwz	$acc14,`2048+192`($Tbl0) +	lwz	$acc15,`2048+224`($Tbl0)  	rlwinm	$acc10,$s0,`32-8`,24,31  	rlwinm	$acc11,$s1,`32-8`,24,31 -	lbzx	$acc06,$Tbl2,$acc06 -	lbzx	$acc07,$Tbl2,$acc07 +	lbzx	$acc00,$Tbl2,$acc00 +	lbzx	$acc01,$Tbl2,$acc01  	rlwinm	$acc12,$s3,`0`,24,31  	rlwinm	$acc13,$s0,`0`,24,31 -	lbzx	$acc08,$Tbl2,$acc08 -	lbzx	$acc09,$Tbl2,$acc09 +	lbzx	$acc02,$Tbl2,$acc02 +	lbzx	$acc03,$Tbl2,$acc03  	rlwinm	$acc14,$s1,`0`,24,31  	rlwinm	$acc15,$s2,`0`,24,31 -	lbzx	$acc10,$Tbl2,$acc10 -	lbzx	$acc11,$Tbl2,$acc11 +	lbzx	$acc04,$Tbl2,$acc04 +	lbzx	$acc05,$Tbl2,$acc05  	rlwinm	$s0,$acc00,24,0,7  	rlwinm	$s1,$acc01,24,0,7 -	lbzx	$acc12,$Tbl2,$acc12 -	lbzx	$acc13,$Tbl2,$acc13 +	lbzx	$acc06,$Tbl2,$acc06 +	lbzx	$acc07,$Tbl2,$acc07  	rlwinm	$s2,$acc02,24,0,7  	rlwinm	$s3,$acc03,24,0,7 -	lbzx	$acc14,$Tbl2,$acc14 -	lbzx	$acc15,$Tbl2,$acc15 +	lbzx	$acc08,$Tbl2,$acc08 +	lbzx	$acc09,$Tbl2,$acc09  	rlwimi	$s0,$acc04,16,8,15  	rlwimi	$s1,$acc05,16,8,15 +	lbzx	$acc10,$Tbl2,$acc10 +	lbzx	$acc11,$Tbl2,$acc11  	rlwimi	$s2,$acc06,16,8,15  	rlwimi	$s3,$acc07,16,8,15 +	lbzx	$acc12,$Tbl2,$acc12 +	lbzx	$acc13,$Tbl2,$acc13  	rlwimi	$s0,$acc08,8,16,23  	rlwimi	$s1,$acc09,8,16,23 +	lbzx	$acc14,$Tbl2,$acc14 +	lbzx	$acc15,$Tbl2,$acc15  	rlwimi	$s2,$acc10,8,16,23  	rlwimi	$s3,$acc11,8,16,23  	or	$s0,$s0,$acc12 @@ -542,40 +555,40 @@ Lenc_compact_loop:  	rlwinm	$acc01,$s1,`32-24`,24,31  	rlwinm	$acc02,$s2,`32-24`,24,31  	rlwinm	$acc03,$s3,`32-24`,24,31 -	lbzx	$acc00,$Tbl1,$acc00 -	lbzx	$acc01,$Tbl1,$acc01  	rlwinm	$acc04,$s1,`32-16`,24,31  	rlwinm	$acc05,$s2,`32-16`,24,31 -	lbzx	$acc02,$Tbl1,$acc02 -	lbzx	$acc03,$Tbl1,$acc03  	rlwinm	$acc06,$s3,`32-16`,24,31  	rlwinm	$acc07,$s0,`32-16`,24,31 -	lbzx	$acc04,$Tbl1,$acc04 -	lbzx	$acc05,$Tbl1,$acc05 +	lbzx	$acc00,$Tbl1,$acc00 +	lbzx	$acc01,$Tbl1,$acc01  	rlwinm	$acc08,$s2,`32-8`,24,31  	rlwinm	$acc09,$s3,`32-8`,24,31 -	lbzx	$acc06,$Tbl1,$acc06 -	lbzx	$acc07,$Tbl1,$acc07 +	lbzx	$acc02,$Tbl1,$acc02 +	lbzx	$acc03,$Tbl1,$acc03  	rlwinm	$acc10,$s0,`32-8`,24,31  	rlwinm	$acc11,$s1,`32-8`,24,31 -	lbzx	$acc08,$Tbl1,$acc08 -	lbzx	$acc09,$Tbl1,$acc09 +	lbzx	$acc04,$Tbl1,$acc04 +	lbzx	$acc05,$Tbl1,$acc05  	rlwinm	$acc12,$s3,`0`,24,31  	rlwinm	$acc13,$s0,`0`,24,31 -	lbzx	$acc10,$Tbl1,$acc10 -	lbzx	$acc11,$Tbl1,$acc11 +	lbzx	$acc06,$Tbl1,$acc06 +	lbzx	$acc07,$Tbl1,$acc07  	rlwinm	$acc14,$s1,`0`,24,31  	rlwinm	$acc15,$s2,`0`,24,31 -	lbzx	$acc12,$Tbl1,$acc12 -	lbzx	$acc13,$Tbl1,$acc13 +	lbzx	$acc08,$Tbl1,$acc08 +	lbzx	$acc09,$Tbl1,$acc09  	rlwinm	$s0,$acc00,24,0,7  	rlwinm	$s1,$acc01,24,0,7 -	lbzx	$acc14,$Tbl1,$acc14 -	lbzx	$acc15,$Tbl1,$acc15 +	lbzx	$acc10,$Tbl1,$acc10 +	lbzx	$acc11,$Tbl1,$acc11  	rlwinm	$s2,$acc02,24,0,7  	rlwinm	$s3,$acc03,24,0,7 +	lbzx	$acc12,$Tbl1,$acc12 +	lbzx	$acc13,$Tbl1,$acc13  	rlwimi	$s0,$acc04,16,8,15  	rlwimi	$s1,$acc05,16,8,15 +	lbzx	$acc14,$Tbl1,$acc14 +	lbzx	$acc15,$Tbl1,$acc15  	rlwimi	$s2,$acc06,16,8,15  	rlwimi	$s3,$acc07,16,8,15  	rlwimi	$s0,$acc08,8,16,23 @@ -725,7 +738,7 @@ Lenc_compact_done:  	addi	$sp,$sp,$FRAME  	blr -.align	4 +.align	5  Lppc_AES_decrypt:  	lwz	$acc00,240($key)  	lwz	$t0,0($key) @@ -746,46 +759,46 @@ Lppc_AES_decrypt:  Ldec_loop:  	rlwinm	$acc00,$s0,`32-24+3`,21,28  	rlwinm	$acc01,$s1,`32-24+3`,21,28 -	lwz	$t0,0($key) -	lwz	$t1,4($key)  	rlwinm	$acc02,$s2,`32-24+3`,21,28  	rlwinm	$acc03,$s3,`32-24+3`,21,28 -	lwz	$t2,8($key) -	lwz	$t3,12($key) +	lwz	$t0,0($key) +	lwz	$t1,4($key)  	rlwinm	$acc04,$s3,`32-16+3`,21,28  	rlwinm	$acc05,$s0,`32-16+3`,21,28 -	lwzx	$acc00,$Tbl0,$acc00 -	lwzx	$acc01,$Tbl0,$acc01 +	lwz	$t2,8($key) +	lwz	$t3,12($key)  	rlwinm	$acc06,$s1,`32-16+3`,21,28  	rlwinm	$acc07,$s2,`32-16+3`,21,28 -	lwzx	$acc02,$Tbl0,$acc02 -	lwzx	$acc03,$Tbl0,$acc03 +	lwzx	$acc00,$Tbl0,$acc00 +	lwzx	$acc01,$Tbl0,$acc01  	rlwinm	$acc08,$s2,`32-8+3`,21,28  	rlwinm	$acc09,$s3,`32-8+3`,21,28 -	lwzx	$acc04,$Tbl1,$acc04 -	lwzx	$acc05,$Tbl1,$acc05 +	lwzx	$acc02,$Tbl0,$acc02 +	lwzx	$acc03,$Tbl0,$acc03  	rlwinm	$acc10,$s0,`32-8+3`,21,28  	rlwinm	$acc11,$s1,`32-8+3`,21,28 -	lwzx	$acc06,$Tbl1,$acc06 -	lwzx	$acc07,$Tbl1,$acc07 +	lwzx	$acc04,$Tbl1,$acc04 +	lwzx	$acc05,$Tbl1,$acc05  	rlwinm	$acc12,$s1,`0+3`,21,28  	rlwinm	$acc13,$s2,`0+3`,21,28 -	lwzx	$acc08,$Tbl2,$acc08 -	lwzx	$acc09,$Tbl2,$acc09 +	lwzx	$acc06,$Tbl1,$acc06 +	lwzx	$acc07,$Tbl1,$acc07  	rlwinm	$acc14,$s3,`0+3`,21,28  	rlwinm	$acc15,$s0,`0+3`,21,28 -	lwzx	$acc10,$Tbl2,$acc10 -	lwzx	$acc11,$Tbl2,$acc11 +	lwzx	$acc08,$Tbl2,$acc08 +	lwzx	$acc09,$Tbl2,$acc09  	xor	$t0,$t0,$acc00  	xor	$t1,$t1,$acc01 -	lwzx	$acc12,$Tbl3,$acc12 -	lwzx	$acc13,$Tbl3,$acc13 +	lwzx	$acc10,$Tbl2,$acc10 +	lwzx	$acc11,$Tbl2,$acc11  	xor	$t2,$t2,$acc02  	xor	$t3,$t3,$acc03 -	lwzx	$acc14,$Tbl3,$acc14 -	lwzx	$acc15,$Tbl3,$acc15 +	lwzx	$acc12,$Tbl3,$acc12 +	lwzx	$acc13,$Tbl3,$acc13  	xor	$t0,$t0,$acc04  	xor	$t1,$t1,$acc05 +	lwzx	$acc14,$Tbl3,$acc14 +	lwzx	$acc15,$Tbl3,$acc15  	xor	$t2,$t2,$acc06  	xor	$t3,$t3,$acc07  	xor	$t0,$t0,$acc08 @@ -801,56 +814,56 @@ Ldec_loop:  	addi	$Tbl2,$Tbl0,2048  	nop -	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Td4 -	lwz	$acc09,`2048+32`($Tbl0) -	lwz	$acc10,`2048+64`($Tbl0) -	lwz	$acc11,`2048+96`($Tbl0) -	lwz	$acc08,`2048+128`($Tbl0) -	lwz	$acc09,`2048+160`($Tbl0) -	lwz	$acc10,`2048+192`($Tbl0) -	lwz	$acc11,`2048+224`($Tbl0) -	rlwinm	$acc00,$s0,`32-24`,24,31 -	rlwinm	$acc01,$s1,`32-24`,24,31  	lwz	$t0,0($key)  	lwz	$t1,4($key) -	rlwinm	$acc02,$s2,`32-24`,24,31 -	rlwinm	$acc03,$s3,`32-24`,24,31 +	rlwinm	$acc00,$s0,`32-24`,24,31 +	rlwinm	$acc01,$s1,`32-24`,24,31  	lwz	$t2,8($key)  	lwz	$t3,12($key) +	rlwinm	$acc02,$s2,`32-24`,24,31 +	rlwinm	$acc03,$s3,`32-24`,24,31 +	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Td4 +	lwz	$acc09,`2048+32`($Tbl0)  	rlwinm	$acc04,$s3,`32-16`,24,31  	rlwinm	$acc05,$s0,`32-16`,24,31 +	lwz	$acc10,`2048+64`($Tbl0) +	lwz	$acc11,`2048+96`($Tbl0)  	lbzx	$acc00,$Tbl2,$acc00  	lbzx	$acc01,$Tbl2,$acc01 +	lwz	$acc12,`2048+128`($Tbl0) +	lwz	$acc13,`2048+160`($Tbl0)  	rlwinm	$acc06,$s1,`32-16`,24,31  	rlwinm	$acc07,$s2,`32-16`,24,31 -	lbzx	$acc02,$Tbl2,$acc02 -	lbzx	$acc03,$Tbl2,$acc03 +	lwz	$acc14,`2048+192`($Tbl0) +	lwz	$acc15,`2048+224`($Tbl0)  	rlwinm	$acc08,$s2,`32-8`,24,31  	rlwinm	$acc09,$s3,`32-8`,24,31 -	lbzx	$acc04,$Tbl2,$acc04 -	lbzx	$acc05,$Tbl2,$acc05 +	lbzx	$acc02,$Tbl2,$acc02 +	lbzx	$acc03,$Tbl2,$acc03  	rlwinm	$acc10,$s0,`32-8`,24,31  	rlwinm	$acc11,$s1,`32-8`,24,31 -	lbzx	$acc06,$Tbl2,$acc06 -	lbzx	$acc07,$Tbl2,$acc07 +	lbzx	$acc04,$Tbl2,$acc04 +	lbzx	$acc05,$Tbl2,$acc05  	rlwinm	$acc12,$s1,`0`,24,31  	rlwinm	$acc13,$s2,`0`,24,31 -	lbzx	$acc08,$Tbl2,$acc08 -	lbzx	$acc09,$Tbl2,$acc09 +	lbzx	$acc06,$Tbl2,$acc06 +	lbzx	$acc07,$Tbl2,$acc07  	rlwinm	$acc14,$s3,`0`,24,31  	rlwinm	$acc15,$s0,`0`,24,31 -	lbzx	$acc10,$Tbl2,$acc10 -	lbzx	$acc11,$Tbl2,$acc11 +	lbzx	$acc08,$Tbl2,$acc08 +	lbzx	$acc09,$Tbl2,$acc09  	rlwinm	$s0,$acc00,24,0,7  	rlwinm	$s1,$acc01,24,0,7 -	lbzx	$acc12,$Tbl2,$acc12 -	lbzx	$acc13,$Tbl2,$acc13 +	lbzx	$acc10,$Tbl2,$acc10 +	lbzx	$acc11,$Tbl2,$acc11  	rlwinm	$s2,$acc02,24,0,7  	rlwinm	$s3,$acc03,24,0,7 -	lbzx	$acc14,$Tbl2,$acc14 -	lbzx	$acc15,$Tbl2,$acc15 +	lbzx	$acc12,$Tbl2,$acc12 +	lbzx	$acc13,$Tbl2,$acc13  	rlwimi	$s0,$acc04,16,8,15  	rlwimi	$s1,$acc05,16,8,15 +	lbzx	$acc14,$Tbl2,$acc14 +	lbzx	$acc15,$Tbl2,$acc15  	rlwimi	$s2,$acc06,16,8,15  	rlwimi	$s3,$acc07,16,8,15  	rlwimi	$s0,$acc08,8,16,23 @@ -897,40 +910,40 @@ Ldec_compact_loop:  	rlwinm	$acc01,$s1,`32-24`,24,31  	rlwinm	$acc02,$s2,`32-24`,24,31  	rlwinm	$acc03,$s3,`32-24`,24,31 -	lbzx	$acc00,$Tbl1,$acc00 -	lbzx	$acc01,$Tbl1,$acc01  	rlwinm	$acc04,$s3,`32-16`,24,31  	rlwinm	$acc05,$s0,`32-16`,24,31 -	lbzx	$acc02,$Tbl1,$acc02 -	lbzx	$acc03,$Tbl1,$acc03  	rlwinm	$acc06,$s1,`32-16`,24,31  	rlwinm	$acc07,$s2,`32-16`,24,31 -	lbzx	$acc04,$Tbl1,$acc04 -	lbzx	$acc05,$Tbl1,$acc05 +	lbzx	$acc00,$Tbl1,$acc00 +	lbzx	$acc01,$Tbl1,$acc01  	rlwinm	$acc08,$s2,`32-8`,24,31  	rlwinm	$acc09,$s3,`32-8`,24,31 -	lbzx	$acc06,$Tbl1,$acc06 -	lbzx	$acc07,$Tbl1,$acc07 +	lbzx	$acc02,$Tbl1,$acc02 +	lbzx	$acc03,$Tbl1,$acc03  	rlwinm	$acc10,$s0,`32-8`,24,31  	rlwinm	$acc11,$s1,`32-8`,24,31 -	lbzx	$acc08,$Tbl1,$acc08 -	lbzx	$acc09,$Tbl1,$acc09 +	lbzx	$acc04,$Tbl1,$acc04 +	lbzx	$acc05,$Tbl1,$acc05  	rlwinm	$acc12,$s1,`0`,24,31  	rlwinm	$acc13,$s2,`0`,24,31 -	lbzx	$acc10,$Tbl1,$acc10 -	lbzx	$acc11,$Tbl1,$acc11 +	lbzx	$acc06,$Tbl1,$acc06 +	lbzx	$acc07,$Tbl1,$acc07  	rlwinm	$acc14,$s3,`0`,24,31  	rlwinm	$acc15,$s0,`0`,24,31 -	lbzx	$acc12,$Tbl1,$acc12 -	lbzx	$acc13,$Tbl1,$acc13 +	lbzx	$acc08,$Tbl1,$acc08 +	lbzx	$acc09,$Tbl1,$acc09  	rlwinm	$s0,$acc00,24,0,7  	rlwinm	$s1,$acc01,24,0,7 -	lbzx	$acc14,$Tbl1,$acc14 -	lbzx	$acc15,$Tbl1,$acc15 +	lbzx	$acc10,$Tbl1,$acc10 +	lbzx	$acc11,$Tbl1,$acc11  	rlwinm	$s2,$acc02,24,0,7  	rlwinm	$s3,$acc03,24,0,7 +	lbzx	$acc12,$Tbl1,$acc12 +	lbzx	$acc13,$Tbl1,$acc13  	rlwimi	$s0,$acc04,16,8,15  	rlwimi	$s1,$acc05,16,8,15 +	lbzx	$acc14,$Tbl1,$acc14 +	lbzx	$acc15,$Tbl1,$acc15  	rlwimi	$s2,$acc06,16,8,15  	rlwimi	$s3,$acc07,16,8,15  	rlwimi	$s0,$acc08,8,16,23 diff --git a/openssl/crypto/bio/b_sock.c b/openssl/crypto/bio/b_sock.c index 5ea621c0c..12b0a53a8 100644 --- a/openssl/crypto/bio/b_sock.c +++ b/openssl/crypto/bio/b_sock.c @@ -731,7 +731,14 @@ again:  #ifdef SO_REUSEADDR  		err_num=get_last_socket_error();  		if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && +#ifdef OPENSSL_SYS_WINDOWS +			/* Some versions of Windows define EADDRINUSE to +			 * a dummy value. +			 */ +			(err_num == WSAEADDRINUSE)) +#else  			(err_num == EADDRINUSE)) +#endif  			{  			client = server;  			if (h == NULL || strcmp(h,"*") == 0) diff --git a/openssl/crypto/bio/bss_file.c b/openssl/crypto/bio/bss_file.c index ba4f8e994..8bfa0bcd9 100644 --- a/openssl/crypto/bio/bss_file.c +++ b/openssl/crypto/bio/bss_file.c @@ -118,10 +118,47 @@ static BIO_METHOD methods_filep=  BIO *BIO_new_file(const char *filename, const char *mode)  	{ -	BIO *ret; -	FILE *file; +	BIO  *ret; +	FILE *file=NULL; + +#if defined(_WIN32) && defined(CP_UTF8) +	int sz, len_0 = (int)strlen(filename)+1; + +	/* +	 * Basically there are three cases to cover: a) filename is +	 * pure ASCII string; b) actual UTF-8 encoded string and +	 * c) locale-ized string, i.e. one containing 8-bit +	 * characters that are meaningful in current system locale. +	 * If filename is pure ASCII or real UTF-8 encoded string, +	 * MultiByteToWideChar succeeds and _wfopen works. If +	 * filename is locale-ized string, chances are that +	 * MultiByteToWideChar fails reporting +	 * ERROR_NO_UNICODE_TRANSLATION, in which case we fall +	 * back to fopen... +	 */ +	if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, +					filename,len_0,NULL,0))>0) +		{ +		WCHAR  wmode[8]; +		WCHAR *wfilename = _alloca(sz*sizeof(WCHAR)); -	if ((file=fopen(filename,mode)) == NULL) +		if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, +					filename,len_0,wfilename,sz) && +		    MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1, +			    		wmode,sizeof(wmode)/sizeof(wmode[0])) && +		    (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT +		   )	/* UTF-8 decode succeeded, but no file, filename +			 * could still have been locale-ized... */ +			file = fopen(filename,mode); +		} +	else if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION) +		{ +		file = fopen(filename,mode); +		} +#else +	file=fopen(filename,mode);	 +#endif +	if (file == NULL)  		{  		SYSerr(SYS_F_FOPEN,get_last_sys_error());  		ERR_add_error_data(5,"fopen('",filename,"','",mode,"')"); diff --git a/openssl/crypto/bn/asm/alpha-mont.pl b/openssl/crypto/bn/asm/alpha-mont.pl index 7a2cc3173..f7e0ca164 100644 --- a/openssl/crypto/bn/asm/alpha-mont.pl +++ b/openssl/crypto/bn/asm/alpha-mont.pl @@ -53,15 +53,15 @@ $code=<<___;  .align	5  .ent	bn_mul_mont  bn_mul_mont: -	lda	sp,-40(sp) +	lda	sp,-48(sp)  	stq	ra,0(sp)  	stq	s3,8(sp)  	stq	s4,16(sp)  	stq	s5,24(sp)  	stq	fp,32(sp)  	mov	sp,fp -	.mask	0x0400f000,-40 -	.frame	fp,40,ra +	.mask	0x0400f000,-48 +	.frame	fp,48,ra  	.prologue 0  	.align	4 @@ -306,7 +306,7 @@ bn_mul_mont:  	ldq	s4,16(sp)  	ldq	s5,24(sp)  	ldq	fp,32(sp) -	lda	sp,40(sp) +	lda	sp,48(sp)  	ret	(ra)  .end	bn_mul_mont  .rdata diff --git a/openssl/crypto/cms/cms_asn1.c b/openssl/crypto/cms/cms_asn1.c index 7f7132c3b..fcba4dcbc 100644 --- a/openssl/crypto/cms/cms_asn1.c +++ b/openssl/crypto/cms/cms_asn1.c @@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {  } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)  ASN1_SEQUENCE(CMS_OriginatorInfo) = { -	ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), -	ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) +	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), +	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)  } ASN1_SEQUENCE_END(CMS_OriginatorInfo)  ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { diff --git a/openssl/crypto/cryptlib.c b/openssl/crypto/cryptlib.c index 9a39d7e17..b4449b86d 100644 --- a/openssl/crypto/cryptlib.c +++ b/openssl/crypto/cryptlib.c @@ -749,6 +749,18 @@ int OPENSSL_isservice(void)  { HWINSTA h;    DWORD len;    WCHAR *name; +  static union { void *p; int (*f)(void); } _OPENSSL_isservice = { NULL }; + +    if (_OPENSSL_isservice.p == NULL) { +	HANDLE h = GetModuleHandle(NULL); +	if (h != NULL) +	    _OPENSSL_isservice.p = GetProcAddress(h,"_OPENSSL_isservice"); +	if (_OPENSSL_isservice.p == NULL) +	    _OPENSSL_isservice.p = (void *)-1; +    } + +    if (_OPENSSL_isservice.p != (void *)-1) +	return (*_OPENSSL_isservice.f)();      (void)GetDesktopWindow(); /* return value is ignored */ diff --git a/openssl/crypto/crypto-lib.com b/openssl/crypto/crypto-lib.com index 8fa56dd2e..a4b663509 100644 --- a/openssl/crypto/crypto-lib.com +++ b/openssl/crypto/crypto-lib.com @@ -60,7 +60,7 @@ $ THEN  $!  $!  The Architecture Is VAX  $! -$   ARCH := VAX +$   ARCH = "VAX"  $!  $! Else...  $! @@ -80,9 +80,11 @@ $! NOTE: Some might think this list ugly.  However, it's made this way to  $! reflect the SDIRS variable in [-]Makefile.org as closely as possible,  $! thereby making it fairly easy to verify that the lists are the same.  $! +$ ET_WHIRLPOOL = "WHRLPOOL" +$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""  $ ENCRYPT_TYPES = "Basic,"+ -  		  "OBJECTS,"+ - -		  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,"+ - +		  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -  		  "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -  		  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -  		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - @@ -367,7 +369,7 @@ $!  $ IF F$TYPE('LIB_MODULE') .EQS. ""  $ THEN  $   WRITE SYS$ERROR "" -$   WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist.  Continuing..." +$   WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist.  Continuing..."  $   WRITE SYS$ERROR ""  $   GOTO MODULE_NEXT  $ ENDIF @@ -777,12 +779,12 @@ $! Else...  $!  $ ELSE  $! -$!  Else, Check To See If P1 Has A Valid Arguement. +$!  Else, Check To See If P1 Has A Valid Argument.  $!  $   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")  $   THEN  $! -$!    A Valid Arguement. +$!    A Valid Argument.  $!  $     BUILDALL = P1  $! @@ -810,7 +812,7 @@ $!    Time To EXIT.  $!  $     EXIT  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -863,7 +865,7 @@ $!    Time To EXIT.  $!  $     EXIT  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -1034,7 +1036,7 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -  	 THEN CC = "CC/DECC"  $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -             "/NOLIST/PREFIX=ALL" + - -	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - +	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -  	   CCEXTRAFLAGS  $!  $!    Define The Linker Options File Name. @@ -1068,7 +1070,7 @@ $	EXIT  $     ENDIF  $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"  $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - -	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - +	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -  	   CCEXTRAFLAGS  $     CCDEFS = """VAXC""," + CCDEFS  $! @@ -1100,7 +1102,7 @@ $!  $!    Use GNU C...  $!  $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - -	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - +	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -  	   CCEXTRAFLAGS  $!  $!    Define The Linker Options File Name. @@ -1150,7 +1152,7 @@ $!  Show user the result  $!  $   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $! @@ -1168,7 +1170,7 @@ $!  Time To EXIT.  $!  $   EXIT  $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check.  $!  $ ENDIF  $! @@ -1263,7 +1265,7 @@ $!  Print info  $!  $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $! diff --git a/openssl/crypto/des/des-lib.com b/openssl/crypto/des/des-lib.com index afc260764..348f1c047 100644 --- a/openssl/crypto/des/des-lib.com +++ b/openssl/crypto/des/des-lib.com @@ -659,13 +659,13 @@ $! Else...  $!  $ ELSE  $! -$!  Else, Check To See If P1 Has A Valid Arguement. +$!  Else, Check To See If P1 Has A Valid Argument.  $!  $   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -         .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")  $   THEN  $! -$!    A Valid Arguement. +$!    A Valid Argument.  $!  $     BUILDALL = P1  $! @@ -678,7 +678,7 @@ $!  $     WRITE SYS$OUTPUT ""  $     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"  $     WRITE SYS$OUTPUT "" -$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything. +$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."  $     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."  $     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."  $     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program." @@ -697,7 +697,7 @@ $!    Time To EXIT.  $!  $     EXIT  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -754,7 +754,7 @@ $!    Time To EXIT.  $!  $     EXIT  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -978,7 +978,7 @@ $!  Show user the result  $!  $   WRITE SYS$OUTPUT "Main Compiling Command: ",CC  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $! diff --git a/openssl/crypto/des/rpc_des.h b/openssl/crypto/des/rpc_des.h index 4cbb4d2dc..41328d796 100644 --- a/openssl/crypto/des/rpc_des.h +++ b/openssl/crypto/des/rpc_des.h @@ -122,10 +122,10 @@ struct desparams {  /*   * Encrypt an arbitrary sized buffer   */ -#define	DESIOCBLOCK	_IOWR(d, 6, struct desparams) +#define	DESIOCBLOCK	_IOWR('d', 6, struct desparams)  /*    * Encrypt of small amount of data, quickly   */ -#define DESIOCQUICK	_IOWR(d, 7, struct desparams)  +#define DESIOCQUICK	_IOWR('d', 7, struct desparams)  diff --git a/openssl/crypto/dsa/dsa_ameth.c b/openssl/crypto/dsa/dsa_ameth.c index 5482330c8..6413aae46 100644 --- a/openssl/crypto/dsa/dsa_ameth.c +++ b/openssl/crypto/dsa/dsa_ameth.c @@ -209,7 +209,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)  	if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))  		{  		ASN1_TYPE *t1, *t2; -	    	if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))); +	    	if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))  			goto decerr;  		if (sk_ASN1_TYPE_num(ndsa) != 2)  			goto decerr; diff --git a/openssl/crypto/err/err_prn.c b/openssl/crypto/err/err_prn.c index de32f332c..a0168ac8e 100644 --- a/openssl/crypto/err/err_prn.c +++ b/openssl/crypto/err/err_prn.c @@ -81,7 +81,8 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),  		ERR_error_string_n(l, buf, sizeof buf);  		BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,  			file, line, (flags & ERR_TXT_STRING) ? data : ""); -		cb(buf2, strlen(buf2), u); +		if (cb(buf2, strlen(buf2), u) <= 0) +			break; /* abort outputting the error report */  		}  	} diff --git a/openssl/crypto/evp/bio_b64.c b/openssl/crypto/evp/bio_b64.c index fa5cbc7eb..72a2a6727 100644 --- a/openssl/crypto/evp/bio_b64.c +++ b/openssl/crypto/evp/bio_b64.c @@ -64,7 +64,7 @@  static int b64_write(BIO *h, const char *buf, int num);  static int b64_read(BIO *h, char *buf, int size); -/*static int b64_puts(BIO *h, const char *str); */ +static int b64_puts(BIO *h, const char *str);  /*static int b64_gets(BIO *h, char *str, int size); */  static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);  static int b64_new(BIO *h); @@ -96,7 +96,7 @@ static BIO_METHOD methods_b64=  	BIO_TYPE_BASE64,"base64 encoding",  	b64_write,  	b64_read, -	NULL, /* b64_puts, */ +	b64_puts,  	NULL, /* b64_gets, */  	b64_ctrl,  	b64_new, @@ -127,6 +127,7 @@ static int b64_new(BIO *bi)  	bi->init=1;  	bi->ptr=(char *)ctx;  	bi->flags=0; +	bi->num = 0;  	return(1);  	} @@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl)  	if ((ctx == NULL) || (b->next_bio == NULL)) return(0); +	BIO_clear_retry_flags(b); +  	if (ctx->encode != B64_DECODE)  		{  		ctx->encode=B64_DECODE; @@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl)  	/* First check if there are bytes decoded/encoded */  	if (ctx->buf_len > 0)  		{ +		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);  		i=ctx->buf_len-ctx->buf_off;  		if (i > outl) i=outl;  		OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); @@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl)  	ret_code=0;  	while (outl > 0)  		{ -  		if (ctx->cont <= 0)  			break; @@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl)  			{  			ret_code=i; -			/* Should be continue next time we are called? */ +			/* Should we continue next time we are called? */  			if (!BIO_should_retry(b->next_bio))  				{  				ctx->cont=i; @@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl)  				continue;  				}  			else +			{  				ctx->tmp_len=0;  			} -		/* If buffer isn't full and we can retry then -		 * restart to read in more data. -		 */ +		}  		else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) +		{ +			/* If buffer isn't full and we can retry then +			 * restart to read in more data. +			 */  			continue; +		}  		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)  			{  			int z,jj; +#if 0  			jj=(i>>2)<<2; +#else +			jj = i & ~3; /* process per 4 */ +#endif  			z=EVP_DecodeBlock((unsigned char *)ctx->buf,  				(unsigned char *)ctx->tmp,jj);  			if (jj > 2) @@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl)  			 * number consumed */  			if (jj != i)  				{ -				memcpy((unsigned char *)ctx->tmp, -					(unsigned char *)&(ctx->tmp[jj]),i-jj); +				memmove(ctx->tmp, &ctx->tmp[jj], i-jj);  				ctx->tmp_len=i-jj;  				}  			ctx->buf_len=0;  			if (z > 0)  				{  				ctx->buf_len=z; -				i=1;  				} -			else -				i=z; +			i=z;  			}  		else  			{ @@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl)  		outl-=i;  		out+=i;  		} -	BIO_clear_retry_flags(b); +	/* BIO_clear_retry_flags(b); */  	BIO_copy_next_retry(b);  	return((ret == 0)?ret_code:ret);  	}  static int b64_write(BIO *b, const char *in, int inl)  	{ -	int ret=inl,n,i; +	int ret=0; +	int n; +	int i;  	BIO_B64_CTX *ctx;  	ctx=(BIO_B64_CTX *)b->ptr; @@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl)  		EVP_EncodeInit(&(ctx->base64));  		} +	OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); +	OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); +	OPENSSL_assert(ctx->buf_len >= ctx->buf_off);  	n=ctx->buf_len-ctx->buf_off;  	while (n > 0)  		{ @@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl)  			BIO_copy_next_retry(b);  			return(i);  			} +		OPENSSL_assert(i <= n);  		ctx->buf_off+=i; +		OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); +		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);  		n-=i;  		}  	/* at this point all pending data has been written */ @@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl)  			{  			if (ctx->tmp_len > 0)  				{ +				OPENSSL_assert(ctx->tmp_len <= 3);  				n=3-ctx->tmp_len; -				/* There's a teoretical possibility for this */ +				/* There's a theoretical possibility for this */  				if (n > inl)   					n=inl;  				memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);  				ctx->tmp_len+=n; +				ret += n;  				if (ctx->tmp_len < 3)  					break; -				ctx->buf_len=EVP_EncodeBlock( -					(unsigned char *)ctx->buf, -					(unsigned char *)ctx->tmp, -					ctx->tmp_len); +				ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len); +				OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); +				OPENSSL_assert(ctx->buf_len >= ctx->buf_off);  				/* Since we're now done using the temporary  				   buffer, the length should be 0'd */  				ctx->tmp_len=0; @@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl)  				{  				if (n < 3)  					{ -					memcpy(&(ctx->tmp[0]),in,n); +					memcpy(ctx->tmp,in,n);  					ctx->tmp_len=n; +					ret += n;  					break;  					}  				n-=n%3; -				ctx->buf_len=EVP_EncodeBlock( -					(unsigned char *)ctx->buf, -					(unsigned char *)in,n); +				ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n); +				OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); +				OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +				ret += n;  				}  			}  		else @@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl)  			EVP_EncodeUpdate(&(ctx->base64),  				(unsigned char *)ctx->buf,&ctx->buf_len,  				(unsigned char *)in,n); +			OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); +			OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +			ret += n;  			}  		inl-=n;  		in+=n; @@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl)  				BIO_copy_next_retry(b);  				return((ret == 0)?i:ret);  				} +			OPENSSL_assert(i <= n);  			n-=i;  			ctx->buf_off+=i; +			OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); +			OPENSSL_assert(ctx->buf_len >= ctx->buf_off);  			}  		ctx->buf_len=0;  		ctx->buf_off=0; @@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)  			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);  		break;  	case BIO_CTRL_WPENDING: /* More to write in buffer */ +		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);  		ret=ctx->buf_len-ctx->buf_off;  		if ((ret == 0) && (ctx->encode != B64_NONE)  			&& (ctx->base64.num != 0)) @@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)  			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);  		break;  	case BIO_CTRL_PENDING: /* More to read in buffer */ +		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);  		ret=ctx->buf_len-ctx->buf_off;  		if (ret <= 0)  			ret=BIO_ctrl(b->next_bio,cmd,num,ptr); @@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)  	return(ret);  	} +static int b64_puts(BIO *b, const char *str) +	{ +	return b64_write(b,str,strlen(str)); +	} diff --git a/openssl/crypto/evp/pmeth_lib.c b/openssl/crypto/evp/pmeth_lib.c index 4a05f0b13..b2d8de3a8 100644 --- a/openssl/crypto/evp/pmeth_lib.c +++ b/openssl/crypto/evp/pmeth_lib.c @@ -177,6 +177,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)  	ret->operation = EVP_PKEY_OP_UNDEFINED;  	ret->pkey = pkey;  	ret->peerkey = NULL; +	ret->pkey_gencb = 0;  	if (pkey)  		CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);  	ret->data = NULL; diff --git a/openssl/crypto/md5/asm/md5-ia64.S b/openssl/crypto/md5/asm/md5-ia64.S index 2f9818aec..e7de08d46 100644 --- a/openssl/crypto/md5/asm/md5-ia64.S +++ b/openssl/crypto/md5/asm/md5-ia64.S @@ -914,7 +914,7 @@ md5_digest_block##offset:						\  	nop 0x0 ;							\  	br.cond.sptk.many md5_digest_GHI ;				\  } ;;									\ -	.endp md5digestBlock ## offset +	.endp md5_digest_block##offset  MD5FBLOCK(1)  MD5FBLOCK(2) diff --git a/openssl/crypto/modes/cfb128.c b/openssl/crypto/modes/cfb128.c index 98f4cf315..e5938c613 100644 --- a/openssl/crypto/modes/cfb128.c +++ b/openssl/crypto/modes/cfb128.c @@ -96,15 +96,15 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,  #endif  		while (len>=16) {  			(*block)(ivec, ivec, key); -			for (n=0; n<16; n+=sizeof(size_t)) { +			for (; n<16; n+=sizeof(size_t)) {  				*(size_t*)(out+n) =  				*(size_t*)(ivec+n) ^= *(size_t*)(in+n);  			}  			len -= 16;  			out += 16;  			in  += 16; +			n = 0;  		} -		n = 0;  		if (len) {  			(*block)(ivec, ivec, key);  			while (len--) { @@ -141,7 +141,7 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,  #endif  		while (len>=16) {  			(*block)(ivec, ivec, key); -			for (n=0; n<16; n+=sizeof(size_t)) { +			for (; n<16; n+=sizeof(size_t)) {  				size_t t = *(size_t*)(in+n);  				*(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;  				*(size_t*)(ivec+n) = t; @@ -149,8 +149,8 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,  			len -= 16;  			out += 16;  			in  += 16; +			n = 0;  		} -		n = 0;  		if (len) {  			(*block)(ivec, ivec, key);  			while (len--) { diff --git a/openssl/crypto/modes/ctr128.c b/openssl/crypto/modes/ctr128.c index bd84f4152..932037f55 100644 --- a/openssl/crypto/modes/ctr128.c +++ b/openssl/crypto/modes/ctr128.c @@ -61,14 +61,11 @@  typedef unsigned int u32;  typedef unsigned char u8; -# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3])) -# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); } -  #define STRICT_ALIGNMENT -#if defined(__i386) || defined(__i386__) || \ -    defined(__x86_64) || defined(__x86_64__) || \ -    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ -    defined(__s390__) || defined(__s390x__) +#if defined(__i386)	|| defined(__i386__)	|| \ +    defined(__x86_64)	|| defined(__x86_64__)	|| \ +    defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64) || \ +    defined(__s390__)	|| defined(__s390x__)  #  undef STRICT_ALIGNMENT  #endif @@ -77,18 +74,19 @@ typedef unsigned char u8;  /* increment counter (128-bit int) by 1 */  static void ctr128_inc(unsigned char *counter) { -	u32 c,n=16; +	u32 n=16; +	u8  c;  	do { -		n -= 4; -		c = GETU32(counter+n); -		++c;	c &= 0xFFFFFFFF; -		PUTU32(counter + n, c); +		--n; +		c = counter[n]; +		++c; +		counter[n] = c;  		if (c) return;  	} while (n);  } -#if !defined(OPENSSL_SMALL_FOORPRINT) +#if !defined(OPENSSL_SMALL_FOOTPRINT)  static void ctr128_inc_aligned(unsigned char *counter) {  	size_t *data,c,n;  	const union { long one; char little; } is_endian = {1}; @@ -151,14 +149,14 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,  		while (len>=16) {  			(*block)(ivec, ecount_buf, key);  			ctr128_inc_aligned(ivec); -			for (n=0; n<16; n+=sizeof(size_t)) +			for (; n<16; n+=sizeof(size_t))  				*(size_t *)(out+n) =  				*(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n);  			len -= 16;  			out += 16;  			in  += 16; +			n = 0;  		} -		n = 0;  		if (len) {  			(*block)(ivec, ecount_buf, key);   			ctr128_inc_aligned(ivec); diff --git a/openssl/crypto/modes/ofb128.c b/openssl/crypto/modes/ofb128.c index 09b343003..c732e2ec5 100644 --- a/openssl/crypto/modes/ofb128.c +++ b/openssl/crypto/modes/ofb128.c @@ -95,14 +95,14 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,  #endif  		while (len>=16) {  			(*block)(ivec, ivec, key); -			for (n=0; n<16; n+=sizeof(size_t)) +			for (; n<16; n+=sizeof(size_t))  				*(size_t*)(out+n) =  				*(size_t*)(in+n) ^ *(size_t*)(ivec+n);  			len -= 16;  			out += 16;  			in  += 16; +			n = 0;  		} -		n = 0;  		if (len) {  			(*block)(ivec, ivec, key);  			while (len--) { diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h index cbe52648d..2fb110fa0 100644 --- a/openssl/crypto/opensslv.h +++ b/openssl/crypto/opensslv.h @@ -25,11 +25,11 @@   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for   *  major minor fix final patch/beta)   */ -#define OPENSSL_VERSION_NUMBER	0x1000000fL +#define OPENSSL_VERSION_NUMBER	0x1000001fL  #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-fips 29 Mar 2010" +#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0a-fips 1 Jun 2010"  #else -#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0 29 Mar 2010" +#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0a 1 Jun 2010"  #endif  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT diff --git a/openssl/crypto/pem/pem.h b/openssl/crypto/pem/pem.h index 22231c26d..8a6ababe3 100644 --- a/openssl/crypto/pem/pem.h +++ b/openssl/crypto/pem/pem.h @@ -548,10 +548,11 @@ EVP_PKEY *b2i_PrivateKey_bio(BIO *in);  EVP_PKEY *b2i_PublicKey_bio(BIO *in);  int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);  int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); - +#ifndef OPENSSL_NO_RC4  EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);  int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,  		pem_password_cb *cb, void *u); +#endif  /* BEGIN ERROR CODES */ diff --git a/openssl/crypto/pem/pvkfmt.c b/openssl/crypto/pem/pvkfmt.c index 11e1f10f5..d998a67fa 100644 --- a/openssl/crypto/pem/pvkfmt.c +++ b/openssl/crypto/pem/pvkfmt.c @@ -654,6 +654,8 @@ int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)  	return do_i2b_bio(out, pk, 1);  	} +#ifndef OPENSSL_NO_RC4 +  static int do_PVK_header(const unsigned char **in, unsigned int length,  		int skip_magic,  	       	unsigned int *psaltlen, unsigned int *pkeylen) @@ -934,4 +936,7 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,  		}  	return -1;  	} + +#endif +  #endif diff --git a/openssl/crypto/perlasm/x86_64-xlate.pl b/openssl/crypto/perlasm/x86_64-xlate.pl index d89765d7e..354673acc 100644 --- a/openssl/crypto/perlasm/x86_64-xlate.pl +++ b/openssl/crypto/perlasm/x86_64-xlate.pl @@ -55,6 +55,8 @@  #    Win64 prologue copies %rsp value to %rax. For further details  #    see SEH paragraph at the end.  # 9. .init segment is allowed to contain calls to functions only. +# a. If function accepts more than 4 arguments *and* >4th argument +#    is declared as non 64-bit value, do clear its upper part.  my $flavour = shift;  my $output  = shift; @@ -80,7 +82,10 @@ my $PTR=" PTR";  my $nasmref=2.03;  my $nasm=0; -if    ($flavour eq "mingw64")	{ $gas=1; $elf=0; $win64=1; $prefix="_"; } +if    ($flavour eq "mingw64")	{ $gas=1; $elf=0; $win64=1; +				  $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`; +				  chomp($prefix); +				}  elsif ($flavour eq "macosx")	{ $gas=1; $elf=0; $prefix="_"; $decor="L\$"; }  elsif ($flavour eq "masm")	{ $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; }  elsif ($flavour eq "nasm")	{ $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; } @@ -115,7 +120,9 @@ my %globals;  		$self->{op} = $1;  		$self->{sz} = "b";  	    } elsif ($self->{op} =~ /call|jmp/) { -		$self->{sz} = "" +		$self->{sz} = ""; +	    } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op)/) { # SSEn +		$self->{sz} = "";  	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {  		$self->{op} = $1;  		$self->{sz} = $2; @@ -191,7 +198,7 @@ my %globals;  	if ($gas) {  	    # Solaris /usr/ccs/bin/as can't handle multiplications  	    # in $self->{value} -	    $self->{value} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi; +	    $self->{value} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;  	    $self->{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;  	    sprintf "\$%s",$self->{value};  	} else { @@ -243,7 +250,7 @@ my %globals;  	    # Solaris /usr/ccs/bin/as can't handle multiplications  	    # in $self->{label}, new gas requires sign extension...  	    use integer; -	    $self->{label} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi; +	    $self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;  	    $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;  	    $self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;  	    $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64"); @@ -259,7 +266,7 @@ my %globals;  	    %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR", q=>"QWORD$PTR" );  	    $self->{label} =~ s/\./\$/g; -	    $self->{label} =~ s/0x([0-9a-f]+)/0$1h/ig; +	    $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;  	    $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);  	    $sz="q" if ($self->{asterisk}); @@ -574,11 +581,11 @@ my %globals;  		/\.align/   && do { $self->{value} = "ALIGN\t".$line; last; };  		/\.(value|long|rva|quad)/  			    && do { my $sz  = substr($1,0,1); -				    my @arr = split(',',$line); +				    my @arr = split(/,\s*/,$line);  				    my $last = pop(@arr);  				    my $conv = sub  {	my $var=shift;  							$var=~s/^(0b[0-1]+)/oct($1)/eig; -							$var=~s/0x([0-9a-f]+)/0$1h/ig if ($masm); +							$var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);  							if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva"))  							{ $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }  							$var; @@ -590,7 +597,7 @@ my %globals;  				    $self->{value} .= &$conv($last);  				    last;  				  }; -		/\.byte/    && do { my @str=split(",",$line); +		/\.byte/    && do { my @str=split(/,\s*/,$line);  				    map(s/(0b[0-1]+)/oct($1)/eig,@str);  				    map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm);	  				    while ($#str>15) { @@ -664,7 +671,7 @@ while($line=<>) {  		$insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);  	    } else {  		$insn = $opcode->out(); -		$insn .= $sz if (map($_->out() =~ /xmm|mmx/,@args)); +		$insn .= $sz if (map($_->out() =~ /x?mm/,@args));  		@args = reverse(@args);  		undef $sz if ($nasm && $opcode->mnemonic() eq "lea");  	    } diff --git a/openssl/crypto/rsa/rsa_pmeth.c b/openssl/crypto/rsa/rsa_pmeth.c index 297e17cdc..c6892ecd0 100644 --- a/openssl/crypto/rsa/rsa_pmeth.c +++ b/openssl/crypto/rsa/rsa_pmeth.c @@ -246,6 +246,8 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,  			ret = int_rsa_verify(EVP_MD_type(rctx->md),  						NULL, 0, rout, &sltmp,  					sig, siglen, ctx->pkey->pkey.rsa); +			if (ret <= 0) +				return 0;  			ret = sltmp;  			}  		else diff --git a/openssl/crypto/sparccpuid.S b/openssl/crypto/sparccpuid.S index bcf46f209..aa8b11efc 100644 --- a/openssl/crypto/sparccpuid.S +++ b/openssl/crypto/sparccpuid.S @@ -179,7 +179,7 @@ OPENSSL_atomic_add:  	ba	.enter  	nop  #ifdef __sun -! Note that you don't have to link with libthread to call thr_yield, +! Note that you do not have to link with libthread to call thr_yield,  ! as libc provides a stub, which is overloaded the moment you link  ! with *either* libpthread or libthread...  #define	YIELD_CPU	thr_yield diff --git a/openssl/crypto/stack/safestack.h b/openssl/crypto/stack/safestack.h index d616b4aab..891cb84a5 100644 --- a/openssl/crypto/stack/safestack.h +++ b/openssl/crypto/stack/safestack.h @@ -179,7 +179,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)  	sk_is_sorted(CHECKED_STACK_OF(type, st))  #define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -	(STACK_OF(type) *)d2i_ASN1_SET(CHECKED_STACK_OF(type, st), \ +  (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \  				pp, length, \  				CHECKED_D2I_OF(type, d2i_func), \  				CHECKED_SK_FREE_FUNC(type, free_func), \ diff --git a/openssl/crypto/symhacks.h b/openssl/crypto/symhacks.h index 151b68314..3fd4a8169 100644 --- a/openssl/crypto/symhacks.h +++ b/openssl/crypto/symhacks.h @@ -399,6 +399,12 @@  #undef dtls1_retransmit_buffered_messages  #define dtls1_retransmit_buffered_messages	dtls1_retransmit_buffered_msgs +/* Hack some long UI names */ +#undef UI_method_get_prompt_constructor +#define UI_method_get_prompt_constructor	UI_method_get_prompt_constructr +#undef UI_method_set_prompt_constructor +#define UI_method_set_prompt_constructor	UI_method_set_prompt_constructr +  #endif /* defined OPENSSL_SYS_VMS */ diff --git a/openssl/crypto/ts/Makefile b/openssl/crypto/ts/Makefile index ad29b67bd..c18234555 100644 --- a/openssl/crypto/ts/Makefile +++ b/openssl/crypto/ts/Makefile @@ -60,7 +60,8 @@ links:  	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)  install: -	@for i in $(EXHEADER) ; \ +	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... +	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \  	do  \  	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \  	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ diff --git a/openssl/crypto/x509v3/v3_pci.c b/openssl/crypto/x509v3/v3_pci.c index c254b2ff9..0dcfa004f 100644 --- a/openssl/crypto/x509v3/v3_pci.c +++ b/openssl/crypto/x509v3/v3_pci.c @@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val,  			unsigned char *tmp_data2 =  				string_to_hex(val->value + 4, &val_len); -			if (!tmp_data2) goto err; +			if (!tmp_data2)  +				{ +				X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT); +				X509V3_conf_err(val); +				goto err; +				}  			tmp_data = OPENSSL_realloc((*policy)->data,  				(*policy)->length + val_len + 1); @@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val,  				(*policy)->length += val_len;  				(*policy)->data[(*policy)->length] = '\0';  				} +			else +				{ +				OPENSSL_free(tmp_data2); +				/* realloc failure implies the original data space is b0rked too! */ +				(*policy)->data = NULL; +				(*policy)->length = 0; +				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); +				X509V3_conf_err(val); +				goto err; +				} +			OPENSSL_free(tmp_data2);  			}  		else if (strncmp(val->value, "file:", 5) == 0)  			{ @@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val,  				(*policy)->length += n;  				(*policy)->data[(*policy)->length] = '\0';  				} +			BIO_free_all(b);  			if (n < 0)  				{ @@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val,  				(*policy)->length += val_len;  				(*policy)->data[(*policy)->length] = '\0';  				} +			else +				{ +				/* realloc failure implies the original data space is b0rked too! */ +				(*policy)->data = NULL; +				(*policy)->length = 0; +				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); +				X509V3_conf_err(val); +				goto err; +				}  			}  		else  			{ diff --git a/openssl/crypto/x86_64cpuid.pl b/openssl/crypto/x86_64cpuid.pl index a7f98b3fd..c96821a3c 100644 --- a/openssl/crypto/x86_64cpuid.pl +++ b/openssl/crypto/x86_64cpuid.pl @@ -152,7 +152,8 @@ OPENSSL_cleanse:  	sub	\$1,$arg2  	lea	1($arg1),$arg1  	jnz	.Little -.Lret:	ret +.Lret: +	ret  .align	16  .Lot:  	test	\$7,$arg1 diff --git a/openssl/doc/crypto/BIO_f_buffer.pod b/openssl/doc/crypto/BIO_f_buffer.pod index c9093c6a5..c0dccf1ab 100644 --- a/openssl/doc/crypto/BIO_f_buffer.pod +++ b/openssl/doc/crypto/BIO_f_buffer.pod @@ -31,7 +31,7 @@ BIO_get_buffer_num_lines() returns the number of lines currently buffered.  BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()  set the read, write or both read and write buffer sizes to B<size>. The initial -buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the +buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the  buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared  when the buffer is resized. @@ -66,4 +66,9 @@ there was an error.  =head1 SEE ALSO -TBA +L<BIO(3)|BIO(3)>, +L<BIO_reset(3)|BIO_reset(3)>, +L<BIO_flush(3)|BIO_flush(3)>, +L<BIO_pop(3)|BIO_pop(3)>, +L<BIO_ctrl(3)|BIO_ctrl(3)>, +L<BIO_int_ctrl(3)|BIO_ctrl(3)> diff --git a/openssl/doc/crypto/BIO_s_file.pod b/openssl/doc/crypto/BIO_s_file.pod index b2a29263f..188aea347 100644 --- a/openssl/doc/crypto/BIO_s_file.pod +++ b/openssl/doc/crypto/BIO_s_file.pod @@ -76,6 +76,10 @@ normally be closed so the BIO_NOCLOSE flag should be set.  Because the file BIO calls the underlying stdio functions any quirks  in stdio behaviour will be mirrored by the corresponding BIO. +On Windows BIO_new_files reserves for the filename argument to be +UTF-8 encoded. In other words if you have to make it work in multi- +lingual environment, encode file names in UTF-8. +  =head1 EXAMPLES  File BIO "hello world": diff --git a/openssl/doc/crypto/BIO_should_retry.pod b/openssl/doc/crypto/BIO_should_retry.pod index 539c39127..b6d51f719 100644 --- a/openssl/doc/crypto/BIO_should_retry.pod +++ b/openssl/doc/crypto/BIO_should_retry.pod @@ -45,7 +45,7 @@ needs to read data.  BIO_should_io_special() is true if some "special" condition, that is a  reason other than reading or writing is the cause of the condition. -BIO_get_retry_reason() returns a mask of the cause of a retry condition +BIO_retry_type() returns a mask of the cause of a retry condition  consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>,  B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of  these. diff --git a/openssl/doc/ssl/SSL_library_init.pod b/openssl/doc/ssl/SSL_library_init.pod index eed526e47..8766776fe 100644 --- a/openssl/doc/ssl/SSL_library_init.pod +++ b/openssl/doc/ssl/SSL_library_init.pod @@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms  =head1 DESCRIPTION -SSL_library_init() registers the available ciphers and digests. +SSL_library_init() registers the available SSL/TLS ciphers and digests.  OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms  for SSL_library_init(). @@ -27,24 +27,28 @@ SSL_library_init() is not reentrant.  =head1 WARNING -SSL_library_init() only registers ciphers. Another important initialization -is the seeding of the PRNG (Pseudo Random Number Generator), which has to -be performed separately. +SSL_library_init() adds ciphers and digests used directly and indirectly by +SSL/TLS.  =head1 EXAMPLES  A typical TLS/SSL application will start with the library initialization, -will provide readable error messages and will seed the PRNG. +and provide readable error messages.   SSL_load_error_strings();                /* readable error messages */   SSL_library_init();                      /* initialize library */ - actions_to_seed_PRNG();   =head1 RETURN VALUES  SSL_library_init() always returns "1", so it is safe to discard the return  value. +=head1 NOTES + +OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). +Applications which need to use SHA2 in earlier versions of OpenSSL should call +OpenSSL_add_all_algorithms() as well. +  =head1 SEE ALSO  L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>, diff --git a/openssl/e_os.h b/openssl/e_os.h index 0f4b7994f..5ceeeeb95 100644 --- a/openssl/e_os.h +++ b/openssl/e_os.h @@ -150,7 +150,6 @@ extern "C" {  #define clear_socket_error()	WSASetLastError(0)  #define readsocket(s,b,n)	recv((s),(b),(n),0)  #define writesocket(s,b,n)	send((s),(b),(n),0) -#define EADDRINUSE		WSAEADDRINUSE  #elif defined(__DJGPP__)  #define WATT32  #define get_last_socket_error()	errno diff --git a/openssl/engines/ccgost/gost94_keyx.c b/openssl/engines/ccgost/gost94_keyx.c index a183edbe8..624be586a 100644 --- a/openssl/engines/ccgost/gost94_keyx.c +++ b/openssl/engines/ccgost/gost94_keyx.c @@ -177,7 +177,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,  	ASN1_OBJECT_free(gkt->key_agreement_info->cipher);  	gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);  	*outlen = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL); -	if (*outlen == 0) +	if (*outlen <= 0)  		{  		GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);  		goto err; diff --git a/openssl/engines/ccgost/gost_ameth.c b/openssl/engines/ccgost/gost_ameth.c index 16a99ac2b..f620a216c 100644 --- a/openssl/engines/ccgost/gost_ameth.c +++ b/openssl/engines/ccgost/gost_ameth.c @@ -801,7 +801,7 @@ static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)  	switch (op)  		{  		case ASN1_PKEY_CTRL_DEFAULT_MD_NID: -			*(int *)arg2 = NID_undef; +			*(int *)arg2 = NID_id_Gost28147_89_MAC;  			return 2;  		}  	return -2; diff --git a/openssl/engines/ccgost/gost_crypt.c b/openssl/engines/ccgost/gost_crypt.c index eb11f0e32..4977d1dcf 100644 --- a/openssl/engines/ccgost/gost_crypt.c +++ b/openssl/engines/ccgost/gost_crypt.c @@ -299,7 +299,7 @@ int	gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,  	if (i<inl)  		{  		gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf); -		if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,j); +		if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,inl-i);  		for (j=0;i<inl;j++,i++)  			{  			out_ptr[j]=ctx->buf[j]^in_ptr[j]; @@ -459,13 +459,15 @@ int  gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)  	int ret = -1;  	int len;   	GOST_CIPHER_PARAMS *gcp = NULL; -	unsigned char *p = params->value.sequence->data; +	unsigned char *p;  	struct ossl_gost_cipher_ctx *c=ctx->cipher_data;  	if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE)  		{  		return ret;  		} +	p = params->value.sequence->data; +  	gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,  		params->value.sequence->length); diff --git a/openssl/engines/e_chil.c b/openssl/engines/e_chil.c index 30693353d..9c2729c96 100644 --- a/openssl/engines/e_chil.c +++ b/openssl/engines/e_chil.c @@ -111,11 +111,10 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,  #ifndef OPENSSL_NO_RSA  /* RSA stuff */  static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -#endif -#ifndef OPENSSL_NO_RSA  /* This function is aliased to mod_exp (with the mont stuff dropped). */  static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,  		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +static int hwcrhk_rsa_finish(RSA *rsa);  #endif  #ifndef OPENSSL_NO_DH @@ -135,10 +134,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,  	UI_METHOD *ui_method, void *callback_data);  static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,  	UI_METHOD *ui_method, void *callback_data); -#ifndef OPENSSL_NO_RSA -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, -	int ind,long argl, void *argp); -#endif  /* Interaction stuff */  static int hwcrhk_insert_card(const char *prompt_info, @@ -193,7 +188,7 @@ static RSA_METHOD hwcrhk_rsa =  	hwcrhk_rsa_mod_exp,  	hwcrhk_mod_exp_mont,  	NULL, -	NULL, +	hwcrhk_rsa_finish,  	0,  	NULL,  	NULL, @@ -602,7 +597,7 @@ static int hwcrhk_init(ENGINE *e)  	if (hndidx_rsa == -1)  		hndidx_rsa = RSA_get_ex_new_index(0,  			"nFast HWCryptoHook RSA key handle", -			NULL, NULL, hwcrhk_ex_free); +			NULL, NULL, NULL);  #endif  	return 1;  err: @@ -1078,6 +1073,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,  	{  	return hwcrhk_mod_exp(r, a, p, m, ctx);  	} + +static int hwcrhk_rsa_finish(RSA *rsa) +	{ +	HWCryptoHook_RSAKeyHandle *hptr; +	int ret; +	hptr = RSA_get_ex_data(rsa, hndidx_rsa); +	if (hptr) +                { +                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); +                OPENSSL_free(hptr); +		RSA_set_ex_data(rsa, hndidx_rsa, NULL); +                } +	return 1; +	} +  #endif  #ifndef OPENSSL_NO_DH @@ -1136,34 +1146,6 @@ static int hwcrhk_rand_status(void)  	return 1;  	} -/* This cleans up an RSA KM key, called when ex_data is freed */ -#ifndef OPENSSL_NO_RSA -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, -	int ind,long argl, void *argp) -{ -	char tempbuf[1024]; -	HWCryptoHook_ErrMsgBuf rmsg; -#ifndef OPENSSL_NO_RSA -	HWCryptoHook_RSAKeyHandle *hptr; -#endif -#if !defined(OPENSSL_NO_RSA) -	int ret; -#endif - -	rmsg.buf = tempbuf; -	rmsg.size = sizeof(tempbuf); - -#ifndef OPENSSL_NO_RSA -	hptr = (HWCryptoHook_RSAKeyHandle *) item; -	if(hptr) -                { -                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); -                OPENSSL_free(hptr); -                } -#endif -} -#endif -  /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model   * these just wrap the POSIX functions and add some logging.   */ diff --git a/openssl/engines/e_ubsec.c b/openssl/engines/e_ubsec.c index b68541083..9b747b9ae 100644 --- a/openssl/engines/e_ubsec.c +++ b/openssl/engines/e_ubsec.c @@ -302,8 +302,8 @@ static t_UBSEC_diffie_hellman_generate_ioctl  	*p_UBSEC_diffie_hellman_generate_ioctl = NULL;  static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;  #endif -static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;  #ifndef OPENSSL_NO_RSA +static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;  static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;  #endif  #ifndef OPENSSL_NO_DSA diff --git a/openssl/engines/makeengines.com b/openssl/engines/makeengines.com index 5f9b8d4d9..6cf423607 100644 --- a/openssl/engines/makeengines.com +++ b/openssl/engines/makeengines.com @@ -30,17 +30,6 @@ $!	all available engines are built.  $!  $!-----------------------------------------------------------------------------  $! -$! Set the names of the engines we want to build -$! NOTE: Some might think this list ugly.  However, it's made this way to -$! reflect the LIBNAMES variable in Makefile as closely as possible, -$! thereby making it fairly easy to verify that the lists are the same. -$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another -$! library that isn't necessarely ported to VMS. -$! -$ ENGINES = "," + P6 -$ IF ENGINES .EQS. "," THEN - -	ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,ccgost" -$!  $! Set the default TCP/IP library to link against if needed  $!  $ TCPIP_LIB = "" @@ -52,7 +41,7 @@ $ THEN  $!  $!  The Architecture Is VAX.  $! -$   ARCH := VAX +$   ARCH = "VAX"  $!  $! Else...  $! @@ -67,7 +56,23 @@ $! End The Architecture Check.  $!  $ ENDIF  $! -$! Set the goal directories, and creat them if necessary +$! Set the names of the engines we want to build +$! NOTE: Some might think this list ugly.  However, it's made this way to +$! reflect the LIBNAMES variable in Makefile as closely as possible, +$! thereby making it fairly easy to verify that the lists are the same. +$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another +$! library that isn't necessarely ported to VMS. +$! +$ ENGINES = "," + P6 +$ IF ENGINES .EQS. "," THEN - +	ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock," +$! +$! GOST requires a 64-bit integer type, unavailable on VAX. +$! +$ IF (ARCH .NES. "VAX") THEN - +       ENGINES = ENGINES+ ",ccgost" +$! +$! Set the goal directories, and create them if necessary  $!  $ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES]  $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES] @@ -110,7 +115,7 @@ $ ENGINE_chil = "e_chil"  $ ENGINE_nuron = "e_nuron"  $ ENGINE_sureware = "e_sureware"  $ ENGINE_ubsec = "e_ubsec" -$ ENGINE_ubsec = "e_padlock" +$ ENGINE_padlock = "e_padlock"  $  $ ENGINE_ccgost_SUBDIR = "ccgost"  $ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ - @@ -163,9 +168,12 @@ $ ELSE  $   WRITE SYS$OUTPUT "Compiling Support Files. (",BUILDALL,")"  $ ENDIF  $! -$!  Create a .OPT file for the object files +$! Create a .OPT file for the object files (for a real engine name).  $! -$ OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT +$ IF ENGINE_NAME .NES. "" +$ THEN +$   OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT +$ ENDIF  $!  $! Here's the start of per-engine module loop.  $! @@ -217,22 +225,27 @@ $   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'  $ ELSE  $   CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'  $ ENDIF -$ WRITE OBJECTS OBJECT_FILE +$! +$! Write the entry to the .OPT file (for a real engine name). +$! +$ IF ENGINE_NAME .NES. "" +$ THEN +$   WRITE OBJECTS OBJECT_FILE +$ ENDIF  $!  $! Next file  $!  $ GOTO FILE_NEXT  $!  $ FILE_DONE: -$ CLOSE OBJECTS  $!  $! Do not link the support files.  $!  $ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT  $! -$! Do not link the support files. +$! Close the linker options file (for a real engine name).  $! -$ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT +$ CLOSE OBJECTS  $!  $! Now, there are two ways to handle this.  We can either build   $! shareable images or stick the engine object file into libcrypto. @@ -412,13 +425,13 @@ $! Else...  $!  $ ELSE  $! -$!  Else, Check To See If OPT_PHASE Has A Valid Arguement. +$!  Else, Check To See If OPT_PHASE Has A Valid Argument.  $!  $   IF ("," + ACCEPT_PHASE + ",") - ("," + OPT_PHASE + ",") -         .NES. ("," + ACCEPT_PHASE + ",")  $   THEN  $! -$!    A Valid Arguement. +$!    A Valid Argument.  $!  $     BUILDALL = OPT_PHASE  $! @@ -449,7 +462,7 @@ $!    Time To EXIT.  $!  $     EXIT  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -502,7 +515,7 @@ $!    Time To EXIT.  $!  $     EXIT  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -771,7 +784,7 @@ $!  Show user the result  $!  $   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $! @@ -789,7 +802,7 @@ $!  Time To EXIT.  $!  $   EXIT  $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check.  $!  $ ENDIF  $! @@ -885,7 +898,7 @@ $!  Print info  $!  $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $! diff --git a/openssl/makevms.com b/openssl/makevms.com index 3005a4583..b46e69a42 100644 --- a/openssl/makevms.com +++ b/openssl/makevms.com @@ -18,8 +18,8 @@ $!  $! Specify one of the following build options for P1.  $!  $!      ALL       Just build "everything". -$!      CONFIG    Just build the "[.xxx.CRYPTO]OPENSSLCONF.H" file. -$!      BUILDINF  Just build the "[.xxx.CRYPTO]BUILDINF.H" file. +$!      CONFIG    Just build the "[.CRYPTO._xxx]OPENSSLCONF.H" file. +$!      BUILDINF  Just build the "[.CRYPTO._xxx]BUILDINF.H" file.  $!      SOFTLINKS Just fix the Unix soft links.  $!      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done.  $!      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library. @@ -35,7 +35,7 @@ $!  $! P2 is ignored (it was used to denote if RSAref should be used or not,  $! and is simply kept so surrounding scripts don't get confused)  $! -$! Speficy DEBUG or NODEBUG as P3 to compile with or without debugging +$! Specify DEBUG or NODEBUG as P3 to compile with or without debugging  $! information.  $!  $! Specify which compiler as P4 to try to compile under. @@ -46,7 +46,7 @@ $!	  GNUC	 For GNU C.  $!	  LINK   To only link the programs from existing object files.  $!               (not yet implemented)  $! -$! If you don't speficy a compiler, it will try to determine which +$! If you don't specify a compiler, it will try to determine which  $! "C" compiler to use.  $!  $! P5, if defined, sets a TCP/IP library to use, through one of the following @@ -84,7 +84,7 @@ $ THEN  $!  $!  The Architecture Is VAX.  $! -$   ARCH := VAX +$   ARCH = "VAX"  $!  $! Else...  $! @@ -99,6 +99,10 @@ $! End The Architecture Check.  $!  $ ENDIF  $! +$! Get VMS version. +$! +$ VMS_VERSION = f$edit( f$getsyi( "VERSION"), "TRIM") +$!  $! Check To Make Sure We Have Valid Command Line Parameters.  $!  $ GOSUB CHECK_OPTIONS @@ -163,32 +167,53 @@ $! Time To EXIT.  $!  $ GOTO TIDY  $! -$! Rebuild The [.xxx.CRYPTO]OPENSSLCONF.H" file. +$! Rebuild The [.CRYPTO._xxx]OPENSSLCONF.H" file.  $!  $ CONFIG:  $! -$! Tell The User We Are Creating The [.xxx.CRYPTO]OPENSSLCONF.H File. +$! Tell The User We Are Creating The [.CRYPTO._xxx]OPENSSLCONF.H File.  $! -$ WRITE SYS$OUTPUT "Creating [.''ARCH'.CRYPTO]OPENSSLCONF.H Include File." +$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']OPENSSLCONF.H Include File."  $!  $! First, make sure the directory exists.  $! -$ IF F$PARSE("SYS$DISK:[.''ARCH'.CRYPTO]") .EQS. "" THEN - -     CREATE/DIRECTORY SYS$DISK:[.'ARCH'.CRYPTO] +$ IF F$PARSE("SYS$DISK:[.CRYPTO._''ARCH']") .EQS. "" THEN - +     CREATE/DIRECTORY SYS$DISK:[.CRYPTO._'ARCH']  $! -$! Create The [.xxx.CRYPTO]OPENSSLCONF.H File. +$! Different tar/UnZip versions/option may have named the file differently +$ IF F$SEARCH("[.crypto]opensslconf.h_in") .NES. "" +$ THEN +$   OPENSSLCONF_H_IN = "[.crypto]opensslconf.h_in" +$ ELSE +$   IF F$SEARCH( "[.crypto]opensslconf_h.in") .NES. "" +$   THEN +$     OPENSSLCONF_H_IN = "[.crypto]opensslconf_h.in" +$   ELSE +$     ! For ODS-5 +$     IF F$SEARCH( "[.crypto]opensslconf.h.in") .NES. "" +$     THEN +$       OPENSSLCONF_H_IN = "[.crypto]opensslconf.h.in" +$     ELSE +$       WRITE SYS$ERROR "Couldn't find a [.crypto]opensslconf.h.in.  Exiting!" +$       $STATUS = %X00018294 ! "%RMS-F-FNF, file not found". +$       GOTO TIDY +$     ENDIF +$   ENDIF +$ ENDIF +$! +$! Create The [.CRYPTO._xxx]OPENSSLCONF.H File.  $! Make sure it has the right format.  $! -$ OSCH_NAME = "SYS$DISK:[.''ARCH'.CRYPTO]OPENSSLCONF.H" +$ OSCH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']OPENSSLCONF.H"  $ CREATE /FDL=SYS$INPUT: 'OSCH_NAME'  RECORD          FORMAT stream_lf  $ OPEN /APPEND H_FILE 'OSCH_NAME'  $! -$! Write The [.xxx.CRYPTO]OPENSSLCONF.H File. +$! Write The [.CRYPTO._xxx]OPENSSLCONF.H File.  $!  $ WRITE H_FILE "/* This file was automatically built using makevms.com */" -$ WRITE H_FILE "/* and [.''ARCH'.CRYPTO]OPENSSLCONF.H_IN */" +$ WRITE H_FILE "/* and ''OPENSSLCONF_H_IN' */"  $!  $! Write a few macros that indicate how this system was built.  $! @@ -196,75 +221,249 @@ $ WRITE H_FILE ""  $ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"  $ WRITE H_FILE "# define OPENSSL_SYS_VMS"  $ WRITE H_FILE "#endif" -$ CONFIG_LOGICALS := NO_ASM,NO_RSA,NO_DSA,NO_DH,NO_MD2,NO_MD5,NO_RIPEMD,WHRLPOOL,- -	NO_SHA,NO_SHA0,NO_SHA1,NO_DES/NO_MDC2;NO_MDC2,NO_RC2,NO_RC4,NO_RC5,- -	NO_IDEA,NO_BF,NO_CAST,NO_CAMELLIA,NO_SEED,NO_HMAC,NO_SSL2 +$ +$! One of the best way to figure out what the list should be is to do +$! the followin on a Unix system: +$!   grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq +$! For that reason, the list will also always end up in alphabetical order +$ CONFIG_LOGICALS := AES,- +		     ASM,INLINE_ASM,- +		     BF,- +		     BIO,- +		     BUFFER,- +		     BUF_FREELISTS,- +		     CAMELLIA,- +		     CAST,- +		     CMS,- +		     COMP,- +		     DEPRECATED,- +		     DES,- +		     DGRAM,- +		     DH,- +		     DSA,- +		     EC,- +		     ECDH,- +		     ECDSA,- +		     ENGINE,- +		     ERR,- +		     EVP,- +		     FP_API,- +		     GMP,- +		     GOST,- +		     HASH_COMP,- +		     HMAC,- +		     IDEA,- +		     JPAKE,- +		     KRB5,- +		     LHASH,- +		     MD2,- +		     MD4,- +		     MD5,- +		     MDC2,- +		     OCSP,- +		     PSK,- +		     RC2,- +		     RC4,- +		     RC5,- +		     RFC3779,- +		     RIPEMD,- +		     RSA,- +		     SEED,- +		     SHA,- +		     SHA0,- +		     SHA1,- +		     SHA256,- +		     SHA512,- +		     SOCK,- +		     SSL2,- +		     STACK,- +		     STATIC_ENGINE,- +		     STDIO,- +		     STORE,- +		     TLSEXT,- +		     WHIRLPOOL,- +		     X509 +$! Add a few that we know about +$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',- +		     THREADS +$! The following rules, which dictate how some algorithm choices affect +$! others, are picked from Configure. +$! Quick syntax: +$!  list = item[ ; list] +$!  item = algos / dependents +$!  algos = algo [, algos] +$!  dependents = dependent [, dependents] +$! When a list of algos is specified in one item, it means that they must +$! all be disabled for the rule to apply. +$! When a list of dependents is specified in one item, it means that they +$! will all be disabled if the rule applies. +$! Rules are checked sequentially.  If a rule disables an algorithm, it will +$! affect all following rules that depend on that algorithm being disabled. +$! To force something to be enabled or disabled, have no algorithms in the +$! algos part. +$ CONFIG_DISABLE_RULES := RIJNDAEL/AES;- +			  DES/MDC2;- +			  EC/ECDSA,ECDH;- +			  MD5/SSL2,SSL3,TLS1;- +			  SHA/SSL3,TLS1;- +			  RSA/SSL2;- +			  RSA,DSA/SSL2;- +			  DH/SSL3,TLS1;- +			  TLS1/TLSEXT;- +			  EC/GOST;- +			  DSA/GOST;- +			  DH/GOST;- +			  /STATIC_ENGINE;- +			  /KRB5 +$ CONFIG_ENABLE_RULES := ZLIB_DYNAMIC/ZLIB;- +			 /THREADS +$ +$! Architecture specific rule addtions +$ IF ARCH .EQS. "VAX" +$ THEN +$   ! Disable algorithms that require 64 bit integers in C +$   CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + - +			   ";/GOST" + - +			   ";/WHIRLPOOL" +$ ENDIF +$  $ CONFIG_LOG_I = 0 -$ CONFIG_LOG_LOOP: -$   CONFIG_LOG_E1 = F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS) +$ CONFIG_LOG_LOOP1: +$   CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")  $   CONFIG_LOG_I = CONFIG_LOG_I + 1 -$   IF CONFIG_LOG_E1 .EQS. "" THEN GOTO CONFIG_LOG_LOOP -$   IF CONFIG_LOG_E1 .EQS. "," THEN GOTO CONFIG_LOG_LOOP_END -$   CONFIG_LOG_E2 = F$EDIT(CONFIG_LOG_E1,"TRIM") -$   CONFIG_LOG_E1 = F$ELEMENT(0,";",CONFIG_LOG_E2) -$   CONFIG_LOG_E2 = F$ELEMENT(1,";",CONFIG_LOG_E2) -$   CONFIG_LOG_E0 = F$ELEMENT(0,"/",CONFIG_LOG_E1) -$   CONFIG_LOG_E1 = F$ELEMENT(1,"/",CONFIG_LOG_E1) -$   IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E0) +$   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP1 +$   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP1_END +$   IF F$TRNLNM("OPENSSL_NO_"+CONFIG_LOG_E)  $   THEN -$     WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E0 -$     WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E0 -$     WRITE H_FILE "#endif" -$     IF CONFIG_LOG_E1 .NES. "/" +$       CONFIG_DISABLED_'CONFIG_LOG_E' := YES +$       CONFIG_ENABLED_'CONFIG_LOG_E' := NO +$	CONFIG_CHANGED_'CONFIG_LOG_E' := YES +$   ELSE +$       CONFIG_DISABLED_'CONFIG_LOG_E' := NO +$       CONFIG_ENABLED_'CONFIG_LOG_E' := YES +$	! Because all algorithms are assumed enabled by default +$	CONFIG_CHANGED_'CONFIG_LOG_E' := NO +$   ENDIF +$   GOTO CONFIG_LOG_LOOP1 +$ CONFIG_LOG_LOOP1_END: +$ +$! Apply cascading disable rules +$ CONFIG_DISABLE_I = 0 +$ CONFIG_DISABLE_LOOP0: +$   CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";",CONFIG_DISABLE_RULES),"TRIM") +$   CONFIG_DISABLE_I = CONFIG_DISABLE_I + 1 +$   IF CONFIG_DISABLE_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP0 +$   IF CONFIG_DISABLE_E .EQS. ";" THEN GOTO CONFIG_DISABLE_LOOP0_END +$ +$   CONFIG_DISABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_DISABLE_E),"TRIM") +$   CONFIG_DISABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_DISABLE_E),"TRIM") +$   TO_DISABLE := YES +$   CONFIG_ALGO_I = 0 +$   CONFIG_DISABLE_LOOP1: +$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_DISABLE_ALGOS),"TRIM") +$     CONFIG_ALGO_I = CONFIG_ALGO_I + 1 +$     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP1 +$     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP1_END +$     IF F$TYPE(CONFIG_DISABLED_'CONFIG_ALGO_E') .EQS. ""  $     THEN -$       WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E1 -$       WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E1 -$       WRITE H_FILE "#endif" +$	TO_DISABLE := NO +$     ELSE +$	IF .NOT. CONFIG_DISABLED_'CONFIG_ALGO_E' THEN TO_DISABLE := NO  $     ENDIF -$   ELSE -$     IF CONFIG_LOG_E2 .NES. ";" +$     GOTO CONFIG_DISABLE_LOOP1 +$   CONFIG_DISABLE_LOOP1_END: +$ +$   IF TO_DISABLE +$   THEN +$     CONFIG_DEPENDENT_I = 0 +$     CONFIG_DISABLE_LOOP2: +$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_DISABLE_DEPENDENTS),"TRIM") +$	CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1 +$	IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP2 +$	IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP2_END +$       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES +$       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO +$	! Better not to assume defaults at this point... +$	CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES +$	WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'" +$	GOTO CONFIG_DISABLE_LOOP2 +$     CONFIG_DISABLE_LOOP2_END: +$   ENDIF +$   GOTO CONFIG_DISABLE_LOOP0 +$ CONFIG_DISABLE_LOOP0_END: +$	 +$! Apply cascading enable rules +$ CONFIG_ENABLE_I = 0 +$ CONFIG_ENABLE_LOOP0: +$   CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";",CONFIG_ENABLE_RULES),"TRIM") +$   CONFIG_ENABLE_I = CONFIG_ENABLE_I + 1 +$   IF CONFIG_ENABLE_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP0 +$   IF CONFIG_ENABLE_E .EQS. ";" THEN GOTO CONFIG_ENABLE_LOOP0_END +$ +$   CONFIG_ENABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_ENABLE_E),"TRIM") +$   CONFIG_ENABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_ENABLE_E),"TRIM") +$   TO_ENABLE := YES +$   CONFIG_ALGO_I = 0 +$   CONFIG_ENABLE_LOOP1: +$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_ENABLE_ALGOS),"TRIM") +$     CONFIG_ALGO_I = CONFIG_ALGO_I + 1 +$     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP1 +$     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP1_END +$     IF F$TYPE(CONFIG_ENABLED_'CONFIG_ALGO_E') .EQS. ""  $     THEN -$       IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E2) -$       THEN -$         WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E2 -$         WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E2 -$         WRITE H_FILE "#endif" -$       ENDIF +$	TO_ENABLE := NO +$     ELSE +$	IF .NOT. CONFIG_ENABLED_'CONFIG_ALGO_E' THEN TO_ENABLE := NO  $     ENDIF +$     GOTO CONFIG_ENABLE_LOOP1 +$   CONFIG_ENABLE_LOOP1_END: +$ +$   IF TO_ENABLE +$   THEN +$     CONFIG_DEPENDENT_I = 0 +$     CONFIG_ENABLE_LOOP2: +$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_ENABLE_DEPENDENTS),"TRIM") +$	CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1 +$	IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP2 +$	IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP2_END +$       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO +$       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES +$	! Better not to assume defaults at this point... +$	CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES +$	WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'" +$	GOTO CONFIG_ENABLE_LOOP2 +$     CONFIG_ENABLE_LOOP2_END:  $   ENDIF -$   GOTO CONFIG_LOG_LOOP -$ CONFIG_LOG_LOOP_END: -$ WRITE H_FILE "#ifndef OPENSSL_NO_STATIC_ENGINE" -$ WRITE H_FILE "# define OPENSSL_NO_STATIC_ENGINE" -$ WRITE H_FILE "#endif" -$ WRITE H_FILE "#ifndef OPENSSL_THREADS" -$ WRITE H_FILE "# define OPENSSL_THREADS" -$ WRITE H_FILE "#endif" -$ WRITE H_FILE "#ifndef OPENSSL_NO_KRB5" -$ WRITE H_FILE "# define OPENSSL_NO_KRB5" -$ WRITE H_FILE "#endif" -$ WRITE H_FILE "" -$! -$! Different tar version may have named the file differently -$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H_IN") .NES. "" -$ THEN -$   TYPE [.CRYPTO]OPENSSLCONF.H_IN /OUTPUT=H_FILE: -$ ELSE -$   IF F$SEARCH("[.CRYPTO]OPENSSLCONF_H.IN") .NES. "" +$   GOTO CONFIG_ENABLE_LOOP0 +$ CONFIG_ENABLE_LOOP0_END: +$ +$! Write to the configuration +$ CONFIG_LOG_I = 0 +$ CONFIG_LOG_LOOP2: +$   CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM") +$   CONFIG_LOG_I = CONFIG_LOG_I + 1 +$   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP2 +$   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP2_END +$   IF CONFIG_CHANGED_'CONFIG_LOG_E'  $   THEN -$     TYPE [.CRYPTO]OPENSSLCONF_H.IN /OUTPUT=H_FILE: -$   ELSE -$     ! For ODS-5 -$     IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H.IN") .NES. "" +$     IF CONFIG_DISABLED_'CONFIG_LOG_E'  $     THEN -$       TYPE [.CRYPTO]OPENSSLCONF.H.IN /OUTPUT=H_FILE: +$	WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E +$	WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E +$	WRITE H_FILE "#endif"  $     ELSE -$       WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN.  Exiting!" -$       $STATUS = %X00018294 ! "%RMS-F-FNF, file not found". -$       GOTO TIDY +$	WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E +$	WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E +$	WRITE H_FILE "#endif"  $     ENDIF  $   ENDIF -$ ENDIF +$   GOTO CONFIG_LOG_LOOP2 +$ CONFIG_LOG_LOOP2_END: +$! +$! Add in the common "crypto/opensslconf.h.in". +$! +$ TYPE 'OPENSSLCONF_H_IN' /OUTPUT=H_FILE: +$!  $ IF ARCH .NES. "VAX"  $ THEN  $! @@ -347,29 +546,29 @@ $!  End  $!  $ ENDIF  $! -$! Close the [.xxx.CRYPTO]OPENSSLCONF.H file +$! Close the [.CRYPTO._xxx]OPENSSLCONF.H file  $!  $ CLOSE H_FILE  $! -$! Purge The [.xxx.CRYPTO]OPENSSLCONF.H file +$! Purge The [.CRYPTO._xxx]OPENSSLCONF.H file  $! -$ PURGE SYS$DISK:[.'ARCH'.CRYPTO]OPENSSLCONF.H +$ PURGE SYS$DISK:[.CRYPTO._'ARCH']OPENSSLCONF.H  $!  $! That's All, Time To RETURN.  $!  $ RETURN  $! -$! Rebuild The "[.xxx.CRYPTO]BUILDINF.H" file. +$! Rebuild The "[.CRYPTO._xxx]BUILDINF.H" file.  $!  $ BUILDINF:  $! -$! Tell The User We Are Creating The [.xxx.CRYPTO]BUILDINF.H File. +$! Tell The User We Are Creating The [.CRYPTO._xxx]BUILDINF.H File.  $! -$ WRITE SYS$OUTPUT "Creating [.''ARCH'.CRYPTO]BUILDINF.H Include File." +$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']BUILDINF.H Include File."  $! -$! Create The [.xxx.CRYPTO]BUILDINF.H File. +$! Create The [.CRYPTO._xxx]BUILDINF.H File.  $! -$ BIH_NAME = "SYS$DISK:[.''ARCH'.CRYPTO]BUILDINF.H" +$ BIH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']BUILDINF.H"  $ CREATE /FDL=SYS$INPUT: 'BIH_NAME'  RECORD          FORMAT stream_lf @@ -380,19 +579,19 @@ $! Get The Current Date & Time.  $!  $ TIME = F$TIME()  $! -$! Write The [.xxx.CRYPTO]BUILDINF.H File. +$! Write The [.CRYPTO._xxx]BUILDINF.H File.  $!  $ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */" -$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VER'""" +$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'"""  $ WRITE H_FILE "#define DATE ""''TIME'"" "  $! -$! Close The [.xxx.CRYPTO]BUILDINF.H File. +$! Close The [.CRYPTO._xxx]BUILDINF.H File.  $!  $ CLOSE H_FILE  $! -$! Purge The [.xxx.CRYPTO]BUILDINF.H File. +$! Purge The [.CRYPTO._xxx]BUILDINF.H File.  $! -$ PURGE SYS$DISK:[.'ARCH'.CRYPTO]BUILDINF.H +$ PURGE SYS$DISK:[.CRYPTO._'ARCH']BUILDINF.H  $!  $! That's All, Time To RETURN.  $! @@ -404,42 +603,14 @@ $ SOFTLINKS:  $!  $! Tell The User We Are Partly Rebuilding The [.APPS] Directory.  $! -$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C', '[.APPS]MD5.C' And '[.APPS]RMD160.C' Files." +$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File."  $! -$ DELETE SYS$DISK:[.APPS]MD4.C;*,MD5.C;*,RMD160.C;* +$ DELETE SYS$DISK:[.APPS]MD4.C;*  $!  $! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]  $!  $ COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]  $! -$! Copy MD5.C from [.CRYPTO.MD5] into [.APPS] -$! -$ COPY SYS$DISK:[.CRYPTO.MD5]MD5.C SYS$DISK:[.APPS] -$! -$! Copy RMD160.C from [.CRYPTO.RIPEMD] into [.APPS] -$! -$ COPY SYS$DISK:[.CRYPTO.RIPEMD]RMD160.C SYS$DISK:[.APPS] -$! -$! Tell The User We Are Partly Rebuilding The [.TEST] Directory. -$! -$ WRITE SYS$OUTPUT "Rebuilding The '[.TEST]*.C' Files." -$! -$! First, We Have To "Rebuild" The "[.TEST]" Directory, So Delete -$! All The "C" Files That Are Currently There Now. -$! -$ DELETE SYS$DISK:[.TEST]*.C;* -$ DELETE SYS$DISK:[.TEST]EVPTESTS.TXT;* -$! -$! Copy all the *TEST.C files from [.CRYPTO...] into [.TEST] -$! -$ COPY SYS$DISK:[.CRYPTO.*]%*TEST.C SYS$DISK:[.TEST] -$ COPY SYS$DISK:[.CRYPTO.SHA]SHA%%%T.C SYS$DISK:[.TEST] -$ COPY SYS$DISK:[.CRYPTO.EVP]EVPTESTS.TXT SYS$DISK:[.TEST] -$! -$! Copy all the *TEST.C files from [.SSL...] into [.TEST] -$! -$ COPY SYS$DISK:[.SSL]%*TEST.C SYS$DISK:[.TEST] -$!  $! Tell The User We Are Rebuilding The [.INCLUDE.OPENSSL] Directory.  $!  $ WRITE SYS$OUTPUT "Rebuilding The '[.INCLUDE.OPENSSL]' Directory." @@ -532,12 +703,7 @@ $ IF D .EQS. ""  $ THEN  $   COPY [.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG  $ ELSE -$   IF D .EQS. "_''ARCH'" -$   THEN -$     COPY [.'ARCH'.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG -$   ELSE -$     COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG -$   ENDIF +$   COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG  $ ENDIF  $ GOTO LOOP_SDIRS  $ LOOP_SDIRS_END: @@ -736,7 +902,7 @@ $! Else...  $!  $ ELSE  $! -$!  Else, Check To See If P1 Has A Valid Arguement. +$!  Else, Check To See If P1 Has A Valid Argument.  $!  $   IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") -         .OR.(P1.EQS."BUILDALL") - @@ -745,7 +911,7 @@ $   IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") -         .OR.(P1.EQS."ENGINES")  $   THEN  $! -$!    A Valid Arguement. +$!    A Valid Argument.  $!  $     BUILDCOMMAND = P1  $! @@ -758,13 +924,13 @@ $!  $     WRITE SYS$OUTPUT ""  $     WRITE SYS$OUTPUT "USAGE:   @MAKEVMS.COM [Target] [not-used option] [Debug option] <Compiler>"  $     WRITE SYS$OUTPUT "" -$     WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL """" NODEBUG " +$     WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL NORSAREF NODEBUG "  $     WRITE SYS$OUTPUT ""  $     WRITE SYS$OUTPUT "The Target ",P1," Is Invalid.  The Valid Target Options Are:"  $     WRITE SYS$OUTPUT ""  $     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything." -$     WRITE SYS$OUTPUT "    CONFIG   :  Just build the [.xxx.CRYPTO]OPENSSLCONF.H file." -$     WRITE SYS$OUTPUT "    BUILDINF :  Just build the [.xxx.CRYPTO]BUILDINF.H file." +$     WRITE SYS$OUTPUT "    CONFIG   :  Just build the [.CRYPTO._xxx]OPENSSLCONF.H file." +$     WRITE SYS$OUTPUT "    BUILDINF :  Just build the [.CRYPTO._xxx]BUILDINF.H file."  $     WRITE SYS$OUTPUT "    SOFTLINKS:  Just Fix The Unix soft links."  $     WRITE SYS$OUTPUT "    BUILDALL :  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done."  $     WRITE SYS$OUTPUT "    CRYPTO   :  To Build Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library." @@ -834,7 +1000,7 @@ $!    Time To EXIT.  $!  $     GOTO TIDY  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -973,7 +1139,7 @@ $!    End The GNU C Check.  $!  $     ENDIF  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $   ELSE  $! @@ -991,7 +1157,7 @@ $!    Time To EXIT.  $!  $     GOTO TIDY  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -1098,7 +1264,7 @@ $!  Print info  $!  $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $   IF P5 .NES. "" @@ -1153,7 +1319,7 @@ $!  $!  Get The Version Of VMS We Are Using.  $!  $   ISSEVEN := -$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION"))) +$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,VMS_VERSION))  $   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))  $!  $!  Check To See If The VMS Version Is v7.1 Or Later. diff --git a/openssl/openssl.spec b/openssl/openssl.spec index 9d41cf7e0..bed337b63 100644 --- a/openssl/openssl.spec +++ b/openssl/openssl.spec @@ -2,7 +2,7 @@  %define libmaj 1  %define libmin 0  %define librel 0 -#%define librev a +%define librev a  Release: 1  %define openssldir /var/ssl diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c index 0242f1e4d..4ce4064cc 100644 --- a/openssl/ssl/d1_both.c +++ b/openssl/ssl/d1_both.c @@ -123,6 +123,37 @@  #include <openssl/evp.h>  #include <openssl/x509.h> +#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) + +#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ +			if ((end) - (start) <= 8) { \ +				long ii; \ +				for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ +			} else { \ +				long ii; \ +				bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ +				for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ +				bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ +			} } + +#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ +			long ii; \ +			OPENSSL_assert((msg_len) > 0); \ +			is_complete = 1; \ +			if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ +			if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ +				if (bitmask[ii] != 0xff) { is_complete = 0; break; } } + +#if 0 +#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ +			long ii; \ +			printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ +			printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ +			printf("\n"); } +#endif + +static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; +static unsigned char bitmask_end_values[]   = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};  /* XDTLS:  figure out the right values */  static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; @@ -140,10 +171,11 @@ static long dtls1_get_message_fragment(SSL *s, int st1, int stn,  	long max, int *ok);  static hm_fragment * -dtls1_hm_fragment_new(unsigned long frag_len) +dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)  	{  	hm_fragment *frag = NULL;  	unsigned char *buf = NULL; +	unsigned char *bitmask = NULL;  	frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));  	if ( frag == NULL) @@ -162,6 +194,21 @@ dtls1_hm_fragment_new(unsigned long frag_len)  	/* zero length fragment gets zero frag->fragment */  	frag->fragment = buf; +	/* Initialize reassembly bitmask if necessary */ +	if (reassembly) +		{ +		bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); +		if (bitmask == NULL) +			{ +			if (buf != NULL) OPENSSL_free(buf); +			OPENSSL_free(frag); +			return NULL; +			} +		memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); +		} + +	frag->reassembly = bitmask; +  	return frag;  	} @@ -169,6 +216,7 @@ static void  dtls1_hm_fragment_free(hm_fragment *frag)  	{  	if (frag->fragment) OPENSSL_free(frag->fragment); +	if (frag->reassembly) OPENSSL_free(frag->reassembly);  	OPENSSL_free(frag);  	} @@ -363,6 +411,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)  	{  	int i, al;  	struct hm_header_st *msg_hdr; +	unsigned char *p; +	unsigned long msg_len;  	/* s3->tmp is used to store messages that are unexpected, caused  	 * by the absence of an optional handshake message */ @@ -382,77 +432,55 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)  		}  	msg_hdr = &s->d1->r_msg_hdr; -	do -		{ -		if ( msg_hdr->frag_off == 0) -			{ -			/* s->d1->r_message_header.msg_len = 0; */ -			memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); -			} +	memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); -		i = dtls1_get_message_fragment(s, st1, stn, max, ok); -		if ( i == DTLS1_HM_BAD_FRAGMENT || -			i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */ -			continue; -		else if ( i <= 0 && !*ok) -			return i; +again: +	i = dtls1_get_message_fragment(s, st1, stn, max, ok); +	if ( i == DTLS1_HM_BAD_FRAGMENT || +		i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */ +		goto again; +	else if ( i <= 0 && !*ok) +		return i; -		/* Note that s->init_sum is used as a counter summing -		 * up fragments' lengths: as soon as they sum up to -		 * handshake packet length, we assume we have got all -		 * the fragments. Overlapping fragments would cause -		 * premature termination, so we don't expect overlaps. -		 * Well, handling overlaps would require something more -		 * drastic. Indeed, as it is now there is no way to -		 * tell if out-of-order fragment from the middle was -		 * the last. '>=' is the best/least we can do to control -		 * the potential damage caused by malformed overlaps. */ -		if ((unsigned int)s->init_num >= msg_hdr->msg_len) -			{ -			unsigned char *p = (unsigned char *)s->init_buf->data; -			unsigned long msg_len = msg_hdr->msg_len; - -			/* reconstruct message header as if it was -			 * sent in single fragment */ -			*(p++) = msg_hdr->type; -			l2n3(msg_len,p); -			s2n (msg_hdr->seq,p); -			l2n3(0,p); -			l2n3(msg_len,p); -			if (s->version != DTLS1_BAD_VER) { -				p       -= DTLS1_HM_HEADER_LENGTH; -				msg_len += DTLS1_HM_HEADER_LENGTH; -			} +	p = (unsigned char *)s->init_buf->data; +	msg_len = msg_hdr->msg_len; + +	/* reconstruct message header */ +	*(p++) = msg_hdr->type; +	l2n3(msg_len,p); +	s2n (msg_hdr->seq,p); +	l2n3(0,p); +	l2n3(msg_len,p); +	if (s->version != DTLS1_BAD_VER) { +		p       -= DTLS1_HM_HEADER_LENGTH; +		msg_len += DTLS1_HM_HEADER_LENGTH; +	} -			ssl3_finish_mac(s, p, msg_len); -			if (s->msg_callback) -				s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, -					p, msg_len, -					s, s->msg_callback_arg); - -			memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - -			s->d1->handshake_read_seq++; -			/* we just read a handshake message from the other side: -			 * this means that we don't need to retransmit of the -			 * buffered messages.   -			 * XDTLS: may be able clear out this -			 * buffer a little sooner (i.e if an out-of-order -			 * handshake message/record is received at the record -			 * layer.   -			 * XDTLS: exception is that the server needs to -			 * know that change cipher spec and finished messages -			 * have been received by the client before clearing this -			 * buffer.  this can simply be done by waiting for the -			 * first data  segment, but is there a better way?  */ -			dtls1_clear_record_buffer(s); - -			s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; -			return s->init_num; -			} -		else -			msg_hdr->frag_off = i; -		} while(1) ; +	ssl3_finish_mac(s, p, msg_len); +	if (s->msg_callback) +		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, +			p, msg_len, +			s, s->msg_callback_arg); + +	memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + +	s->d1->handshake_read_seq++; +	/* we just read a handshake message from the other side: +	 * this means that we don't need to retransmit of the +	 * buffered messages.   +	 * XDTLS: may be able clear out this +	 * buffer a little sooner (i.e if an out-of-order +	 * handshake message/record is received at the record +	 * layer.   +	 * XDTLS: exception is that the server needs to +	 * know that change cipher spec and finished messages +	 * have been received by the client before clearing this +	 * buffer.  this can simply be done by waiting for the +	 * first data  segment, but is there a better way?  */ +	dtls1_clear_record_buffer(s); + +	s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; +	return s->init_num;  f_err:  	ssl3_send_alert(s,SSL3_AL_FATAL,al); @@ -528,6 +556,10 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)  		return 0;  	frag = (hm_fragment *)item->data; +	 +	/* Don't return if reassembly still in progress */ +	if (frag->reassembly != NULL) +		return 0;  	if ( s->d1->handshake_read_seq == frag->msg_header.seq)  		{ @@ -563,6 +595,109 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)  static int +dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) +	{ +	hm_fragment *frag = NULL; +	pitem *item = NULL; +	int i = -1, is_complete; +	unsigned char seq64be[8]; +	unsigned long frag_len = msg_hdr->frag_len, max_len; + +	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) +		goto err; + +	/* Determine maximum allowed message size. Depends on (user set) +	 * maximum certificate length, but 16k is minimum. +	 */ +	if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list) +		max_len = s->max_cert_list; +	else +		max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + +	if ((msg_hdr->frag_off+frag_len) > max_len) +		goto err; + +	/* Try to find item in queue */ +	memset(seq64be,0,sizeof(seq64be)); +	seq64be[6] = (unsigned char) (msg_hdr->seq>>8); +	seq64be[7] = (unsigned char) msg_hdr->seq; +	item = pqueue_find(s->d1->buffered_messages, seq64be); + +	if (item == NULL) +		{ +		frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); +		if ( frag == NULL) +			goto err; +		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); +		frag->msg_header.frag_len = frag->msg_header.msg_len; +		frag->msg_header.frag_off = 0; +		} +	else +		frag = (hm_fragment*) item->data; + +	/* If message is already reassembled, this must be a +	 * retransmit and can be dropped. +	 */ +	if (frag->reassembly == NULL) +		{ +		unsigned char devnull [256]; + +		while (frag_len) +			{ +			i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, +				devnull, +				frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); +			if (i<=0) goto err; +			frag_len -= i; +			} +		return DTLS1_HM_FRAGMENT_RETRY; +		} + +	/* read the body of the fragment (header has already been read */ +	i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, +		frag->fragment + msg_hdr->frag_off,frag_len,0); +	if (i<=0 || (unsigned long)i!=frag_len) +		goto err; + +	RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, +	                    (long)(msg_hdr->frag_off + frag_len)); + +	RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, +	                           is_complete); + +	if (is_complete) +		{ +		OPENSSL_free(frag->reassembly); +		frag->reassembly = NULL; +		} + +	if (item == NULL) +		{ +		memset(seq64be,0,sizeof(seq64be)); +		seq64be[6] = (unsigned char)(msg_hdr->seq>>8); +		seq64be[7] = (unsigned char)(msg_hdr->seq); + +		item = pitem_new(seq64be, frag); +		if (item == NULL) +			{ +			goto err; +			i = -1; +			} + +		pqueue_insert(s->d1->buffered_messages, item); +		} + +	return DTLS1_HM_FRAGMENT_RETRY; + +err: +	if (frag != NULL) dtls1_hm_fragment_free(frag); +	if (item != NULL) OPENSSL_free(item); +	*ok = 0; +	return i; +	} + + +static int  dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)  {  	int i=-1; @@ -579,7 +714,13 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)  	seq64be[6] = (unsigned char) (msg_hdr->seq>>8);  	seq64be[7] = (unsigned char) msg_hdr->seq;  	item = pqueue_find(s->d1->buffered_messages, seq64be); -	 + +	/* If we already have an entry and this one is a fragment, +	 * don't discard it and rather try to reassemble it. +	 */ +	if (item != NULL && frag_len < msg_hdr->msg_len) +		item = NULL; +  	/* Discard the message if sequence number was already there, is  	 * too far in the future, already in the queue or if we received  	 * a FINISHED before the SERVER_HELLO, which then must be a stale @@ -600,20 +741,25 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)  			frag_len -= i;  			}  		} - -	if (frag_len) +	else  		{ -		frag = dtls1_hm_fragment_new(frag_len); +		if (frag_len && frag_len < msg_hdr->msg_len) +			return dtls1_reassemble_fragment(s, msg_hdr, ok); + +		frag = dtls1_hm_fragment_new(frag_len, 0);  		if ( frag == NULL)  			goto err;  		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); -		/* read the body of the fragment (header has already been read */ -		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, -			frag->fragment,frag_len,0); -		if (i<=0 || (unsigned long)i!=frag_len) -			goto err; +		if (frag_len) +			{ +			/* read the body of the fragment (header has already been read */ +			i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, +				frag->fragment,frag_len,0); +			if (i<=0 || (unsigned long)i!=frag_len) +				goto err; +			}  		memset(seq64be,0,sizeof(seq64be));  		seq64be[6] = (unsigned char)(msg_hdr->seq>>8); @@ -640,14 +786,14 @@ static long  dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)  	{  	unsigned char wire[DTLS1_HM_HEADER_LENGTH]; -	unsigned long l, frag_off, frag_len; +	unsigned long len, frag_off, frag_len;  	int i,al;  	struct hm_header_st msg_hdr;  	/* see if we have the required fragment already */  	if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)  		{ -		if (*ok)	s->init_num += frag_len; +		if (*ok)	s->init_num = frag_len;  		return frag_len;  		} @@ -672,10 +818,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)  	if ( msg_hdr.seq != s->d1->handshake_read_seq)  		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); -	l = msg_hdr.msg_len; +	len = msg_hdr.msg_len;  	frag_off = msg_hdr.frag_off;  	frag_len = msg_hdr.frag_len; +	if (frag_len && frag_len < len) +		return dtls1_reassemble_fragment(s, &msg_hdr, ok); +  	if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&  		wire[0] == SSL3_MT_HELLO_REQUEST)  		{ @@ -735,7 +884,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)  	 * s->init_buf->data, but as a counter summing up fragments'  	 * lengths: as soon as they sum up to handshake packet  	 * length, we assume we have got all the fragments. */ -	s->init_num += frag_len; +	s->init_num = frag_len;  	return frag_len;  f_err: @@ -1010,7 +1159,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)  	 * been serialized */  	OPENSSL_assert(s->init_off == 0); -	frag = dtls1_hm_fragment_new(s->init_num); +	frag = dtls1_hm_fragment_new(s->init_num, 0);  	memcpy(frag->fragment, s->init_buf->data, s->init_num); diff --git a/openssl/ssl/d1_lib.c b/openssl/ssl/d1_lib.c index eeffce3cc..96b220e87 100644 --- a/openssl/ssl/d1_lib.c +++ b/openssl/ssl/d1_lib.c @@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)  		timeleft->tv_usec += 1000000;  		} +	/* If remaining time is less than 15 ms, set it to 0 +	 * to prevent issues because of small devergences with +	 * socket timeouts. +	 */ +	if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) +		{ +		memset(timeleft, 0, sizeof(struct timeval)); +		} +	 +  	return timeleft;  	} diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c index c9757e1d6..a5439d544 100644 --- a/openssl/ssl/d1_pkt.c +++ b/openssl/ssl/d1_pkt.c @@ -196,6 +196,9 @@ dtls1_copy_record(SSL *s, pitem *item)      s->packet_length = rdata->packet_length;      memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));      memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); +	 +	/* Set proper sequence number for mac calculation */ +	memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);      return(1);      } @@ -414,7 +417,7 @@ dtls1_process_record(SSL *s)  			goto err;  		/* otherwise enc_err == -1 */ -		goto decryption_failed_or_bad_record_mac; +		goto err;  		}  #ifdef TLS_DEBUG @@ -444,7 +447,7 @@ printf("\n");  			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);  			goto f_err;  #else -			goto decryption_failed_or_bad_record_mac; +			goto err;  #endif			  			}  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */ @@ -455,14 +458,14 @@ printf("\n");  			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);  			goto f_err;  #else -			goto decryption_failed_or_bad_record_mac; +			goto err;  #endif  			}  		rr->length-=mac_size;  		i=s->method->ssl3_enc->mac(s,md,0);  		if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)  			{ -			goto decryption_failed_or_bad_record_mac; +			goto err;  			}  		} @@ -504,14 +507,6 @@ printf("\n");  	dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */  	return(1); -decryption_failed_or_bad_record_mac: -	/* Separate 'decryption_failed' alert was introduced with TLS 1.0, -	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption -	 * failure is directly visible from the ciphertext anyway, -	 * we should not reveal which kind of error occured -- this -	 * might become visible to an attacker (e.g. via logfile) */ -	al=SSL_AD_BAD_RECORD_MAC; -	SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);  f_err:  	ssl3_send_alert(s,SSL3_AL_FATAL,al);  err: @@ -544,8 +539,7 @@ int dtls1_get_record(SSL *s)  	/* The epoch may have changed.  If so, process all the  	 * pending records.  This is a non-blocking operation. */ -	if ( ! dtls1_process_buffered_records(s)) -            return 0; +	dtls1_process_buffered_records(s);  	/* if we're renegotiating, then there may be buffered records */  	if (dtls1_get_processed_record(s)) @@ -667,21 +661,25 @@ again:  	if (rr->length == 0) goto again;  	/* If this record is from the next epoch (either HM or ALERT), -	 * buffer it since it cannot be processed at this time. Records -	 * from the next epoch are marked as received even though they -	 * are not processed, so as to prevent any potential resource -	 * DoS attack */ +	 * and a handshake is currently in progress, buffer it since it +	 * cannot be processed at this time. */  	if (is_next_epoch)  		{ -		dtls1_record_bitmap_update(s, bitmap); -		dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); +		if (SSL_in_init(s) || s->in_handshake) +			{ +			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); +			}  		rr->length = 0;  		s->packet_length = 0;  		goto again;  		} -	if ( ! dtls1_process_record(s)) -		return(0); +	if (!dtls1_process_record(s)) +		{ +		rr->length = 0; +		s->packet_length = 0;  /* dump this record */ +		goto again;   /* get another record */ +		}  	dtls1_clear_timeouts(s);  /* done waiting */  	return(1); @@ -809,7 +807,7 @@ start:  		 * buffer the application data for later processing rather  		 * than dropping the connection.  		 */ -		dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0); +		dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);  		rr->length = 0;  		goto start;  		} diff --git a/openssl/ssl/dtls1.h b/openssl/ssl/dtls1.h index af363a984..2900d1d8a 100644 --- a/openssl/ssl/dtls1.h +++ b/openssl/ssl/dtls1.h @@ -167,6 +167,7 @@ typedef struct hm_fragment_st  	{  	struct hm_header_st msg_header;  	unsigned char *fragment; +	unsigned char *reassembly;  	} hm_fragment;  typedef struct dtls1_state_st diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com index 85ab2f61f..c5ca9e1df 100644 --- a/openssl/ssl/ssl-lib.com +++ b/openssl/ssl/ssl-lib.com @@ -30,7 +30,7 @@ $!	   VAXC	 For VAX C.  $!	   DECC	 For DEC C.  $!	   GNUC	 For GNU C.  $! -$!  If you don't speficy a compiler, it will try to determine which +$!  If you don't specify a compiler, it will try to determine which  $!  "C" compiler to use.  $!  $!  P4, if defined, sets a TCP/IP library to use, through one of the following @@ -55,7 +55,7 @@ $ THEN  $!  $!  The Architecture Is VAX.  $! -$   ARCH := VAX +$   ARCH = "VAX"  $!  $! Else...  $! @@ -524,12 +524,12 @@ $! Else...  $!  $ ELSE  $! -$!  Else, Check To See If P1 Has A Valid Arguement. +$!  Else, Check To See If P1 Has A Valid Argument.  $!  $   IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")  $   THEN  $! -$!    A Valid Arguement. +$!    A Valid Argument.  $!  $     BUILDALL = P1  $! @@ -557,7 +557,7 @@ $!    Time To EXIT.  $!  $     EXIT  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -611,7 +611,7 @@ $!    Time To EXIT.  $!  $     EXIT  $! -$!  End The Valid Arguement Check. +$!  End The Valid Argument Check.  $!  $   ENDIF  $! @@ -893,7 +893,7 @@ $!  Show user the result  $!  $   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $! @@ -994,7 +994,7 @@ $!  Print info  $!  $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB  $! -$!  Else The User Entered An Invalid Arguement. +$!  Else The User Entered An Invalid Argument.  $!  $ ELSE  $! diff --git a/openssl/ssl/ssl_algs.c b/openssl/ssl/ssl_algs.c index a26ae4395..0967b2dfe 100644 --- a/openssl/ssl/ssl_algs.c +++ b/openssl/ssl/ssl_algs.c @@ -105,6 +105,14 @@ int SSL_library_init(void)  	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");  	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);  #endif +#ifndef OPENSSL_NO_SHA256 +	EVP_add_digest(EVP_sha224()); +	EVP_add_digest(EVP_sha256()); +#endif +#ifndef OPENSSL_NO_SHA512 +	EVP_add_digest(EVP_sha384()); +	EVP_add_digest(EVP_sha512()); +#endif  #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)  	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */  	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c index d9cb059d0..9719541f2 100644 --- a/openssl/ssl/t1_enc.c +++ b/openssl/ssl/t1_enc.c @@ -148,7 +148,7 @@  #endif  /* seed1 through seed5 are virtually concatenated */ -static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, +static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,  			int sec_len,  			const void *seed1, int seed1_len,  			const void *seed2, int seed2_len, @@ -163,55 +163,79 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,  	HMAC_CTX ctx_tmp;  	unsigned char A1[EVP_MAX_MD_SIZE];  	unsigned int A1_len; +	int ret = 0;  	chunk=EVP_MD_size(md);  	OPENSSL_assert(chunk >= 0);  	HMAC_CTX_init(&ctx);  	HMAC_CTX_init(&ctx_tmp); -	HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); -	HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); -	if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len); -	if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len); -	if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len); -	if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len); -	if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len); -	HMAC_Final(&ctx,A1,&A1_len); +	if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL)) +		goto err; +	if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL)) +		goto err; +	if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len)) +		goto err; +	if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len)) +		goto err; +	if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len)) +		goto err; +	if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len)) +		goto err; +	if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len)) +		goto err; +	if (!HMAC_Final(&ctx,A1,&A1_len)) +		goto err;  	n=0;  	for (;;)  		{ -		HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ -		HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ -		HMAC_Update(&ctx,A1,A1_len); -		HMAC_Update(&ctx_tmp,A1,A1_len); -		if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len); -		if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len); -		if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len); -		if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len); -		if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len); +		if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */ +			goto err; +		if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */ +			goto err; +		if (!HMAC_Update(&ctx,A1,A1_len)) +			goto err; +		if (!HMAC_Update(&ctx_tmp,A1,A1_len)) +			goto err; +		if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len)) +			goto err; +		if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len)) +			goto err; +		if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len)) +			goto err; +		if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len)) +			goto err; +		if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len)) +			goto err;  		if (olen > chunk)  			{ -			HMAC_Final(&ctx,out,&j); +			if (!HMAC_Final(&ctx,out,&j)) +				goto err;  			out+=j;  			olen-=j; -			HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */ +			if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */ +				goto err;  			}  		else	/* last one */  			{ -			HMAC_Final(&ctx,A1,&A1_len); +			if (!HMAC_Final(&ctx,A1,&A1_len)) +				goto err;  			memcpy(out,A1,olen);  			break;  			}  		} +	ret = 1; +err:  	HMAC_CTX_cleanup(&ctx);  	HMAC_CTX_cleanup(&ctx_tmp);  	OPENSSL_cleanse(A1,sizeof(A1)); +	return ret;  	}  /* seed1 through seed5 are virtually concatenated */ -static void tls1_PRF(long digest_mask, +static int tls1_PRF(long digest_mask,  		     const void *seed1, int seed1_len,  		     const void *seed2, int seed2_len,  		     const void *seed3, int seed3_len, @@ -225,6 +249,7 @@ static void tls1_PRF(long digest_mask,  	const unsigned char *S1;  	long m;  	const EVP_MD *md; +	int ret = 0;  	/* Count number of digests and partition sec evenly */  	count=0; @@ -239,11 +264,12 @@ static void tls1_PRF(long digest_mask,  			if (!md) {  				SSLerr(SSL_F_TLS1_PRF,  				SSL_R_UNSUPPORTED_DIGEST_TYPE); -				return;				 +				goto err;				  			} -			tls1_P_hash(md ,S1,len+(slen&1), -			            seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len, -			            out2,olen); +			if (!tls1_P_hash(md ,S1,len+(slen&1), +					seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len, +					out2,olen)) +				goto err;  			S1+=len;  			for (i=0; i<olen; i++)  			{ @@ -251,12 +277,15 @@ static void tls1_PRF(long digest_mask,  			}  		}  	} - +	ret = 1; +err: +	return ret;  } -static void tls1_generate_key_block(SSL *s, unsigned char *km, +static int tls1_generate_key_block(SSL *s, unsigned char *km,  	     unsigned char *tmp, int num)  	{ -	tls1_PRF(s->s3->tmp.new_cipher->algorithm2, +	int ret; +	ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,  		 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,  		 s->s3->server_random,SSL3_RANDOM_SIZE,  		 s->s3->client_random,SSL3_RANDOM_SIZE, @@ -274,6 +303,7 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,                  }          printf("\n");  }  #endif    /* KSSL_DEBUG */ +	return ret;  	}  int tls1_change_cipher_state(SSL *s, int which) @@ -461,22 +491,24 @@ printf("which = %04X\nmac key=",which);  		/* In here I set both the read and write key/iv to the  		 * same value since only the correct one will be used :-).  		 */ -		tls1_PRF(s->s3->tmp.new_cipher->algorithm2, -			 exp_label,exp_label_len, -			 s->s3->client_random,SSL3_RANDOM_SIZE, -			 s->s3->server_random,SSL3_RANDOM_SIZE, -			 NULL,0,NULL,0, -			 key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)); +		if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, +				exp_label,exp_label_len, +				s->s3->client_random,SSL3_RANDOM_SIZE, +				s->s3->server_random,SSL3_RANDOM_SIZE, +				NULL,0,NULL,0, +				key,j,tmp1,tmp2,EVP_CIPHER_key_length(c))) +			goto err2;  		key=tmp1;  		if (k > 0)  			{ -			tls1_PRF(s->s3->tmp.new_cipher->algorithm2, -				 TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE, -				 s->s3->client_random,SSL3_RANDOM_SIZE, -				 s->s3->server_random,SSL3_RANDOM_SIZE, -				 NULL,0,NULL,0, -				 empty,0,iv1,iv2,k*2); +			if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, +					TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE, +					s->s3->client_random,SSL3_RANDOM_SIZE, +					s->s3->server_random,SSL3_RANDOM_SIZE, +					NULL,0,NULL,0, +					empty,0,iv1,iv2,k*2)) +				goto err2;  			if (client_write)  				iv=iv1;  			else @@ -518,12 +550,13 @@ err2:  int tls1_setup_key_block(SSL *s)  	{ -	unsigned char *p1,*p2; +	unsigned char *p1,*p2=NULL;  	const EVP_CIPHER *c;  	const EVP_MD *hash;  	int num;  	SSL_COMP *comp;  	int mac_type= NID_undef,mac_secret_size=0; +	int ret=0;  #ifdef KSSL_DEBUG  	printf ("tls1_setup_key_block()\n"); @@ -548,13 +581,19 @@ int tls1_setup_key_block(SSL *s)  	ssl3_cleanup_key_block(s);  	if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) +		{ +		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);  		goto err; -	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) -		goto err; +		}  	s->s3->tmp.key_block_length=num;  	s->s3->tmp.key_block=p1; +	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) +		{ +		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); +		goto err; +		}  #ifdef TLS_DEBUG  printf("client random\n"); @@ -564,9 +603,8 @@ printf("server random\n");  printf("pre-master\n");  { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }  #endif -	tls1_generate_key_block(s,p1,p2,num); -	OPENSSL_cleanse(p2,num); -	OPENSSL_free(p2); +	if (!tls1_generate_key_block(s,p1,p2,num)) +		goto err;  #ifdef TLS_DEBUG  printf("\nkey block\n");  { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } @@ -591,10 +629,14 @@ printf("\nkey block\n");  			}  		} -	return(1); +	ret = 1;  err: -	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); -	return(0); +	if (p2) +		{ +		OPENSSL_cleanse(p2,num); +		OPENSSL_free(p2); +		} +	return(ret);  	}  int tls1_enc(SSL *s, int send) @@ -822,10 +864,11 @@ int tls1_final_finish_mac(SSL *s,  			}  		} -	tls1_PRF(s->s3->tmp.new_cipher->algorithm2, -		 str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, -		 s->session->master_key,s->session->master_key_length, -		 out,buf2,sizeof buf2); +	if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, +			str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, +			s->session->master_key,s->session->master_key_length, +			out,buf2,sizeof buf2)) +		err = 1;  	EVP_MD_CTX_cleanup(&ctx);  	if (err) diff --git a/openssl/test/cms-test.pl b/openssl/test/cms-test.pl index 6ad788346..9c50dff3e 100644 --- a/openssl/test/cms-test.pl +++ b/openssl/test/cms-test.pl @@ -54,8 +54,12 @@  # OpenSSL PKCS#7 and CMS implementations.  my $ossl_path; - -if ( -f "../apps/openssl$ENV{EXE_EXT}" ) { +my $redir = " 2>cms.err 1>cms.out"; +# Make MSYS work +if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { +    $ossl_path = "cmd /c ..\\apps\\openssl"; +} +elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {      $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";  }  elsif ( -f "..\\out32dll\\openssl.exe" ) { @@ -382,14 +386,14 @@ sub run_smime_tests {  		$rscmd =~ s/-stream//;	  		$rvcmd =~ s/-stream//;  		} -        system("$scmd$rscmd 2>cms.err 1>cms.out"); +        system("$scmd$rscmd$redir");          if ($?) {              print "$tnam: generation error\n";              $$rv++;              exit 1 if $halt_err;              next;          } -        system("$vcmd$rvcmd 2>cms.err 1>cms.out"); +        system("$vcmd$rvcmd$redir");          if ($?) {              print "$tnam: verify error\n";              $$rv++; diff --git a/openssl/test/igetest.c b/openssl/test/igetest.c index a2578d09c..1ba900244 100644 --- a/openssl/test/igetest.c +++ b/openssl/test/igetest.c @@ -221,9 +221,9 @@ static int run_test_vectors(void)  			++errs;  			} -		/* try with in == out */ +                /* try with in == out */  		memcpy(iv, v->iv, sizeof iv); -		memcpy(buf, v->in, v->length); +                memcpy(buf, v->in, v->length);  		AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);  		if(memcmp(v->out, buf, v->length)) diff --git a/openssl/test/maketests.com b/openssl/test/maketests.com index 7adb82ec3..ca072f1d1 100644 --- a/openssl/test/maketests.com +++ b/openssl/test/maketests.com @@ -42,34 +42,20 @@ $! (That is, If Wee Need To Link To One.)  $!  $ TCPIP_LIB = ""  $! -$! Check What Architecture We Are Using. +$! Check Which Architecture We Are Using.  $! -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$! -$!  The Architecture Is VAX. -$! -$   ARCH := VAX -$! -$! Else... -$! -$ ELSE -$! -$!  The Architecture Is Alpha, IA64 or whatever comes in the future. +$ if (f$getsyi( "HW_MODEL") .lt. 1024) +$ then +$    arch = "VAX" +$ else +$    arch = "" +$    arch = arch+ f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$    if (arch .eqs. "") then arch = "UNK" +$ endif  $! -$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") -$   IF (ARCH .EQS. "") THEN ARCH = "UNK" -$! -$! End The Architecture Check. -$! -$ ENDIF -$! -$! Define The OBJ Directory. +$! Define The OBJ and EXE Directories (EXE before CHECK_OPTIONS).  $!  $ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST] -$! -$! Define The EXE Directory. -$!  $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]  $!  $! Check To Make Sure We Have Valid Command Line Parameters. @@ -82,7 +68,7 @@ $ GOSUB INITIALISE  $!  $! Tell The User What Kind of Machine We Run On.  $! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." +$ WRITE SYS$OUTPUT "Compiling On ''ARCH'."  $!  $! Define The CRYPTO-LIB We Are To Use.  $! @@ -92,31 +78,12 @@ $! Define The SSL We Are To Use.  $!  $ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB  $! -$! Check To See If The Architecture Specific OBJ Directory Exists. -$! -$ IF (F$PARSE(OBJ_DIR).EQS."") -$ THEN +$! Create the OBJ and EXE Directories, if needed.  $! -$!  The EXE Directory Dosen't Exist, So Create It. -$! -$   CREATE/DIRECTORY 'OBJ_DIR' -$! -$! End The Architecture Specific OBJ Directory Check. -$! -$ ENDIF -$! -$! Check To See If The Architecture Specific EXE Directory Exists. -$! -$ IF (F$PARSE(EXE_DIR).EQS."") -$ THEN -$! -$!  The EXE Directory Dosen't Exist, So Create It. -$! -$   CREATE/DIRECTORY 'EXE_DIR' -$! -$! End The Architecture Specific EXE Directory Check. -$! -$ ENDIF +$ IF (F$PARSE(OBJ_DIR).EQS."") THEN - +   CREATE /DIRECTORY 'OBJ_DIR' +$ IF (F$PARSE(EXE_DIR).EQS."") THEN - +   CREATE /DIRECTORY 'EXE_DIR'  $!  $! Check To See If We Have The Proper Libraries.  $! @@ -140,12 +107,46 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -  	       "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -  	       "EVP_TEST,JPAKETEST"  $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? -$ +$! +$! Additional directory information. +$ T_D_BNTEST     := [-.crypto.bn] +$ T_D_ECTEST     := [-.crypto.ec] +$ T_D_ECDSATEST  := [-.crypto.ecdsa] +$ T_D_ECDHTEST   := [-.crypto.ecdh] +$ T_D_IDEATEST   := [-.crypto.idea] +$ T_D_MD2TEST    := [-.crypto.md2] +$ T_D_MD4TEST    := [-.crypto.md4] +$ T_D_MD5TEST    := [-.crypto.md5] +$ T_D_HMACTEST   := [-.crypto.hmac] +$ T_D_WP_TEST    := [-.crypto.whrlpool] +$ T_D_RC2TEST    := [-.crypto.rc2] +$ T_D_RC4TEST    := [-.crypto.rc4] +$ T_D_RC5TEST    := [-.crypto.rc5] +$ T_D_DESTEST    := [-.crypto.des] +$ T_D_SHATEST    := [-.crypto.sha] +$ T_D_SHA1TEST   := [-.crypto.sha] +$ T_D_SHA256T    := [-.crypto.sha] +$ T_D_SHA512T    := [-.crypto.sha] +$ T_D_MDC2TEST   := [-.crypto.mdc2] +$ T_D_RMDTEST    := [-.crypto.ripemd] +$ T_D_RANDTEST   := [-.crypto.rand] +$ T_D_DHTEST     := [-.crypto.dh] +$ T_D_ENGINETEST := [-.crypto.engine] +$ T_D_BFTEST     := [-.crypto.bf] +$ T_D_CASTTEST   := [-.crypto.cast] +$ T_D_SSLTEST    := [-.ssl] +$ T_D_EXPTEST    := [-.crypto.bn] +$ T_D_DSATEST    := [-.crypto.dsa] +$ T_D_RSA_TEST   := [-.crypto.rsa] +$ T_D_EVP_TEST   := [-.crypto.evp] +$ T_D_JPAKETEST  := [-.crypto.jpake] +$ T_D_IGETEST    := [-.test] +$!  $ TCPIP_PROGRAMS = ",,"  $ IF COMPILER .EQS. "VAXC" THEN -       TCPIP_PROGRAMS = ",SSLTEST,"  $! -$!  Define A File Counter And Set It To "0". +$! Define A File Counter And Set It To "0".  $!  $ FILE_COUNTER = 0  $! @@ -167,7 +168,7 @@ $ FILE_COUNTER = FILE_COUNTER + 1  $!  $! Create The Source File Name.  $! -$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C" +$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C"  $!  $! Create The Object File Name.  $! @@ -201,9 +202,7 @@ $!  $! Compile The File.  $!  $ ON ERROR THEN GOTO NEXT_FILE -$ CC/OBJECT='OBJECT_FILE' /PREFIX=ALL - -    /INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO],SYS$DISK:[-.CRYPTO.X509V3],SYS$DISK:[-.INCLUDE.OPENSSL]) -  -    'SOURCE_FILE' +$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE'  $ ON WARNING THEN GOTO NEXT_FILE  $!  $! Check If What We Are About To Compile Works Without A TCP/IP Library. @@ -213,7 +212,8 @@ $ THEN  $!  $!  Inform The User That A TCP/IP Library Is Needed To Compile This Program.  $! -$   WRITE SYS$OUTPUT FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..." +$   WRITE SYS$OUTPUT - +	  FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..."  $   GOTO NEXT_FILE  $!  $! End The TCP/IP Library Check. @@ -228,10 +228,12 @@ $ THEN  $!  $!  Don't Link With The RSAREF Routines And TCP/IP Library.  $! -$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - +$   LINK /'DEBUGGER' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' -  	'OBJECT_FILE', - -        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - -        'TCPIP_LIB','OPT_FILE'/OPTION +	'SSL_LIB' /LIBRARY, - +	'CRYPTO_LIB' /LIBRARY, - +	'TCPIP_LIB', - +	'OPT_FILE' /OPTIONS  $!  $! Else...  $! @@ -239,10 +241,11 @@ $ ELSE  $!  $!  Don't Link With The RSAREF Routines And Link With A TCP/IP Library.  $! -$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - +$   LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' -  	'OBJECT_FILE', - -        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - -        'OPT_FILE'/OPTION +	'SSL_LIB' /LIBRARY, - +	'CRYPTO_LIB' /LIBRARY, - +	'OPT_FILE' /OPTIONS  $!  $! End The TCP/IP Library Check.  $! @@ -281,10 +284,10 @@ $!  $     CREATE 'OPT_FILE'  $DECK  ! -! Default System Options File To Link Agianst  +! Default System Options File To Link Against   ! The Sharable VAX C Runtime Library.  ! -SYS$SHARE:VAXCRTL.EXE/SHARE +SYS$SHARE:VAXCRTL.EXE /SHAREABLE  $EOD  $!  $!  End The Option File Check. @@ -313,8 +316,8 @@ $DECK  ! Default System Options File To Link Agianst   ! The Sharable C Runtime Library.  ! -GNU_CC:[000000]GCCLIB/LIBRARY -SYS$SHARE:VAXCRTL/SHARE +GNU_CC:[000000]GCCLIB.OLB /LIBRARY +SYS$SHARE:VAXCRTL.EXE /SHAREABLE  $EOD  $!  $!  End The Option File Check. @@ -348,7 +351,7 @@ $DECK  ! Default System Options File To Link Agianst   ! The Sharable DEC C Runtime Library.  ! -SYS$SHARE:DECC$SHR.EXE/SHARE +SYS$SHARE:DECC$SHR.EXE /SHAREABLE  $EOD  $!  $!    Else... @@ -363,8 +366,8 @@ $DECK  ! Default System Options File For non-VAX To Link Agianst   ! The Sharable C Runtime Library.  ! -SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE -SYS$SHARE:CMA$OPEN_RTL/SHARE +SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE +SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE  $EOD  $!  $!    End The DEC C Option File Check. @@ -622,9 +625,9 @@ $!    Use DECC...  $!  $     CC = "CC"  $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - -	 THEN CC = "CC/DECC" -$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - -           "/NOLIST/PREFIX=ALL" + - +	 THEN CC = "CC /DECC" +$     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + - +           "/NOLIST /PREFIX=ALL" + -  	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS  $!  $!    Define The Linker Options File Name. @@ -656,14 +659,14 @@ $     THEN  $	WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"  $	EXIT  $     ENDIF -$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC" +$     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -  	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS  $     CCDEFS = CCDEFS + ",""VAXC"""  $!  $!    Define <sys> As SYS$COMMON:[SYSLIB]  $! -$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] +$     DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB]  $!  $!    Define The Linker Options File Name.  $! @@ -688,7 +691,7 @@ $     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."  $!  $!    Use GNU C...  $! -$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$     CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -  	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS  $!  $!    Define The Linker Options File Name. @@ -723,7 +726,7 @@ $   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS  $!  $!  Show user the result  $! -$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC +$   WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC  $!  $!  Else The User Entered An Invalid Arguement.  $! @@ -757,7 +760,7 @@ $   THEN  $!  $!    Set the library to use SOCKETSHR  $! -$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"  $!  $!    Done with SOCKETSHR  $! @@ -768,7 +771,7 @@ $!  $   IF P3.EQS."MULTINET"  $   THEN  $! -$!    Set the library to use UXC emulation. +$!    Set the library to use UCX emulation.  $!  $     P3 = "UCX"  $! @@ -783,13 +786,13 @@ $   THEN  $!  $!    Set the library to use UCX.  $! -$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" +$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"  $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""  $     THEN -$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"  $     ELSE  $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - -	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" +	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"  $     ENDIF  $!  $!    Done with UCX @@ -803,7 +806,7 @@ $   THEN  $!  $!    Set the library to use TCPIP (post UCX).  $! -$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"  $!  $!    Done with TCPIP  $! @@ -901,7 +904,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"  $!  $! Set up the logical name OPENSSL to point at the include directory  $! -$ DEFINE OPENSSL/NOLOG '__INCLUDE' +$ DEFINE OPENSSL /NOLOG '__INCLUDE'  $!  $! Done  $! @@ -915,7 +918,7 @@ $ IF __SAVE_OPENSSL .EQS. ""  $ THEN  $   DEASSIGN OPENSSL  $ ELSE -$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL' +$   DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'  $ ENDIF  $!  $! Done diff --git a/openssl/tools/c_rehash b/openssl/tools/c_rehash index fef1f60e6..6a20011a4 100644 --- a/openssl/tools/c_rehash +++ b/openssl/tools/c_rehash @@ -7,6 +7,7 @@  my $openssl;  my $dir = "/usr/local/ssl"; +my $prefix = "/usr/local/ssl";  if(defined $ENV{OPENSSL}) {  	$openssl = $ENV{OPENSSL}; @@ -24,7 +25,7 @@ if (defined(&Cwd::getcwd)) {  }  my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? -$ENV{PATH} .= "$path_delim$dir/bin"; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path  if(! -x $openssl) {  	my $found = 0; diff --git a/openssl/tools/c_rehash.in b/openssl/tools/c_rehash.in index 6dd3c24fc..bfc4a69ed 100644 --- a/openssl/tools/c_rehash.in +++ b/openssl/tools/c_rehash.in @@ -7,6 +7,7 @@  my $openssl;  my $dir; +my $prefix;  if(defined $ENV{OPENSSL}) {  	$openssl = $ENV{OPENSSL}; @@ -24,7 +25,7 @@ if (defined(&Cwd::getcwd)) {  }  my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? -$ENV{PATH} .= "$path_delim$dir/bin"; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path  if(! -x $openssl) {  	my $found = 0; diff --git a/openssl/util/libeay.num b/openssl/util/libeay.num index 007e1f8ba..6f3067ae2 100644 --- a/openssl/util/libeay.num +++ b/openssl/util/libeay.num @@ -3752,7 +3752,7 @@ TS_REQ_set_policy_id                    4138	EXIST::FUNCTION:  d2i_TS_RESP_fp                          4139	EXIST::FUNCTION:  ENGINE_get_pkey_asn1_meth_engine        4140	EXIST:!VMS:FUNCTION:ENGINE  ENGINE_get_pkey_asn1_meth_eng           4140	EXIST:VMS:FUNCTION:ENGINE -WHIRLPOOL_Init                          4141	EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL_Init                          4141	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL  TS_RESP_set_status_info                 4142	EXIST::FUNCTION:  EVP_PKEY_keygen                         4143	EXIST::FUNCTION:  EVP_DigestSignInit                      4144	EXIST::FUNCTION: @@ -3761,7 +3761,7 @@ TS_REQ_dup                              4146	EXIST::FUNCTION:  GENERAL_NAME_dup                        4147	EXIST::FUNCTION:  ASN1_SEQUENCE_ANY_it                    4148	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:  ASN1_SEQUENCE_ANY_it                    4148	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -WHIRLPOOL                               4149	EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL                               4149	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL  X509_STORE_get1_crls                    4150	EXIST::FUNCTION:  ENGINE_get_pkey_asn1_meth               4151	EXIST::FUNCTION:ENGINE  EVP_PKEY_asn1_new                       4152	EXIST::FUNCTION: @@ -3812,7 +3812,7 @@ DSO_global_lookup                       4195	EXIST::FUNCTION:  TS_CONF_set_tsa_name                    4196	EXIST::FUNCTION:  i2d_ASN1_SET_ANY                        4197	EXIST::FUNCTION:  ENGINE_load_gost                        4198	EXIST::FUNCTION:ENGINE,GOST,STATIC_ENGINE -WHIRLPOOL_BitUpdate                     4199	EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL_BitUpdate                     4199	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL  ASN1_PCTX_get_flags                     4200	EXIST::FUNCTION:  TS_TST_INFO_get_ext_by_NID              4201	EXIST::FUNCTION:  TS_RESP_new                             4202	EXIST::FUNCTION: @@ -3861,10 +3861,10 @@ EVP_PKEY_meth_set_sign                  4243	EXIST::FUNCTION:  CRYPTO_THREADID_current                 4244	EXIST::FUNCTION:  EVP_PKEY_decrypt_init                   4245	EXIST::FUNCTION:  NETSCAPE_X509_free                      4246	EXIST::FUNCTION: -i2b_PVK_bio                             4247	EXIST::FUNCTION: +i2b_PVK_bio                             4247	EXIST::FUNCTION:RC4  EVP_PKEY_print_private                  4248	EXIST::FUNCTION:  GENERAL_NAME_get0_value                 4249	EXIST::FUNCTION: -b2i_PVK_bio                             4250	EXIST::FUNCTION: +b2i_PVK_bio                             4250	EXIST::FUNCTION:RC4  ASN1_UTCTIME_adj                        4251	EXIST::FUNCTION:  TS_TST_INFO_new                         4252	EXIST::FUNCTION:  EVP_MD_do_all_sorted                    4253	EXIST::FUNCTION: @@ -3975,7 +3975,7 @@ X509_PUBKEY_get0_param                  4356	EXIST::FUNCTION:  TS_MSG_IMPRINT_dup                      4357	EXIST::FUNCTION:  PKCS7_print_ctx                         4358	EXIST::FUNCTION:  i2d_TS_REQ_bio                          4359	EXIST::FUNCTION: -EVP_whirlpool                           4360	EXIST::FUNCTION:WHIRLPOOL +EVP_whirlpool                           4360	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL  EVP_PKEY_asn1_set_param                 4361	EXIST::FUNCTION:  EVP_PKEY_meth_set_encrypt               4362	EXIST::FUNCTION:  ASN1_PCTX_set_flags                     4363	EXIST::FUNCTION: @@ -3986,7 +3986,7 @@ ENGINE_register_all_pkey_meths          4367	EXIST::FUNCTION:ENGINE  TS_RESP_CTX_set_status_info_cond        4368	EXIST:!VMS:FUNCTION:  TS_RESP_CTX_set_stat_info_cond          4368	EXIST:VMS:FUNCTION:  EVP_PKEY_verify                         4369	EXIST::FUNCTION: -WHIRLPOOL_Final                         4370	EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL_Final                         4370	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL  X509_CRL_METHOD_new                     4371	EXIST::FUNCTION:  EVP_DigestSignFinal                     4372	EXIST::FUNCTION:  TS_RESP_CTX_set_def_policy              4373	EXIST::FUNCTION: @@ -4068,7 +4068,7 @@ ERR_remove_thread_state                 4445	EXIST::FUNCTION:  EVP_PKEY_meth_add0                      4446	EXIST::FUNCTION:  TS_TST_INFO_set_tsa                     4447	EXIST::FUNCTION:  EVP_PKEY_meth_new                       4448	EXIST::FUNCTION: -WHIRLPOOL_Update                        4449	EXIST::FUNCTION:WHIRLPOOL +WHIRLPOOL_Update                        4449	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL  TS_CONF_set_accuracy                    4450	EXIST::FUNCTION:  ASN1_PCTX_set_oid_flags                 4451	EXIST::FUNCTION:  ESS_SIGNING_CERT_dup                    4452	EXIST::FUNCTION: @@ -4173,6 +4173,8 @@ X509_STORE_CTX_get0_cur_issuer          4546	EXIST:VMS:FUNCTION:  X509_issuer_name_hash_old               4547	EXIST::FUNCTION:MD5  X509_subject_name_hash_old              4548	EXIST::FUNCTION:MD5  EVP_CIPHER_CTX_copy                     4549	EXIST::FUNCTION: -UI_method_get_prompt_constructor        4550	EXIST::FUNCTION: -UI_method_set_prompt_constructor        4551	EXIST::FUNCTION: +UI_method_get_prompt_constructor        4550	EXIST:!VMS:FUNCTION: +UI_method_get_prompt_constructr         4550	EXIST:VMS:FUNCTION: +UI_method_set_prompt_constructor        4551	EXIST:!VMS:FUNCTION: +UI_method_set_prompt_constructr         4551	EXIST:VMS:FUNCTION:  EVP_read_pw_string_min                  4552	EXIST::FUNCTION: diff --git a/openssl/util/mkdef.pl b/openssl/util/mkdef.pl index 1d579c897..a4a17e3ae 100644 --- a/openssl/util/mkdef.pl +++ b/openssl/util/mkdef.pl @@ -978,6 +978,12 @@ sub do_defs  	$platform{"SHA512_Update"} = "!VMSVAX";  	$platform{"SHA512_Final"} = "!VMSVAX";  	$platform{"SHA512"} = "!VMSVAX"; +	$platform{"WHIRLPOOL_Init"} = "!VMSVAX"; +	$platform{"WHIRLPOOL"} = "!VMSVAX"; +	$platform{"WHIRLPOOL_BitUpdate"} = "!VMSVAX"; +	$platform{"EVP_whirlpool"} = "!VMSVAX"; +	$platform{"WHIRLPOOL_Final"} = "!VMSVAX"; +	$platform{"WHIRLPOOL_Update"} = "!VMSVAX";  	# Info we know about diff --git a/openssl/util/pl/VC-32.pl b/openssl/util/pl/VC-32.pl index 45013475d..c3e29fda9 100644 --- a/openssl/util/pl/VC-32.pl +++ b/openssl/util/pl/VC-32.pl @@ -122,21 +122,26 @@ else	# Win32      }  $mlflags=''; -$out_def="out32"; $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); -$tmp_def="tmp32"; $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); +$out_def ="out32";	$out_def.="dll"			if ($shlib); +			$out_def.='_$(TARGETCPU)'	if ($FLAVOR =~ /CE/); +$tmp_def ="tmp32";	$tmp_def.="dll"			if ($shlib); +			$tmp_def.='_$(TARGETCPU)'	if ($FLAVOR =~ /CE/);  $inc_def="inc32";  if ($debug)  	{  	$cflags=$dbg_cflags.$base_cflags; -	$lflags.=" /debug"; -	$mlflags.=' /debug';  	}  else  	{  	$cflags=$opt_cflags.$base_cflags;  	} +# generate symbols.pdb unconditionally +$app_cflag.=" /Zi /Fd$tmp_def/app"; +$lib_cflag.=" /Zi /Fd$tmp_def/lib"; +$lflags.=" /debug"; +  $obj='.obj';  $asm_suffix='.asm';  $ofile="/Fo"; @@ -176,18 +181,15 @@ $lfile='/out:';  $shlib_ex_obj="";  $app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/);  if ($FLAVOR =~ /WIN64A/) { -	if (`nasm -v` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { -		$asm='nasm -f win64 -DNEAR -Ox'; -		$asm.=' -g' if $debug; +	if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { +		$asm='nasm -f win64 -DNEAR -Ox -g';  		$afile='-o ';  	} else { -		$asm='ml64 /c /Cp /Cx'; -		$asm.=" /Zi" if $debug; +		$asm='ml64 /c /Cp /Cx /Zi';  		$afile='/Fo';  	}  } elsif ($FLAVOR =~ /WIN64I/) { -	$asm='ias'; -	$asm.=" -d debug" if $debug; +	$asm='ias -d debug';  	$afile="-o ";  } elsif ($nasm) {  	my $ver=`nasm -v 2>NUL`; @@ -197,8 +199,7 @@ if ($FLAVOR =~ /WIN64A/) {  	$asmtype="win32n";  	$afile='-o ';  } else { -	$asm='ml /nologo /Cp /coff /c /Cx'; -	$asm.=" /Zi" if $debug; +	$asm='ml /nologo /Cp /coff /c /Cx /Zi';  	$afile='/Fo';  	$asmtype="win32";  } @@ -230,9 +231,7 @@ if (!$no_asm)  if ($shlib && $FLAVOR !~ /CE/)  	{  	$mlflags.=" $lflags /dll"; -	$lib_cflag=" -D_WINDLL"; -	$out_def="out32dll"; -	$tmp_def="tmp32dll"; +	$lib_cflag.=" -D_WINDLL";  	#  	# Engage Applink...  	# @@ -262,13 +261,9 @@ elsif ($shlib && $FLAVOR =~ /CE/)  	{  	$mlflags.=" $lflags /dll";  	$lflags.=' /entry:mainCRTstartup' if(defined($ENV{'PORTSDK_LIBPATH'})); -	$lib_cflag=" -D_WINDLL -D_DLL"; -	$out_def='out32dll_$(TARGETCPU)'; -	$tmp_def='tmp32dll_$(TARGETCPU)'; +	$lib_cflag.=" -D_WINDLL -D_DLL";  	} -$cflags.=" /Fd$out_def"; -  sub do_lib_rule  	{  	local($objs,$target,$name,$shlib)=@_; diff --git a/packages.txt b/packages.txt index 94407b1c5..548aa3331 100644 --- a/packages.txt +++ b/packages.txt @@ -62,7 +62,7 @@ libXpm-3.5.8  libXt-1.0.8
  mesa-7.8.1
  mkfontscale-1.0.7
 -openssl-1.0.0
 +openssl-1.0.0a
  pixman-0.18.2
  pthreads-w32-2-8-0-release
  randrproto-1.3.1
 | 
