aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--openssl/CHANGES17
-rw-r--r--openssl/Configure10
-rw-r--r--openssl/FAQ4
-rw-r--r--openssl/NEWS13
-rw-r--r--openssl/README4
-rw-r--r--openssl/apps/CA.com4
-rw-r--r--openssl/apps/apps.c16
-rw-r--r--openssl/apps/dsa.c2
-rw-r--r--openssl/apps/makeapps.com10
-rw-r--r--openssl/apps/rsa.c2
-rw-r--r--openssl/crypto/aes/asm/aes-ppc.pl269
-rw-r--r--openssl/crypto/bio/b_sock.c7
-rw-r--r--openssl/crypto/bio/bss_file.c43
-rw-r--r--openssl/crypto/bn/asm/alpha-mont.pl8
-rw-r--r--openssl/crypto/cms/cms_asn1.c4
-rw-r--r--openssl/crypto/cryptlib.c12
-rw-r--r--openssl/crypto/crypto-lib.com28
-rw-r--r--openssl/crypto/des/des-lib.com12
-rw-r--r--openssl/crypto/des/rpc_des.h4
-rw-r--r--openssl/crypto/dsa/dsa_ameth.c2
-rw-r--r--openssl/crypto/err/err_prn.c3
-rw-r--r--openssl/crypto/evp/bio_b64.c77
-rw-r--r--openssl/crypto/evp/pmeth_lib.c1
-rw-r--r--openssl/crypto/md5/asm/md5-ia64.S2
-rw-r--r--openssl/crypto/modes/cfb128.c8
-rw-r--r--openssl/crypto/modes/ctr128.c28
-rw-r--r--openssl/crypto/modes/ofb128.c4
-rw-r--r--openssl/crypto/opensslv.h6
-rw-r--r--openssl/crypto/pem/pem.h3
-rw-r--r--openssl/crypto/pem/pvkfmt.c5
-rw-r--r--openssl/crypto/perlasm/x86_64-xlate.pl25
-rw-r--r--openssl/crypto/rsa/rsa_pmeth.c2
-rw-r--r--openssl/crypto/sparccpuid.S2
-rw-r--r--openssl/crypto/stack/safestack.h2
-rw-r--r--openssl/crypto/symhacks.h6
-rw-r--r--openssl/crypto/ts/Makefile3
-rw-r--r--openssl/crypto/x509v3/v3_pci.c28
-rw-r--r--openssl/crypto/x86_64cpuid.pl3
-rw-r--r--openssl/doc/crypto/BIO_f_buffer.pod9
-rw-r--r--openssl/doc/crypto/BIO_s_file.pod4
-rw-r--r--openssl/doc/crypto/BIO_should_retry.pod2
-rw-r--r--openssl/doc/ssl/SSL_library_init.pod16
-rw-r--r--openssl/e_os.h1
-rw-r--r--openssl/engines/ccgost/gost94_keyx.c2
-rw-r--r--openssl/engines/ccgost/gost_ameth.c2
-rw-r--r--openssl/engines/ccgost/gost_crypt.c6
-rw-r--r--openssl/engines/e_chil.c54
-rw-r--r--openssl/engines/e_ubsec.c2
-rw-r--r--openssl/engines/makeengines.com67
-rw-r--r--openssl/makevms.com424
-rw-r--r--openssl/openssl.spec2
-rw-r--r--openssl/ssl/d1_both.c315
-rw-r--r--openssl/ssl/d1_lib.c10
-rw-r--r--openssl/ssl/d1_pkt.c44
-rw-r--r--openssl/ssl/dtls1.h1
-rw-r--r--openssl/ssl/ssl-lib.com16
-rw-r--r--openssl/ssl/ssl_algs.c8
-rw-r--r--openssl/ssl/t1_enc.c151
-rw-r--r--openssl/test/cms-test.pl12
-rw-r--r--openssl/test/igetest.c4
-rw-r--r--openssl/test/maketests.com173
-rw-r--r--openssl/tools/c_rehash3
-rw-r--r--openssl/tools/c_rehash.in3
-rw-r--r--openssl/util/libeay.num22
-rw-r--r--openssl/util/mkdef.pl6
-rw-r--r--openssl/util/pl/VC-32.pl38
-rw-r--r--packages.txt2
67 files changed, 1332 insertions, 746 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES
index e8655ab14..b139cf624 100644
--- a/openssl/CHANGES
+++ b/openssl/CHANGES
@@ -2,6 +2,12 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.0 and 1.0.0a [01 Jun 2010]
+
+ *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
+ (CVE-2010-1633)
+ [Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
+
Changes between 0.9.8n and 1.0.0 [29 Mar 2010]
*) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
@@ -843,6 +849,17 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
+ Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
+
+ *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+ access or freeing data twice (CVE-2010-0742)
+ [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
+
+ *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
+ common in certificates and some applications which only call
+ SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
+ [Steve Henson]
+
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never
diff --git a/openssl/Configure b/openssl/Configure
index ec7faae4f..a94ad4fd3 100644
--- a/openssl/Configure
+++ b/openssl/Configure
@@ -503,7 +503,7 @@ my %table=(
"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
# MinGW
-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall:::MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
+"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
# compiled with one compiler with application compiled with another
# compiler. It's possible to engage Applink support in mingw64 build,
@@ -511,7 +511,7 @@ my %table=(
# handling, one can't seriously consider its binaries for using with
# non-mingw64 run-time environment. And as mingw64 is always consistent
# with itself, Applink is never engaged and can as well be omitted.
-"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE:::MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
+"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
# UWIN
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
@@ -547,7 +547,7 @@ my %table=(
##### MacOS X (a.k.a. Rhapsody or Darwin) setup
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
@@ -1789,11 +1789,11 @@ EOF
(system $make_command.$make_targets) == 0 or exit $?
if $make_targets ne "";
if ( $perl =~ m@^/@) {
- &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+ &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
# No path for Perl known ...
- &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+ &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend) {
diff --git a/openssl/FAQ b/openssl/FAQ
index 2134e3af1..becee6663 100644
--- a/openssl/FAQ
+++ b/openssl/FAQ
@@ -79,7 +79,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0 was released on Mar 29th, 2010.
+OpenSSL 1.0.0a was released on Jun 1st, 2010.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -722,7 +722,7 @@ file.
Multi-threaded applications must provide two callback functions to
OpenSSL by calling CRYPTO_set_locking_callback() and
CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
-including 0.9.8[abc...]. As of version 0.9.9, CRYPTO_set_id_callback()
+including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
and friends. This is described in the threads(3) manpage.
diff --git a/openssl/NEWS b/openssl/NEWS
index 4fc76d10f..3a787ea06 100644
--- a/openssl/NEWS
+++ b/openssl/NEWS
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
+
+ o Fix for security issue CVE-2010-1633.
+ o GOST MAC and CFB fixes.
+
Major changes between OpenSSL 0.9.8n and OpenSSL 1.0:
o RFC3280 path validation: sufficient to process PKITS tests.
@@ -28,6 +33,14 @@
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
+ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
+
+ o Fix for security issue CVE-2010-0742.
+ o Various DTLS fixes.
+ o Recognise SHA2 certificates if only SSL algorithms added.
+ o Fix for no-rc4 compilation.
+ o Chil ENGINE unload workaround.
+
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
o CFB cipher definition fixes.
diff --git a/openssl/README b/openssl/README
index b649a66d1..c1d0a5fd5 100644
--- a/openssl/README
+++ b/openssl/README
@@ -1,7 +1,7 @@
- OpenSSL 1.0.0 29 Mar 2010
+ OpenSSL 1.0.0a 1 Jun 2010
- Copyright (c) 1998-2009 The OpenSSL Project
+ Copyright (c) 1998-2010 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --git a/openssl/apps/CA.com b/openssl/apps/CA.com
index 02682e424..69b7bb3fd 100644
--- a/openssl/apps/CA.com
+++ b/openssl/apps/CA.com
@@ -114,8 +114,8 @@ $!
$ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
$ THEN
$ READ '__INPUT' FILE -
- /PROMT="CA certificate filename (or enter to create)"
-$ IF F$SEARCH(FILE) .NES. ""
+ /PROMPT="CA certificate filename (or enter to create)"
+$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
$ THEN
$ COPY 'FILE' 'CATOP'.private'CAKEY'
$ RET=$STATUS
diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c
index 5dccea70d..acc50df04 100644
--- a/openssl/apps/apps.c
+++ b/openssl/apps/apps.c
@@ -875,10 +875,17 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
if (format == FORMAT_ENGINE)
{
if (!e)
- BIO_printf(bio_err,"no engine specified\n");
+ BIO_printf(err,"no engine specified\n");
else
+ {
pkey = ENGINE_load_private_key(e, file,
ui_method, &cb_data);
+ if (!pkey)
+ {
+ BIO_printf(err,"cannot load %s from engine\n",key_descrip);
+ ERR_print_errors(err);
+ }
+ }
goto end;
}
#endif
@@ -923,7 +930,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
&pkey, NULL, NULL))
goto end;
}
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PrivateKey_bio(key);
else if (format == FORMAT_PVK)
@@ -937,8 +944,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
}
end:
if (key != NULL) BIO_free(key);
- if (pkey == NULL)
+ if (pkey == NULL)
+ {
BIO_printf(err,"unable to load %s\n", key_descrip);
+ ERR_print_errors(err);
+ }
return(pkey);
}
diff --git a/openssl/apps/dsa.c b/openssl/apps/dsa.c
index 1109346f7..5222487ab 100644
--- a/openssl/apps/dsa.c
+++ b/openssl/apps/dsa.c
@@ -334,7 +334,7 @@ bad:
i=PEM_write_bio_DSA_PUBKEY(out,dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
NULL,0,NULL, passout);
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
diff --git a/openssl/apps/makeapps.com b/openssl/apps/makeapps.com
index b96c4a1c6..58f286562 100644
--- a/openssl/apps/makeapps.com
+++ b/openssl/apps/makeapps.com
@@ -25,7 +25,7 @@ $! VAXC For VAX C.
$! DECC For DEC C.
$! GNUC For GNU C.
$!
-$! If you don't speficy a compiler, it will try to determine which
+$! If you don't specify a compiler, it will try to determine which
$! "C" compiler to use.
$!
$! P3, if defined, sets a TCP/IP library to use, through one of the following
@@ -52,7 +52,7 @@ $ THEN
$!
$! The Architecture Is VAX.
$!
-$ ARCH := VAX
+$ ARCH = "VAX"
$!
$! Else...
$!
@@ -555,7 +555,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -770,7 +770,7 @@ $! Set up default defines
$!
$ CCDEFS = """FLAT_INC=1""," + CCDEFS
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
@@ -875,7 +875,7 @@ $! Print info
$!
$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
diff --git a/openssl/apps/rsa.c b/openssl/apps/rsa.c
index b3c8aff7e..a17708fe9 100644
--- a/openssl/apps/rsa.c
+++ b/openssl/apps/rsa.c
@@ -409,7 +409,7 @@ bad:
}
else i=PEM_write_bio_RSAPrivateKey(out,rsa,
enc,NULL,0,NULL,passout);
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
diff --git a/openssl/crypto/aes/asm/aes-ppc.pl b/openssl/crypto/aes/asm/aes-ppc.pl
index ce427655e..f82c5e181 100644
--- a/openssl/crypto/aes/asm/aes-ppc.pl
+++ b/openssl/crypto/aes/asm/aes-ppc.pl
@@ -16,6 +16,19 @@
# at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact -
# at 1/3 of ppc_AES_decrypt.
+# February 2010
+#
+# Rescheduling instructions to favour Power6 pipeline gives 10%
+# performance improvement on the platfrom in question (and marginal
+# improvement even on others). It should be noted that Power6 fails
+# to process byte in 18 cycles, only in 23, because it fails to issue
+# 4 load instructions in two cycles, only in 3. As result non-compact
+# block subroutines are 25% slower than one would expect. Compact
+# functions scale better, because they have pure computational part,
+# which scales perfectly with clock frequency. To be specific
+# ppc_AES_encrypt_compact operates at 42 cycles per byte, while
+# ppc_AES_decrypt_compact - at 55 (in 64-bit build).
+
$flavour = shift;
if ($flavour =~ /64/) {
@@ -376,7 +389,7 @@ $code.=<<___;
addi $sp,$sp,$FRAME
blr
-.align 4
+.align 5
Lppc_AES_encrypt:
lwz $acc00,240($key)
lwz $t0,0($key)
@@ -397,46 +410,46 @@ Lppc_AES_encrypt:
Lenc_loop:
rlwinm $acc00,$s0,`32-24+3`,21,28
rlwinm $acc01,$s1,`32-24+3`,21,28
- lwz $t0,0($key)
- lwz $t1,4($key)
rlwinm $acc02,$s2,`32-24+3`,21,28
rlwinm $acc03,$s3,`32-24+3`,21,28
- lwz $t2,8($key)
- lwz $t3,12($key)
+ lwz $t0,0($key)
+ lwz $t1,4($key)
rlwinm $acc04,$s1,`32-16+3`,21,28
rlwinm $acc05,$s2,`32-16+3`,21,28
- lwzx $acc00,$Tbl0,$acc00
- lwzx $acc01,$Tbl0,$acc01
+ lwz $t2,8($key)
+ lwz $t3,12($key)
rlwinm $acc06,$s3,`32-16+3`,21,28
rlwinm $acc07,$s0,`32-16+3`,21,28
- lwzx $acc02,$Tbl0,$acc02
- lwzx $acc03,$Tbl0,$acc03
+ lwzx $acc00,$Tbl0,$acc00
+ lwzx $acc01,$Tbl0,$acc01
rlwinm $acc08,$s2,`32-8+3`,21,28
rlwinm $acc09,$s3,`32-8+3`,21,28
- lwzx $acc04,$Tbl1,$acc04
- lwzx $acc05,$Tbl1,$acc05
+ lwzx $acc02,$Tbl0,$acc02
+ lwzx $acc03,$Tbl0,$acc03
rlwinm $acc10,$s0,`32-8+3`,21,28
rlwinm $acc11,$s1,`32-8+3`,21,28
- lwzx $acc06,$Tbl1,$acc06
- lwzx $acc07,$Tbl1,$acc07
+ lwzx $acc04,$Tbl1,$acc04
+ lwzx $acc05,$Tbl1,$acc05
rlwinm $acc12,$s3,`0+3`,21,28
rlwinm $acc13,$s0,`0+3`,21,28
- lwzx $acc08,$Tbl2,$acc08
- lwzx $acc09,$Tbl2,$acc09
+ lwzx $acc06,$Tbl1,$acc06
+ lwzx $acc07,$Tbl1,$acc07
rlwinm $acc14,$s1,`0+3`,21,28
rlwinm $acc15,$s2,`0+3`,21,28
- lwzx $acc10,$Tbl2,$acc10
- lwzx $acc11,$Tbl2,$acc11
+ lwzx $acc08,$Tbl2,$acc08
+ lwzx $acc09,$Tbl2,$acc09
xor $t0,$t0,$acc00
xor $t1,$t1,$acc01
- lwzx $acc12,$Tbl3,$acc12
- lwzx $acc13,$Tbl3,$acc13
+ lwzx $acc10,$Tbl2,$acc10
+ lwzx $acc11,$Tbl2,$acc11
xor $t2,$t2,$acc02
xor $t3,$t3,$acc03
- lwzx $acc14,$Tbl3,$acc14
- lwzx $acc15,$Tbl3,$acc15
+ lwzx $acc12,$Tbl3,$acc12
+ lwzx $acc13,$Tbl3,$acc13
xor $t0,$t0,$acc04
xor $t1,$t1,$acc05
+ lwzx $acc14,$Tbl3,$acc14
+ lwzx $acc15,$Tbl3,$acc15
xor $t2,$t2,$acc06
xor $t3,$t3,$acc07
xor $t0,$t0,$acc08
@@ -452,60 +465,60 @@ Lenc_loop:
addi $Tbl2,$Tbl0,2048
nop
- lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4
- lwz $acc09,`2048+32`($Tbl0)
- lwz $acc10,`2048+64`($Tbl0)
- lwz $acc11,`2048+96`($Tbl0)
- lwz $acc08,`2048+128`($Tbl0)
- lwz $acc09,`2048+160`($Tbl0)
- lwz $acc10,`2048+192`($Tbl0)
- lwz $acc11,`2048+224`($Tbl0)
- rlwinm $acc00,$s0,`32-24`,24,31
- rlwinm $acc01,$s1,`32-24`,24,31
lwz $t0,0($key)
lwz $t1,4($key)
- rlwinm $acc02,$s2,`32-24`,24,31
- rlwinm $acc03,$s3,`32-24`,24,31
+ rlwinm $acc00,$s0,`32-24`,24,31
+ rlwinm $acc01,$s1,`32-24`,24,31
lwz $t2,8($key)
lwz $t3,12($key)
+ rlwinm $acc02,$s2,`32-24`,24,31
+ rlwinm $acc03,$s3,`32-24`,24,31
+ lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4
+ lwz $acc09,`2048+32`($Tbl0)
rlwinm $acc04,$s1,`32-16`,24,31
rlwinm $acc05,$s2,`32-16`,24,31
- lbzx $acc00,$Tbl2,$acc00
- lbzx $acc01,$Tbl2,$acc01
+ lwz $acc10,`2048+64`($Tbl0)
+ lwz $acc11,`2048+96`($Tbl0)
rlwinm $acc06,$s3,`32-16`,24,31
rlwinm $acc07,$s0,`32-16`,24,31
- lbzx $acc02,$Tbl2,$acc02
- lbzx $acc03,$Tbl2,$acc03
+ lwz $acc12,`2048+128`($Tbl0)
+ lwz $acc13,`2048+160`($Tbl0)
rlwinm $acc08,$s2,`32-8`,24,31
rlwinm $acc09,$s3,`32-8`,24,31
- lbzx $acc04,$Tbl2,$acc04
- lbzx $acc05,$Tbl2,$acc05
+ lwz $acc14,`2048+192`($Tbl0)
+ lwz $acc15,`2048+224`($Tbl0)
rlwinm $acc10,$s0,`32-8`,24,31
rlwinm $acc11,$s1,`32-8`,24,31
- lbzx $acc06,$Tbl2,$acc06
- lbzx $acc07,$Tbl2,$acc07
+ lbzx $acc00,$Tbl2,$acc00
+ lbzx $acc01,$Tbl2,$acc01
rlwinm $acc12,$s3,`0`,24,31
rlwinm $acc13,$s0,`0`,24,31
- lbzx $acc08,$Tbl2,$acc08
- lbzx $acc09,$Tbl2,$acc09
+ lbzx $acc02,$Tbl2,$acc02
+ lbzx $acc03,$Tbl2,$acc03
rlwinm $acc14,$s1,`0`,24,31
rlwinm $acc15,$s2,`0`,24,31
- lbzx $acc10,$Tbl2,$acc10
- lbzx $acc11,$Tbl2,$acc11
+ lbzx $acc04,$Tbl2,$acc04
+ lbzx $acc05,$Tbl2,$acc05
rlwinm $s0,$acc00,24,0,7
rlwinm $s1,$acc01,24,0,7
- lbzx $acc12,$Tbl2,$acc12
- lbzx $acc13,$Tbl2,$acc13
+ lbzx $acc06,$Tbl2,$acc06
+ lbzx $acc07,$Tbl2,$acc07
rlwinm $s2,$acc02,24,0,7
rlwinm $s3,$acc03,24,0,7
- lbzx $acc14,$Tbl2,$acc14
- lbzx $acc15,$Tbl2,$acc15
+ lbzx $acc08,$Tbl2,$acc08
+ lbzx $acc09,$Tbl2,$acc09
rlwimi $s0,$acc04,16,8,15
rlwimi $s1,$acc05,16,8,15
+ lbzx $acc10,$Tbl2,$acc10
+ lbzx $acc11,$Tbl2,$acc11
rlwimi $s2,$acc06,16,8,15
rlwimi $s3,$acc07,16,8,15
+ lbzx $acc12,$Tbl2,$acc12
+ lbzx $acc13,$Tbl2,$acc13
rlwimi $s0,$acc08,8,16,23
rlwimi $s1,$acc09,8,16,23
+ lbzx $acc14,$Tbl2,$acc14
+ lbzx $acc15,$Tbl2,$acc15
rlwimi $s2,$acc10,8,16,23
rlwimi $s3,$acc11,8,16,23
or $s0,$s0,$acc12
@@ -542,40 +555,40 @@ Lenc_compact_loop:
rlwinm $acc01,$s1,`32-24`,24,31
rlwinm $acc02,$s2,`32-24`,24,31
rlwinm $acc03,$s3,`32-24`,24,31
- lbzx $acc00,$Tbl1,$acc00
- lbzx $acc01,$Tbl1,$acc01
rlwinm $acc04,$s1,`32-16`,24,31
rlwinm $acc05,$s2,`32-16`,24,31
- lbzx $acc02,$Tbl1,$acc02
- lbzx $acc03,$Tbl1,$acc03
rlwinm $acc06,$s3,`32-16`,24,31
rlwinm $acc07,$s0,`32-16`,24,31
- lbzx $acc04,$Tbl1,$acc04
- lbzx $acc05,$Tbl1,$acc05
+ lbzx $acc00,$Tbl1,$acc00
+ lbzx $acc01,$Tbl1,$acc01
rlwinm $acc08,$s2,`32-8`,24,31
rlwinm $acc09,$s3,`32-8`,24,31
- lbzx $acc06,$Tbl1,$acc06
- lbzx $acc07,$Tbl1,$acc07
+ lbzx $acc02,$Tbl1,$acc02
+ lbzx $acc03,$Tbl1,$acc03
rlwinm $acc10,$s0,`32-8`,24,31
rlwinm $acc11,$s1,`32-8`,24,31
- lbzx $acc08,$Tbl1,$acc08
- lbzx $acc09,$Tbl1,$acc09
+ lbzx $acc04,$Tbl1,$acc04
+ lbzx $acc05,$Tbl1,$acc05
rlwinm $acc12,$s3,`0`,24,31
rlwinm $acc13,$s0,`0`,24,31
- lbzx $acc10,$Tbl1,$acc10
- lbzx $acc11,$Tbl1,$acc11
+ lbzx $acc06,$Tbl1,$acc06
+ lbzx $acc07,$Tbl1,$acc07
rlwinm $acc14,$s1,`0`,24,31
rlwinm $acc15,$s2,`0`,24,31
- lbzx $acc12,$Tbl1,$acc12
- lbzx $acc13,$Tbl1,$acc13
+ lbzx $acc08,$Tbl1,$acc08
+ lbzx $acc09,$Tbl1,$acc09
rlwinm $s0,$acc00,24,0,7
rlwinm $s1,$acc01,24,0,7
- lbzx $acc14,$Tbl1,$acc14
- lbzx $acc15,$Tbl1,$acc15
+ lbzx $acc10,$Tbl1,$acc10
+ lbzx $acc11,$Tbl1,$acc11
rlwinm $s2,$acc02,24,0,7
rlwinm $s3,$acc03,24,0,7
+ lbzx $acc12,$Tbl1,$acc12
+ lbzx $acc13,$Tbl1,$acc13
rlwimi $s0,$acc04,16,8,15
rlwimi $s1,$acc05,16,8,15
+ lbzx $acc14,$Tbl1,$acc14
+ lbzx $acc15,$Tbl1,$acc15
rlwimi $s2,$acc06,16,8,15
rlwimi $s3,$acc07,16,8,15
rlwimi $s0,$acc08,8,16,23
@@ -725,7 +738,7 @@ Lenc_compact_done:
addi $sp,$sp,$FRAME
blr
-.align 4
+.align 5
Lppc_AES_decrypt:
lwz $acc00,240($key)
lwz $t0,0($key)
@@ -746,46 +759,46 @@ Lppc_AES_decrypt:
Ldec_loop:
rlwinm $acc00,$s0,`32-24+3`,21,28
rlwinm $acc01,$s1,`32-24+3`,21,28
- lwz $t0,0($key)
- lwz $t1,4($key)
rlwinm $acc02,$s2,`32-24+3`,21,28
rlwinm $acc03,$s3,`32-24+3`,21,28
- lwz $t2,8($key)
- lwz $t3,12($key)
+ lwz $t0,0($key)
+ lwz $t1,4($key)
rlwinm $acc04,$s3,`32-16+3`,21,28
rlwinm $acc05,$s0,`32-16+3`,21,28
- lwzx $acc00,$Tbl0,$acc00
- lwzx $acc01,$Tbl0,$acc01
+ lwz $t2,8($key)
+ lwz $t3,12($key)
rlwinm $acc06,$s1,`32-16+3`,21,28
rlwinm $acc07,$s2,`32-16+3`,21,28
- lwzx $acc02,$Tbl0,$acc02
- lwzx $acc03,$Tbl0,$acc03
+ lwzx $acc00,$Tbl0,$acc00
+ lwzx $acc01,$Tbl0,$acc01
rlwinm $acc08,$s2,`32-8+3`,21,28
rlwinm $acc09,$s3,`32-8+3`,21,28
- lwzx $acc04,$Tbl1,$acc04
- lwzx $acc05,$Tbl1,$acc05
+ lwzx $acc02,$Tbl0,$acc02
+ lwzx $acc03,$Tbl0,$acc03
rlwinm $acc10,$s0,`32-8+3`,21,28
rlwinm $acc11,$s1,`32-8+3`,21,28
- lwzx $acc06,$Tbl1,$acc06
- lwzx $acc07,$Tbl1,$acc07
+ lwzx $acc04,$Tbl1,$acc04
+ lwzx $acc05,$Tbl1,$acc05
rlwinm $acc12,$s1,`0+3`,21,28
rlwinm $acc13,$s2,`0+3`,21,28
- lwzx $acc08,$Tbl2,$acc08
- lwzx $acc09,$Tbl2,$acc09
+ lwzx $acc06,$Tbl1,$acc06
+ lwzx $acc07,$Tbl1,$acc07
rlwinm $acc14,$s3,`0+3`,21,28
rlwinm $acc15,$s0,`0+3`,21,28
- lwzx $acc10,$Tbl2,$acc10
- lwzx $acc11,$Tbl2,$acc11
+ lwzx $acc08,$Tbl2,$acc08
+ lwzx $acc09,$Tbl2,$acc09
xor $t0,$t0,$acc00
xor $t1,$t1,$acc01
- lwzx $acc12,$Tbl3,$acc12
- lwzx $acc13,$Tbl3,$acc13
+ lwzx $acc10,$Tbl2,$acc10
+ lwzx $acc11,$Tbl2,$acc11
xor $t2,$t2,$acc02
xor $t3,$t3,$acc03
- lwzx $acc14,$Tbl3,$acc14
- lwzx $acc15,$Tbl3,$acc15
+ lwzx $acc12,$Tbl3,$acc12
+ lwzx $acc13,$Tbl3,$acc13
xor $t0,$t0,$acc04
xor $t1,$t1,$acc05
+ lwzx $acc14,$Tbl3,$acc14
+ lwzx $acc15,$Tbl3,$acc15
xor $t2,$t2,$acc06
xor $t3,$t3,$acc07
xor $t0,$t0,$acc08
@@ -801,56 +814,56 @@ Ldec_loop:
addi $Tbl2,$Tbl0,2048
nop
- lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4
- lwz $acc09,`2048+32`($Tbl0)
- lwz $acc10,`2048+64`($Tbl0)
- lwz $acc11,`2048+96`($Tbl0)
- lwz $acc08,`2048+128`($Tbl0)
- lwz $acc09,`2048+160`($Tbl0)
- lwz $acc10,`2048+192`($Tbl0)
- lwz $acc11,`2048+224`($Tbl0)
- rlwinm $acc00,$s0,`32-24`,24,31
- rlwinm $acc01,$s1,`32-24`,24,31
lwz $t0,0($key)
lwz $t1,4($key)
- rlwinm $acc02,$s2,`32-24`,24,31
- rlwinm $acc03,$s3,`32-24`,24,31
+ rlwinm $acc00,$s0,`32-24`,24,31
+ rlwinm $acc01,$s1,`32-24`,24,31
lwz $t2,8($key)
lwz $t3,12($key)
+ rlwinm $acc02,$s2,`32-24`,24,31
+ rlwinm $acc03,$s3,`32-24`,24,31
+ lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4
+ lwz $acc09,`2048+32`($Tbl0)
rlwinm $acc04,$s3,`32-16`,24,31
rlwinm $acc05,$s0,`32-16`,24,31
+ lwz $acc10,`2048+64`($Tbl0)
+ lwz $acc11,`2048+96`($Tbl0)
lbzx $acc00,$Tbl2,$acc00
lbzx $acc01,$Tbl2,$acc01
+ lwz $acc12,`2048+128`($Tbl0)
+ lwz $acc13,`2048+160`($Tbl0)
rlwinm $acc06,$s1,`32-16`,24,31
rlwinm $acc07,$s2,`32-16`,24,31
- lbzx $acc02,$Tbl2,$acc02
- lbzx $acc03,$Tbl2,$acc03
+ lwz $acc14,`2048+192`($Tbl0)
+ lwz $acc15,`2048+224`($Tbl0)
rlwinm $acc08,$s2,`32-8`,24,31
rlwinm $acc09,$s3,`32-8`,24,31
- lbzx $acc04,$Tbl2,$acc04
- lbzx $acc05,$Tbl2,$acc05
+ lbzx $acc02,$Tbl2,$acc02
+ lbzx $acc03,$Tbl2,$acc03
rlwinm $acc10,$s0,`32-8`,24,31
rlwinm $acc11,$s1,`32-8`,24,31
- lbzx $acc06,$Tbl2,$acc06
- lbzx $acc07,$Tbl2,$acc07
+ lbzx $acc04,$Tbl2,$acc04
+ lbzx $acc05,$Tbl2,$acc05
rlwinm $acc12,$s1,`0`,24,31
rlwinm $acc13,$s2,`0`,24,31
- lbzx $acc08,$Tbl2,$acc08
- lbzx $acc09,$Tbl2,$acc09
+ lbzx $acc06,$Tbl2,$acc06
+ lbzx $acc07,$Tbl2,$acc07
rlwinm $acc14,$s3,`0`,24,31
rlwinm $acc15,$s0,`0`,24,31
- lbzx $acc10,$Tbl2,$acc10
- lbzx $acc11,$Tbl2,$acc11
+ lbzx $acc08,$Tbl2,$acc08
+ lbzx $acc09,$Tbl2,$acc09
rlwinm $s0,$acc00,24,0,7
rlwinm $s1,$acc01,24,0,7
- lbzx $acc12,$Tbl2,$acc12
- lbzx $acc13,$Tbl2,$acc13
+ lbzx $acc10,$Tbl2,$acc10
+ lbzx $acc11,$Tbl2,$acc11
rlwinm $s2,$acc02,24,0,7
rlwinm $s3,$acc03,24,0,7
- lbzx $acc14,$Tbl2,$acc14
- lbzx $acc15,$Tbl2,$acc15
+ lbzx $acc12,$Tbl2,$acc12
+ lbzx $acc13,$Tbl2,$acc13
rlwimi $s0,$acc04,16,8,15
rlwimi $s1,$acc05,16,8,15
+ lbzx $acc14,$Tbl2,$acc14
+ lbzx $acc15,$Tbl2,$acc15
rlwimi $s2,$acc06,16,8,15
rlwimi $s3,$acc07,16,8,15
rlwimi $s0,$acc08,8,16,23
@@ -897,40 +910,40 @@ Ldec_compact_loop:
rlwinm $acc01,$s1,`32-24`,24,31
rlwinm $acc02,$s2,`32-24`,24,31
rlwinm $acc03,$s3,`32-24`,24,31
- lbzx $acc00,$Tbl1,$acc00
- lbzx $acc01,$Tbl1,$acc01
rlwinm $acc04,$s3,`32-16`,24,31
rlwinm $acc05,$s0,`32-16`,24,31
- lbzx $acc02,$Tbl1,$acc02
- lbzx $acc03,$Tbl1,$acc03
rlwinm $acc06,$s1,`32-16`,24,31
rlwinm $acc07,$s2,`32-16`,24,31
- lbzx $acc04,$Tbl1,$acc04
- lbzx $acc05,$Tbl1,$acc05
+ lbzx $acc00,$Tbl1,$acc00
+ lbzx $acc01,$Tbl1,$acc01
rlwinm $acc08,$s2,`32-8`,24,31
rlwinm $acc09,$s3,`32-8`,24,31
- lbzx $acc06,$Tbl1,$acc06
- lbzx $acc07,$Tbl1,$acc07
+ lbzx $acc02,$Tbl1,$acc02
+ lbzx $acc03,$Tbl1,$acc03
rlwinm $acc10,$s0,`32-8`,24,31
rlwinm $acc11,$s1,`32-8`,24,31
- lbzx $acc08,$Tbl1,$acc08
- lbzx $acc09,$Tbl1,$acc09
+ lbzx $acc04,$Tbl1,$acc04
+ lbzx $acc05,$Tbl1,$acc05
rlwinm $acc12,$s1,`0`,24,31
rlwinm $acc13,$s2,`0`,24,31
- lbzx $acc10,$Tbl1,$acc10
- lbzx $acc11,$Tbl1,$acc11
+ lbzx $acc06,$Tbl1,$acc06
+ lbzx $acc07,$Tbl1,$acc07
rlwinm $acc14,$s3,`0`,24,31
rlwinm $acc15,$s0,`0`,24,31
- lbzx $acc12,$Tbl1,$acc12
- lbzx $acc13,$Tbl1,$acc13
+ lbzx $acc08,$Tbl1,$acc08
+ lbzx $acc09,$Tbl1,$acc09
rlwinm $s0,$acc00,24,0,7
rlwinm $s1,$acc01,24,0,7
- lbzx $acc14,$Tbl1,$acc14
- lbzx $acc15,$Tbl1,$acc15
+ lbzx $acc10,$Tbl1,$acc10
+ lbzx $acc11,$Tbl1,$acc11
rlwinm $s2,$acc02,24,0,7
rlwinm $s3,$acc03,24,0,7
+ lbzx $acc12,$Tbl1,$acc12
+ lbzx $acc13,$Tbl1,$acc13
rlwimi $s0,$acc04,16,8,15
rlwimi $s1,$acc05,16,8,15
+ lbzx $acc14,$Tbl1,$acc14
+ lbzx $acc15,$Tbl1,$acc15
rlwimi $s2,$acc06,16,8,15
rlwimi $s3,$acc07,16,8,15
rlwimi $s0,$acc08,8,16,23
diff --git a/openssl/crypto/bio/b_sock.c b/openssl/crypto/bio/b_sock.c
index 5ea621c0c..12b0a53a8 100644
--- a/openssl/crypto/bio/b_sock.c
+++ b/openssl/crypto/bio/b_sock.c
@@ -731,7 +731,14 @@ again:
#ifdef SO_REUSEADDR
err_num=get_last_socket_error();
if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+#ifdef OPENSSL_SYS_WINDOWS
+ /* Some versions of Windows define EADDRINUSE to
+ * a dummy value.
+ */
+ (err_num == WSAEADDRINUSE))
+#else
(err_num == EADDRINUSE))
+#endif
{
client = server;
if (h == NULL || strcmp(h,"*") == 0)
diff --git a/openssl/crypto/bio/bss_file.c b/openssl/crypto/bio/bss_file.c
index ba4f8e994..8bfa0bcd9 100644
--- a/openssl/crypto/bio/bss_file.c
+++ b/openssl/crypto/bio/bss_file.c
@@ -118,10 +118,47 @@ static BIO_METHOD methods_filep=
BIO *BIO_new_file(const char *filename, const char *mode)
{
- BIO *ret;
- FILE *file;
+ BIO *ret;
+ FILE *file=NULL;
+
+#if defined(_WIN32) && defined(CP_UTF8)
+ int sz, len_0 = (int)strlen(filename)+1;
+
+ /*
+ * Basically there are three cases to cover: a) filename is
+ * pure ASCII string; b) actual UTF-8 encoded string and
+ * c) locale-ized string, i.e. one containing 8-bit
+ * characters that are meaningful in current system locale.
+ * If filename is pure ASCII or real UTF-8 encoded string,
+ * MultiByteToWideChar succeeds and _wfopen works. If
+ * filename is locale-ized string, chances are that
+ * MultiByteToWideChar fails reporting
+ * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
+ * back to fopen...
+ */
+ if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+ filename,len_0,NULL,0))>0)
+ {
+ WCHAR wmode[8];
+ WCHAR *wfilename = _alloca(sz*sizeof(WCHAR));
- if ((file=fopen(filename,mode)) == NULL)
+ if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+ filename,len_0,wfilename,sz) &&
+ MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1,
+ wmode,sizeof(wmode)/sizeof(wmode[0])) &&
+ (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT
+ ) /* UTF-8 decode succeeded, but no file, filename
+ * could still have been locale-ized... */
+ file = fopen(filename,mode);
+ }
+ else if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION)
+ {
+ file = fopen(filename,mode);
+ }
+#else
+ file=fopen(filename,mode);
+#endif
+ if (file == NULL)
{
SYSerr(SYS_F_FOPEN,get_last_sys_error());
ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
diff --git a/openssl/crypto/bn/asm/alpha-mont.pl b/openssl/crypto/bn/asm/alpha-mont.pl
index 7a2cc3173..f7e0ca164 100644
--- a/openssl/crypto/bn/asm/alpha-mont.pl
+++ b/openssl/crypto/bn/asm/alpha-mont.pl
@@ -53,15 +53,15 @@ $code=<<___;
.align 5
.ent bn_mul_mont
bn_mul_mont:
- lda sp,-40(sp)
+ lda sp,-48(sp)
stq ra,0(sp)
stq s3,8(sp)
stq s4,16(sp)
stq s5,24(sp)
stq fp,32(sp)
mov sp,fp
- .mask 0x0400f000,-40
- .frame fp,40,ra
+ .mask 0x0400f000,-48
+ .frame fp,48,ra
.prologue 0
.align 4
@@ -306,7 +306,7 @@ bn_mul_mont:
ldq s4,16(sp)
ldq s5,24(sp)
ldq fp,32(sp)
- lda sp,40(sp)
+ lda sp,48(sp)
ret (ra)
.end bn_mul_mont
.rdata
diff --git a/openssl/crypto/cms/cms_asn1.c b/openssl/crypto/cms/cms_asn1.c
index 7f7132c3b..fcba4dcbc 100644
--- a/openssl/crypto/cms/cms_asn1.c
+++ b/openssl/crypto/cms/cms_asn1.c
@@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
ASN1_SEQUENCE(CMS_OriginatorInfo) = {
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
diff --git a/openssl/crypto/cryptlib.c b/openssl/crypto/cryptlib.c
index 9a39d7e17..b4449b86d 100644
--- a/openssl/crypto/cryptlib.c
+++ b/openssl/crypto/cryptlib.c
@@ -749,6 +749,18 @@ int OPENSSL_isservice(void)
{ HWINSTA h;
DWORD len;
WCHAR *name;
+ static union { void *p; int (*f)(void); } _OPENSSL_isservice = { NULL };
+
+ if (_OPENSSL_isservice.p == NULL) {
+ HANDLE h = GetModuleHandle(NULL);
+ if (h != NULL)
+ _OPENSSL_isservice.p = GetProcAddress(h,"_OPENSSL_isservice");
+ if (_OPENSSL_isservice.p == NULL)
+ _OPENSSL_isservice.p = (void *)-1;
+ }
+
+ if (_OPENSSL_isservice.p != (void *)-1)
+ return (*_OPENSSL_isservice.f)();
(void)GetDesktopWindow(); /* return value is ignored */
diff --git a/openssl/crypto/crypto-lib.com b/openssl/crypto/crypto-lib.com
index 8fa56dd2e..a4b663509 100644
--- a/openssl/crypto/crypto-lib.com
+++ b/openssl/crypto/crypto-lib.com
@@ -60,7 +60,7 @@ $ THEN
$!
$! The Architecture Is VAX
$!
-$ ARCH := VAX
+$ ARCH = "VAX"
$!
$! Else...
$!
@@ -80,9 +80,11 @@ $! NOTE: Some might think this list ugly. However, it's made this way to
$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
$! thereby making it fairly easy to verify that the lists are the same.
$!
+$ ET_WHIRLPOOL = "WHRLPOOL"
+$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
$ ENCRYPT_TYPES = "Basic,"+ -
"OBJECTS,"+ -
- "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,"+ -
+ "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
"DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
"BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
"BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
@@ -367,7 +369,7 @@ $!
$ IF F$TYPE('LIB_MODULE') .EQS. ""
$ THEN
$ WRITE SYS$ERROR ""
-$ WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist. Continuing..."
+$ WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist. Continuing..."
$ WRITE SYS$ERROR ""
$ GOTO MODULE_NEXT
$ ENDIF
@@ -777,12 +779,12 @@ $! Else...
$!
$ ELSE
$!
-$! Else, Check To See If P1 Has A Valid Arguement.
+$! Else, Check To See If P1 Has A Valid Argument.
$!
$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
$ THEN
$!
-$! A Valid Arguement.
+$! A Valid Argument.
$!
$ BUILDALL = P1
$!
@@ -810,7 +812,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -863,7 +865,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -1034,7 +1036,7 @@ $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
"/NOLIST/PREFIX=ALL" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
@@ -1068,7 +1070,7 @@ $ EXIT
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
CCEXTRAFLAGS
$ CCDEFS = """VAXC""," + CCDEFS
$!
@@ -1100,7 +1102,7 @@ $!
$! Use GNU C...
$!
$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
@@ -1150,7 +1152,7 @@ $! Show user the result
$!
$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
@@ -1168,7 +1170,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -1263,7 +1265,7 @@ $! Print info
$!
$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
diff --git a/openssl/crypto/des/des-lib.com b/openssl/crypto/des/des-lib.com
index afc260764..348f1c047 100644
--- a/openssl/crypto/des/des-lib.com
+++ b/openssl/crypto/des/des-lib.com
@@ -659,13 +659,13 @@ $! Else...
$!
$ ELSE
$!
-$! Else, Check To See If P1 Has A Valid Arguement.
+$! Else, Check To See If P1 Has A Valid Argument.
$!
$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
.OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
$ THEN
$!
-$! A Valid Arguement.
+$! A Valid Argument.
$!
$ BUILDALL = P1
$!
@@ -678,7 +678,7 @@ $!
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " ALL : Just Build Everything.
+$ WRITE SYS$OUTPUT " ALL : Just Build Everything."
$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
$ WRITE SYS$OUTPUT " DESTEST : To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
$ WRITE SYS$OUTPUT " SPEED : To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
@@ -697,7 +697,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -754,7 +754,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -978,7 +978,7 @@ $! Show user the result
$!
$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
diff --git a/openssl/crypto/des/rpc_des.h b/openssl/crypto/des/rpc_des.h
index 4cbb4d2dc..41328d796 100644
--- a/openssl/crypto/des/rpc_des.h
+++ b/openssl/crypto/des/rpc_des.h
@@ -122,10 +122,10 @@ struct desparams {
/*
* Encrypt an arbitrary sized buffer
*/
-#define DESIOCBLOCK _IOWR(d, 6, struct desparams)
+#define DESIOCBLOCK _IOWR('d', 6, struct desparams)
/*
* Encrypt of small amount of data, quickly
*/
-#define DESIOCQUICK _IOWR(d, 7, struct desparams)
+#define DESIOCQUICK _IOWR('d', 7, struct desparams)
diff --git a/openssl/crypto/dsa/dsa_ameth.c b/openssl/crypto/dsa/dsa_ameth.c
index 5482330c8..6413aae46 100644
--- a/openssl/crypto/dsa/dsa_ameth.c
+++ b/openssl/crypto/dsa/dsa_ameth.c
@@ -209,7 +209,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
{
ASN1_TYPE *t1, *t2;
- if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)));
+ if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
goto decerr;
if (sk_ASN1_TYPE_num(ndsa) != 2)
goto decerr;
diff --git a/openssl/crypto/err/err_prn.c b/openssl/crypto/err/err_prn.c
index de32f332c..a0168ac8e 100644
--- a/openssl/crypto/err/err_prn.c
+++ b/openssl/crypto/err/err_prn.c
@@ -81,7 +81,8 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
ERR_error_string_n(l, buf, sizeof buf);
BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
file, line, (flags & ERR_TXT_STRING) ? data : "");
- cb(buf2, strlen(buf2), u);
+ if (cb(buf2, strlen(buf2), u) <= 0)
+ break; /* abort outputting the error report */
}
}
diff --git a/openssl/crypto/evp/bio_b64.c b/openssl/crypto/evp/bio_b64.c
index fa5cbc7eb..72a2a6727 100644
--- a/openssl/crypto/evp/bio_b64.c
+++ b/openssl/crypto/evp/bio_b64.c
@@ -64,7 +64,7 @@
static int b64_write(BIO *h, const char *buf, int num);
static int b64_read(BIO *h, char *buf, int size);
-/*static int b64_puts(BIO *h, const char *str); */
+static int b64_puts(BIO *h, const char *str);
/*static int b64_gets(BIO *h, char *str, int size); */
static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int b64_new(BIO *h);
@@ -96,7 +96,7 @@ static BIO_METHOD methods_b64=
BIO_TYPE_BASE64,"base64 encoding",
b64_write,
b64_read,
- NULL, /* b64_puts, */
+ b64_puts,
NULL, /* b64_gets, */
b64_ctrl,
b64_new,
@@ -127,6 +127,7 @@ static int b64_new(BIO *bi)
bi->init=1;
bi->ptr=(char *)ctx;
bi->flags=0;
+ bi->num = 0;
return(1);
}
@@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl)
if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+ BIO_clear_retry_flags(b);
+
if (ctx->encode != B64_DECODE)
{
ctx->encode=B64_DECODE;
@@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl)
/* First check if there are bytes decoded/encoded */
if (ctx->buf_len > 0)
{
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
i=ctx->buf_len-ctx->buf_off;
if (i > outl) i=outl;
OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
@@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl)
ret_code=0;
while (outl > 0)
{
-
if (ctx->cont <= 0)
break;
@@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl)
{
ret_code=i;
- /* Should be continue next time we are called? */
+ /* Should we continue next time we are called? */
if (!BIO_should_retry(b->next_bio))
{
ctx->cont=i;
@@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl)
continue;
}
else
+ {
ctx->tmp_len=0;
}
- /* If buffer isn't full and we can retry then
- * restart to read in more data.
- */
+ }
else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
+ {
+ /* If buffer isn't full and we can retry then
+ * restart to read in more data.
+ */
continue;
+ }
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
int z,jj;
+#if 0
jj=(i>>2)<<2;
+#else
+ jj = i & ~3; /* process per 4 */
+#endif
z=EVP_DecodeBlock((unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp,jj);
if (jj > 2)
@@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl)
* number consumed */
if (jj != i)
{
- memcpy((unsigned char *)ctx->tmp,
- (unsigned char *)&(ctx->tmp[jj]),i-jj);
+ memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
ctx->tmp_len=i-jj;
}
ctx->buf_len=0;
if (z > 0)
{
ctx->buf_len=z;
- i=1;
}
- else
- i=z;
+ i=z;
}
else
{
@@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl)
outl-=i;
out+=i;
}
- BIO_clear_retry_flags(b);
+ /* BIO_clear_retry_flags(b); */
BIO_copy_next_retry(b);
return((ret == 0)?ret_code:ret);
}
static int b64_write(BIO *b, const char *in, int inl)
{
- int ret=inl,n,i;
+ int ret=0;
+ int n;
+ int i;
BIO_B64_CTX *ctx;
ctx=(BIO_B64_CTX *)b->ptr;
@@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl)
EVP_EncodeInit(&(ctx->base64));
}
+ OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n=ctx->buf_len-ctx->buf_off;
while (n > 0)
{
@@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl)
BIO_copy_next_retry(b);
return(i);
}
+ OPENSSL_assert(i <= n);
ctx->buf_off+=i;
+ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n-=i;
}
/* at this point all pending data has been written */
@@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl)
{
if (ctx->tmp_len > 0)
{
+ OPENSSL_assert(ctx->tmp_len <= 3);
n=3-ctx->tmp_len;
- /* There's a teoretical possibility for this */
+ /* There's a theoretical possibility for this */
if (n > inl)
n=inl;
memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
ctx->tmp_len+=n;
+ ret += n;
if (ctx->tmp_len < 3)
break;
- ctx->buf_len=EVP_EncodeBlock(
- (unsigned char *)ctx->buf,
- (unsigned char *)ctx->tmp,
- ctx->tmp_len);
+ ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
/* Since we're now done using the temporary
buffer, the length should be 0'd */
ctx->tmp_len=0;
@@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl)
{
if (n < 3)
{
- memcpy(&(ctx->tmp[0]),in,n);
+ memcpy(ctx->tmp,in,n);
ctx->tmp_len=n;
+ ret += n;
break;
}
n-=n%3;
- ctx->buf_len=EVP_EncodeBlock(
- (unsigned char *)ctx->buf,
- (unsigned char *)in,n);
+ ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ ret += n;
}
}
else
@@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl)
EVP_EncodeUpdate(&(ctx->base64),
(unsigned char *)ctx->buf,&ctx->buf_len,
(unsigned char *)in,n);
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ ret += n;
}
inl-=n;
in+=n;
@@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl)
BIO_copy_next_retry(b);
return((ret == 0)?i:ret);
}
+ OPENSSL_assert(i <= n);
n-=i;
ctx->buf_off+=i;
+ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
}
ctx->buf_len=0;
ctx->buf_off=0;
@@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_WPENDING: /* More to write in buffer */
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret=ctx->buf_len-ctx->buf_off;
if ((ret == 0) && (ctx->encode != B64_NONE)
&& (ctx->base64.num != 0))
@@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_PENDING: /* More to read in buffer */
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret=ctx->buf_len-ctx->buf_off;
if (ret <= 0)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
return(ret);
}
+static int b64_puts(BIO *b, const char *str)
+ {
+ return b64_write(b,str,strlen(str));
+ }
diff --git a/openssl/crypto/evp/pmeth_lib.c b/openssl/crypto/evp/pmeth_lib.c
index 4a05f0b13..b2d8de3a8 100644
--- a/openssl/crypto/evp/pmeth_lib.c
+++ b/openssl/crypto/evp/pmeth_lib.c
@@ -177,6 +177,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
ret->operation = EVP_PKEY_OP_UNDEFINED;
ret->pkey = pkey;
ret->peerkey = NULL;
+ ret->pkey_gencb = 0;
if (pkey)
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
ret->data = NULL;
diff --git a/openssl/crypto/md5/asm/md5-ia64.S b/openssl/crypto/md5/asm/md5-ia64.S
index 2f9818aec..e7de08d46 100644
--- a/openssl/crypto/md5/asm/md5-ia64.S
+++ b/openssl/crypto/md5/asm/md5-ia64.S
@@ -914,7 +914,7 @@ md5_digest_block##offset: \
nop 0x0 ; \
br.cond.sptk.many md5_digest_GHI ; \
} ;; \
- .endp md5digestBlock ## offset
+ .endp md5_digest_block##offset
MD5FBLOCK(1)
MD5FBLOCK(2)
diff --git a/openssl/crypto/modes/cfb128.c b/openssl/crypto/modes/cfb128.c
index 98f4cf315..e5938c613 100644
--- a/openssl/crypto/modes/cfb128.c
+++ b/openssl/crypto/modes/cfb128.c
@@ -96,15 +96,15 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
#endif
while (len>=16) {
(*block)(ivec, ivec, key);
- for (n=0; n<16; n+=sizeof(size_t)) {
+ for (; n<16; n+=sizeof(size_t)) {
*(size_t*)(out+n) =
*(size_t*)(ivec+n) ^= *(size_t*)(in+n);
}
len -= 16;
out += 16;
in += 16;
+ n = 0;
}
- n = 0;
if (len) {
(*block)(ivec, ivec, key);
while (len--) {
@@ -141,7 +141,7 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
#endif
while (len>=16) {
(*block)(ivec, ivec, key);
- for (n=0; n<16; n+=sizeof(size_t)) {
+ for (; n<16; n+=sizeof(size_t)) {
size_t t = *(size_t*)(in+n);
*(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;
*(size_t*)(ivec+n) = t;
@@ -149,8 +149,8 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
len -= 16;
out += 16;
in += 16;
+ n = 0;
}
- n = 0;
if (len) {
(*block)(ivec, ivec, key);
while (len--) {
diff --git a/openssl/crypto/modes/ctr128.c b/openssl/crypto/modes/ctr128.c
index bd84f4152..932037f55 100644
--- a/openssl/crypto/modes/ctr128.c
+++ b/openssl/crypto/modes/ctr128.c
@@ -61,14 +61,11 @@
typedef unsigned int u32;
typedef unsigned char u8;
-# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
-
#define STRICT_ALIGNMENT
-#if defined(__i386) || defined(__i386__) || \
- defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
- defined(__s390__) || defined(__s390x__)
+#if defined(__i386) || defined(__i386__) || \
+ defined(__x86_64) || defined(__x86_64__) || \
+ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+ defined(__s390__) || defined(__s390x__)
# undef STRICT_ALIGNMENT
#endif
@@ -77,18 +74,19 @@ typedef unsigned char u8;
/* increment counter (128-bit int) by 1 */
static void ctr128_inc(unsigned char *counter) {
- u32 c,n=16;
+ u32 n=16;
+ u8 c;
do {
- n -= 4;
- c = GETU32(counter+n);
- ++c; c &= 0xFFFFFFFF;
- PUTU32(counter + n, c);
+ --n;
+ c = counter[n];
+ ++c;
+ counter[n] = c;
if (c) return;
} while (n);
}
-#if !defined(OPENSSL_SMALL_FOORPRINT)
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
static void ctr128_inc_aligned(unsigned char *counter) {
size_t *data,c,n;
const union { long one; char little; } is_endian = {1};
@@ -151,14 +149,14 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
while (len>=16) {
(*block)(ivec, ecount_buf, key);
ctr128_inc_aligned(ivec);
- for (n=0; n<16; n+=sizeof(size_t))
+ for (; n<16; n+=sizeof(size_t))
*(size_t *)(out+n) =
*(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n);
len -= 16;
out += 16;
in += 16;
+ n = 0;
}
- n = 0;
if (len) {
(*block)(ivec, ecount_buf, key);
ctr128_inc_aligned(ivec);
diff --git a/openssl/crypto/modes/ofb128.c b/openssl/crypto/modes/ofb128.c
index 09b343003..c732e2ec5 100644
--- a/openssl/crypto/modes/ofb128.c
+++ b/openssl/crypto/modes/ofb128.c
@@ -95,14 +95,14 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
#endif
while (len>=16) {
(*block)(ivec, ivec, key);
- for (n=0; n<16; n+=sizeof(size_t))
+ for (; n<16; n+=sizeof(size_t))
*(size_t*)(out+n) =
*(size_t*)(in+n) ^ *(size_t*)(ivec+n);
len -= 16;
out += 16;
in += 16;
+ n = 0;
}
- n = 0;
if (len) {
(*block)(ivec, ivec, key);
while (len--) {
diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h
index cbe52648d..2fb110fa0 100644
--- a/openssl/crypto/opensslv.h
+++ b/openssl/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000000fL
+#define OPENSSL_VERSION_NUMBER 0x1000001fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0 29 Mar 2010"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a 1 Jun 2010"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/openssl/crypto/pem/pem.h b/openssl/crypto/pem/pem.h
index 22231c26d..8a6ababe3 100644
--- a/openssl/crypto/pem/pem.h
+++ b/openssl/crypto/pem/pem.h
@@ -548,10 +548,11 @@ EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
EVP_PKEY *b2i_PublicKey_bio(BIO *in);
int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
-
+#ifndef OPENSSL_NO_RC4
EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u);
+#endif
/* BEGIN ERROR CODES */
diff --git a/openssl/crypto/pem/pvkfmt.c b/openssl/crypto/pem/pvkfmt.c
index 11e1f10f5..d998a67fa 100644
--- a/openssl/crypto/pem/pvkfmt.c
+++ b/openssl/crypto/pem/pvkfmt.c
@@ -654,6 +654,8 @@ int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
return do_i2b_bio(out, pk, 1);
}
+#ifndef OPENSSL_NO_RC4
+
static int do_PVK_header(const unsigned char **in, unsigned int length,
int skip_magic,
unsigned int *psaltlen, unsigned int *pkeylen)
@@ -934,4 +936,7 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
}
return -1;
}
+
+#endif
+
#endif
diff --git a/openssl/crypto/perlasm/x86_64-xlate.pl b/openssl/crypto/perlasm/x86_64-xlate.pl
index d89765d7e..354673acc 100644
--- a/openssl/crypto/perlasm/x86_64-xlate.pl
+++ b/openssl/crypto/perlasm/x86_64-xlate.pl
@@ -55,6 +55,8 @@
# Win64 prologue copies %rsp value to %rax. For further details
# see SEH paragraph at the end.
# 9. .init segment is allowed to contain calls to functions only.
+# a. If function accepts more than 4 arguments *and* >4th argument
+# is declared as non 64-bit value, do clear its upper part.
my $flavour = shift;
my $output = shift;
@@ -80,7 +82,10 @@ my $PTR=" PTR";
my $nasmref=2.03;
my $nasm=0;
-if ($flavour eq "mingw64") { $gas=1; $elf=0; $win64=1; $prefix="_"; }
+if ($flavour eq "mingw64") { $gas=1; $elf=0; $win64=1;
+ $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`;
+ chomp($prefix);
+ }
elsif ($flavour eq "macosx") { $gas=1; $elf=0; $prefix="_"; $decor="L\$"; }
elsif ($flavour eq "masm") { $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; }
elsif ($flavour eq "nasm") { $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; }
@@ -115,7 +120,9 @@ my %globals;
$self->{op} = $1;
$self->{sz} = "b";
} elsif ($self->{op} =~ /call|jmp/) {
- $self->{sz} = ""
+ $self->{sz} = "";
+ } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op)/) { # SSEn
+ $self->{sz} = "";
} elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
$self->{op} = $1;
$self->{sz} = $2;
@@ -191,7 +198,7 @@ my %globals;
if ($gas) {
# Solaris /usr/ccs/bin/as can't handle multiplications
# in $self->{value}
- $self->{value} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi;
+ $self->{value} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
$self->{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
sprintf "\$%s",$self->{value};
} else {
@@ -243,7 +250,7 @@ my %globals;
# Solaris /usr/ccs/bin/as can't handle multiplications
# in $self->{label}, new gas requires sign extension...
use integer;
- $self->{label} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi;
+ $self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
$self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
$self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;
$self->{label} =~ s/^___imp_/__imp__/ if ($flavour eq "mingw64");
@@ -259,7 +266,7 @@ my %globals;
%szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR", q=>"QWORD$PTR" );
$self->{label} =~ s/\./\$/g;
- $self->{label} =~ s/0x([0-9a-f]+)/0$1h/ig;
+ $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
$self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
$sz="q" if ($self->{asterisk});
@@ -574,11 +581,11 @@ my %globals;
/\.align/ && do { $self->{value} = "ALIGN\t".$line; last; };
/\.(value|long|rva|quad)/
&& do { my $sz = substr($1,0,1);
- my @arr = split(',',$line);
+ my @arr = split(/,\s*/,$line);
my $last = pop(@arr);
my $conv = sub { my $var=shift;
$var=~s/^(0b[0-1]+)/oct($1)/eig;
- $var=~s/0x([0-9a-f]+)/0$1h/ig if ($masm);
+ $var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);
if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva"))
{ $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
$var;
@@ -590,7 +597,7 @@ my %globals;
$self->{value} .= &$conv($last);
last;
};
- /\.byte/ && do { my @str=split(",",$line);
+ /\.byte/ && do { my @str=split(/,\s*/,$line);
map(s/(0b[0-1]+)/oct($1)/eig,@str);
map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm);
while ($#str>15) {
@@ -664,7 +671,7 @@ while($line=<>) {
$insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
} else {
$insn = $opcode->out();
- $insn .= $sz if (map($_->out() =~ /xmm|mmx/,@args));
+ $insn .= $sz if (map($_->out() =~ /x?mm/,@args));
@args = reverse(@args);
undef $sz if ($nasm && $opcode->mnemonic() eq "lea");
}
diff --git a/openssl/crypto/rsa/rsa_pmeth.c b/openssl/crypto/rsa/rsa_pmeth.c
index 297e17cdc..c6892ecd0 100644
--- a/openssl/crypto/rsa/rsa_pmeth.c
+++ b/openssl/crypto/rsa/rsa_pmeth.c
@@ -246,6 +246,8 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
ret = int_rsa_verify(EVP_MD_type(rctx->md),
NULL, 0, rout, &sltmp,
sig, siglen, ctx->pkey->pkey.rsa);
+ if (ret <= 0)
+ return 0;
ret = sltmp;
}
else
diff --git a/openssl/crypto/sparccpuid.S b/openssl/crypto/sparccpuid.S
index bcf46f209..aa8b11efc 100644
--- a/openssl/crypto/sparccpuid.S
+++ b/openssl/crypto/sparccpuid.S
@@ -179,7 +179,7 @@ OPENSSL_atomic_add:
ba .enter
nop
#ifdef __sun
-! Note that you don't have to link with libthread to call thr_yield,
+! Note that you do not have to link with libthread to call thr_yield,
! as libc provides a stub, which is overloaded the moment you link
! with *either* libpthread or libthread...
#define YIELD_CPU thr_yield
diff --git a/openssl/crypto/stack/safestack.h b/openssl/crypto/stack/safestack.h
index d616b4aab..891cb84a5 100644
--- a/openssl/crypto/stack/safestack.h
+++ b/openssl/crypto/stack/safestack.h
@@ -179,7 +179,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
sk_is_sorted(CHECKED_STACK_OF(type, st))
#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_STACK_OF(type, st), \
+ (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \
pp, length, \
CHECKED_D2I_OF(type, d2i_func), \
CHECKED_SK_FREE_FUNC(type, free_func), \
diff --git a/openssl/crypto/symhacks.h b/openssl/crypto/symhacks.h
index 151b68314..3fd4a8169 100644
--- a/openssl/crypto/symhacks.h
+++ b/openssl/crypto/symhacks.h
@@ -399,6 +399,12 @@
#undef dtls1_retransmit_buffered_messages
#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs
+/* Hack some long UI names */
+#undef UI_method_get_prompt_constructor
+#define UI_method_get_prompt_constructor UI_method_get_prompt_constructr
+#undef UI_method_set_prompt_constructor
+#define UI_method_set_prompt_constructor UI_method_set_prompt_constructr
+
#endif /* defined OPENSSL_SYS_VMS */
diff --git a/openssl/crypto/ts/Makefile b/openssl/crypto/ts/Makefile
index ad29b67bd..c18234555 100644
--- a/openssl/crypto/ts/Makefile
+++ b/openssl/crypto/ts/Makefile
@@ -60,7 +60,8 @@ links:
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
- @for i in $(EXHEADER) ; \
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
diff --git a/openssl/crypto/x509v3/v3_pci.c b/openssl/crypto/x509v3/v3_pci.c
index c254b2ff9..0dcfa004f 100644
--- a/openssl/crypto/x509v3/v3_pci.c
+++ b/openssl/crypto/x509v3/v3_pci.c
@@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val,
unsigned char *tmp_data2 =
string_to_hex(val->value + 4, &val_len);
- if (!tmp_data2) goto err;
+ if (!tmp_data2)
+ {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
+ X509V3_conf_err(val);
+ goto err;
+ }
tmp_data = OPENSSL_realloc((*policy)->data,
(*policy)->length + val_len + 1);
@@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0';
}
+ else
+ {
+ OPENSSL_free(tmp_data2);
+ /* realloc failure implies the original data space is b0rked too! */
+ (*policy)->data = NULL;
+ (*policy)->length = 0;
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ OPENSSL_free(tmp_data2);
}
else if (strncmp(val->value, "file:", 5) == 0)
{
@@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += n;
(*policy)->data[(*policy)->length] = '\0';
}
+ BIO_free_all(b);
if (n < 0)
{
@@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0';
}
+ else
+ {
+ /* realloc failure implies the original data space is b0rked too! */
+ (*policy)->data = NULL;
+ (*policy)->length = 0;
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+ X509V3_conf_err(val);
+ goto err;
+ }
}
else
{
diff --git a/openssl/crypto/x86_64cpuid.pl b/openssl/crypto/x86_64cpuid.pl
index a7f98b3fd..c96821a3c 100644
--- a/openssl/crypto/x86_64cpuid.pl
+++ b/openssl/crypto/x86_64cpuid.pl
@@ -152,7 +152,8 @@ OPENSSL_cleanse:
sub \$1,$arg2
lea 1($arg1),$arg1
jnz .Little
-.Lret: ret
+.Lret:
+ ret
.align 16
.Lot:
test \$7,$arg1
diff --git a/openssl/doc/crypto/BIO_f_buffer.pod b/openssl/doc/crypto/BIO_f_buffer.pod
index c9093c6a5..c0dccf1ab 100644
--- a/openssl/doc/crypto/BIO_f_buffer.pod
+++ b/openssl/doc/crypto/BIO_f_buffer.pod
@@ -31,7 +31,7 @@ BIO_get_buffer_num_lines() returns the number of lines currently buffered.
BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
set the read, write or both read and write buffer sizes to B<size>. The initial
-buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the
+buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the
buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared
when the buffer is resized.
@@ -66,4 +66,9 @@ there was an error.
=head1 SEE ALSO
-TBA
+L<BIO(3)|BIO(3)>,
+L<BIO_reset(3)|BIO_reset(3)>,
+L<BIO_flush(3)|BIO_flush(3)>,
+L<BIO_pop(3)|BIO_pop(3)>,
+L<BIO_ctrl(3)|BIO_ctrl(3)>,
+L<BIO_int_ctrl(3)|BIO_ctrl(3)>
diff --git a/openssl/doc/crypto/BIO_s_file.pod b/openssl/doc/crypto/BIO_s_file.pod
index b2a29263f..188aea347 100644
--- a/openssl/doc/crypto/BIO_s_file.pod
+++ b/openssl/doc/crypto/BIO_s_file.pod
@@ -76,6 +76,10 @@ normally be closed so the BIO_NOCLOSE flag should be set.
Because the file BIO calls the underlying stdio functions any quirks
in stdio behaviour will be mirrored by the corresponding BIO.
+On Windows BIO_new_files reserves for the filename argument to be
+UTF-8 encoded. In other words if you have to make it work in multi-
+lingual environment, encode file names in UTF-8.
+
=head1 EXAMPLES
File BIO "hello world":
diff --git a/openssl/doc/crypto/BIO_should_retry.pod b/openssl/doc/crypto/BIO_should_retry.pod
index 539c39127..b6d51f719 100644
--- a/openssl/doc/crypto/BIO_should_retry.pod
+++ b/openssl/doc/crypto/BIO_should_retry.pod
@@ -45,7 +45,7 @@ needs to read data.
BIO_should_io_special() is true if some "special" condition, that is a
reason other than reading or writing is the cause of the condition.
-BIO_get_retry_reason() returns a mask of the cause of a retry condition
+BIO_retry_type() returns a mask of the cause of a retry condition
consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>,
B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
these.
diff --git a/openssl/doc/ssl/SSL_library_init.pod b/openssl/doc/ssl/SSL_library_init.pod
index eed526e47..8766776fe 100644
--- a/openssl/doc/ssl/SSL_library_init.pod
+++ b/openssl/doc/ssl/SSL_library_init.pod
@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
=head1 DESCRIPTION
-SSL_library_init() registers the available ciphers and digests.
+SSL_library_init() registers the available SSL/TLS ciphers and digests.
OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
for SSL_library_init().
@@ -27,24 +27,28 @@ SSL_library_init() is not reentrant.
=head1 WARNING
-SSL_library_init() only registers ciphers. Another important initialization
-is the seeding of the PRNG (Pseudo Random Number Generator), which has to
-be performed separately.
+SSL_library_init() adds ciphers and digests used directly and indirectly by
+SSL/TLS.
=head1 EXAMPLES
A typical TLS/SSL application will start with the library initialization,
-will provide readable error messages and will seed the PRNG.
+and provide readable error messages.
SSL_load_error_strings(); /* readable error messages */
SSL_library_init(); /* initialize library */
- actions_to_seed_PRNG();
=head1 RETURN VALUES
SSL_library_init() always returns "1", so it is safe to discard the return
value.
+=head1 NOTES
+
+OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
+Applications which need to use SHA2 in earlier versions of OpenSSL should call
+OpenSSL_add_all_algorithms() as well.
+
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
diff --git a/openssl/e_os.h b/openssl/e_os.h
index 0f4b7994f..5ceeeeb95 100644
--- a/openssl/e_os.h
+++ b/openssl/e_os.h
@@ -150,7 +150,6 @@ extern "C" {
#define clear_socket_error() WSASetLastError(0)
#define readsocket(s,b,n) recv((s),(b),(n),0)
#define writesocket(s,b,n) send((s),(b),(n),0)
-#define EADDRINUSE WSAEADDRINUSE
#elif defined(__DJGPP__)
#define WATT32
#define get_last_socket_error() errno
diff --git a/openssl/engines/ccgost/gost94_keyx.c b/openssl/engines/ccgost/gost94_keyx.c
index a183edbe8..624be586a 100644
--- a/openssl/engines/ccgost/gost94_keyx.c
+++ b/openssl/engines/ccgost/gost94_keyx.c
@@ -177,7 +177,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
*outlen = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL);
- if (*outlen == 0)
+ if (*outlen <= 0)
{
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
goto err;
diff --git a/openssl/engines/ccgost/gost_ameth.c b/openssl/engines/ccgost/gost_ameth.c
index 16a99ac2b..f620a216c 100644
--- a/openssl/engines/ccgost/gost_ameth.c
+++ b/openssl/engines/ccgost/gost_ameth.c
@@ -801,7 +801,7 @@ static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
switch (op)
{
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_undef;
+ *(int *)arg2 = NID_id_Gost28147_89_MAC;
return 2;
}
return -2;
diff --git a/openssl/engines/ccgost/gost_crypt.c b/openssl/engines/ccgost/gost_crypt.c
index eb11f0e32..4977d1dcf 100644
--- a/openssl/engines/ccgost/gost_crypt.c
+++ b/openssl/engines/ccgost/gost_crypt.c
@@ -299,7 +299,7 @@ int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (i<inl)
{
gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
- if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,j);
+ if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,inl-i);
for (j=0;i<inl;j++,i++)
{
out_ptr[j]=ctx->buf[j]^in_ptr[j];
@@ -459,13 +459,15 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
int ret = -1;
int len;
GOST_CIPHER_PARAMS *gcp = NULL;
- unsigned char *p = params->value.sequence->data;
+ unsigned char *p;
struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE)
{
return ret;
}
+ p = params->value.sequence->data;
+
gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
params->value.sequence->length);
diff --git a/openssl/engines/e_chil.c b/openssl/engines/e_chil.c
index 30693353d..9c2729c96 100644
--- a/openssl/engines/e_chil.c
+++ b/openssl/engines/e_chil.c
@@ -111,11 +111,10 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
-#ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int hwcrhk_rsa_finish(RSA *rsa);
#endif
#ifndef OPENSSL_NO_DH
@@ -135,10 +134,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int ind,long argl, void *argp);
-#endif
/* Interaction stuff */
static int hwcrhk_insert_card(const char *prompt_info,
@@ -193,7 +188,7 @@ static RSA_METHOD hwcrhk_rsa =
hwcrhk_rsa_mod_exp,
hwcrhk_mod_exp_mont,
NULL,
- NULL,
+ hwcrhk_rsa_finish,
0,
NULL,
NULL,
@@ -602,7 +597,7 @@ static int hwcrhk_init(ENGINE *e)
if (hndidx_rsa == -1)
hndidx_rsa = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
- NULL, NULL, hwcrhk_ex_free);
+ NULL, NULL, NULL);
#endif
return 1;
err:
@@ -1078,6 +1073,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
{
return hwcrhk_mod_exp(r, a, p, m, ctx);
}
+
+static int hwcrhk_rsa_finish(RSA *rsa)
+ {
+ HWCryptoHook_RSAKeyHandle *hptr;
+ int ret;
+ hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+ if (hptr)
+ {
+ ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+ OPENSSL_free(hptr);
+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+ }
+ return 1;
+ }
+
#endif
#ifndef OPENSSL_NO_DH
@@ -1136,34 +1146,6 @@ static int hwcrhk_rand_status(void)
return 1;
}
-/* This cleans up an RSA KM key, called when ex_data is freed */
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int ind,long argl, void *argp)
-{
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
- int ret;
-#endif
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
-#ifndef OPENSSL_NO_RSA
- hptr = (HWCryptoHook_RSAKeyHandle *) item;
- if(hptr)
- {
- ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
- OPENSSL_free(hptr);
- }
-#endif
-}
-#endif
-
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
* these just wrap the POSIX functions and add some logging.
*/
diff --git a/openssl/engines/e_ubsec.c b/openssl/engines/e_ubsec.c
index b68541083..9b747b9ae 100644
--- a/openssl/engines/e_ubsec.c
+++ b/openssl/engines/e_ubsec.c
@@ -302,8 +302,8 @@ static t_UBSEC_diffie_hellman_generate_ioctl
*p_UBSEC_diffie_hellman_generate_ioctl = NULL;
static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
#endif
-static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
#ifndef OPENSSL_NO_RSA
+static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_DSA
diff --git a/openssl/engines/makeengines.com b/openssl/engines/makeengines.com
index 5f9b8d4d9..6cf423607 100644
--- a/openssl/engines/makeengines.com
+++ b/openssl/engines/makeengines.com
@@ -30,17 +30,6 @@ $! all available engines are built.
$!
$!-----------------------------------------------------------------------------
$!
-$! Set the names of the engines we want to build
-$! NOTE: Some might think this list ugly. However, it's made this way to
-$! reflect the LIBNAMES variable in Makefile as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another
-$! library that isn't necessarely ported to VMS.
-$!
-$ ENGINES = "," + P6
-$ IF ENGINES .EQS. "," THEN -
- ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,ccgost"
-$!
$! Set the default TCP/IP library to link against if needed
$!
$ TCPIP_LIB = ""
@@ -52,7 +41,7 @@ $ THEN
$!
$! The Architecture Is VAX.
$!
-$ ARCH := VAX
+$ ARCH = "VAX"
$!
$! Else...
$!
@@ -67,7 +56,23 @@ $! End The Architecture Check.
$!
$ ENDIF
$!
-$! Set the goal directories, and creat them if necessary
+$! Set the names of the engines we want to build
+$! NOTE: Some might think this list ugly. However, it's made this way to
+$! reflect the LIBNAMES variable in Makefile as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
+$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another
+$! library that isn't necessarely ported to VMS.
+$!
+$ ENGINES = "," + P6
+$ IF ENGINES .EQS. "," THEN -
+ ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"
+$!
+$! GOST requires a 64-bit integer type, unavailable on VAX.
+$!
+$ IF (ARCH .NES. "VAX") THEN -
+ ENGINES = ENGINES+ ",ccgost"
+$!
+$! Set the goal directories, and create them if necessary
$!
$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES]
$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES]
@@ -110,7 +115,7 @@ $ ENGINE_chil = "e_chil"
$ ENGINE_nuron = "e_nuron"
$ ENGINE_sureware = "e_sureware"
$ ENGINE_ubsec = "e_ubsec"
-$ ENGINE_ubsec = "e_padlock"
+$ ENGINE_padlock = "e_padlock"
$
$ ENGINE_ccgost_SUBDIR = "ccgost"
$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
@@ -163,9 +168,12 @@ $ ELSE
$ WRITE SYS$OUTPUT "Compiling Support Files. (",BUILDALL,")"
$ ENDIF
$!
-$! Create a .OPT file for the object files
+$! Create a .OPT file for the object files (for a real engine name).
$!
-$ OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
+$ IF ENGINE_NAME .NES. ""
+$ THEN
+$ OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
+$ ENDIF
$!
$! Here's the start of per-engine module loop.
$!
@@ -217,22 +225,27 @@ $ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
$ ELSE
$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
$ ENDIF
-$ WRITE OBJECTS OBJECT_FILE
+$!
+$! Write the entry to the .OPT file (for a real engine name).
+$!
+$ IF ENGINE_NAME .NES. ""
+$ THEN
+$ WRITE OBJECTS OBJECT_FILE
+$ ENDIF
$!
$! Next file
$!
$ GOTO FILE_NEXT
$!
$ FILE_DONE:
-$ CLOSE OBJECTS
$!
$! Do not link the support files.
$!
$ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT
$!
-$! Do not link the support files.
+$! Close the linker options file (for a real engine name).
$!
-$ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT
+$ CLOSE OBJECTS
$!
$! Now, there are two ways to handle this. We can either build
$! shareable images or stick the engine object file into libcrypto.
@@ -412,13 +425,13 @@ $! Else...
$!
$ ELSE
$!
-$! Else, Check To See If OPT_PHASE Has A Valid Arguement.
+$! Else, Check To See If OPT_PHASE Has A Valid Argument.
$!
$ IF ("," + ACCEPT_PHASE + ",") - ("," + OPT_PHASE + ",") -
.NES. ("," + ACCEPT_PHASE + ",")
$ THEN
$!
-$! A Valid Arguement.
+$! A Valid Argument.
$!
$ BUILDALL = OPT_PHASE
$!
@@ -449,7 +462,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -502,7 +515,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -771,7 +784,7 @@ $! Show user the result
$!
$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
@@ -789,7 +802,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -885,7 +898,7 @@ $! Print info
$!
$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
diff --git a/openssl/makevms.com b/openssl/makevms.com
index 3005a4583..b46e69a42 100644
--- a/openssl/makevms.com
+++ b/openssl/makevms.com
@@ -18,8 +18,8 @@ $!
$! Specify one of the following build options for P1.
$!
$! ALL Just build "everything".
-$! CONFIG Just build the "[.xxx.CRYPTO]OPENSSLCONF.H" file.
-$! BUILDINF Just build the "[.xxx.CRYPTO]BUILDINF.H" file.
+$! CONFIG Just build the "[.CRYPTO._xxx]OPENSSLCONF.H" file.
+$! BUILDINF Just build the "[.CRYPTO._xxx]BUILDINF.H" file.
$! SOFTLINKS Just fix the Unix soft links.
$! BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done.
$! CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
@@ -35,7 +35,7 @@ $!
$! P2 is ignored (it was used to denote if RSAref should be used or not,
$! and is simply kept so surrounding scripts don't get confused)
$!
-$! Speficy DEBUG or NODEBUG as P3 to compile with or without debugging
+$! Specify DEBUG or NODEBUG as P3 to compile with or without debugging
$! information.
$!
$! Specify which compiler as P4 to try to compile under.
@@ -46,7 +46,7 @@ $! GNUC For GNU C.
$! LINK To only link the programs from existing object files.
$! (not yet implemented)
$!
-$! If you don't speficy a compiler, it will try to determine which
+$! If you don't specify a compiler, it will try to determine which
$! "C" compiler to use.
$!
$! P5, if defined, sets a TCP/IP library to use, through one of the following
@@ -84,7 +84,7 @@ $ THEN
$!
$! The Architecture Is VAX.
$!
-$ ARCH := VAX
+$ ARCH = "VAX"
$!
$! Else...
$!
@@ -99,6 +99,10 @@ $! End The Architecture Check.
$!
$ ENDIF
$!
+$! Get VMS version.
+$!
+$ VMS_VERSION = f$edit( f$getsyi( "VERSION"), "TRIM")
+$!
$! Check To Make Sure We Have Valid Command Line Parameters.
$!
$ GOSUB CHECK_OPTIONS
@@ -163,32 +167,53 @@ $! Time To EXIT.
$!
$ GOTO TIDY
$!
-$! Rebuild The [.xxx.CRYPTO]OPENSSLCONF.H" file.
+$! Rebuild The [.CRYPTO._xxx]OPENSSLCONF.H" file.
$!
$ CONFIG:
$!
-$! Tell The User We Are Creating The [.xxx.CRYPTO]OPENSSLCONF.H File.
+$! Tell The User We Are Creating The [.CRYPTO._xxx]OPENSSLCONF.H File.
$!
-$ WRITE SYS$OUTPUT "Creating [.''ARCH'.CRYPTO]OPENSSLCONF.H Include File."
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']OPENSSLCONF.H Include File."
$!
$! First, make sure the directory exists.
$!
-$ IF F$PARSE("SYS$DISK:[.''ARCH'.CRYPTO]") .EQS. "" THEN -
- CREATE/DIRECTORY SYS$DISK:[.'ARCH'.CRYPTO]
+$ IF F$PARSE("SYS$DISK:[.CRYPTO._''ARCH']") .EQS. "" THEN -
+ CREATE/DIRECTORY SYS$DISK:[.CRYPTO._'ARCH']
$!
-$! Create The [.xxx.CRYPTO]OPENSSLCONF.H File.
+$! Different tar/UnZip versions/option may have named the file differently
+$ IF F$SEARCH("[.crypto]opensslconf.h_in") .NES. ""
+$ THEN
+$ OPENSSLCONF_H_IN = "[.crypto]opensslconf.h_in"
+$ ELSE
+$ IF F$SEARCH( "[.crypto]opensslconf_h.in") .NES. ""
+$ THEN
+$ OPENSSLCONF_H_IN = "[.crypto]opensslconf_h.in"
+$ ELSE
+$ ! For ODS-5
+$ IF F$SEARCH( "[.crypto]opensslconf.h.in") .NES. ""
+$ THEN
+$ OPENSSLCONF_H_IN = "[.crypto]opensslconf.h.in"
+$ ELSE
+$ WRITE SYS$ERROR "Couldn't find a [.crypto]opensslconf.h.in. Exiting!"
+$ $STATUS = %X00018294 ! "%RMS-F-FNF, file not found".
+$ GOTO TIDY
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$!
+$! Create The [.CRYPTO._xxx]OPENSSLCONF.H File.
$! Make sure it has the right format.
$!
-$ OSCH_NAME = "SYS$DISK:[.''ARCH'.CRYPTO]OPENSSLCONF.H"
+$ OSCH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']OPENSSLCONF.H"
$ CREATE /FDL=SYS$INPUT: 'OSCH_NAME'
RECORD
FORMAT stream_lf
$ OPEN /APPEND H_FILE 'OSCH_NAME'
$!
-$! Write The [.xxx.CRYPTO]OPENSSLCONF.H File.
+$! Write The [.CRYPTO._xxx]OPENSSLCONF.H File.
$!
$ WRITE H_FILE "/* This file was automatically built using makevms.com */"
-$ WRITE H_FILE "/* and [.''ARCH'.CRYPTO]OPENSSLCONF.H_IN */"
+$ WRITE H_FILE "/* and ''OPENSSLCONF_H_IN' */"
$!
$! Write a few macros that indicate how this system was built.
$!
@@ -196,75 +221,249 @@ $ WRITE H_FILE ""
$ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"
$ WRITE H_FILE "# define OPENSSL_SYS_VMS"
$ WRITE H_FILE "#endif"
-$ CONFIG_LOGICALS := NO_ASM,NO_RSA,NO_DSA,NO_DH,NO_MD2,NO_MD5,NO_RIPEMD,WHRLPOOL,-
- NO_SHA,NO_SHA0,NO_SHA1,NO_DES/NO_MDC2;NO_MDC2,NO_RC2,NO_RC4,NO_RC5,-
- NO_IDEA,NO_BF,NO_CAST,NO_CAMELLIA,NO_SEED,NO_HMAC,NO_SSL2
+$
+$! One of the best way to figure out what the list should be is to do
+$! the followin on a Unix system:
+$! grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq
+$! For that reason, the list will also always end up in alphabetical order
+$ CONFIG_LOGICALS := AES,-
+ ASM,INLINE_ASM,-
+ BF,-
+ BIO,-
+ BUFFER,-
+ BUF_FREELISTS,-
+ CAMELLIA,-
+ CAST,-
+ CMS,-
+ COMP,-
+ DEPRECATED,-
+ DES,-
+ DGRAM,-
+ DH,-
+ DSA,-
+ EC,-
+ ECDH,-
+ ECDSA,-
+ ENGINE,-
+ ERR,-
+ EVP,-
+ FP_API,-
+ GMP,-
+ GOST,-
+ HASH_COMP,-
+ HMAC,-
+ IDEA,-
+ JPAKE,-
+ KRB5,-
+ LHASH,-
+ MD2,-
+ MD4,-
+ MD5,-
+ MDC2,-
+ OCSP,-
+ PSK,-
+ RC2,-
+ RC4,-
+ RC5,-
+ RFC3779,-
+ RIPEMD,-
+ RSA,-
+ SEED,-
+ SHA,-
+ SHA0,-
+ SHA1,-
+ SHA256,-
+ SHA512,-
+ SOCK,-
+ SSL2,-
+ STACK,-
+ STATIC_ENGINE,-
+ STDIO,-
+ STORE,-
+ TLSEXT,-
+ WHIRLPOOL,-
+ X509
+$! Add a few that we know about
+$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
+ THREADS
+$! The following rules, which dictate how some algorithm choices affect
+$! others, are picked from Configure.
+$! Quick syntax:
+$! list = item[ ; list]
+$! item = algos / dependents
+$! algos = algo [, algos]
+$! dependents = dependent [, dependents]
+$! When a list of algos is specified in one item, it means that they must
+$! all be disabled for the rule to apply.
+$! When a list of dependents is specified in one item, it means that they
+$! will all be disabled if the rule applies.
+$! Rules are checked sequentially. If a rule disables an algorithm, it will
+$! affect all following rules that depend on that algorithm being disabled.
+$! To force something to be enabled or disabled, have no algorithms in the
+$! algos part.
+$ CONFIG_DISABLE_RULES := RIJNDAEL/AES;-
+ DES/MDC2;-
+ EC/ECDSA,ECDH;-
+ MD5/SSL2,SSL3,TLS1;-
+ SHA/SSL3,TLS1;-
+ RSA/SSL2;-
+ RSA,DSA/SSL2;-
+ DH/SSL3,TLS1;-
+ TLS1/TLSEXT;-
+ EC/GOST;-
+ DSA/GOST;-
+ DH/GOST;-
+ /STATIC_ENGINE;-
+ /KRB5
+$ CONFIG_ENABLE_RULES := ZLIB_DYNAMIC/ZLIB;-
+ /THREADS
+$
+$! Architecture specific rule addtions
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ ! Disable algorithms that require 64 bit integers in C
+$ CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + -
+ ";/GOST" + -
+ ";/WHIRLPOOL"
+$ ENDIF
+$
$ CONFIG_LOG_I = 0
-$ CONFIG_LOG_LOOP:
-$ CONFIG_LOG_E1 = F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS)
+$ CONFIG_LOG_LOOP1:
+$ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
$ CONFIG_LOG_I = CONFIG_LOG_I + 1
-$ IF CONFIG_LOG_E1 .EQS. "" THEN GOTO CONFIG_LOG_LOOP
-$ IF CONFIG_LOG_E1 .EQS. "," THEN GOTO CONFIG_LOG_LOOP_END
-$ CONFIG_LOG_E2 = F$EDIT(CONFIG_LOG_E1,"TRIM")
-$ CONFIG_LOG_E1 = F$ELEMENT(0,";",CONFIG_LOG_E2)
-$ CONFIG_LOG_E2 = F$ELEMENT(1,";",CONFIG_LOG_E2)
-$ CONFIG_LOG_E0 = F$ELEMENT(0,"/",CONFIG_LOG_E1)
-$ CONFIG_LOG_E1 = F$ELEMENT(1,"/",CONFIG_LOG_E1)
-$ IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E0)
+$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP1
+$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP1_END
+$ IF F$TRNLNM("OPENSSL_NO_"+CONFIG_LOG_E)
$ THEN
-$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E0
-$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E0
-$ WRITE H_FILE "#endif"
-$ IF CONFIG_LOG_E1 .NES. "/"
+$ CONFIG_DISABLED_'CONFIG_LOG_E' := YES
+$ CONFIG_ENABLED_'CONFIG_LOG_E' := NO
+$ CONFIG_CHANGED_'CONFIG_LOG_E' := YES
+$ ELSE
+$ CONFIG_DISABLED_'CONFIG_LOG_E' := NO
+$ CONFIG_ENABLED_'CONFIG_LOG_E' := YES
+$ ! Because all algorithms are assumed enabled by default
+$ CONFIG_CHANGED_'CONFIG_LOG_E' := NO
+$ ENDIF
+$ GOTO CONFIG_LOG_LOOP1
+$ CONFIG_LOG_LOOP1_END:
+$
+$! Apply cascading disable rules
+$ CONFIG_DISABLE_I = 0
+$ CONFIG_DISABLE_LOOP0:
+$ CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";",CONFIG_DISABLE_RULES),"TRIM")
+$ CONFIG_DISABLE_I = CONFIG_DISABLE_I + 1
+$ IF CONFIG_DISABLE_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP0
+$ IF CONFIG_DISABLE_E .EQS. ";" THEN GOTO CONFIG_DISABLE_LOOP0_END
+$
+$ CONFIG_DISABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_DISABLE_E),"TRIM")
+$ CONFIG_DISABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_DISABLE_E),"TRIM")
+$ TO_DISABLE := YES
+$ CONFIG_ALGO_I = 0
+$ CONFIG_DISABLE_LOOP1:
+$ CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_DISABLE_ALGOS),"TRIM")
+$ CONFIG_ALGO_I = CONFIG_ALGO_I + 1
+$ IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP1
+$ IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP1_END
+$ IF F$TYPE(CONFIG_DISABLED_'CONFIG_ALGO_E') .EQS. ""
$ THEN
-$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E1
-$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E1
-$ WRITE H_FILE "#endif"
+$ TO_DISABLE := NO
+$ ELSE
+$ IF .NOT. CONFIG_DISABLED_'CONFIG_ALGO_E' THEN TO_DISABLE := NO
$ ENDIF
-$ ELSE
-$ IF CONFIG_LOG_E2 .NES. ";"
+$ GOTO CONFIG_DISABLE_LOOP1
+$ CONFIG_DISABLE_LOOP1_END:
+$
+$ IF TO_DISABLE
+$ THEN
+$ CONFIG_DEPENDENT_I = 0
+$ CONFIG_DISABLE_LOOP2:
+$ CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_DISABLE_DEPENDENTS),"TRIM")
+$ CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
+$ IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP2
+$ IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP2_END
+$ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES
+$ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO
+$ ! Better not to assume defaults at this point...
+$ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
+$ WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'"
+$ GOTO CONFIG_DISABLE_LOOP2
+$ CONFIG_DISABLE_LOOP2_END:
+$ ENDIF
+$ GOTO CONFIG_DISABLE_LOOP0
+$ CONFIG_DISABLE_LOOP0_END:
+$
+$! Apply cascading enable rules
+$ CONFIG_ENABLE_I = 0
+$ CONFIG_ENABLE_LOOP0:
+$ CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";",CONFIG_ENABLE_RULES),"TRIM")
+$ CONFIG_ENABLE_I = CONFIG_ENABLE_I + 1
+$ IF CONFIG_ENABLE_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP0
+$ IF CONFIG_ENABLE_E .EQS. ";" THEN GOTO CONFIG_ENABLE_LOOP0_END
+$
+$ CONFIG_ENABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_ENABLE_E),"TRIM")
+$ CONFIG_ENABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_ENABLE_E),"TRIM")
+$ TO_ENABLE := YES
+$ CONFIG_ALGO_I = 0
+$ CONFIG_ENABLE_LOOP1:
+$ CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_ENABLE_ALGOS),"TRIM")
+$ CONFIG_ALGO_I = CONFIG_ALGO_I + 1
+$ IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP1
+$ IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP1_END
+$ IF F$TYPE(CONFIG_ENABLED_'CONFIG_ALGO_E') .EQS. ""
$ THEN
-$ IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E2)
-$ THEN
-$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E2
-$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E2
-$ WRITE H_FILE "#endif"
-$ ENDIF
+$ TO_ENABLE := NO
+$ ELSE
+$ IF .NOT. CONFIG_ENABLED_'CONFIG_ALGO_E' THEN TO_ENABLE := NO
$ ENDIF
+$ GOTO CONFIG_ENABLE_LOOP1
+$ CONFIG_ENABLE_LOOP1_END:
+$
+$ IF TO_ENABLE
+$ THEN
+$ CONFIG_DEPENDENT_I = 0
+$ CONFIG_ENABLE_LOOP2:
+$ CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_ENABLE_DEPENDENTS),"TRIM")
+$ CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
+$ IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP2
+$ IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP2_END
+$ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO
+$ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES
+$ ! Better not to assume defaults at this point...
+$ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
+$ WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'"
+$ GOTO CONFIG_ENABLE_LOOP2
+$ CONFIG_ENABLE_LOOP2_END:
$ ENDIF
-$ GOTO CONFIG_LOG_LOOP
-$ CONFIG_LOG_LOOP_END:
-$ WRITE H_FILE "#ifndef OPENSSL_NO_STATIC_ENGINE"
-$ WRITE H_FILE "# define OPENSSL_NO_STATIC_ENGINE"
-$ WRITE H_FILE "#endif"
-$ WRITE H_FILE "#ifndef OPENSSL_THREADS"
-$ WRITE H_FILE "# define OPENSSL_THREADS"
-$ WRITE H_FILE "#endif"
-$ WRITE H_FILE "#ifndef OPENSSL_NO_KRB5"
-$ WRITE H_FILE "# define OPENSSL_NO_KRB5"
-$ WRITE H_FILE "#endif"
-$ WRITE H_FILE ""
-$!
-$! Different tar version may have named the file differently
-$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H_IN") .NES. ""
-$ THEN
-$ TYPE [.CRYPTO]OPENSSLCONF.H_IN /OUTPUT=H_FILE:
-$ ELSE
-$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF_H.IN") .NES. ""
+$ GOTO CONFIG_ENABLE_LOOP0
+$ CONFIG_ENABLE_LOOP0_END:
+$
+$! Write to the configuration
+$ CONFIG_LOG_I = 0
+$ CONFIG_LOG_LOOP2:
+$ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
+$ CONFIG_LOG_I = CONFIG_LOG_I + 1
+$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP2
+$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP2_END
+$ IF CONFIG_CHANGED_'CONFIG_LOG_E'
$ THEN
-$ TYPE [.CRYPTO]OPENSSLCONF_H.IN /OUTPUT=H_FILE:
-$ ELSE
-$ ! For ODS-5
-$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H.IN") .NES. ""
+$ IF CONFIG_DISABLED_'CONFIG_LOG_E'
$ THEN
-$ TYPE [.CRYPTO]OPENSSLCONF.H.IN /OUTPUT=H_FILE:
+$ WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E
+$ WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E
+$ WRITE H_FILE "#endif"
$ ELSE
-$ WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN. Exiting!"
-$ $STATUS = %X00018294 ! "%RMS-F-FNF, file not found".
-$ GOTO TIDY
+$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E
+$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E
+$ WRITE H_FILE "#endif"
$ ENDIF
$ ENDIF
-$ ENDIF
+$ GOTO CONFIG_LOG_LOOP2
+$ CONFIG_LOG_LOOP2_END:
+$!
+$! Add in the common "crypto/opensslconf.h.in".
+$!
+$ TYPE 'OPENSSLCONF_H_IN' /OUTPUT=H_FILE:
+$!
$ IF ARCH .NES. "VAX"
$ THEN
$!
@@ -347,29 +546,29 @@ $! End
$!
$ ENDIF
$!
-$! Close the [.xxx.CRYPTO]OPENSSLCONF.H file
+$! Close the [.CRYPTO._xxx]OPENSSLCONF.H file
$!
$ CLOSE H_FILE
$!
-$! Purge The [.xxx.CRYPTO]OPENSSLCONF.H file
+$! Purge The [.CRYPTO._xxx]OPENSSLCONF.H file
$!
-$ PURGE SYS$DISK:[.'ARCH'.CRYPTO]OPENSSLCONF.H
+$ PURGE SYS$DISK:[.CRYPTO._'ARCH']OPENSSLCONF.H
$!
$! That's All, Time To RETURN.
$!
$ RETURN
$!
-$! Rebuild The "[.xxx.CRYPTO]BUILDINF.H" file.
+$! Rebuild The "[.CRYPTO._xxx]BUILDINF.H" file.
$!
$ BUILDINF:
$!
-$! Tell The User We Are Creating The [.xxx.CRYPTO]BUILDINF.H File.
+$! Tell The User We Are Creating The [.CRYPTO._xxx]BUILDINF.H File.
$!
-$ WRITE SYS$OUTPUT "Creating [.''ARCH'.CRYPTO]BUILDINF.H Include File."
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']BUILDINF.H Include File."
$!
-$! Create The [.xxx.CRYPTO]BUILDINF.H File.
+$! Create The [.CRYPTO._xxx]BUILDINF.H File.
$!
-$ BIH_NAME = "SYS$DISK:[.''ARCH'.CRYPTO]BUILDINF.H"
+$ BIH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']BUILDINF.H"
$ CREATE /FDL=SYS$INPUT: 'BIH_NAME'
RECORD
FORMAT stream_lf
@@ -380,19 +579,19 @@ $! Get The Current Date & Time.
$!
$ TIME = F$TIME()
$!
-$! Write The [.xxx.CRYPTO]BUILDINF.H File.
+$! Write The [.CRYPTO._xxx]BUILDINF.H File.
$!
$ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */"
-$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VER'"""
+$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'"""
$ WRITE H_FILE "#define DATE ""''TIME'"" "
$!
-$! Close The [.xxx.CRYPTO]BUILDINF.H File.
+$! Close The [.CRYPTO._xxx]BUILDINF.H File.
$!
$ CLOSE H_FILE
$!
-$! Purge The [.xxx.CRYPTO]BUILDINF.H File.
+$! Purge The [.CRYPTO._xxx]BUILDINF.H File.
$!
-$ PURGE SYS$DISK:[.'ARCH'.CRYPTO]BUILDINF.H
+$ PURGE SYS$DISK:[.CRYPTO._'ARCH']BUILDINF.H
$!
$! That's All, Time To RETURN.
$!
@@ -404,42 +603,14 @@ $ SOFTLINKS:
$!
$! Tell The User We Are Partly Rebuilding The [.APPS] Directory.
$!
-$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C', '[.APPS]MD5.C' And '[.APPS]RMD160.C' Files."
+$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File."
$!
-$ DELETE SYS$DISK:[.APPS]MD4.C;*,MD5.C;*,RMD160.C;*
+$ DELETE SYS$DISK:[.APPS]MD4.C;*
$!
$! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]
$!
$ COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]
$!
-$! Copy MD5.C from [.CRYPTO.MD5] into [.APPS]
-$!
-$ COPY SYS$DISK:[.CRYPTO.MD5]MD5.C SYS$DISK:[.APPS]
-$!
-$! Copy RMD160.C from [.CRYPTO.RIPEMD] into [.APPS]
-$!
-$ COPY SYS$DISK:[.CRYPTO.RIPEMD]RMD160.C SYS$DISK:[.APPS]
-$!
-$! Tell The User We Are Partly Rebuilding The [.TEST] Directory.
-$!
-$ WRITE SYS$OUTPUT "Rebuilding The '[.TEST]*.C' Files."
-$!
-$! First, We Have To "Rebuild" The "[.TEST]" Directory, So Delete
-$! All The "C" Files That Are Currently There Now.
-$!
-$ DELETE SYS$DISK:[.TEST]*.C;*
-$ DELETE SYS$DISK:[.TEST]EVPTESTS.TXT;*
-$!
-$! Copy all the *TEST.C files from [.CRYPTO...] into [.TEST]
-$!
-$ COPY SYS$DISK:[.CRYPTO.*]%*TEST.C SYS$DISK:[.TEST]
-$ COPY SYS$DISK:[.CRYPTO.SHA]SHA%%%T.C SYS$DISK:[.TEST]
-$ COPY SYS$DISK:[.CRYPTO.EVP]EVPTESTS.TXT SYS$DISK:[.TEST]
-$!
-$! Copy all the *TEST.C files from [.SSL...] into [.TEST]
-$!
-$ COPY SYS$DISK:[.SSL]%*TEST.C SYS$DISK:[.TEST]
-$!
$! Tell The User We Are Rebuilding The [.INCLUDE.OPENSSL] Directory.
$!
$ WRITE SYS$OUTPUT "Rebuilding The '[.INCLUDE.OPENSSL]' Directory."
@@ -532,12 +703,7 @@ $ IF D .EQS. ""
$ THEN
$ COPY [.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
$ ELSE
-$ IF D .EQS. "_''ARCH'"
-$ THEN
-$ COPY [.'ARCH'.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
-$ ELSE
-$ COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
-$ ENDIF
+$ COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
$ ENDIF
$ GOTO LOOP_SDIRS
$ LOOP_SDIRS_END:
@@ -736,7 +902,7 @@ $! Else...
$!
$ ELSE
$!
-$! Else, Check To See If P1 Has A Valid Arguement.
+$! Else, Check To See If P1 Has A Valid Argument.
$!
$ IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") -
.OR.(P1.EQS."BUILDALL") -
@@ -745,7 +911,7 @@ $ IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") -
.OR.(P1.EQS."ENGINES")
$ THEN
$!
-$! A Valid Arguement.
+$! A Valid Argument.
$!
$ BUILDCOMMAND = P1
$!
@@ -758,13 +924,13 @@ $!
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "USAGE: @MAKEVMS.COM [Target] [not-used option] [Debug option] <Compiler>"
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL """" NODEBUG "
+$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL NORSAREF NODEBUG "
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The Target ",P1," Is Invalid. The Valid Target Options Are:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT " ALL : Just Build Everything."
-$ WRITE SYS$OUTPUT " CONFIG : Just build the [.xxx.CRYPTO]OPENSSLCONF.H file."
-$ WRITE SYS$OUTPUT " BUILDINF : Just build the [.xxx.CRYPTO]BUILDINF.H file."
+$ WRITE SYS$OUTPUT " CONFIG : Just build the [.CRYPTO._xxx]OPENSSLCONF.H file."
+$ WRITE SYS$OUTPUT " BUILDINF : Just build the [.CRYPTO._xxx]BUILDINF.H file."
$ WRITE SYS$OUTPUT " SOFTLINKS: Just Fix The Unix soft links."
$ WRITE SYS$OUTPUT " BUILDALL : Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done."
$ WRITE SYS$OUTPUT " CRYPTO : To Build Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
@@ -834,7 +1000,7 @@ $! Time To EXIT.
$!
$ GOTO TIDY
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -973,7 +1139,7 @@ $! End The GNU C Check.
$!
$ ENDIF
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
@@ -991,7 +1157,7 @@ $! Time To EXIT.
$!
$ GOTO TIDY
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -1098,7 +1264,7 @@ $! Print info
$!
$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$ IF P5 .NES. ""
@@ -1153,7 +1319,7 @@ $!
$! Get The Version Of VMS We Are Using.
$!
$ ISSEVEN :=
-$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,VMS_VERSION))
$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
$!
$! Check To See If The VMS Version Is v7.1 Or Later.
diff --git a/openssl/openssl.spec b/openssl/openssl.spec
index 9d41cf7e0..bed337b63 100644
--- a/openssl/openssl.spec
+++ b/openssl/openssl.spec
@@ -2,7 +2,7 @@
%define libmaj 1
%define libmin 0
%define librel 0
-#%define librev a
+%define librev a
Release: 1
%define openssldir /var/ssl
diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c
index 0242f1e4d..4ce4064cc 100644
--- a/openssl/ssl/d1_both.c
+++ b/openssl/ssl/d1_both.c
@@ -123,6 +123,37 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
+#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
+
+#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
+ if ((end) - (start) <= 8) { \
+ long ii; \
+ for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
+ } else { \
+ long ii; \
+ bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
+ for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
+ bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
+ } }
+
+#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
+ long ii; \
+ OPENSSL_assert((msg_len) > 0); \
+ is_complete = 1; \
+ if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
+ if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
+ if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
+
+#if 0
+#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
+ long ii; \
+ printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
+ printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
+ printf("\n"); }
+#endif
+
+static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
+static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
/* XDTLS: figure out the right values */
static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -140,10 +171,11 @@ static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
long max, int *ok);
static hm_fragment *
-dtls1_hm_fragment_new(unsigned long frag_len)
+dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
{
hm_fragment *frag = NULL;
unsigned char *buf = NULL;
+ unsigned char *bitmask = NULL;
frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
if ( frag == NULL)
@@ -162,6 +194,21 @@ dtls1_hm_fragment_new(unsigned long frag_len)
/* zero length fragment gets zero frag->fragment */
frag->fragment = buf;
+ /* Initialize reassembly bitmask if necessary */
+ if (reassembly)
+ {
+ bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
+ if (bitmask == NULL)
+ {
+ if (buf != NULL) OPENSSL_free(buf);
+ OPENSSL_free(frag);
+ return NULL;
+ }
+ memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
+ }
+
+ frag->reassembly = bitmask;
+
return frag;
}
@@ -169,6 +216,7 @@ static void
dtls1_hm_fragment_free(hm_fragment *frag)
{
if (frag->fragment) OPENSSL_free(frag->fragment);
+ if (frag->reassembly) OPENSSL_free(frag->reassembly);
OPENSSL_free(frag);
}
@@ -363,6 +411,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
int i, al;
struct hm_header_st *msg_hdr;
+ unsigned char *p;
+ unsigned long msg_len;
/* s3->tmp is used to store messages that are unexpected, caused
* by the absence of an optional handshake message */
@@ -382,77 +432,55 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
}
msg_hdr = &s->d1->r_msg_hdr;
- do
- {
- if ( msg_hdr->frag_off == 0)
- {
- /* s->d1->r_message_header.msg_len = 0; */
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
- }
+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
- i = dtls1_get_message_fragment(s, st1, stn, max, ok);
- if ( i == DTLS1_HM_BAD_FRAGMENT ||
- i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
- continue;
- else if ( i <= 0 && !*ok)
- return i;
+again:
+ i = dtls1_get_message_fragment(s, st1, stn, max, ok);
+ if ( i == DTLS1_HM_BAD_FRAGMENT ||
+ i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
+ goto again;
+ else if ( i <= 0 && !*ok)
+ return i;
- /* Note that s->init_sum is used as a counter summing
- * up fragments' lengths: as soon as they sum up to
- * handshake packet length, we assume we have got all
- * the fragments. Overlapping fragments would cause
- * premature termination, so we don't expect overlaps.
- * Well, handling overlaps would require something more
- * drastic. Indeed, as it is now there is no way to
- * tell if out-of-order fragment from the middle was
- * the last. '>=' is the best/least we can do to control
- * the potential damage caused by malformed overlaps. */
- if ((unsigned int)s->init_num >= msg_hdr->msg_len)
- {
- unsigned char *p = (unsigned char *)s->init_buf->data;
- unsigned long msg_len = msg_hdr->msg_len;
-
- /* reconstruct message header as if it was
- * sent in single fragment */
- *(p++) = msg_hdr->type;
- l2n3(msg_len,p);
- s2n (msg_hdr->seq,p);
- l2n3(0,p);
- l2n3(msg_len,p);
- if (s->version != DTLS1_BAD_VER) {
- p -= DTLS1_HM_HEADER_LENGTH;
- msg_len += DTLS1_HM_HEADER_LENGTH;
- }
+ p = (unsigned char *)s->init_buf->data;
+ msg_len = msg_hdr->msg_len;
+
+ /* reconstruct message header */
+ *(p++) = msg_hdr->type;
+ l2n3(msg_len,p);
+ s2n (msg_hdr->seq,p);
+ l2n3(0,p);
+ l2n3(msg_len,p);
+ if (s->version != DTLS1_BAD_VER) {
+ p -= DTLS1_HM_HEADER_LENGTH;
+ msg_len += DTLS1_HM_HEADER_LENGTH;
+ }
- ssl3_finish_mac(s, p, msg_len);
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- p, msg_len,
- s, s->msg_callback_arg);
-
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
- s->d1->handshake_read_seq++;
- /* we just read a handshake message from the other side:
- * this means that we don't need to retransmit of the
- * buffered messages.
- * XDTLS: may be able clear out this
- * buffer a little sooner (i.e if an out-of-order
- * handshake message/record is received at the record
- * layer.
- * XDTLS: exception is that the server needs to
- * know that change cipher spec and finished messages
- * have been received by the client before clearing this
- * buffer. this can simply be done by waiting for the
- * first data segment, but is there a better way? */
- dtls1_clear_record_buffer(s);
-
- s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- return s->init_num;
- }
- else
- msg_hdr->frag_off = i;
- } while(1) ;
+ ssl3_finish_mac(s, p, msg_len);
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+ p, msg_len,
+ s, s->msg_callback_arg);
+
+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+ s->d1->handshake_read_seq++;
+ /* we just read a handshake message from the other side:
+ * this means that we don't need to retransmit of the
+ * buffered messages.
+ * XDTLS: may be able clear out this
+ * buffer a little sooner (i.e if an out-of-order
+ * handshake message/record is received at the record
+ * layer.
+ * XDTLS: exception is that the server needs to
+ * know that change cipher spec and finished messages
+ * have been received by the client before clearing this
+ * buffer. this can simply be done by waiting for the
+ * first data segment, but is there a better way? */
+ dtls1_clear_record_buffer(s);
+
+ s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+ return s->init_num;
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -528,6 +556,10 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
return 0;
frag = (hm_fragment *)item->data;
+
+ /* Don't return if reassembly still in progress */
+ if (frag->reassembly != NULL)
+ return 0;
if ( s->d1->handshake_read_seq == frag->msg_header.seq)
{
@@ -563,6 +595,109 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
static int
+dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+ {
+ hm_fragment *frag = NULL;
+ pitem *item = NULL;
+ int i = -1, is_complete;
+ unsigned char seq64be[8];
+ unsigned long frag_len = msg_hdr->frag_len, max_len;
+
+ if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
+ goto err;
+
+ /* Determine maximum allowed message size. Depends on (user set)
+ * maximum certificate length, but 16k is minimum.
+ */
+ if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
+ max_len = s->max_cert_list;
+ else
+ max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+
+ if ((msg_hdr->frag_off+frag_len) > max_len)
+ goto err;
+
+ /* Try to find item in queue */
+ memset(seq64be,0,sizeof(seq64be));
+ seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
+ seq64be[7] = (unsigned char) msg_hdr->seq;
+ item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+ if (item == NULL)
+ {
+ frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
+ if ( frag == NULL)
+ goto err;
+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+ frag->msg_header.frag_len = frag->msg_header.msg_len;
+ frag->msg_header.frag_off = 0;
+ }
+ else
+ frag = (hm_fragment*) item->data;
+
+ /* If message is already reassembled, this must be a
+ * retransmit and can be dropped.
+ */
+ if (frag->reassembly == NULL)
+ {
+ unsigned char devnull [256];
+
+ while (frag_len)
+ {
+ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ devnull,
+ frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
+ if (i<=0) goto err;
+ frag_len -= i;
+ }
+ return DTLS1_HM_FRAGMENT_RETRY;
+ }
+
+ /* read the body of the fragment (header has already been read */
+ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ frag->fragment + msg_hdr->frag_off,frag_len,0);
+ if (i<=0 || (unsigned long)i!=frag_len)
+ goto err;
+
+ RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
+ (long)(msg_hdr->frag_off + frag_len));
+
+ RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
+ is_complete);
+
+ if (is_complete)
+ {
+ OPENSSL_free(frag->reassembly);
+ frag->reassembly = NULL;
+ }
+
+ if (item == NULL)
+ {
+ memset(seq64be,0,sizeof(seq64be));
+ seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
+ seq64be[7] = (unsigned char)(msg_hdr->seq);
+
+ item = pitem_new(seq64be, frag);
+ if (item == NULL)
+ {
+ goto err;
+ i = -1;
+ }
+
+ pqueue_insert(s->d1->buffered_messages, item);
+ }
+
+ return DTLS1_HM_FRAGMENT_RETRY;
+
+err:
+ if (frag != NULL) dtls1_hm_fragment_free(frag);
+ if (item != NULL) OPENSSL_free(item);
+ *ok = 0;
+ return i;
+ }
+
+
+static int
dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
{
int i=-1;
@@ -579,7 +714,13 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
seq64be[7] = (unsigned char) msg_hdr->seq;
item = pqueue_find(s->d1->buffered_messages, seq64be);
-
+
+ /* If we already have an entry and this one is a fragment,
+ * don't discard it and rather try to reassemble it.
+ */
+ if (item != NULL && frag_len < msg_hdr->msg_len)
+ item = NULL;
+
/* Discard the message if sequence number was already there, is
* too far in the future, already in the queue or if we received
* a FINISHED before the SERVER_HELLO, which then must be a stale
@@ -600,20 +741,25 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
frag_len -= i;
}
}
-
- if (frag_len)
+ else
{
- frag = dtls1_hm_fragment_new(frag_len);
+ if (frag_len && frag_len < msg_hdr->msg_len)
+ return dtls1_reassemble_fragment(s, msg_hdr, ok);
+
+ frag = dtls1_hm_fragment_new(frag_len, 0);
if ( frag == NULL)
goto err;
memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
- /* read the body of the fragment (header has already been read */
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- frag->fragment,frag_len,0);
- if (i<=0 || (unsigned long)i!=frag_len)
- goto err;
+ if (frag_len)
+ {
+ /* read the body of the fragment (header has already been read */
+ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ frag->fragment,frag_len,0);
+ if (i<=0 || (unsigned long)i!=frag_len)
+ goto err;
+ }
memset(seq64be,0,sizeof(seq64be));
seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
@@ -640,14 +786,14 @@ static long
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
{
unsigned char wire[DTLS1_HM_HEADER_LENGTH];
- unsigned long l, frag_off, frag_len;
+ unsigned long len, frag_off, frag_len;
int i,al;
struct hm_header_st msg_hdr;
/* see if we have the required fragment already */
if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
{
- if (*ok) s->init_num += frag_len;
+ if (*ok) s->init_num = frag_len;
return frag_len;
}
@@ -672,10 +818,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
if ( msg_hdr.seq != s->d1->handshake_read_seq)
return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
- l = msg_hdr.msg_len;
+ len = msg_hdr.msg_len;
frag_off = msg_hdr.frag_off;
frag_len = msg_hdr.frag_len;
+ if (frag_len && frag_len < len)
+ return dtls1_reassemble_fragment(s, &msg_hdr, ok);
+
if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
wire[0] == SSL3_MT_HELLO_REQUEST)
{
@@ -735,7 +884,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
* s->init_buf->data, but as a counter summing up fragments'
* lengths: as soon as they sum up to handshake packet
* length, we assume we have got all the fragments. */
- s->init_num += frag_len;
+ s->init_num = frag_len;
return frag_len;
f_err:
@@ -1010,7 +1159,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
* been serialized */
OPENSSL_assert(s->init_off == 0);
- frag = dtls1_hm_fragment_new(s->init_num);
+ frag = dtls1_hm_fragment_new(s->init_num, 0);
memcpy(frag->fragment, s->init_buf->data, s->init_num);
diff --git a/openssl/ssl/d1_lib.c b/openssl/ssl/d1_lib.c
index eeffce3cc..96b220e87 100644
--- a/openssl/ssl/d1_lib.c
+++ b/openssl/ssl/d1_lib.c
@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
timeleft->tv_usec += 1000000;
}
+ /* If remaining time is less than 15 ms, set it to 0
+ * to prevent issues because of small devergences with
+ * socket timeouts.
+ */
+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
+ {
+ memset(timeleft, 0, sizeof(struct timeval));
+ }
+
+
return timeleft;
}
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c
index c9757e1d6..a5439d544 100644
--- a/openssl/ssl/d1_pkt.c
+++ b/openssl/ssl/d1_pkt.c
@@ -196,6 +196,9 @@ dtls1_copy_record(SSL *s, pitem *item)
s->packet_length = rdata->packet_length;
memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+
+ /* Set proper sequence number for mac calculation */
+ memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
return(1);
}
@@ -414,7 +417,7 @@ dtls1_process_record(SSL *s)
goto err;
/* otherwise enc_err == -1 */
- goto decryption_failed_or_bad_record_mac;
+ goto err;
}
#ifdef TLS_DEBUG
@@ -444,7 +447,7 @@ printf("\n");
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
- goto decryption_failed_or_bad_record_mac;
+ goto err;
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
@@ -455,14 +458,14 @@ printf("\n");
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
#else
- goto decryption_failed_or_bad_record_mac;
+ goto err;
#endif
}
rr->length-=mac_size;
i=s->method->ssl3_enc->mac(s,md,0);
if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
{
- goto decryption_failed_or_bad_record_mac;
+ goto err;
}
}
@@ -504,14 +507,6 @@ printf("\n");
dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
return(1);
-decryption_failed_or_bad_record_mac:
- /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
@@ -544,8 +539,7 @@ int dtls1_get_record(SSL *s)
/* The epoch may have changed. If so, process all the
* pending records. This is a non-blocking operation. */
- if ( ! dtls1_process_buffered_records(s))
- return 0;
+ dtls1_process_buffered_records(s);
/* if we're renegotiating, then there may be buffered records */
if (dtls1_get_processed_record(s))
@@ -667,21 +661,25 @@ again:
if (rr->length == 0) goto again;
/* If this record is from the next epoch (either HM or ALERT),
- * buffer it since it cannot be processed at this time. Records
- * from the next epoch are marked as received even though they
- * are not processed, so as to prevent any potential resource
- * DoS attack */
+ * and a handshake is currently in progress, buffer it since it
+ * cannot be processed at this time. */
if (is_next_epoch)
{
- dtls1_record_bitmap_update(s, bitmap);
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ if (SSL_in_init(s) || s->in_handshake)
+ {
+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ }
rr->length = 0;
s->packet_length = 0;
goto again;
}
- if ( ! dtls1_process_record(s))
- return(0);
+ if (!dtls1_process_record(s))
+ {
+ rr->length = 0;
+ s->packet_length = 0; /* dump this record */
+ goto again; /* get another record */
+ }
dtls1_clear_timeouts(s); /* done waiting */
return(1);
@@ -809,7 +807,7 @@ start:
* buffer the application data for later processing rather
* than dropping the connection.
*/
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
rr->length = 0;
goto start;
}
diff --git a/openssl/ssl/dtls1.h b/openssl/ssl/dtls1.h
index af363a984..2900d1d8a 100644
--- a/openssl/ssl/dtls1.h
+++ b/openssl/ssl/dtls1.h
@@ -167,6 +167,7 @@ typedef struct hm_fragment_st
{
struct hm_header_st msg_header;
unsigned char *fragment;
+ unsigned char *reassembly;
} hm_fragment;
typedef struct dtls1_state_st
diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com
index 85ab2f61f..c5ca9e1df 100644
--- a/openssl/ssl/ssl-lib.com
+++ b/openssl/ssl/ssl-lib.com
@@ -30,7 +30,7 @@ $! VAXC For VAX C.
$! DECC For DEC C.
$! GNUC For GNU C.
$!
-$! If you don't speficy a compiler, it will try to determine which
+$! If you don't specify a compiler, it will try to determine which
$! "C" compiler to use.
$!
$! P4, if defined, sets a TCP/IP library to use, through one of the following
@@ -55,7 +55,7 @@ $ THEN
$!
$! The Architecture Is VAX.
$!
-$ ARCH := VAX
+$ ARCH = "VAX"
$!
$! Else...
$!
@@ -524,12 +524,12 @@ $! Else...
$!
$ ELSE
$!
-$! Else, Check To See If P1 Has A Valid Arguement.
+$! Else, Check To See If P1 Has A Valid Argument.
$!
$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")
$ THEN
$!
-$! A Valid Arguement.
+$! A Valid Argument.
$!
$ BUILDALL = P1
$!
@@ -557,7 +557,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -611,7 +611,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -893,7 +893,7 @@ $! Show user the result
$!
$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
@@ -994,7 +994,7 @@ $! Print info
$!
$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
diff --git a/openssl/ssl/ssl_algs.c b/openssl/ssl/ssl_algs.c
index a26ae4395..0967b2dfe 100644
--- a/openssl/ssl/ssl_algs.c
+++ b/openssl/ssl/ssl_algs.c
@@ -105,6 +105,14 @@ int SSL_library_init(void)
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
#endif
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c
index d9cb059d0..9719541f2 100644
--- a/openssl/ssl/t1_enc.c
+++ b/openssl/ssl/t1_enc.c
@@ -148,7 +148,7 @@
#endif
/* seed1 through seed5 are virtually concatenated */
-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
int sec_len,
const void *seed1, int seed1_len,
const void *seed2, int seed2_len,
@@ -163,55 +163,79 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
HMAC_CTX ctx_tmp;
unsigned char A1[EVP_MAX_MD_SIZE];
unsigned int A1_len;
+ int ret = 0;
chunk=EVP_MD_size(md);
OPENSSL_assert(chunk >= 0);
HMAC_CTX_init(&ctx);
HMAC_CTX_init(&ctx_tmp);
- HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
- HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
- if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len);
- if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len);
- if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len);
- if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len);
- if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len);
- HMAC_Final(&ctx,A1,&A1_len);
+ if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
+ goto err;
+ if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
+ goto err;
+ if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+ goto err;
+ if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+ goto err;
+ if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+ goto err;
+ if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+ goto err;
+ if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+ goto err;
+ if (!HMAC_Final(&ctx,A1,&A1_len))
+ goto err;
n=0;
for (;;)
{
- HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
- HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
- HMAC_Update(&ctx,A1,A1_len);
- HMAC_Update(&ctx_tmp,A1,A1_len);
- if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len);
- if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len);
- if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len);
- if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len);
- if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len);
+ if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
+ goto err;
+ if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */
+ goto err;
+ if (!HMAC_Update(&ctx,A1,A1_len))
+ goto err;
+ if (!HMAC_Update(&ctx_tmp,A1,A1_len))
+ goto err;
+ if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+ goto err;
+ if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+ goto err;
+ if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+ goto err;
+ if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+ goto err;
+ if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+ goto err;
if (olen > chunk)
{
- HMAC_Final(&ctx,out,&j);
+ if (!HMAC_Final(&ctx,out,&j))
+ goto err;
out+=j;
olen-=j;
- HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
+ if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */
+ goto err;
}
else /* last one */
{
- HMAC_Final(&ctx,A1,&A1_len);
+ if (!HMAC_Final(&ctx,A1,&A1_len))
+ goto err;
memcpy(out,A1,olen);
break;
}
}
+ ret = 1;
+err:
HMAC_CTX_cleanup(&ctx);
HMAC_CTX_cleanup(&ctx_tmp);
OPENSSL_cleanse(A1,sizeof(A1));
+ return ret;
}
/* seed1 through seed5 are virtually concatenated */
-static void tls1_PRF(long digest_mask,
+static int tls1_PRF(long digest_mask,
const void *seed1, int seed1_len,
const void *seed2, int seed2_len,
const void *seed3, int seed3_len,
@@ -225,6 +249,7 @@ static void tls1_PRF(long digest_mask,
const unsigned char *S1;
long m;
const EVP_MD *md;
+ int ret = 0;
/* Count number of digests and partition sec evenly */
count=0;
@@ -239,11 +264,12 @@ static void tls1_PRF(long digest_mask,
if (!md) {
SSLerr(SSL_F_TLS1_PRF,
SSL_R_UNSUPPORTED_DIGEST_TYPE);
- return;
+ goto err;
}
- tls1_P_hash(md ,S1,len+(slen&1),
- seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
- out2,olen);
+ if (!tls1_P_hash(md ,S1,len+(slen&1),
+ seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
+ out2,olen))
+ goto err;
S1+=len;
for (i=0; i<olen; i++)
{
@@ -251,12 +277,15 @@ static void tls1_PRF(long digest_mask,
}
}
}
-
+ ret = 1;
+err:
+ return ret;
}
-static void tls1_generate_key_block(SSL *s, unsigned char *km,
+static int tls1_generate_key_block(SSL *s, unsigned char *km,
unsigned char *tmp, int num)
{
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ int ret;
+ ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
s->s3->server_random,SSL3_RANDOM_SIZE,
s->s3->client_random,SSL3_RANDOM_SIZE,
@@ -274,6 +303,7 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,
}
printf("\n"); }
#endif /* KSSL_DEBUG */
+ return ret;
}
int tls1_change_cipher_state(SSL *s, int which)
@@ -461,22 +491,24 @@ printf("which = %04X\nmac key=",which);
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
*/
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
- exp_label,exp_label_len,
- s->s3->client_random,SSL3_RANDOM_SIZE,
- s->s3->server_random,SSL3_RANDOM_SIZE,
- NULL,0,NULL,0,
- key,j,tmp1,tmp2,EVP_CIPHER_key_length(c));
+ if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ exp_label,exp_label_len,
+ s->s3->client_random,SSL3_RANDOM_SIZE,
+ s->s3->server_random,SSL3_RANDOM_SIZE,
+ NULL,0,NULL,0,
+ key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
+ goto err2;
key=tmp1;
if (k > 0)
{
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
- TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
- s->s3->client_random,SSL3_RANDOM_SIZE,
- s->s3->server_random,SSL3_RANDOM_SIZE,
- NULL,0,NULL,0,
- empty,0,iv1,iv2,k*2);
+ if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
+ s->s3->client_random,SSL3_RANDOM_SIZE,
+ s->s3->server_random,SSL3_RANDOM_SIZE,
+ NULL,0,NULL,0,
+ empty,0,iv1,iv2,k*2))
+ goto err2;
if (client_write)
iv=iv1;
else
@@ -518,12 +550,13 @@ err2:
int tls1_setup_key_block(SSL *s)
{
- unsigned char *p1,*p2;
+ unsigned char *p1,*p2=NULL;
const EVP_CIPHER *c;
const EVP_MD *hash;
int num;
SSL_COMP *comp;
int mac_type= NID_undef,mac_secret_size=0;
+ int ret=0;
#ifdef KSSL_DEBUG
printf ("tls1_setup_key_block()\n");
@@ -548,13 +581,19 @@ int tls1_setup_key_block(SSL *s)
ssl3_cleanup_key_block(s);
if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+ {
+ SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
goto err;
- if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
- goto err;
+ }
s->s3->tmp.key_block_length=num;
s->s3->tmp.key_block=p1;
+ if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+ {
+ SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
#ifdef TLS_DEBUG
printf("client random\n");
@@ -564,9 +603,8 @@ printf("server random\n");
printf("pre-master\n");
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
#endif
- tls1_generate_key_block(s,p1,p2,num);
- OPENSSL_cleanse(p2,num);
- OPENSSL_free(p2);
+ if (!tls1_generate_key_block(s,p1,p2,num))
+ goto err;
#ifdef TLS_DEBUG
printf("\nkey block\n");
{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
@@ -591,10 +629,14 @@ printf("\nkey block\n");
}
}
- return(1);
+ ret = 1;
err:
- SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
- return(0);
+ if (p2)
+ {
+ OPENSSL_cleanse(p2,num);
+ OPENSSL_free(p2);
+ }
+ return(ret);
}
int tls1_enc(SSL *s, int send)
@@ -822,10 +864,11 @@ int tls1_final_finish_mac(SSL *s,
}
}
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
- str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
- s->session->master_key,s->session->master_key_length,
- out,buf2,sizeof buf2);
+ if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
+ s->session->master_key,s->session->master_key_length,
+ out,buf2,sizeof buf2))
+ err = 1;
EVP_MD_CTX_cleanup(&ctx);
if (err)
diff --git a/openssl/test/cms-test.pl b/openssl/test/cms-test.pl
index 6ad788346..9c50dff3e 100644
--- a/openssl/test/cms-test.pl
+++ b/openssl/test/cms-test.pl
@@ -54,8 +54,12 @@
# OpenSSL PKCS#7 and CMS implementations.
my $ossl_path;
-
-if ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
+my $redir = " 2>cms.err 1>cms.out";
+# Make MSYS work
+if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
+ $ossl_path = "cmd /c ..\\apps\\openssl";
+}
+elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
$ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
}
elsif ( -f "..\\out32dll\\openssl.exe" ) {
@@ -382,14 +386,14 @@ sub run_smime_tests {
$rscmd =~ s/-stream//;
$rvcmd =~ s/-stream//;
}
- system("$scmd$rscmd 2>cms.err 1>cms.out");
+ system("$scmd$rscmd$redir");
if ($?) {
print "$tnam: generation error\n";
$$rv++;
exit 1 if $halt_err;
next;
}
- system("$vcmd$rvcmd 2>cms.err 1>cms.out");
+ system("$vcmd$rvcmd$redir");
if ($?) {
print "$tnam: verify error\n";
$$rv++;
diff --git a/openssl/test/igetest.c b/openssl/test/igetest.c
index a2578d09c..1ba900244 100644
--- a/openssl/test/igetest.c
+++ b/openssl/test/igetest.c
@@ -221,9 +221,9 @@ static int run_test_vectors(void)
++errs;
}
- /* try with in == out */
+ /* try with in == out */
memcpy(iv, v->iv, sizeof iv);
- memcpy(buf, v->in, v->length);
+ memcpy(buf, v->in, v->length);
AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
if(memcmp(v->out, buf, v->length))
diff --git a/openssl/test/maketests.com b/openssl/test/maketests.com
index 7adb82ec3..ca072f1d1 100644
--- a/openssl/test/maketests.com
+++ b/openssl/test/maketests.com
@@ -42,34 +42,20 @@ $! (That is, If Wee Need To Link To One.)
$!
$ TCPIP_LIB = ""
$!
-$! Check What Architecture We Are Using.
+$! Check Which Architecture We Are Using.
$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$! The Architecture Is VAX.
-$!
-$ ARCH := VAX
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! The Architecture Is Alpha, IA64 or whatever comes in the future.
+$ if (f$getsyi( "HW_MODEL") .lt. 1024)
+$ then
+$ arch = "VAX"
+$ else
+$ arch = ""
+$ arch = arch+ f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if (arch .eqs. "") then arch = "UNK"
+$ endif
$!
-$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$! Define The OBJ Directory.
+$! Define The OBJ and EXE Directories (EXE before CHECK_OPTIONS).
$!
$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST]
-$!
-$! Define The EXE Directory.
-$!
$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]
$!
$! Check To Make Sure We Have Valid Command Line Parameters.
@@ -82,7 +68,7 @@ $ GOSUB INITIALISE
$!
$! Tell The User What Kind of Machine We Run On.
$!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$ WRITE SYS$OUTPUT "Compiling On ''ARCH'."
$!
$! Define The CRYPTO-LIB We Are To Use.
$!
@@ -92,31 +78,12 @@ $! Define The SSL We Are To Use.
$!
$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
+$! Create the OBJ and EXE Directories, if needed.
$!
-$! The EXE Directory Dosen't Exist, So Create It.
-$!
-$ CREATE/DIRECTORY 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific EXE Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$! The EXE Directory Dosen't Exist, So Create It.
-$!
-$ CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! End The Architecture Specific EXE Directory Check.
-$!
-$ ENDIF
+$ IF (F$PARSE(OBJ_DIR).EQS."") THEN -
+ CREATE /DIRECTORY 'OBJ_DIR'
+$ IF (F$PARSE(EXE_DIR).EQS."") THEN -
+ CREATE /DIRECTORY 'EXE_DIR'
$!
$! Check To See If We Have The Proper Libraries.
$!
@@ -140,12 +107,46 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
"BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
"EVP_TEST,JPAKETEST"
$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
-$
+$!
+$! Additional directory information.
+$ T_D_BNTEST := [-.crypto.bn]
+$ T_D_ECTEST := [-.crypto.ec]
+$ T_D_ECDSATEST := [-.crypto.ecdsa]
+$ T_D_ECDHTEST := [-.crypto.ecdh]
+$ T_D_IDEATEST := [-.crypto.idea]
+$ T_D_MD2TEST := [-.crypto.md2]
+$ T_D_MD4TEST := [-.crypto.md4]
+$ T_D_MD5TEST := [-.crypto.md5]
+$ T_D_HMACTEST := [-.crypto.hmac]
+$ T_D_WP_TEST := [-.crypto.whrlpool]
+$ T_D_RC2TEST := [-.crypto.rc2]
+$ T_D_RC4TEST := [-.crypto.rc4]
+$ T_D_RC5TEST := [-.crypto.rc5]
+$ T_D_DESTEST := [-.crypto.des]
+$ T_D_SHATEST := [-.crypto.sha]
+$ T_D_SHA1TEST := [-.crypto.sha]
+$ T_D_SHA256T := [-.crypto.sha]
+$ T_D_SHA512T := [-.crypto.sha]
+$ T_D_MDC2TEST := [-.crypto.mdc2]
+$ T_D_RMDTEST := [-.crypto.ripemd]
+$ T_D_RANDTEST := [-.crypto.rand]
+$ T_D_DHTEST := [-.crypto.dh]
+$ T_D_ENGINETEST := [-.crypto.engine]
+$ T_D_BFTEST := [-.crypto.bf]
+$ T_D_CASTTEST := [-.crypto.cast]
+$ T_D_SSLTEST := [-.ssl]
+$ T_D_EXPTEST := [-.crypto.bn]
+$ T_D_DSATEST := [-.crypto.dsa]
+$ T_D_RSA_TEST := [-.crypto.rsa]
+$ T_D_EVP_TEST := [-.crypto.evp]
+$ T_D_JPAKETEST := [-.crypto.jpake]
+$ T_D_IGETEST := [-.test]
+$!
$ TCPIP_PROGRAMS = ",,"
$ IF COMPILER .EQS. "VAXC" THEN -
TCPIP_PROGRAMS = ",SSLTEST,"
$!
-$! Define A File Counter And Set It To "0".
+$! Define A File Counter And Set It To "0".
$!
$ FILE_COUNTER = 0
$!
@@ -167,7 +168,7 @@ $ FILE_COUNTER = FILE_COUNTER + 1
$!
$! Create The Source File Name.
$!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C"
$!
$! Create The Object File Name.
$!
@@ -201,9 +202,7 @@ $!
$! Compile The File.
$!
$ ON ERROR THEN GOTO NEXT_FILE
-$ CC/OBJECT='OBJECT_FILE' /PREFIX=ALL -
- /INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO],SYS$DISK:[-.CRYPTO.X509V3],SYS$DISK:[-.INCLUDE.OPENSSL]) -
- 'SOURCE_FILE'
+$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE'
$ ON WARNING THEN GOTO NEXT_FILE
$!
$! Check If What We Are About To Compile Works Without A TCP/IP Library.
@@ -213,7 +212,8 @@ $ THEN
$!
$! Inform The User That A TCP/IP Library Is Needed To Compile This Program.
$!
-$ WRITE SYS$OUTPUT FILE_NAME," Needs A TCP/IP Library. Can't Link. Skipping..."
+$ WRITE SYS$OUTPUT -
+ FILE_NAME," Needs A TCP/IP Library. Can't Link. Skipping..."
$ GOTO NEXT_FILE
$!
$! End The TCP/IP Library Check.
@@ -228,10 +228,12 @@ $ THEN
$!
$! Don't Link With The RSAREF Routines And TCP/IP Library.
$!
-$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+$ LINK /'DEBUGGER' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' -
'OBJECT_FILE', -
- 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
- 'TCPIP_LIB','OPT_FILE'/OPTION
+ 'SSL_LIB' /LIBRARY, -
+ 'CRYPTO_LIB' /LIBRARY, -
+ 'TCPIP_LIB', -
+ 'OPT_FILE' /OPTIONS
$!
$! Else...
$!
@@ -239,10 +241,11 @@ $ ELSE
$!
$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
$!
-$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+$ LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' -
'OBJECT_FILE', -
- 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
- 'OPT_FILE'/OPTION
+ 'SSL_LIB' /LIBRARY, -
+ 'CRYPTO_LIB' /LIBRARY, -
+ 'OPT_FILE' /OPTIONS
$!
$! End The TCP/IP Library Check.
$!
@@ -281,10 +284,10 @@ $!
$ CREATE 'OPT_FILE'
$DECK
!
-! Default System Options File To Link Agianst
+! Default System Options File To Link Against
! The Sharable VAX C Runtime Library.
!
-SYS$SHARE:VAXCRTL.EXE/SHARE
+SYS$SHARE:VAXCRTL.EXE /SHAREABLE
$EOD
$!
$! End The Option File Check.
@@ -313,8 +316,8 @@ $DECK
! Default System Options File To Link Agianst
! The Sharable C Runtime Library.
!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
+GNU_CC:[000000]GCCLIB.OLB /LIBRARY
+SYS$SHARE:VAXCRTL.EXE /SHAREABLE
$EOD
$!
$! End The Option File Check.
@@ -348,7 +351,7 @@ $DECK
! Default System Options File To Link Agianst
! The Sharable DEC C Runtime Library.
!
-SYS$SHARE:DECC$SHR.EXE/SHARE
+SYS$SHARE:DECC$SHR.EXE /SHAREABLE
$EOD
$!
$! Else...
@@ -363,8 +366,8 @@ $DECK
! Default System Options File For non-VAX To Link Agianst
! The Sharable C Runtime Library.
!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
+SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE
+SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE
$EOD
$!
$! End The DEC C Option File Check.
@@ -622,9 +625,9 @@ $! Use DECC...
$!
$ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
- THEN CC = "CC/DECC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
- "/NOLIST/PREFIX=ALL" + -
+ THEN CC = "CC /DECC"
+$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + -
+ "/NOLIST /PREFIX=ALL" + -
"/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
@@ -656,14 +659,14 @@ $ THEN
$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
$ EXIT
$ ENDIF
-$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC"
+$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
"/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
$ CCDEFS = CCDEFS + ",""VAXC"""
$!
$! Define <sys> As SYS$COMMON:[SYSLIB]
$!
-$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$ DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB]
$!
$! Define The Linker Options File Name.
$!
@@ -688,7 +691,7 @@ $ WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
$!
$! Use GNU C...
$!
-$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$ CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
"/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
@@ -723,7 +726,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
$!
$! Show user the result
$!
-$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
+$ WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC
$!
$! Else The User Entered An Invalid Arguement.
$!
@@ -757,7 +760,7 @@ $ THEN
$!
$! Set the library to use SOCKETSHR
$!
-$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
$!
$! Done with SOCKETSHR
$!
@@ -768,7 +771,7 @@ $!
$ IF P3.EQS."MULTINET"
$ THEN
$!
-$! Set the library to use UXC emulation.
+$! Set the library to use UCX emulation.
$!
$ P3 = "UCX"
$!
@@ -783,13 +786,13 @@ $ THEN
$!
$! Set the library to use UCX.
$!
-$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
$ IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
$ THEN
-$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
$ ELSE
$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
- TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
$ ENDIF
$!
$! Done with UCX
@@ -803,7 +806,7 @@ $ THEN
$!
$! Set the library to use TCPIP (post UCX).
$!
-$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
$!
$! Done with TCPIP
$!
@@ -901,7 +904,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
$!
$! Set up the logical name OPENSSL to point at the include directory
$!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$ DEFINE OPENSSL /NOLOG '__INCLUDE'
$!
$! Done
$!
@@ -915,7 +918,7 @@ $ IF __SAVE_OPENSSL .EQS. ""
$ THEN
$ DEASSIGN OPENSSL
$ ELSE
-$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
$ ENDIF
$!
$! Done
diff --git a/openssl/tools/c_rehash b/openssl/tools/c_rehash
index fef1f60e6..6a20011a4 100644
--- a/openssl/tools/c_rehash
+++ b/openssl/tools/c_rehash
@@ -7,6 +7,7 @@
my $openssl;
my $dir = "/usr/local/ssl";
+my $prefix = "/usr/local/ssl";
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
@@ -24,7 +25,7 @@ if (defined(&Cwd::getcwd)) {
}
my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter?
-$ENV{PATH} .= "$path_delim$dir/bin";
+$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path
if(! -x $openssl) {
my $found = 0;
diff --git a/openssl/tools/c_rehash.in b/openssl/tools/c_rehash.in
index 6dd3c24fc..bfc4a69ed 100644
--- a/openssl/tools/c_rehash.in
+++ b/openssl/tools/c_rehash.in
@@ -7,6 +7,7 @@
my $openssl;
my $dir;
+my $prefix;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
@@ -24,7 +25,7 @@ if (defined(&Cwd::getcwd)) {
}
my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter?
-$ENV{PATH} .= "$path_delim$dir/bin";
+$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path
if(! -x $openssl) {
my $found = 0;
diff --git a/openssl/util/libeay.num b/openssl/util/libeay.num
index 007e1f8ba..6f3067ae2 100644
--- a/openssl/util/libeay.num
+++ b/openssl/util/libeay.num
@@ -3752,7 +3752,7 @@ TS_REQ_set_policy_id 4138 EXIST::FUNCTION:
d2i_TS_RESP_fp 4139 EXIST::FUNCTION:
ENGINE_get_pkey_asn1_meth_engine 4140 EXIST:!VMS:FUNCTION:ENGINE
ENGINE_get_pkey_asn1_meth_eng 4140 EXIST:VMS:FUNCTION:ENGINE
-WHIRLPOOL_Init 4141 EXIST::FUNCTION:WHIRLPOOL
+WHIRLPOOL_Init 4141 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
TS_RESP_set_status_info 4142 EXIST::FUNCTION:
EVP_PKEY_keygen 4143 EXIST::FUNCTION:
EVP_DigestSignInit 4144 EXIST::FUNCTION:
@@ -3761,7 +3761,7 @@ TS_REQ_dup 4146 EXIST::FUNCTION:
GENERAL_NAME_dup 4147 EXIST::FUNCTION:
ASN1_SEQUENCE_ANY_it 4148 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_SEQUENCE_ANY_it 4148 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-WHIRLPOOL 4149 EXIST::FUNCTION:WHIRLPOOL
+WHIRLPOOL 4149 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
X509_STORE_get1_crls 4150 EXIST::FUNCTION:
ENGINE_get_pkey_asn1_meth 4151 EXIST::FUNCTION:ENGINE
EVP_PKEY_asn1_new 4152 EXIST::FUNCTION:
@@ -3812,7 +3812,7 @@ DSO_global_lookup 4195 EXIST::FUNCTION:
TS_CONF_set_tsa_name 4196 EXIST::FUNCTION:
i2d_ASN1_SET_ANY 4197 EXIST::FUNCTION:
ENGINE_load_gost 4198 EXIST::FUNCTION:ENGINE,GOST,STATIC_ENGINE
-WHIRLPOOL_BitUpdate 4199 EXIST::FUNCTION:WHIRLPOOL
+WHIRLPOOL_BitUpdate 4199 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
ASN1_PCTX_get_flags 4200 EXIST::FUNCTION:
TS_TST_INFO_get_ext_by_NID 4201 EXIST::FUNCTION:
TS_RESP_new 4202 EXIST::FUNCTION:
@@ -3861,10 +3861,10 @@ EVP_PKEY_meth_set_sign 4243 EXIST::FUNCTION:
CRYPTO_THREADID_current 4244 EXIST::FUNCTION:
EVP_PKEY_decrypt_init 4245 EXIST::FUNCTION:
NETSCAPE_X509_free 4246 EXIST::FUNCTION:
-i2b_PVK_bio 4247 EXIST::FUNCTION:
+i2b_PVK_bio 4247 EXIST::FUNCTION:RC4
EVP_PKEY_print_private 4248 EXIST::FUNCTION:
GENERAL_NAME_get0_value 4249 EXIST::FUNCTION:
-b2i_PVK_bio 4250 EXIST::FUNCTION:
+b2i_PVK_bio 4250 EXIST::FUNCTION:RC4
ASN1_UTCTIME_adj 4251 EXIST::FUNCTION:
TS_TST_INFO_new 4252 EXIST::FUNCTION:
EVP_MD_do_all_sorted 4253 EXIST::FUNCTION:
@@ -3975,7 +3975,7 @@ X509_PUBKEY_get0_param 4356 EXIST::FUNCTION:
TS_MSG_IMPRINT_dup 4357 EXIST::FUNCTION:
PKCS7_print_ctx 4358 EXIST::FUNCTION:
i2d_TS_REQ_bio 4359 EXIST::FUNCTION:
-EVP_whirlpool 4360 EXIST::FUNCTION:WHIRLPOOL
+EVP_whirlpool 4360 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
EVP_PKEY_asn1_set_param 4361 EXIST::FUNCTION:
EVP_PKEY_meth_set_encrypt 4362 EXIST::FUNCTION:
ASN1_PCTX_set_flags 4363 EXIST::FUNCTION:
@@ -3986,7 +3986,7 @@ ENGINE_register_all_pkey_meths 4367 EXIST::FUNCTION:ENGINE
TS_RESP_CTX_set_status_info_cond 4368 EXIST:!VMS:FUNCTION:
TS_RESP_CTX_set_stat_info_cond 4368 EXIST:VMS:FUNCTION:
EVP_PKEY_verify 4369 EXIST::FUNCTION:
-WHIRLPOOL_Final 4370 EXIST::FUNCTION:WHIRLPOOL
+WHIRLPOOL_Final 4370 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
X509_CRL_METHOD_new 4371 EXIST::FUNCTION:
EVP_DigestSignFinal 4372 EXIST::FUNCTION:
TS_RESP_CTX_set_def_policy 4373 EXIST::FUNCTION:
@@ -4068,7 +4068,7 @@ ERR_remove_thread_state 4445 EXIST::FUNCTION:
EVP_PKEY_meth_add0 4446 EXIST::FUNCTION:
TS_TST_INFO_set_tsa 4447 EXIST::FUNCTION:
EVP_PKEY_meth_new 4448 EXIST::FUNCTION:
-WHIRLPOOL_Update 4449 EXIST::FUNCTION:WHIRLPOOL
+WHIRLPOOL_Update 4449 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
TS_CONF_set_accuracy 4450 EXIST::FUNCTION:
ASN1_PCTX_set_oid_flags 4451 EXIST::FUNCTION:
ESS_SIGNING_CERT_dup 4452 EXIST::FUNCTION:
@@ -4173,6 +4173,8 @@ X509_STORE_CTX_get0_cur_issuer 4546 EXIST:VMS:FUNCTION:
X509_issuer_name_hash_old 4547 EXIST::FUNCTION:MD5
X509_subject_name_hash_old 4548 EXIST::FUNCTION:MD5
EVP_CIPHER_CTX_copy 4549 EXIST::FUNCTION:
-UI_method_get_prompt_constructor 4550 EXIST::FUNCTION:
-UI_method_set_prompt_constructor 4551 EXIST::FUNCTION:
+UI_method_get_prompt_constructor 4550 EXIST:!VMS:FUNCTION:
+UI_method_get_prompt_constructr 4550 EXIST:VMS:FUNCTION:
+UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION:
+UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION:
EVP_read_pw_string_min 4552 EXIST::FUNCTION:
diff --git a/openssl/util/mkdef.pl b/openssl/util/mkdef.pl
index 1d579c897..a4a17e3ae 100644
--- a/openssl/util/mkdef.pl
+++ b/openssl/util/mkdef.pl
@@ -978,6 +978,12 @@ sub do_defs
$platform{"SHA512_Update"} = "!VMSVAX";
$platform{"SHA512_Final"} = "!VMSVAX";
$platform{"SHA512"} = "!VMSVAX";
+ $platform{"WHIRLPOOL_Init"} = "!VMSVAX";
+ $platform{"WHIRLPOOL"} = "!VMSVAX";
+ $platform{"WHIRLPOOL_BitUpdate"} = "!VMSVAX";
+ $platform{"EVP_whirlpool"} = "!VMSVAX";
+ $platform{"WHIRLPOOL_Final"} = "!VMSVAX";
+ $platform{"WHIRLPOOL_Update"} = "!VMSVAX";
# Info we know about
diff --git a/openssl/util/pl/VC-32.pl b/openssl/util/pl/VC-32.pl
index c024f0268..9461d1a25 100644
--- a/openssl/util/pl/VC-32.pl
+++ b/openssl/util/pl/VC-32.pl
@@ -123,15 +123,15 @@ else # Win32
}
$mlflags='';
-$out_def="out32"; $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
-$tmp_def="tmp32"; $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
+$out_def ="\$(OUT_D)"; $out_def.="dll" if ($shlib);
+ $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
+$tmp_def ="\$(TMP_D)"; $tmp_def.="dll" if ($shlib);
+ $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
$inc_def="inc32";
if ($debug)
{
$cflags=$dbg_cflags.$base_cflags;
- $lflags.=" /debug";
- $mlflags.=' /debug';
}
else
{
@@ -139,6 +139,11 @@ else
$cdflags=$dbg_cflags.$base_cflags;
}
+# generate symbols.pdb unconditionally
+$app_cflag.=" /Zi /Fd$tmp_def/app";
+$lib_cflag.=" /Zi /Fd$tmp_def/lib";
+$lflags.=" /debug";
+
$obj='.obj';
$asm_suffix='.asm';
$ofile="/Fo";
@@ -179,18 +184,15 @@ $lfile='/out:';
$shlib_ex_obj="";
$app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/);
if ($FLAVOR =~ /WIN64A/) {
- if (`nasm -v` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
- $asm='nasm -f win64 -DNEAR -Ox';
- $asm.=' -g' if $debug;
+ if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+ $asm='nasm -f win64 -DNEAR -Ox -g';
$afile='-o ';
} else {
- $asm='ml64 /c /Cp /Cx';
- $asm.=" /Zi" if $debug;
+ $asm='ml64 /c /Cp /Cx /Zi';
$afile='/Fo';
}
} elsif ($FLAVOR =~ /WIN64I/) {
- $asm='ias';
- $asm.=" -d debug" if $debug;
+ $asm='ias -d debug';
$afile="-o ";
} elsif ($nasm) {
my $ver=`nasm -v 2>NUL`;
@@ -200,8 +202,7 @@ if ($FLAVOR =~ /WIN64A/) {
$asmtype="win32n";
$afile='-o ';
} else {
- $asm='ml /nologo /Cp /coff /c /Cx';
- $asm.=" /Zi" if $debug;
+ $asm='ml /nologo /Cp /coff /c /Cx /Zi';
$afile='/Fo';
$asmtype="win32";
}
@@ -234,9 +235,7 @@ if (!$no_asm)
if ($shlib && $FLAVOR !~ /CE/)
{
$mlflags.=" $lflags /dll";
- $lib_cflag=" -D_WINDLL";
- $out_def="out32dll";
- $tmp_def="tmp32dll";
+ $lib_cflag.=" -D_WINDLL";
#
# Engage Applink...
#
@@ -266,14 +265,9 @@ elsif ($shlib && $FLAVOR =~ /CE/)
{
$mlflags.=" $lflags /dll";
$lflags.=' /entry:mainCRTstartup' if(defined($ENV{'PORTSDK_LIBPATH'}));
- $lib_cflag=" -D_WINDLL -D_DLL";
- $out_def='out32dll_$(TARGETCPU)';
- $tmp_def='tmp32dll_$(TARGETCPU)';
+ $lib_cflag.=" -D_WINDLL -D_DLL";
}
-$cflags.=" /Fd\$(OUT_D)";
-$cdflags.=" /Fd\$(OUT_D)";
-
sub do_lib_rule
{
local($objs,$target,$name,$shlib)=@_;
diff --git a/packages.txt b/packages.txt
index 94407b1c5..548aa3331 100644
--- a/packages.txt
+++ b/packages.txt
@@ -62,7 +62,7 @@ libXpm-3.5.8
libXt-1.0.8
mesa-7.8.1
mkfontscale-1.0.7
-openssl-1.0.0
+openssl-1.0.0a
pixman-0.18.2
pthreads-w32-2-8-0-release
randrproto-1.3.1