From 5fe210ff514aa4b3149ea7561862776d7b8849e7 Mon Sep 17 00:00:00 2001 From: marha Date: Mon, 15 Jun 2015 20:18:50 +0200 Subject: Update to openssl-1.0.2c --- openssl/CHANGES | 90 ++ openssl/Configure | 45 +- openssl/Makefile | 28 +- openssl/Makefile.org | 26 +- openssl/NEWS | 12 + openssl/README | 2 +- openssl/apps/Makefile | 19 +- openssl/apps/apps.c | 6 +- openssl/apps/asn1pars.c | 2 +- openssl/apps/ca.c | 10 +- openssl/apps/cms.c | 4 +- openssl/apps/enc.c | 13 +- openssl/apps/ocsp.c | 2 + openssl/apps/s_cb.c | 5 +- openssl/apps/s_client.c | 15 +- openssl/apps/s_server.c | 79 +- openssl/apps/s_time.c | 2 +- openssl/apps/smime.c | 2 + openssl/apps/speed.c | 11 +- openssl/apps/srp.c | 4 +- openssl/apps/verify.c | 2 +- openssl/crypto/Makefile | 11 +- openssl/crypto/aes/Makefile | 2 + openssl/crypto/aes/asm/aesni-sha256-x86_64.pl | 6 +- openssl/crypto/aes/asm/aesni-x86.pl | 319 ++++++- openssl/crypto/aes/asm/aesni-x86_64.pl | 945 ++++++++++++++++----- openssl/crypto/aes/asm/aesv8-armx.pl | 209 +++-- openssl/crypto/asn1/Makefile | 2 + openssl/crypto/asn1/a_int.c | 6 +- openssl/crypto/asn1/ameth_lib.c | 18 + openssl/crypto/asn1/asn1_gen.c | 40 +- openssl/crypto/asn1/asn_mime.c | 3 +- openssl/crypto/asn1/bio_ndef.c | 4 +- openssl/crypto/asn1/tasn_new.c | 3 - openssl/crypto/asn1/tasn_prn.c | 2 +- openssl/crypto/asn1/x_x509.c | 4 +- openssl/crypto/bf/Makefile | 2 + openssl/crypto/bio/Makefile | 2 + openssl/crypto/bio/b_print.c | 45 +- openssl/crypto/bio/bf_nbio.c | 6 +- openssl/crypto/bio/bio_lib.c | 8 +- openssl/crypto/bio/bss_dgram.c | 23 +- openssl/crypto/bn/Makefile | 2 + openssl/crypto/bn/asm/vis3-mont.pl | 10 +- openssl/crypto/bn/asm/x86_64-mont5.pl | 13 +- openssl/crypto/bn/bn.h | 5 + openssl/crypto/bn/bn_err.c | 6 +- openssl/crypto/bn/bn_gf2m.c | 18 +- openssl/crypto/bn/bn_lcl.h | 2 +- openssl/crypto/bn/bn_print.c | 7 +- openssl/crypto/bn/bn_rand.c | 10 +- openssl/crypto/bn/bn_shift.c | 10 + openssl/crypto/buffer/Makefile | 2 + openssl/crypto/buffer/buffer.c | 2 +- openssl/crypto/camellia/Makefile | 2 + openssl/crypto/cast/Makefile | 2 + openssl/crypto/cmac/Makefile | 2 + openssl/crypto/cmac/cmac.c | 2 + openssl/crypto/cms/Makefile | 2 + openssl/crypto/cms/cms_kari.c | 4 + openssl/crypto/cms/cms_pwri.c | 7 +- openssl/crypto/cms/cms_smime.c | 2 +- openssl/crypto/comp/Makefile | 2 + openssl/crypto/conf/Makefile | 2 + openssl/crypto/cryptlib.c | 2 - openssl/crypto/des/Makefile | 2 + openssl/crypto/des/des.c | 6 +- openssl/crypto/des/enc_writ.c | 7 +- openssl/crypto/dh/Makefile | 2 + openssl/crypto/dh/dh_ameth.c | 2 +- openssl/crypto/dh/dh_pmeth.c | 2 +- openssl/crypto/dsa/Makefile | 2 + openssl/crypto/dsa/dsa_gen.c | 3 +- openssl/crypto/dsa/dsa_ossl.c | 8 +- openssl/crypto/dso/Makefile | 2 + openssl/crypto/dso/dso_lib.c | 2 +- openssl/crypto/dso/dso_vms.c | 2 +- openssl/crypto/ebcdic.c | 2 +- openssl/crypto/ec/Makefile | 2 + openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl | 28 +- openssl/crypto/ec/ec.h | 11 +- openssl/crypto/ec/ec2_oct.c | 2 +- openssl/crypto/ec/ec_asn1.c | 20 +- openssl/crypto/ec/ec_check.c | 2 +- openssl/crypto/ec/ec_err.c | 15 +- openssl/crypto/ec/ec_key.c | 2 +- openssl/crypto/ec/ec_lcl.h | 8 - openssl/crypto/ec/ec_lib.c | 7 + openssl/crypto/ec/eck_prn.c | 4 +- openssl/crypto/ec/ecp_nistz256.c | 135 +-- openssl/crypto/ec/ecp_oct.c | 2 +- openssl/crypto/ec/ectest.c | 24 +- openssl/crypto/ecdh/Makefile | 2 + openssl/crypto/ecdsa/Makefile | 2 + openssl/crypto/ecdsa/ecdsatest.c | 4 +- openssl/crypto/engine/Makefile | 2 + openssl/crypto/err/Makefile | 2 + openssl/crypto/evp/Makefile | 2 + openssl/crypto/evp/bio_ok.c | 3 +- openssl/crypto/evp/e_aes.c | 7 +- openssl/crypto/evp/e_aes_cbc_hmac_sha1.c | 11 +- openssl/crypto/evp/e_aes_cbc_hmac_sha256.c | 9 +- openssl/crypto/evp/e_des3.c | 3 +- openssl/crypto/evp/e_rc4_hmac_md5.c | 10 +- openssl/crypto/evp/encode.c | 4 +- openssl/crypto/evp/evp.h | 17 +- openssl/crypto/evp/p_seal.c | 5 +- openssl/crypto/hmac/Makefile | 2 + openssl/crypto/hmac/hmac.c | 19 +- openssl/crypto/hmac/hmactest.c | 179 +++- openssl/crypto/idea/Makefile | 2 + openssl/crypto/jpake/Makefile | 2 + openssl/crypto/krb5/Makefile | 2 + openssl/crypto/lhash/Makefile | 2 + openssl/crypto/md2/Makefile | 2 + openssl/crypto/md4/Makefile | 2 + openssl/crypto/md5/Makefile | 2 + openssl/crypto/mdc2/Makefile | 2 + openssl/crypto/mem.c | 3 + openssl/crypto/modes/Makefile | 2 + openssl/crypto/modes/asm/ghashv8-armx.pl | 276 ++++-- openssl/crypto/modes/gcm128.c | 4 +- openssl/crypto/modes/modes_lcl.h | 38 +- openssl/crypto/objects/Makefile | 2 + openssl/crypto/objects/o_names.c | 2 +- openssl/crypto/objects/obj_dat.c | 5 + openssl/crypto/objects/objects.README | 8 +- openssl/crypto/objects/objects.pl | 2 +- openssl/crypto/ocsp/Makefile | 2 + openssl/crypto/ocsp/ocsp_ext.c | 4 +- openssl/crypto/ocsp/ocsp_vfy.c | 21 +- openssl/crypto/opensslv.h | 6 +- openssl/crypto/pem/Makefile | 2 + openssl/crypto/pem/pem_pk8.c | 2 + openssl/crypto/pkcs12/Makefile | 2 + openssl/crypto/pkcs12/p12_mutl.c | 3 +- openssl/crypto/pkcs7/Makefile | 2 + openssl/crypto/pkcs7/pk7_doit.c | 16 +- openssl/crypto/pqueue/Makefile | 2 + openssl/crypto/rand/Makefile | 2 + openssl/crypto/rand/rand_os2.c | 2 +- openssl/crypto/rc2/Makefile | 2 + openssl/crypto/rc4/Makefile | 2 + openssl/crypto/rc5/Makefile | 2 + openssl/crypto/ripemd/Makefile | 2 + openssl/crypto/rsa/Makefile | 2 + openssl/crypto/rsa/rsa_pmeth.c | 8 +- openssl/crypto/seed/Makefile | 2 + openssl/crypto/sha/Makefile | 2 + openssl/crypto/sha/asm/sha1-armv8.pl | 6 +- openssl/crypto/sha/asm/sha256-armv4.pl | 74 +- openssl/crypto/sha/asm/sha512-armv8.pl | 6 +- openssl/crypto/srp/Makefile | 2 + openssl/crypto/srp/srp_vfy.c | 9 +- openssl/crypto/stack/Makefile | 2 + openssl/crypto/store/Makefile | 2 + openssl/crypto/threads/th-lock.c | 12 +- openssl/crypto/ts/Makefile | 2 + openssl/crypto/txt_db/Makefile | 2 + openssl/crypto/ui/Makefile | 2 + openssl/crypto/whrlpool/Makefile | 2 + openssl/crypto/x509/Makefile | 2 + openssl/crypto/x509/x509_lu.c | 2 + openssl/crypto/x509/x509_vfy.c | 236 +++-- openssl/crypto/x509/x509_vfy.h | 6 + openssl/crypto/x509/x509_vpm.c | 11 +- openssl/crypto/x509/x509type.c | 3 - openssl/crypto/x509v3/Makefile | 34 +- openssl/crypto/x509v3/v3_alt.c | 18 +- openssl/crypto/x509v3/v3_cpols.c | 8 +- openssl/crypto/x509v3/v3_scts.c | 11 +- openssl/crypto/x509v3/v3_utl.c | 6 +- openssl/demos/easy_tls/easy-tls.c | 3 +- openssl/doc/apps/ciphers.pod | 2 - openssl/doc/apps/cms.pod | 5 +- openssl/doc/apps/config.pod | 53 ++ openssl/doc/apps/dhparam.pod | 13 +- openssl/doc/apps/ocsp.pod | 11 + openssl/doc/apps/s_client.pod | 7 +- openssl/doc/apps/s_server.pod | 9 + openssl/doc/apps/smime.pod | 4 +- openssl/doc/apps/verify.pod | 13 + openssl/doc/crypto/BN_rand.pod | 3 +- openssl/doc/crypto/BN_set_bit.pod | 8 +- openssl/doc/crypto/EVP_BytesToKey.pod | 4 +- openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 8 +- openssl/doc/crypto/pem.pod | 27 +- .../doc/ssl/SSL_COMP_add_compression_method.pod | 12 +- openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 106 +-- openssl/e_os2.h | 8 +- openssl/engines/Makefile | 13 +- openssl/engines/ccgost/Makefile | 18 +- openssl/engines/ccgost/e_gost_err.c | 3 +- openssl/engines/ccgost/e_gost_err.h | 1 + openssl/engines/ccgost/gost2001.c | 229 +++-- openssl/engines/ccgost/gost94_keyx.c | 6 +- openssl/engines/ccgost/gost_ameth.c | 36 +- openssl/engines/ccgost/gost_pmeth.c | 2 +- openssl/engines/ccgost/gost_sign.c | 87 +- openssl/engines/e_sureware.c | 27 +- openssl/openssl.spec | 2 +- openssl/ssl/Makefile | 54 +- openssl/ssl/d1_both.c | 46 +- openssl/ssl/d1_clnt.c | 10 + openssl/ssl/d1_pkt.c | 2 +- openssl/ssl/d1_srvr.c | 33 +- openssl/ssl/s2_pkt.c | 14 + openssl/ssl/s2_srvr.c | 104 ++- openssl/ssl/s3_both.c | 2 +- openssl/ssl/s3_cbc.c | 16 +- openssl/ssl/s3_clnt.c | 327 +++++-- openssl/ssl/s3_lib.c | 4 +- openssl/ssl/s3_pkt.c | 15 +- openssl/ssl/s3_srvr.c | 232 +++-- openssl/ssl/ssl.h | 5 + openssl/ssl/ssl_err.c | 6 +- openssl/ssl/ssl_lib.c | 16 +- openssl/ssl/ssl_locl.h | 2 +- openssl/ssl/ssl_sess.c | 131 ++- openssl/ssl/ssl_stat.c | 6 + openssl/ssl/ssltest.c | 58 +- openssl/ssl/t1_enc.c | 17 +- openssl/ssl/t1_lib.c | 268 +++--- openssl/ssl/tls_srp.c | 3 +- openssl/test/Makefile | 17 +- openssl/test/cms-test.pl | 10 +- openssl/test/evp_extra_test.c | 0 openssl/test/testssl | 62 +- openssl/test/tocsp | 2 +- openssl/tools/Makefile | 2 + openssl/tools/c_rehash | 6 +- openssl/tools/c_rehash.in | 6 +- openssl/util/libeay.num | 1 + openssl/util/mk1mf.pl | 2 +- openssl/util/mkerr.pl | 21 +- openssl/util/pl/BC-32.pl | 2 +- openssl/util/pl/VC-32.pl | 2 +- packages.txt | 2 +- 238 files changed, 4329 insertions(+), 1543 deletions(-) mode change 100644 => 120000 openssl/test/evp_extra_test.c diff --git a/openssl/CHANGES b/openssl/CHANGES index 3044aa7dd..4cbf61ddf 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,96 @@ OpenSSL CHANGES _______________ + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] + + *) Fix HMAC ABI incompatibility. The previous version introduced an ABI + incompatibility in the handling of HMAC. The previous ABI has now been + restored. + + Changes between 1.0.2a and 1.0.2b [11 Jun 2015] + + *) Malformed ECParameters causes infinite loop + + When processing an ECParameters structure OpenSSL enters an infinite loop + if the curve specified is over a specially malformed binary polynomial + field. + + This can be used to perform denial of service against any + system which processes public keys, certificate requests or + certificates. This includes TLS clients and TLS servers with + client authentication enabled. + + This issue was reported to OpenSSL by Joseph Barr-Pixton. + (CVE-2015-1788) + [Andy Polyakov] + + *) Exploitable out-of-bounds read in X509_cmp_time + + X509_cmp_time does not properly check the length of the ASN1_TIME + string and can read a few bytes out of bounds. In addition, + X509_cmp_time accepts an arbitrary number of fractional seconds in the + time string. + + An attacker can use this to craft malformed certificates and CRLs of + various sizes and potentially cause a segmentation fault, resulting in + a DoS on applications that verify certificates or CRLs. TLS clients + that verify CRLs are affected. TLS clients and servers with client + authentication enabled may be affected if they use custom verification + callbacks. + + This issue was reported to OpenSSL by Robert Swiecki (Google), and + independently by Hanno Bck. + (CVE-2015-1789) + [Emilia Ksper] + + *) PKCS7 crash with missing EnvelopedContent + + The PKCS#7 parsing code does not handle missing inner EncryptedContent + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs + with missing content and trigger a NULL pointer dereference on parsing. + + Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 + structures from untrusted sources are affected. OpenSSL clients and + servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-1790) + [Emilia Ksper] + + *) CMS verify infinite loop with unknown hash function + + When verifying a signedData message the CMS code can enter an infinite loop + if presented with an unknown hash function OID. This can be used to perform + denial of service against any system which verifies signedData messages using + the CMS code. + This issue was reported to OpenSSL by Johannes Bauer. + (CVE-2015-1792) + [Stephen Henson] + + *) Race condition handling NewSessionTicket + + If a NewSessionTicket is received by a multi-threaded client when attempting to + reuse a previous ticket then a race condition can occur potentially leading to + a double free of the ticket data. + (CVE-2015-1791) + [Matt Caswell] + + *) Removed support for the two export grade static DH ciphersuites + EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites + were newly added (along with a number of other static DH ciphersuites) to + 1.0.2. However the two export ones have *never* worked since they were + introduced. It seems strange in any case to be adding new export + ciphersuites, and given "logjam" it also does not seem correct to fix them. + [Matt Caswell] + + *) Only support 256-bit or stronger elliptic curves with the + 'ecdh_auto' setting (server) or by default (client). Of supported + curves, prefer P-256 (both). + [Emilia Kasper] + + *) Reject DH handshakes with parameters shorter than 768 bits. + [Kurt Roeckx and Emilia Kasper] + Changes between 1.0.2 and 1.0.2a [19 Mar 2015] *) ClientHello sigalgs DoS fix diff --git a/openssl/Configure b/openssl/Configure index f776e2335..d99eed7f9 100644 --- a/openssl/Configure +++ b/openssl/Configure @@ -105,7 +105,24 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; -my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; +# TODO(openssl-team): fix problems and investigate if (at least) the following +# warnings can also be enabled: +# -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros, +# -Wmissing-field-initializers, -Wmissing-variable-declarations, +# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, +# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token +# -Wextended-offsetof +my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; + +# These are used in addition to $gcc_devteam_warn when the compiler is clang. +# TODO(openssl-team): fix problems and investigate if (at least) the +# following warnings can also be enabled: -Wconditional-uninitialized, +# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, +# -Wmissing-variable-declarations, +# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, +# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token +# -Wextended-offsetof +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; my $strict_warnings = 0; @@ -233,12 +250,12 @@ my %table=( #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups @@ -255,7 +272,7 @@ my %table=( #### SunOS configs, assuming sparc for the gcc one. #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", -"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", +"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. @@ -398,7 +415,7 @@ my %table=( "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", @@ -419,7 +436,7 @@ my %table=( #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. "linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -454,7 +471,7 @@ my %table=( "BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it @@ -462,7 +479,7 @@ my %table=( # triggered by RIPEMD160 code. "BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -1195,6 +1212,7 @@ my $cc = $fields[$idx_cc]; if($ENV{CC}) { $cc = $ENV{CC}; } + my $cflags = $fields[$idx_cflags]; my $unistd = $fields[$idx_unistd]; my $thread_cflag = $fields[$idx_thread_cflag]; @@ -1630,12 +1648,21 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) if ($strict_warnings) { + my $ecc = $cc; + $ecc = "clang" if `$cc --version 2>&1` =~ /clang/; my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $cflags .= " $wopt" unless ($cflags =~ /$wopt/) } + if ($ecc eq "clang") + { + foreach $wopt (split /\s+/, $clang_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + } + } } open(IN,'crypto/objects/obj_xref.h - -apps/openssl-vms.cnf: apps/openssl.cnf - $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf - -crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl - $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h - - TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend - # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar # would occur. Therefore the list of files is temporarily stored into a file diff --git a/openssl/Makefile.org b/openssl/Makefile.org index b7a3f96c9..9f4faae2d 100644 --- a/openssl/Makefile.org +++ b/openssl/Makefile.org @@ -185,7 +185,7 @@ WTARFILE= $(NAME)-win.tar EXHEADER= e_os2.h HEADER= e_os.h -all: Makefile build_all openssl.pc libssl.pc libcrypto.pc +all: Makefile build_all # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn @@ -271,7 +271,10 @@ reflect: sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_ssl build_engines +build_libs: build_libcrypto build_libssl openssl.pc + +build_libcrypto: build_crypto build_engines libcrypto.pc +build_libssl: build_ssl libssl.pc build_crypto: @dir=crypto; target=all; $(BUILD_ONE_CMD) @@ -457,6 +460,9 @@ tests: rehash report: @$(PERL) util/selftest.pl +update: errors stacks util/libeay.num util/ssleay.num TABLE + @set -e; target=update; $(RECURSIVE_BUILD_CMD) + depend: @set -e; target=depend; $(RECURSIVE_BUILD_CMD) @@ -481,26 +487,10 @@ util/libeay.num:: util/ssleay.num:: $(PERL) util/mkdef.pl ssl update -crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h - $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h -crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h -crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h - -apps/openssl-vms.cnf: apps/openssl.cnf - $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf - -crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl - $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h - - TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend - # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar # would occur. Therefore the list of files is temporarily stored into a file diff --git a/openssl/NEWS b/openssl/NEWS index 682c583da..f3574cf4c 100644 --- a/openssl/NEWS +++ b/openssl/NEWS @@ -5,6 +5,18 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] + + o Fix HMAC ABI incompatibility + + Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] + + o Malformed ECParameters causes infinite loop (CVE-2015-1788) + o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + o CMS verify infinite loop with unknown hash function (CVE-2015-1792) + o Race condition handling NewSessionTicket (CVE-2015-1791) + Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) diff --git a/openssl/README b/openssl/README index 8ce093dd4..ae0443199 100644 --- a/openssl/README +++ b/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2a 19 Mar 2015 + OpenSSL 1.0.2c 12 Jun 2015 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/openssl/apps/Makefile b/openssl/apps/Makefile index 72657ea65..cafe55458 100644 --- a/openssl/apps/Makefile +++ b/openssl/apps/Makefile @@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO) sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c +openssl-vms.cnf: openssl.cnf + $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -127,12 +130,12 @@ links: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: openssl-vms.cnf local_depend + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -144,10 +147,10 @@ clean: rm -f req $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c index b0acbc7c1..7478fc379 100644 --- a/openssl/apps/apps.c +++ b/openssl/apps/apps.c @@ -574,7 +574,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); - if(!prompt) { + if (!prompt) { BIO_printf(bio_err, "Out of memory\n"); UI_free(ui); return 0; @@ -588,7 +588,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); - if(!buff) { + if (!buff) { BIO_printf(bio_err, "Out of memory\n"); UI_free(ui); OPENSSL_free(prompt); @@ -2371,6 +2371,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_SUITEB_192_LOS; else if (!strcmp(arg, "-partial_chain")) flags |= X509_V_FLAG_PARTIAL_CHAIN; + else if (!strcmp(arg, "-no_alt_chains")) + flags |= X509_V_FLAG_NO_ALT_CHAINS; else return 0; diff --git a/openssl/apps/asn1pars.c b/openssl/apps/asn1pars.c index 7a0f16943..11b078759 100644 --- a/openssl/apps/asn1pars.c +++ b/openssl/apps/asn1pars.c @@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; - long errline; + long errline = 0; unsigned char *p; ASN1_TYPE *atyp = NULL; diff --git a/openssl/apps/ca.c b/openssl/apps/ca.c index d64ec4f14..3b7336c04 100644 --- a/openssl/apps/ca.c +++ b/openssl/apps/ca.c @@ -563,7 +563,7 @@ int MAIN(int argc, char **argv) #ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } @@ -571,7 +571,7 @@ int MAIN(int argc, char **argv) #else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } @@ -2821,7 +2821,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); - if(!tmp) { + if (!tmp) { BIO_printf(bio_err, "memory allocation failure\n"); goto err; } @@ -2843,7 +2843,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (prevtm) { *prevtm = ASN1_UTCTIME_new(); - if(!*prevtm) { + if (!*prevtm) { BIO_printf(bio_err, "memory allocation failure\n"); goto err; } @@ -2887,7 +2887,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, goto err; } comp_time = ASN1_GENERALIZEDTIME_new(); - if(!comp_time) { + if (!comp_time) { BIO_printf(bio_err, "memory allocation failure\n"); goto err; } diff --git a/openssl/apps/cms.c b/openssl/apps/cms.c index 2c922537c..60479374c 100644 --- a/openssl/apps/cms.c +++ b/openssl/apps/cms.c @@ -463,7 +463,7 @@ int MAIN(int argc, char **argv) if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; nparam = OPENSSL_malloc(sizeof(cms_key_param)); - if(!nparam) { + if (!nparam) { BIO_printf(bio_err, "Out of memory\n"); goto argerr; } @@ -645,6 +645,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, diff --git a/openssl/apps/enc.c b/openssl/apps/enc.c index 5c2cf7a4a..7b7c70b13 100644 --- a/openssl/apps/enc.c +++ b/openssl/apps/enc.c @@ -548,9 +548,14 @@ int MAIN(int argc, char **argv) else OPENSSL_cleanse(str, strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { - BIO_printf(bio_err, "invalid hex iv value\n"); - goto end; + if (hiv != NULL) { + int siz = EVP_CIPHER_iv_length(cipher); + if (siz == 0) { + BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + } else if (!set_hex(hiv, iv, sizeof iv)) { + BIO_printf(bio_err, "invalid hex iv value\n"); + goto end; + } } if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { @@ -562,7 +567,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } diff --git a/openssl/apps/ocsp.c b/openssl/apps/ocsp.c index ebb3732cd..b858b8d3e 100644 --- a/openssl/apps/ocsp.c +++ b/openssl/apps/ocsp.c @@ -535,6 +535,8 @@ int MAIN(int argc, char **argv) "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf(bio_err, "-VAfile file validator certificates file\n"); BIO_printf(bio_err, diff --git a/openssl/apps/s_cb.c b/openssl/apps/s_cb.c index f6e6bcd76..dd3aa74e0 100644 --- a/openssl/apps/s_cb.c +++ b/openssl/apps/s_cb.c @@ -111,6 +111,7 @@ #include #include +#include /* for memcpy() and strcmp() */ #define USE_SOCKETS #define NON_MAIN #include "apps.h" @@ -456,7 +457,7 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared) if (ncurves <= 0) return 1; curves = OPENSSL_malloc(ncurves * sizeof(int)); - if(!curves) { + if (!curves) { BIO_puts(out, "Malloc error getting supported curves\n"); return 0; } @@ -1012,7 +1013,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, /* Initialize a random secret */ if (!cookie_initialized) { - if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { + if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { BIO_printf(bio_err, "error setting random cookie secret\n"); return 0; } diff --git a/openssl/apps/s_client.c b/openssl/apps/s_client.c index 8fa2b737a..e55f2c5ab 100644 --- a/openssl/apps/s_client.c +++ b/openssl/apps/s_client.c @@ -331,6 +331,8 @@ static void sc_usage(void) " -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err, @@ -560,7 +562,7 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) PW_CB_DATA cb_tmp; int l; - if(!pass) { + if (!pass) { BIO_printf(bio_err, "Malloc failure\n"); return NULL; } @@ -1336,13 +1338,12 @@ int MAIN(int argc, char **argv) SSL_CTX_set_verify(ctx, verify, verify_callback); - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { - /* - * BIO_printf(bio_err,"error setting default verify locations\n"); - */ + if ((CAfile || CApath) + && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { + ERR_print_errors(bio_err); + } + if (!SSL_CTX_set_default_verify_paths(ctx)) { ERR_print_errors(bio_err); - /* goto end; */ } ssl_ctx_add_crls(ctx, crls, crl_download); diff --git a/openssl/apps/s_server.c b/openssl/apps/s_server.c index a8491acfd..acef382c2 100644 --- a/openssl/apps/s_server.c +++ b/openssl/apps/s_server.c @@ -222,7 +222,7 @@ static void init_session_cache_ctx(SSL_CTX *sctx); static void free_sessions(void); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); -static DH *get_dh512(void); +static DH *get_dh2048(void); #endif #ifdef MONOLITH @@ -230,30 +230,48 @@ static void s_server_init(void); #endif #ifndef OPENSSL_NO_DH -static unsigned char dh512_p[] = { - 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75, - 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F, - 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3, - 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12, - 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C, - 0x47, 0x74, 0xE8, 0x33, +static unsigned char dh2048_p[] = { + 0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6, + 0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1, + 0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9, + 0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD, + 0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17, + 0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F, + 0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD, + 0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30, + 0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E, + 0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4, + 0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58, + 0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B, + 0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C, + 0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B, + 0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD, + 0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C, + 0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C, + 0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29, + 0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B, + 0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C, + 0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55, + 0xE9,0x32,0x0B,0x3B, }; -static unsigned char dh512_g[] = { +static unsigned char dh2048_g[] = { 0x02, }; -static DH *get_dh512(void) +DH *get_dh2048() { - DH *dh = NULL; + DH *dh; if ((dh = DH_new()) == NULL) - return (NULL); - dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); - dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - return (NULL); - return (dh); + return NULL; + dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); + dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); + if (dh->p == NULL || dh->g == NULL) { + DH_free(dh); + return NULL; + } + return dh; } #endif @@ -553,6 +571,8 @@ static void sv_usage(void) BIO_printf(bio_err, " -state - Print the SSL states\n"); BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err, @@ -754,7 +774,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = inl; wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); - if(!wbuf) + if (!wbuf) return 0; OPENSSL_free(b->ptr); @@ -1865,7 +1885,11 @@ int MAIN(int argc, char *argv[]) BIO_printf(bio_s_out, "Setting temp DH parameters\n"); } else { BIO_printf(bio_s_out, "Using default temp DH parameters\n"); - dh = get_dh512(); + dh = get_dh2048(); + if (dh == NULL) { + ERR_print_errors(bio_err); + goto end; + } } (void)BIO_flush(bio_s_out); @@ -2453,8 +2477,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) ret = 1; goto err; } - l += k; - i -= k; + if (k > 0) { + l += k; + i -= k; + } if (i <= 0) break; } @@ -3281,7 +3307,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, { unsigned int count = 0; do { - RAND_pseudo_bytes(id, *id_len); + if (RAND_pseudo_bytes(id, *id_len) < 0) + return 0; /* * Prefix the session_id with the required prefix. NB: If our prefix * is too long, clip it - but there will be worse effects anyway, eg. @@ -3323,7 +3350,7 @@ static int add_session(SSL *ssl, SSL_SESSION *session) unsigned char *p; sess = OPENSSL_malloc(sizeof(simple_ssl_session)); - if(!sess) { + if (!sess) { BIO_printf(bio_err, "Out of memory adding session to external cache\n"); return 0; } @@ -3334,12 +3361,12 @@ static int add_session(SSL *ssl, SSL_SESSION *session) sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); sess->der = OPENSSL_malloc(sess->derlen); - if(!sess->id || !sess->der) { + if (!sess->id || !sess->der) { BIO_printf(bio_err, "Out of memory adding session to external cache\n"); - if(sess->id) + if (sess->id) OPENSSL_free(sess->id); - if(sess->der) + if (sess->der) OPENSSL_free(sess->der); OPENSSL_free(sess); return 0; diff --git a/openssl/apps/s_time.c b/openssl/apps/s_time.c index a40997a22..38788f713 100644 --- a/openssl/apps/s_time.c +++ b/openssl/apps/s_time.c @@ -302,7 +302,7 @@ static int parseArgs(int argc, char **argv) if (--argc < 1) goto bad; maxTime = atoi(*(++argv)); - if(maxTime <= 0) { + if (maxTime <= 0) { BIO_printf(bio_err, "time must be > 0\n"); badop = 1; } diff --git a/openssl/apps/smime.c b/openssl/apps/smime.c index 764509f23..6044ccf5f 100644 --- a/openssl/apps/smime.c +++ b/openssl/apps/smime.c @@ -441,6 +441,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, diff --git a/openssl/apps/speed.c b/openssl/apps/speed.c index 7b1acc189..3697b71ec 100644 --- a/openssl/apps/speed.c +++ b/openssl/apps/speed.c @@ -2775,7 +2775,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) inp = OPENSSL_malloc(mblengths[num - 1]); out = OPENSSL_malloc(mblengths[num - 1] + 1024); - if(!inp || !out) { + if (!inp || !out) { BIO_printf(bio_err,"Out of memory\n"); goto end; } @@ -2791,7 +2791,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) print_message(alg_name, 0, mblengths[j]); Time_F(START); for (count = 0, run = 1; run && count < 0x7fffffff; count++) { - unsigned char aad[13]; + unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; int packlen; @@ -2826,7 +2826,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) aad[11] = len >> 8; aad[12] = len; pad = EVP_CIPHER_CTX_ctrl(&ctx, - EVP_CTRL_AEAD_TLS1_AAD, 13, aad); + EVP_CTRL_AEAD_TLS1_AAD, + EVP_AEAD_TLS1_AAD_LEN, aad); EVP_Cipher(&ctx, out, inp, len + pad); } } @@ -2865,9 +2866,9 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) } end: - if(inp) + if (inp) OPENSSL_free(inp); - if(out) + if (out) OPENSSL_free(out); } #endif diff --git a/openssl/apps/srp.c b/openssl/apps/srp.c index c679448ee..c0ff4171c 100644 --- a/openssl/apps/srp.c +++ b/openssl/apps/srp.c @@ -435,7 +435,7 @@ int MAIN(int argc, char **argv) # ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } @@ -443,7 +443,7 @@ int MAIN(int argc, char **argv) # else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } diff --git a/openssl/apps/verify.c b/openssl/apps/verify.c index b3ba53d97..78e729fc8 100644 --- a/openssl/apps/verify.c +++ b/openssl/apps/verify.c @@ -232,7 +232,7 @@ int MAIN(int argc, char **argv) if (ret == 1) { BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); - BIO_printf(bio_err, " [-attime timestamp]"); + BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " [-engine e]"); #endif diff --git a/openssl/crypto/Makefile b/openssl/crypto/Makefile index 9a39e934a..7869996a9 100644 --- a/openssl/crypto/Makefile +++ b/openssl/crypto/Makefile @@ -125,12 +125,17 @@ install: lint: @target=lint; $(RECURSIVE_MAKE) -depend: +update: local_depend + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h - @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi clean: rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff diff --git a/openssl/crypto/aes/Makefile b/openssl/crypto/aes/Makefile index b94ca72a4..e825c1401 100644 --- a/openssl/crypto/aes/Makefile +++ b/openssl/crypto/aes/Makefile @@ -122,6 +122,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl b/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl index c1fce8983..19b0433b3 100755 --- a/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -1499,13 +1499,13 @@ ___ # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, # CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { +if ($win64 && $avx) { $rec="%rcx"; $frame="%rdx"; $context="%r8"; $disp="%r9"; -$code.=<<___ if ($avx); +$code.=<<___; .extern __imp_RtlVirtualUnwind .type se_handler,\@abi-omnipotent .align 16 @@ -1643,7 +1643,7 @@ $code.=<<___ if ($shaext); .rva .LSEH_end_${func}_shaext .rva .LSEH_info_${func}_shaext ___ -$code.=<<___ if ($avx); +$code.=<<___; .section .xdata .align 8 .LSEH_info_${func}_xop: diff --git a/openssl/crypto/aes/asm/aesni-x86.pl b/openssl/crypto/aes/asm/aesni-x86.pl index 3deb86aed..f67df8cf1 100644 --- a/openssl/crypto/aes/asm/aesni-x86.pl +++ b/openssl/crypto/aes/asm/aesni-x86.pl @@ -51,7 +51,7 @@ # Westmere 3.77/1.37 1.37 1.52 1.27 # * Bridge 5.07/0.98 0.99 1.09 0.91 # Haswell 4.44/0.80 0.97 1.03 0.72 -# Atom 5.77/3.56 3.67 4.03 3.46 +# Silvermont 5.77/3.56 3.67 4.03 3.46 # Bulldozer 5.80/0.98 1.05 1.24 0.93 $PREFIX="aesni"; # if $PREFIX is set to "AES", the script @@ -65,6 +65,9 @@ require "x86asm.pl"; &asm_init($ARGV[0],$0); +&external_label("OPENSSL_ia32cap_P"); +&static_label("key_const"); + if ($PREFIX eq "aesni") { $movekey=\&movups; } else { $movekey=\&movups; } @@ -181,7 +184,10 @@ sub aesni_generate1 # fully unrolled loop { &aesni_inline_generate1("enc"); } else { &call ("_aesni_encrypt1"); } + &pxor ($rndkey0,$rndkey0); # clear register bank + &pxor ($rndkey1,$rndkey1); &movups (&QWP(0,"eax"),$inout0); + &pxor ($inout0,$inout0); &ret (); &function_end_B("${PREFIX}_encrypt"); @@ -197,7 +203,10 @@ sub aesni_generate1 # fully unrolled loop { &aesni_inline_generate1("dec"); } else { &call ("_aesni_decrypt1"); } + &pxor ($rndkey0,$rndkey0); # clear register bank + &pxor ($rndkey1,$rndkey1); &movups (&QWP(0,"eax"),$inout0); + &pxor ($inout0,$inout0); &ret (); &function_end_B("${PREFIX}_decrypt"); @@ -349,17 +358,15 @@ sub aesni_generate6 &neg ($rounds); eval"&aes${p} ($inout2,$rndkey1)"; &pxor ($inout5,$rndkey0); + &$movekey ($rndkey0,&QWP(0,$key,$rounds)); &add ($rounds,16); - eval"&aes${p} ($inout3,$rndkey1)"; - eval"&aes${p} ($inout4,$rndkey1)"; - eval"&aes${p} ($inout5,$rndkey1)"; - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &jmp (&label("_aesni_${p}rypt6_enter")); + &jmp (&label("_aesni_${p}rypt6_inner")); &set_label("${p}6_loop",16); eval"&aes${p} ($inout0,$rndkey1)"; eval"&aes${p} ($inout1,$rndkey1)"; eval"&aes${p} ($inout2,$rndkey1)"; + &set_label("_aesni_${p}rypt6_inner"); eval"&aes${p} ($inout3,$rndkey1)"; eval"&aes${p} ($inout4,$rndkey1)"; eval"&aes${p} ($inout5,$rndkey1)"; @@ -615,6 +622,14 @@ if ($PREFIX eq "aesni") { &movups (&QWP(0x30,$out),$inout3); &set_label("ecb_ret"); + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); &function_end("aesni_ecb_encrypt"); ###################################################################### @@ -704,6 +719,15 @@ if ($PREFIX eq "aesni") { &mov ("esp",&DWP(48,"esp")); &mov ($out,&wparam(5)); &movups (&QWP(0,$out),$cmac); + + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); &function_end("aesni_ccm64_encrypt_blocks"); &function_begin("aesni_ccm64_decrypt_blocks"); @@ -804,6 +828,15 @@ if ($PREFIX eq "aesni") { &mov ("esp",&DWP(48,"esp")); &mov ($out,&wparam(5)); &movups (&QWP(0,$out),$cmac); + + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); &function_end("aesni_ccm64_decrypt_blocks"); } @@ -1053,6 +1086,17 @@ if ($PREFIX eq "aesni") { &movups (&QWP(0x30,$out),$inout3); &set_label("ctr32_ret"); + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &movdqa (&QWP(32,"esp"),"xmm0"); # clear stack + &pxor ("xmm5","xmm5"); + &movdqa (&QWP(48,"esp"),"xmm0"); + &pxor ("xmm6","xmm6"); + &movdqa (&QWP(64,"esp"),"xmm0"); + &pxor ("xmm7","xmm7"); &mov ("esp",&DWP(80,"esp")); &function_end("aesni_ctr32_encrypt_blocks"); @@ -1394,6 +1438,20 @@ if ($PREFIX eq "aesni") { &movups (&QWP(-16,$out),$inout0); # write output &set_label("xts_enc_ret"); + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &movdqa (&QWP(16*0,"esp"),"xmm0"); # clear stack + &pxor ("xmm3","xmm3"); + &movdqa (&QWP(16*1,"esp"),"xmm0"); + &pxor ("xmm4","xmm4"); + &movdqa (&QWP(16*2,"esp"),"xmm0"); + &pxor ("xmm5","xmm5"); + &movdqa (&QWP(16*3,"esp"),"xmm0"); + &pxor ("xmm6","xmm6"); + &movdqa (&QWP(16*4,"esp"),"xmm0"); + &pxor ("xmm7","xmm7"); + &movdqa (&QWP(16*5,"esp"),"xmm0"); &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp &function_end("aesni_xts_encrypt"); @@ -1756,6 +1814,20 @@ if ($PREFIX eq "aesni") { &movups (&QWP(0,$out),$inout0); # write output &set_label("xts_dec_ret"); + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &movdqa (&QWP(16*0,"esp"),"xmm0"); # clear stack + &pxor ("xmm3","xmm3"); + &movdqa (&QWP(16*1,"esp"),"xmm0"); + &pxor ("xmm4","xmm4"); + &movdqa (&QWP(16*2,"esp"),"xmm0"); + &pxor ("xmm5","xmm5"); + &movdqa (&QWP(16*3,"esp"),"xmm0"); + &pxor ("xmm6","xmm6"); + &movdqa (&QWP(16*4,"esp"),"xmm0"); + &pxor ("xmm7","xmm7"); + &movdqa (&QWP(16*5,"esp"),"xmm0"); &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp &function_end("aesni_xts_decrypt"); } @@ -1808,6 +1880,7 @@ if ($PREFIX eq "aesni") { &add ($len,16); &jnz (&label("cbc_enc_tail")); &movaps ($ivec,$inout0); + &pxor ($inout0,$inout0); &jmp (&label("cbc_ret")); &set_label("cbc_enc_tail"); @@ -1871,7 +1944,7 @@ if ($PREFIX eq "aesni") { &movaps ($inout0,$inout5); &movaps ($ivec,$rndkey0); &add ($len,0x50); - &jle (&label("cbc_dec_tail_collected")); + &jle (&label("cbc_dec_clear_tail_collected")); &movups (&QWP(0,$out),$inout0); &lea ($out,&DWP(0x10,$out)); &set_label("cbc_dec_tail"); @@ -1910,10 +1983,14 @@ if ($PREFIX eq "aesni") { &xorps ($inout4,$rndkey0); &movups (&QWP(0,$out),$inout0); &movups (&QWP(0x10,$out),$inout1); + &pxor ($inout1,$inout1); &movups (&QWP(0x20,$out),$inout2); + &pxor ($inout2,$inout2); &movups (&QWP(0x30,$out),$inout3); + &pxor ($inout3,$inout3); &lea ($out,&DWP(0x40,$out)); &movaps ($inout0,$inout4); + &pxor ($inout4,$inout4); &sub ($len,0x50); &jmp (&label("cbc_dec_tail_collected")); @@ -1933,6 +2010,7 @@ if ($PREFIX eq "aesni") { &xorps ($inout1,$in0); &movups (&QWP(0,$out),$inout0); &movaps ($inout0,$inout1); + &pxor ($inout1,$inout1); &lea ($out,&DWP(0x10,$out)); &movaps ($ivec,$in1); &sub ($len,0x20); @@ -1945,7 +2023,9 @@ if ($PREFIX eq "aesni") { &xorps ($inout2,$in1); &movups (&QWP(0,$out),$inout0); &movaps ($inout0,$inout2); + &pxor ($inout2,$inout2); &movups (&QWP(0x10,$out),$inout1); + &pxor ($inout1,$inout1); &lea ($out,&DWP(0x20,$out)); &movups ($ivec,&QWP(0x20,$inp)); &sub ($len,0x30); @@ -1961,29 +2041,44 @@ if ($PREFIX eq "aesni") { &movups (&QWP(0,$out),$inout0); &xorps ($inout2,$rndkey1); &movups (&QWP(0x10,$out),$inout1); + &pxor ($inout1,$inout1); &xorps ($inout3,$rndkey0); &movups (&QWP(0x20,$out),$inout2); + &pxor ($inout2,$inout2); &lea ($out,&DWP(0x30,$out)); &movaps ($inout0,$inout3); + &pxor ($inout3,$inout3); &sub ($len,0x40); + &jmp (&label("cbc_dec_tail_collected")); +&set_label("cbc_dec_clear_tail_collected",16); + &pxor ($inout1,$inout1); + &pxor ($inout2,$inout2); + &pxor ($inout3,$inout3); + &pxor ($inout4,$inout4); &set_label("cbc_dec_tail_collected"); &and ($len,15); &jnz (&label("cbc_dec_tail_partial")); &movups (&QWP(0,$out),$inout0); + &pxor ($rndkey0,$rndkey0); &jmp (&label("cbc_ret")); &set_label("cbc_dec_tail_partial",16); &movaps (&QWP(0,"esp"),$inout0); + &pxor ($rndkey0,$rndkey0); &mov ("ecx",16); &mov ($inp,"esp"); &sub ("ecx",$len); &data_word(0xA4F3F689); # rep movsb + &movdqa (&QWP(0,"esp"),$inout0); &set_label("cbc_ret"); &mov ("esp",&DWP(16,"esp")); # pull original %esp &mov ($key_,&wparam(4)); + &pxor ($inout0,$inout0); + &pxor ($rndkey1,$rndkey1); &movups (&QWP(0,$key_),$ivec); # output IV + &pxor ($ivec,$ivec); &set_label("cbc_abort"); &function_end("${PREFIX}_cbc_encrypt"); @@ -2000,14 +2095,24 @@ if ($PREFIX eq "aesni") { # $round rounds &function_begin_B("_aesni_set_encrypt_key"); + &push ("ebp"); + &push ("ebx"); &test ("eax","eax"); &jz (&label("bad_pointer")); &test ($key,$key); &jz (&label("bad_pointer")); + &call (&label("pic")); +&set_label("pic"); + &blindpop("ebx"); + &lea ("ebx",&DWP(&label("key_const")."-".&label("pic"),"ebx")); + + &picmeup("ebp","OPENSSL_ia32cap_P","ebx",&label("key_const")); &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey &xorps ("xmm4","xmm4"); # low dword of xmm4 is assumed 0 + &mov ("ebp",&DWP(4,"ebp")); &lea ($key,&DWP(16,$key)); + &and ("ebp",1<<28|1<<11); # AVX and XOP bits &cmp ($rounds,256); &je (&label("14rounds")); &cmp ($rounds,192); @@ -2016,6 +2121,9 @@ if ($PREFIX eq "aesni") { &jne (&label("bad_keybits")); &set_label("10rounds",16); + &cmp ("ebp",1<<28); + &je (&label("10rounds_alt")); + &mov ($rounds,9); &$movekey (&QWP(-16,$key),"xmm0"); # round 0 &aeskeygenassist("xmm1","xmm0",0x01); # round 1 @@ -2040,8 +2148,8 @@ if ($PREFIX eq "aesni") { &call (&label("key_128")); &$movekey (&QWP(0,$key),"xmm0"); &mov (&DWP(80,$key),$rounds); - &xor ("eax","eax"); - &ret(); + + &jmp (&label("good_key")); &set_label("key_128",16); &$movekey (&QWP(0,$key),"xmm0"); @@ -2055,8 +2163,76 @@ if ($PREFIX eq "aesni") { &xorps ("xmm0","xmm1"); &ret(); +&set_label("10rounds_alt",16); + &movdqa ("xmm5",&QWP(0x00,"ebx")); + &mov ($rounds,8); + &movdqa ("xmm4",&QWP(0x20,"ebx")); + &movdqa ("xmm2","xmm0"); + &movdqu (&QWP(-16,$key),"xmm0"); + +&set_label("loop_key128"); + &pshufb ("xmm0","xmm5"); + &aesenclast ("xmm0","xmm4"); + &pslld ("xmm4",1); + &lea ($key,&DWP(16,$key)); + + &movdqa ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm2","xmm3"); + + &pxor ("xmm0","xmm2"); + &movdqu (&QWP(-16,$key),"xmm0"); + &movdqa ("xmm2","xmm0"); + + &dec ($rounds); + &jnz (&label("loop_key128")); + + &movdqa ("xmm4",&QWP(0x30,"ebx")); + + &pshufb ("xmm0","xmm5"); + &aesenclast ("xmm0","xmm4"); + &pslld ("xmm4",1); + + &movdqa ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm2","xmm3"); + + &pxor ("xmm0","xmm2"); + &movdqu (&QWP(0,$key),"xmm0"); + + &movdqa ("xmm2","xmm0"); + &pshufb ("xmm0","xmm5"); + &aesenclast ("xmm0","xmm4"); + + &movdqa ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm2","xmm3"); + + &pxor ("xmm0","xmm2"); + &movdqu (&QWP(16,$key),"xmm0"); + + &mov ($rounds,9); + &mov (&DWP(96,$key),$rounds); + + &jmp (&label("good_key")); + &set_label("12rounds",16); &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of *userKey + &cmp ("ebp",1<<28); + &je (&label("12rounds_alt")); + &mov ($rounds,11); &$movekey (&QWP(-16,$key),"xmm0"); # round 0 &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2 @@ -2077,8 +2253,8 @@ if ($PREFIX eq "aesni") { &call (&label("key_192b")); &$movekey (&QWP(0,$key),"xmm0"); &mov (&DWP(48,$key),$rounds); - &xor ("eax","eax"); - &ret(); + + &jmp (&label("good_key")); &set_label("key_192a",16); &$movekey (&QWP(0,$key),"xmm0"); @@ -2108,10 +2284,52 @@ if ($PREFIX eq "aesni") { &lea ($key,&DWP(32,$key)); &jmp (&label("key_192b_warm")); +&set_label("12rounds_alt",16); + &movdqa ("xmm5",&QWP(0x10,"ebx")); + &movdqa ("xmm4",&QWP(0x20,"ebx")); + &mov ($rounds,8); + &movdqu (&QWP(-16,$key),"xmm0"); + +&set_label("loop_key192"); + &movq (&QWP(0,$key),"xmm2"); + &movdqa ("xmm1","xmm2"); + &pshufb ("xmm2","xmm5"); + &aesenclast ("xmm2","xmm4"); + &pslld ("xmm4",1); + &lea ($key,&DWP(24,$key)); + + &movdqa ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm0","xmm3"); + + &pshufd ("xmm3","xmm0",0xff); + &pxor ("xmm3","xmm1"); + &pslldq ("xmm1",4); + &pxor ("xmm3","xmm1"); + + &pxor ("xmm0","xmm2"); + &pxor ("xmm2","xmm3"); + &movdqu (&QWP(-16,$key),"xmm0"); + + &dec ($rounds); + &jnz (&label("loop_key192")); + + &mov ($rounds,11); + &mov (&DWP(32,$key),$rounds); + + &jmp (&label("good_key")); + &set_label("14rounds",16); &movups ("xmm2",&QWP(16,"eax")); # remaining half of *userKey - &mov ($rounds,13); &lea ($key,&DWP(16,$key)); + &cmp ("ebp",1<<28); + &je (&label("14rounds_alt")); + + &mov ($rounds,13); &$movekey (&QWP(-32,$key),"xmm0"); # round 0 &$movekey (&QWP(-16,$key),"xmm2"); # round 1 &aeskeygenassist("xmm1","xmm2",0x01); # round 2 @@ -2143,7 +2361,8 @@ if ($PREFIX eq "aesni") { &$movekey (&QWP(0,$key),"xmm0"); &mov (&DWP(16,$key),$rounds); &xor ("eax","eax"); - &ret(); + + &jmp (&label("good_key")); &set_label("key_256a",16); &$movekey (&QWP(0,$key),"xmm2"); @@ -2169,11 +2388,77 @@ if ($PREFIX eq "aesni") { &xorps ("xmm2","xmm1"); &ret(); +&set_label("14rounds_alt",16); + &movdqa ("xmm5",&QWP(0x00,"ebx")); + &movdqa ("xmm4",&QWP(0x20,"ebx")); + &mov ($rounds,7); + &movdqu (&QWP(-32,$key),"xmm0"); + &movdqa ("xmm1","xmm2"); + &movdqu (&QWP(-16,$key),"xmm2"); + +&set_label("loop_key256"); + &pshufb ("xmm2","xmm5"); + &aesenclast ("xmm2","xmm4"); + + &movdqa ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm0","xmm3"); + &pslld ("xmm4",1); + + &pxor ("xmm0","xmm2"); + &movdqu (&QWP(0,$key),"xmm0"); + + &dec ($rounds); + &jz (&label("done_key256")); + + &pshufd ("xmm2","xmm0",0xff); + &pxor ("xmm3","xmm3"); + &aesenclast ("xmm2","xmm3"); + + &movdqa ("xmm3","xmm1") + &pslldq ("xmm1",4); + &pxor ("xmm3","xmm1"); + &pslldq ("xmm1",4); + &pxor ("xmm3","xmm1"); + &pslldq ("xmm1",4); + &pxor ("xmm1","xmm3"); + + &pxor ("xmm2","xmm1"); + &movdqu (&QWP(16,$key),"xmm2"); + &lea ($key,&DWP(32,$key)); + &movdqa ("xmm1","xmm2"); + &jmp (&label("loop_key256")); + +&set_label("done_key256"); + &mov ($rounds,13); + &mov (&DWP(16,$key),$rounds); + +&set_label("good_key"); + &pxor ("xmm0","xmm0"); + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &xor ("eax","eax"); + &pop ("ebx"); + &pop ("ebp"); + &ret (); + &set_label("bad_pointer",4); &mov ("eax",-1); + &pop ("ebx"); + &pop ("ebp"); &ret (); &set_label("bad_keybits",4); + &pxor ("xmm0","xmm0"); &mov ("eax",-2); + &pop ("ebx"); + &pop ("ebp"); &ret (); &function_end_B("_aesni_set_encrypt_key"); @@ -2223,10 +2508,18 @@ if ($PREFIX eq "aesni") { &aesimc ("xmm0","xmm0"); &$movekey (&QWP(0,$key),"xmm0"); + &pxor ("xmm0","xmm0"); + &pxor ("xmm1","xmm1"); &xor ("eax","eax"); # return success &set_label("dec_key_ret"); &ret (); &function_end_B("${PREFIX}_set_decrypt_key"); + +&set_label("key_const",64); +&data_word(0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d); +&data_word(0x04070605,0x04070605,0x04070605,0x04070605); +&data_word(1,1,1,1); +&data_word(0x1b,0x1b,0x1b,0x1b); &asciz("AES for Intel AES-NI, CRYPTOGAMS by "); &asm_finish(); diff --git a/openssl/crypto/aes/asm/aesni-x86_64.pl b/openssl/crypto/aes/asm/aesni-x86_64.pl index 5f6174635..25ca574f6 100644 --- a/openssl/crypto/aes/asm/aesni-x86_64.pl +++ b/openssl/crypto/aes/asm/aesni-x86_64.pl @@ -165,11 +165,11 @@ # Westmere 3.77/1.25 1.25 1.25 1.26 # * Bridge 5.07/0.74 0.75 0.90 0.85 # Haswell 4.44/0.63 0.63 0.73 0.63 -# Atom 5.75/3.54 3.56 4.12 3.87(*) +# Silvermont 5.75/3.54 3.56 4.12 3.87(*) # Bulldozer 5.77/0.70 0.72 0.90 0.70 # -# (*) Atom ECB result is suboptimal because of penalties incurred -# by operations on %xmm8-15. As ECB is not considered +# (*) Atom Silvermont ECB result is suboptimal because of penalties +# incurred by operations on %xmm8-15. As ECB is not considered # critical, nothing was done to mitigate the problem. $PREFIX="aesni"; # if $PREFIX is set to "AES", the script @@ -263,7 +263,10 @@ ${PREFIX}_encrypt: ___ &aesni_generate1("enc",$key,$rounds); $code.=<<___; + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 movups $inout0,($out) # output + pxor $inout0,$inout0 ret .size ${PREFIX}_encrypt,.-${PREFIX}_encrypt @@ -276,7 +279,10 @@ ${PREFIX}_decrypt: ___ &aesni_generate1("dec",$key,$rounds); $code.=<<___; + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 movups $inout0,($out) # output + pxor $inout0,$inout0 ret .size ${PREFIX}_decrypt, .-${PREFIX}_decrypt ___ @@ -445,21 +451,18 @@ _aesni_${dir}rypt6: pxor $rndkey0,$inout4 aes${dir} $rndkey1,$inout2 pxor $rndkey0,$inout5 + $movkey ($key,%rax),$rndkey0 add \$16,%rax - aes${dir} $rndkey1,$inout3 - aes${dir} $rndkey1,$inout4 - aes${dir} $rndkey1,$inout5 - $movkey -16($key,%rax),$rndkey0 jmp .L${dir}_loop6_enter .align 16 .L${dir}_loop6: aes${dir} $rndkey1,$inout0 aes${dir} $rndkey1,$inout1 aes${dir} $rndkey1,$inout2 +.L${dir}_loop6_enter: aes${dir} $rndkey1,$inout3 aes${dir} $rndkey1,$inout4 aes${dir} $rndkey1,$inout5 -.L${dir}_loop6_enter: $movkey ($key,%rax),$rndkey1 add \$32,%rax aes${dir} $rndkey0,$inout0 @@ -506,23 +509,18 @@ _aesni_${dir}rypt8: lea 32($key,$rounds),$key neg %rax # $rounds aes${dir} $rndkey1,$inout0 - add \$16,%rax pxor $rndkey0,$inout5 - aes${dir} $rndkey1,$inout1 pxor $rndkey0,$inout6 + aes${dir} $rndkey1,$inout1 pxor $rndkey0,$inout7 - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey1,$inout3 - aes${dir} $rndkey1,$inout4 - aes${dir} $rndkey1,$inout5 - aes${dir} $rndkey1,$inout6 - aes${dir} $rndkey1,$inout7 - $movkey -16($key,%rax),$rndkey0 - jmp .L${dir}_loop8_enter + $movkey ($key,%rax),$rndkey0 + add \$16,%rax + jmp .L${dir}_loop8_inner .align 16 .L${dir}_loop8: aes${dir} $rndkey1,$inout0 aes${dir} $rndkey1,$inout1 +.L${dir}_loop8_inner: aes${dir} $rndkey1,$inout2 aes${dir} $rndkey1,$inout3 aes${dir} $rndkey1,$inout4 @@ -587,15 +585,15 @@ aesni_ecb_encrypt: ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) + movaps %xmm6,(%rsp) # offload $inout4..7 movaps %xmm7,0x10(%rsp) movaps %xmm8,0x20(%rsp) movaps %xmm9,0x30(%rsp) .Lecb_enc_body: ___ $code.=<<___; - and \$-16,$len - jz .Lecb_ret + and \$-16,$len # if ($len<16) + jz .Lecb_ret # return mov 240($key),$rounds # key->rounds $movkey ($key),$rndkey0 @@ -604,10 +602,10 @@ $code.=<<___; test %r8d,%r8d # 5th argument jz .Lecb_decrypt #--------------------------- ECB ENCRYPT ------------------------------# - cmp \$0x80,$len - jb .Lecb_enc_tail + cmp \$0x80,$len # if ($len<8*16) + jb .Lecb_enc_tail # short input - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # load 8 input blocks movdqu 0x10($inp),$inout1 movdqu 0x20($inp),$inout2 movdqu 0x30($inp),$inout3 @@ -615,14 +613,14 @@ $code.=<<___; movdqu 0x50($inp),$inout5 movdqu 0x60($inp),$inout6 movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp - sub \$0x80,$len + lea 0x80($inp),$inp # $inp+=8*16 + sub \$0x80,$len # $len-=8*16 (can be zero) jmp .Lecb_enc_loop8_enter .align 16 .Lecb_enc_loop8: - movups $inout0,($out) + movups $inout0,($out) # store 8 output blocks mov $key_,$key # restore $key - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # load 8 input blocks mov $rnds_,$rounds # restore $rounds movups $inout1,0x10($out) movdqu 0x10($inp),$inout1 @@ -637,17 +635,17 @@ $code.=<<___; movups $inout6,0x60($out) movdqu 0x60($inp),$inout6 movups $inout7,0x70($out) - lea 0x80($out),$out + lea 0x80($out),$out # $out+=8*16 movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp + lea 0x80($inp),$inp # $inp+=8*16 .Lecb_enc_loop8_enter: call _aesni_encrypt8 sub \$0x80,$len - jnc .Lecb_enc_loop8 + jnc .Lecb_enc_loop8 # loop if $len-=8*16 didn't borrow - movups $inout0,($out) + movups $inout0,($out) # store 8 output blocks mov $key_,$key # restore $key movups $inout1,0x10($out) mov $rnds_,$rounds # restore $rounds @@ -657,11 +655,11 @@ $code.=<<___; movups $inout5,0x50($out) movups $inout6,0x60($out) movups $inout7,0x70($out) - lea 0x80($out),$out - add \$0x80,$len - jz .Lecb_ret + lea 0x80($out),$out # $out+=8*16 + add \$0x80,$len # restore real remaining $len + jz .Lecb_ret # done if ($len==0) -.Lecb_enc_tail: +.Lecb_enc_tail: # $len is less than 8*16 movups ($inp),$inout0 cmp \$0x20,$len jb .Lecb_enc_one @@ -678,8 +676,9 @@ $code.=<<___; movups 0x50($inp),$inout5 je .Lecb_enc_six movdqu 0x60($inp),$inout6 + xorps $inout7,$inout7 call _aesni_encrypt8 - movups $inout0,($out) + movups $inout0,($out) # store 7 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) movups $inout3,0x30($out) @@ -692,25 +691,25 @@ $code.=<<___; ___ &aesni_generate1("enc",$key,$rounds); $code.=<<___; - movups $inout0,($out) + movups $inout0,($out) # store one output block jmp .Lecb_ret .align 16 .Lecb_enc_two: call _aesni_encrypt2 - movups $inout0,($out) + movups $inout0,($out) # store 2 output blocks movups $inout1,0x10($out) jmp .Lecb_ret .align 16 .Lecb_enc_three: call _aesni_encrypt3 - movups $inout0,($out) + movups $inout0,($out) # store 3 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) jmp .Lecb_ret .align 16 .Lecb_enc_four: call _aesni_encrypt4 - movups $inout0,($out) + movups $inout0,($out) # store 4 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) movups $inout3,0x30($out) @@ -719,7 +718,7 @@ $code.=<<___; .Lecb_enc_five: xorps $inout5,$inout5 call _aesni_encrypt6 - movups $inout0,($out) + movups $inout0,($out) # store 5 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) movups $inout3,0x30($out) @@ -728,7 +727,7 @@ $code.=<<___; .align 16 .Lecb_enc_six: call _aesni_encrypt6 - movups $inout0,($out) + movups $inout0,($out) # store 6 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) movups $inout3,0x30($out) @@ -738,10 +737,10 @@ $code.=<<___; #--------------------------- ECB DECRYPT ------------------------------# .align 16 .Lecb_decrypt: - cmp \$0x80,$len - jb .Lecb_dec_tail + cmp \$0x80,$len # if ($len<8*16) + jb .Lecb_dec_tail # short input - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # load 8 input blocks movdqu 0x10($inp),$inout1 movdqu 0x20($inp),$inout2 movdqu 0x30($inp),$inout3 @@ -749,14 +748,14 @@ $code.=<<___; movdqu 0x50($inp),$inout5 movdqu 0x60($inp),$inout6 movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp - sub \$0x80,$len + lea 0x80($inp),$inp # $inp+=8*16 + sub \$0x80,$len # $len-=8*16 (can be zero) jmp .Lecb_dec_loop8_enter .align 16 .Lecb_dec_loop8: - movups $inout0,($out) + movups $inout0,($out) # store 8 output blocks mov $key_,$key # restore $key - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # load 8 input blocks mov $rnds_,$rounds # restore $rounds movups $inout1,0x10($out) movdqu 0x10($inp),$inout1 @@ -771,30 +770,38 @@ $code.=<<___; movups $inout6,0x60($out) movdqu 0x60($inp),$inout6 movups $inout7,0x70($out) - lea 0x80($out),$out + lea 0x80($out),$out # $out+=8*16 movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp + lea 0x80($inp),$inp # $inp+=8*16 .Lecb_dec_loop8_enter: call _aesni_decrypt8 $movkey ($key_),$rndkey0 sub \$0x80,$len - jnc .Lecb_dec_loop8 + jnc .Lecb_dec_loop8 # loop if $len-=8*16 didn't borrow - movups $inout0,($out) + movups $inout0,($out) # store 8 output blocks + pxor $inout0,$inout0 # clear register bank mov $key_,$key # restore $key movups $inout1,0x10($out) + pxor $inout1,$inout1 mov $rnds_,$rounds # restore $rounds movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 movups $inout4,0x40($out) + pxor $inout4,$inout4 movups $inout5,0x50($out) + pxor $inout5,$inout5 movups $inout6,0x60($out) + pxor $inout6,$inout6 movups $inout7,0x70($out) - lea 0x80($out),$out - add \$0x80,$len - jz .Lecb_ret + pxor $inout7,$inout7 + lea 0x80($out),$out # $out+=8*16 + add \$0x80,$len # restore real remaining $len + jz .Lecb_ret # done if ($len==0) .Lecb_dec_tail: movups ($inp),$inout0 @@ -814,70 +821,107 @@ $code.=<<___; je .Lecb_dec_six movups 0x60($inp),$inout6 $movkey ($key),$rndkey0 + xorps $inout7,$inout7 call _aesni_decrypt8 - movups $inout0,($out) + movups $inout0,($out) # store 7 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 movups $inout4,0x40($out) + pxor $inout4,$inout4 movups $inout5,0x50($out) + pxor $inout5,$inout5 movups $inout6,0x60($out) + pxor $inout6,$inout6 + pxor $inout7,$inout7 jmp .Lecb_ret .align 16 .Lecb_dec_one: ___ &aesni_generate1("dec",$key,$rounds); $code.=<<___; - movups $inout0,($out) + movups $inout0,($out) # store one output block + pxor $inout0,$inout0 # clear register bank jmp .Lecb_ret .align 16 .Lecb_dec_two: call _aesni_decrypt2 - movups $inout0,($out) + movups $inout0,($out) # store 2 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 jmp .Lecb_ret .align 16 .Lecb_dec_three: call _aesni_decrypt3 - movups $inout0,($out) + movups $inout0,($out) # store 3 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 jmp .Lecb_ret .align 16 .Lecb_dec_four: call _aesni_decrypt4 - movups $inout0,($out) + movups $inout0,($out) # store 4 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 jmp .Lecb_ret .align 16 .Lecb_dec_five: xorps $inout5,$inout5 call _aesni_decrypt6 - movups $inout0,($out) + movups $inout0,($out) # store 5 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 movups $inout4,0x40($out) + pxor $inout4,$inout4 + pxor $inout5,$inout5 jmp .Lecb_ret .align 16 .Lecb_dec_six: call _aesni_decrypt6 - movups $inout0,($out) + movups $inout0,($out) # store 6 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 movups $inout4,0x40($out) + pxor $inout4,$inout4 movups $inout5,0x50($out) + pxor $inout5,$inout5 .Lecb_ret: + xorps $rndkey0,$rndkey0 # %xmm0 + pxor $rndkey1,$rndkey1 ___ $code.=<<___ if ($win64); movaps (%rsp),%xmm6 + movaps %xmm0,(%rsp) # clear stack movaps 0x10(%rsp),%xmm7 + movaps %xmm0,0x10(%rsp) movaps 0x20(%rsp),%xmm8 + movaps %xmm0,0x20(%rsp) movaps 0x30(%rsp),%xmm9 + movaps %xmm0,0x30(%rsp) lea 0x58(%rsp),%rsp .Lecb_enc_ret: ___ @@ -911,10 +955,10 @@ aesni_ccm64_encrypt_blocks: ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) + movaps %xmm6,(%rsp) # $iv + movaps %xmm7,0x10(%rsp) # $bswap_mask + movaps %xmm8,0x20(%rsp) # $in0 + movaps %xmm9,0x30(%rsp) # $increment .Lccm64_enc_body: ___ $code.=<<___; @@ -956,7 +1000,7 @@ $code.=<<___; aesenc $rndkey1,$inout0 aesenc $rndkey1,$inout1 paddq $increment,$iv - dec $len + dec $len # $len-- ($len is in blocks) aesenclast $rndkey0,$inout0 aesenclast $rndkey0,$inout1 @@ -965,16 +1009,26 @@ $code.=<<___; movdqa $iv,$inout0 movups $in0,($out) # save output pshufb $bswap_mask,$inout0 - lea 16($out),$out - jnz .Lccm64_enc_outer + lea 16($out),$out # $out+=16 + jnz .Lccm64_enc_outer # loop if ($len!=0) - movups $inout1,($cmac) + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 + pxor $inout0,$inout0 + movups $inout1,($cmac) # store resulting mac + pxor $inout1,$inout1 + pxor $in0,$in0 + pxor $iv,$iv ___ $code.=<<___ if ($win64); movaps (%rsp),%xmm6 + movaps %xmm0,(%rsp) # clear stack movaps 0x10(%rsp),%xmm7 + movaps %xmm0,0x10(%rsp) movaps 0x20(%rsp),%xmm8 + movaps %xmm0,0x20(%rsp) movaps 0x30(%rsp),%xmm9 + movaps %xmm0,0x30(%rsp) lea 0x58(%rsp),%rsp .Lccm64_enc_ret: ___ @@ -991,10 +1045,10 @@ aesni_ccm64_decrypt_blocks: ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) + movaps %xmm6,(%rsp) # $iv + movaps %xmm7,0x10(%rsp) # $bswap_mask + movaps %xmm8,0x20(%rsp) # $in8 + movaps %xmm9,0x30(%rsp) # $increment .Lccm64_dec_body: ___ $code.=<<___; @@ -1015,7 +1069,7 @@ $code.=<<___; mov \$16,$rounds movups ($inp),$in0 # load inp paddq $increment,$iv - lea 16($inp),$inp + lea 16($inp),$inp # $inp+=16 sub %r10,%rax # twisted $rounds lea 32($key_,$rnds_),$key # end of key schedule mov %rax,%r10 @@ -1025,11 +1079,11 @@ $code.=<<___; xorps $inout0,$in0 # inp ^= E(iv) movdqa $iv,$inout0 movups $in0,($out) # save output - lea 16($out),$out + lea 16($out),$out # $out+=16 pshufb $bswap_mask,$inout0 - sub \$1,$len - jz .Lccm64_dec_break + sub \$1,$len # $len-- ($len is in blocks) + jz .Lccm64_dec_break # if ($len==0) break $movkey ($key_),$rndkey0 mov %r10,%rax @@ -1049,13 +1103,13 @@ $code.=<<___; aesenc $rndkey0,$inout1 $movkey -16($key,%rax),$rndkey0 jnz .Lccm64_dec2_loop - movups ($inp),$in0 # load inp + movups ($inp),$in0 # load input paddq $increment,$iv aesenc $rndkey1,$inout0 aesenc $rndkey1,$inout1 aesenclast $rndkey0,$inout0 aesenclast $rndkey0,$inout1 - lea 16($inp),$inp + lea 16($inp),$inp # $inp+=16 jmp .Lccm64_dec_outer .align 16 @@ -1065,13 +1119,23 @@ $code.=<<___; ___ &aesni_generate1("enc",$key_,$rounds,$inout1,$in0); $code.=<<___; - movups $inout1,($cmac) + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 + pxor $inout0,$inout0 + movups $inout1,($cmac) # store resulting mac + pxor $inout1,$inout1 + pxor $in0,$in0 + pxor $iv,$iv ___ $code.=<<___ if ($win64); movaps (%rsp),%xmm6 + movaps %xmm0,(%rsp) # clear stack movaps 0x10(%rsp),%xmm7 + movaps %xmm0,0x10(%rsp) movaps 0x20(%rsp),%xmm8 + movaps %xmm0,0x20(%rsp) movaps 0x30(%rsp),%xmm9 + movaps %xmm0,0x30(%rsp) lea 0x58(%rsp),%rsp .Lccm64_dec_ret: ___ @@ -1102,13 +1166,34 @@ $code.=<<___; .type aesni_ctr32_encrypt_blocks,\@function,5 .align 16 aesni_ctr32_encrypt_blocks: + cmp \$1,$len + jne .Lctr32_bulk + + # handle single block without allocating stack frame, + # useful when handling edges + movups ($ivp),$inout0 + movups ($inp),$inout1 + mov 240($key),%edx # key->rounds +___ + &aesni_generate1("enc",$key,"%edx"); +$code.=<<___; + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 + xorps $inout1,$inout0 + pxor $inout1,$inout1 + movups $inout0,($out) + xorps $inout0,$inout0 + jmp .Lctr32_epilogue + +.align 16 +.Lctr32_bulk: lea (%rsp),%rax push %rbp sub \$$frame_size,%rsp and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ $code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%rax) + movaps %xmm6,-0xa8(%rax) # offload everything movaps %xmm7,-0x98(%rax) movaps %xmm8,-0x88(%rax) movaps %xmm9,-0x78(%rax) @@ -1123,8 +1208,8 @@ ___ $code.=<<___; lea -8(%rax),%rbp - cmp \$1,$len - je .Lctr32_one_shortcut + # 8 16-byte words on top of stack are counter values + # xor-ed with zero-round key movdqu ($ivp),$inout0 movdqu ($key),$rndkey0 @@ -1139,7 +1224,7 @@ $code.=<<___; movdqa $inout0,0x40(%rsp) movdqa $inout0,0x50(%rsp) movdqa $inout0,0x60(%rsp) - mov %rdx,%r10 # borrow %rdx + mov %rdx,%r10 # about to borrow %rdx movdqa $inout0,0x70(%rsp) lea 1($ctr),%rax @@ -1183,15 +1268,15 @@ $code.=<<___; movdqa 0x40(%rsp),$inout4 movdqa 0x50(%rsp),$inout5 - cmp \$8,$len - jb .Lctr32_tail + cmp \$8,$len # $len is in blocks + jb .Lctr32_tail # short input if ($len<8) - sub \$6,$len + sub \$6,$len # $len is biased by -6 cmp \$`1<<22`,%r10d # check for MOVBE without XSAVE - je .Lctr32_6x + je .Lctr32_6x # [which denotes Atom Silvermont] lea 0x80($key),$key # size optimization - sub \$2,$len + sub \$2,$len # $len is biased by -8 jmp .Lctr32_loop8 .align 16 @@ -1205,13 +1290,13 @@ $code.=<<___; .align 16 .Lctr32_loop6: - add \$6,$ctr + add \$6,$ctr # next counter value $movkey -48($key,$rnds_),$rndkey0 aesenc $rndkey1,$inout0 mov $ctr,%eax xor $key0,%eax aesenc $rndkey1,$inout1 - movbe %eax,`0x00+12`(%rsp) + movbe %eax,`0x00+12`(%rsp) # store next counter value lea 1($ctr),%eax aesenc $rndkey1,$inout2 xor $key0,%eax @@ -1244,16 +1329,16 @@ $code.=<<___; call .Lenc_loop6 - movdqu ($inp),$inout6 + movdqu ($inp),$inout6 # load 6 input blocks movdqu 0x10($inp),$inout7 movdqu 0x20($inp),$in0 movdqu 0x30($inp),$in1 movdqu 0x40($inp),$in2 movdqu 0x50($inp),$in3 - lea 0x60($inp),$inp + lea 0x60($inp),$inp # $inp+=6*16 $movkey -64($key,$rnds_),$rndkey1 - pxor $inout0,$inout6 - movaps 0x00(%rsp),$inout0 + pxor $inout0,$inout6 # inp^=E(ctr) + movaps 0x00(%rsp),$inout0 # load next counter [xor-ed with 0 round] pxor $inout1,$inout7 movaps 0x10(%rsp),$inout1 pxor $inout2,$in0 @@ -1264,19 +1349,19 @@ $code.=<<___; movaps 0x40(%rsp),$inout4 pxor $inout5,$in3 movaps 0x50(%rsp),$inout5 - movdqu $inout6,($out) + movdqu $inout6,($out) # store 6 output blocks movdqu $inout7,0x10($out) movdqu $in0,0x20($out) movdqu $in1,0x30($out) movdqu $in2,0x40($out) movdqu $in3,0x50($out) - lea 0x60($out),$out - + lea 0x60($out),$out # $out+=6*16 + sub \$6,$len - jnc .Lctr32_loop6 + jnc .Lctr32_loop6 # loop if $len-=6 didn't borrow - add \$6,$len - jz .Lctr32_done + add \$6,$len # restore real remaining $len + jz .Lctr32_done # done if ($len==0) lea -48($rnds_),$rounds lea -80($key,$rnds_),$key # restore $key @@ -1286,7 +1371,7 @@ $code.=<<___; .align 32 .Lctr32_loop8: - add \$8,$ctr + add \$8,$ctr # next counter value movdqa 0x60(%rsp),$inout6 aesenc $rndkey1,$inout0 mov $ctr,%r9d @@ -1298,7 +1383,7 @@ $code.=<<___; xor $key0,%r9d nop aesenc $rndkey1,$inout3 - mov %r9d,0x00+12(%rsp) + mov %r9d,0x00+12(%rsp) # store next counter value lea 1($ctr),%r9 aesenc $rndkey1,$inout4 aesenc $rndkey1,$inout5 @@ -1331,7 +1416,7 @@ $code.=<<___; aesenc $rndkey0,$inout1 aesenc $rndkey0,$inout2 xor $key0,%r9d - movdqu 0x00($inp),$in0 + movdqu 0x00($inp),$in0 # start loading input aesenc $rndkey0,$inout3 mov %r9d,0x70+12(%rsp) cmp \$11,$rounds @@ -1388,7 +1473,7 @@ $code.=<<___; .align 16 .Lctr32_enc_done: movdqu 0x10($inp),$in1 - pxor $rndkey0,$in0 + pxor $rndkey0,$in0 # input^=round[last] movdqu 0x20($inp),$in2 pxor $rndkey0,$in1 movdqu 0x30($inp),$in3 @@ -1406,11 +1491,11 @@ $code.=<<___; aesenc $rndkey1,$inout5 aesenc $rndkey1,$inout6 aesenc $rndkey1,$inout7 - movdqu 0x60($inp),$rndkey1 - lea 0x80($inp),$inp + movdqu 0x60($inp),$rndkey1 # borrow $rndkey1 for inp[6] + lea 0x80($inp),$inp # $inp+=8*16 - aesenclast $in0,$inout0 - pxor $rndkey0,$rndkey1 + aesenclast $in0,$inout0 # $inN is inp[N]^round[last] + pxor $rndkey0,$rndkey1 # borrowed $rndkey movdqu 0x70-0x80($inp),$in0 aesenclast $in1,$inout1 pxor $rndkey0,$in0 @@ -1425,10 +1510,10 @@ $code.=<<___; movdqa 0x40(%rsp),$in5 aesenclast $rndkey1,$inout6 movdqa 0x50(%rsp),$rndkey0 - $movkey 0x10-0x80($key),$rndkey1 + $movkey 0x10-0x80($key),$rndkey1#real 1st-round key aesenclast $in0,$inout7 - movups $inout0,($out) # store output + movups $inout0,($out) # store 8 output blocks movdqa $in1,$inout0 movups $inout1,0x10($out) movdqa $in2,$inout1 @@ -1442,21 +1527,24 @@ $code.=<<___; movdqa $rndkey0,$inout5 movups $inout6,0x60($out) movups $inout7,0x70($out) - lea 0x80($out),$out - + lea 0x80($out),$out # $out+=8*16 + sub \$8,$len - jnc .Lctr32_loop8 + jnc .Lctr32_loop8 # loop if $len-=8 didn't borrow - add \$8,$len - jz .Lctr32_done + add \$8,$len # restore real remainig $len + jz .Lctr32_done # done if ($len==0) lea -0x80($key),$key .Lctr32_tail: + # note that at this point $inout0..5 are populated with + # counter values xor-ed with 0-round key lea 16($key),$key cmp \$4,$len jb .Lctr32_loop3 je .Lctr32_loop4 + # if ($len>4) compute 7 E(counter) shl \$4,$rounds movdqa 0x60(%rsp),$inout6 pxor $inout7,$inout7 @@ -1464,14 +1552,14 @@ $code.=<<___; $movkey 16($key),$rndkey0 aesenc $rndkey1,$inout0 aesenc $rndkey1,$inout1 - lea 32-16($key,$rounds),$key + lea 32-16($key,$rounds),$key# prepare for .Lenc_loop8_enter neg %rax aesenc $rndkey1,$inout2 - add \$16,%rax + add \$16,%rax # prepare for .Lenc_loop8_enter movups ($inp),$in0 aesenc $rndkey1,$inout3 aesenc $rndkey1,$inout4 - movups 0x10($inp),$in1 + movups 0x10($inp),$in1 # pre-load input movups 0x20($inp),$in2 aesenc $rndkey1,$inout5 aesenc $rndkey1,$inout6 @@ -1482,7 +1570,7 @@ $code.=<<___; pxor $in0,$inout0 movdqu 0x40($inp),$in0 pxor $in1,$inout1 - movdqu $inout0,($out) + movdqu $inout0,($out) # store output pxor $in2,$inout2 movdqu $inout1,0x10($out) pxor $in3,$inout3 @@ -1491,17 +1579,17 @@ $code.=<<___; movdqu $inout3,0x30($out) movdqu $inout4,0x40($out) cmp \$6,$len - jb .Lctr32_done + jb .Lctr32_done # $len was 5, stop store movups 0x50($inp),$in1 xorps $in1,$inout5 movups $inout5,0x50($out) - je .Lctr32_done + je .Lctr32_done # $len was 6, stop store movups 0x60($inp),$in2 xorps $in2,$inout6 movups $inout6,0x60($out) - jmp .Lctr32_done + jmp .Lctr32_done # $len was 7, stop store .align 32 .Lctr32_loop4: @@ -1515,7 +1603,7 @@ $code.=<<___; jnz .Lctr32_loop4 aesenclast $rndkey1,$inout0 aesenclast $rndkey1,$inout1 - movups ($inp),$in0 + movups ($inp),$in0 # load input movups 0x10($inp),$in1 aesenclast $rndkey1,$inout2 aesenclast $rndkey1,$inout3 @@ -1523,14 +1611,14 @@ $code.=<<___; movups 0x30($inp),$in3 xorps $in0,$inout0 - movups $inout0,($out) + movups $inout0,($out) # store output xorps $in1,$inout1 movups $inout1,0x10($out) pxor $in2,$inout2 movdqu $inout2,0x20($out) pxor $in3,$inout3 movdqu $inout3,0x30($out) - jmp .Lctr32_done + jmp .Lctr32_done # $len was 4, stop store .align 32 .Lctr32_loop3: @@ -1545,48 +1633,79 @@ $code.=<<___; aesenclast $rndkey1,$inout1 aesenclast $rndkey1,$inout2 - movups ($inp),$in0 + movups ($inp),$in0 # load input xorps $in0,$inout0 - movups $inout0,($out) + movups $inout0,($out) # store output cmp \$2,$len - jb .Lctr32_done + jb .Lctr32_done # $len was 1, stop store movups 0x10($inp),$in1 xorps $in1,$inout1 movups $inout1,0x10($out) - je .Lctr32_done + je .Lctr32_done # $len was 2, stop store movups 0x20($inp),$in2 xorps $in2,$inout2 - movups $inout2,0x20($out) - jmp .Lctr32_done - -.align 16 -.Lctr32_one_shortcut: - movups ($ivp),$inout0 - movups ($inp),$in0 - mov 240($key),$rounds # key->rounds -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - xorps $in0,$inout0 - movups $inout0,($out) - jmp .Lctr32_done + movups $inout2,0x20($out) # $len was 3, stop store -.align 16 .Lctr32_done: + xorps %xmm0,%xmm0 # clear regiser bank + xor $key0,$key0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +$code.=<<___ if (!$win64); + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0x00(%rsp) # clear stack + pxor %xmm8,%xmm8 + movaps %xmm0,0x10(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,0x20(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,0x30(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,0x40(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,0x50(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,0x60(%rsp) + pxor %xmm14,%xmm14 + movaps %xmm0,0x70(%rsp) + pxor %xmm15,%xmm15 ___ $code.=<<___ if ($win64); movaps -0xa0(%rbp),%xmm6 + movaps %xmm0,-0xa0(%rbp) # clear stack movaps -0x90(%rbp),%xmm7 + movaps %xmm0,-0x90(%rbp) movaps -0x80(%rbp),%xmm8 + movaps %xmm0,-0x80(%rbp) movaps -0x70(%rbp),%xmm9 + movaps %xmm0,-0x70(%rbp) movaps -0x60(%rbp),%xmm10 + movaps %xmm0,-0x60(%rbp) movaps -0x50(%rbp),%xmm11 + movaps %xmm0,-0x50(%rbp) movaps -0x40(%rbp),%xmm12 + movaps %xmm0,-0x40(%rbp) movaps -0x30(%rbp),%xmm13 + movaps %xmm0,-0x30(%rbp) movaps -0x20(%rbp),%xmm14 + movaps %xmm0,-0x20(%rbp) movaps -0x10(%rbp),%xmm15 + movaps %xmm0,-0x10(%rbp) + movaps %xmm0,0x00(%rsp) + movaps %xmm0,0x10(%rsp) + movaps %xmm0,0x20(%rsp) + movaps %xmm0,0x30(%rsp) + movaps %xmm0,0x40(%rsp) + movaps %xmm0,0x50(%rsp) + movaps %xmm0,0x60(%rsp) + movaps %xmm0,0x70(%rsp) ___ $code.=<<___; lea (%rbp),%rsp @@ -1619,7 +1738,7 @@ aesni_xts_encrypt: and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ $code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%rax) + movaps %xmm6,-0xa8(%rax) # offload everything movaps %xmm7,-0x98(%rax) movaps %xmm8,-0x88(%rax) movaps %xmm9,-0x78(%rax) @@ -1679,7 +1798,7 @@ $code.=<<___; movaps $rndkey1,0x60(%rsp) # save round[0]^round[last] sub \$16*6,$len - jc .Lxts_enc_short + jc .Lxts_enc_short # if $len-=6*16 borrowed mov \$16+96,$rounds lea 32($key_,$rnds_),$key # end of key schedule @@ -1694,7 +1813,7 @@ $code.=<<___; movdqu `16*0`($inp),$inout0 # load input movdqa $rndkey0,$twmask movdqu `16*1`($inp),$inout1 - pxor @tweak[0],$inout0 + pxor @tweak[0],$inout0 # input^=tweak^round[0] movdqu `16*2`($inp),$inout2 pxor @tweak[1],$inout1 aesenc $rndkey1,$inout0 @@ -1713,10 +1832,10 @@ $code.=<<___; lea `16*6`($inp),$inp pxor $twmask,$inout5 - pxor $twres,@tweak[0] + pxor $twres,@tweak[0] # calclulate tweaks^round[last] aesenc $rndkey1,$inout4 pxor $twres,@tweak[1] - movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^last round key + movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^round[last] aesenc $rndkey1,$inout5 $movkey 48($key_),$rndkey1 pxor $twres,@tweak[2] @@ -1757,7 +1876,7 @@ $code.=<<___; $movkey -80($key,%rax),$rndkey0 jnz .Lxts_enc_loop6 - movdqa (%r8),$twmask + movdqa (%r8),$twmask # start calculating next tweak movdqa $twres,$twtmp paddd $twres,$twres aesenc $rndkey1,$inout0 @@ -1851,15 +1970,15 @@ $code.=<<___; aesenclast `16*5`(%rsp),$inout5 pxor $twres,@tweak[5] - lea `16*6`($out),$out - movups $inout0,`-16*6`($out) # write output + lea `16*6`($out),$out # $out+=6*16 + movups $inout0,`-16*6`($out) # store 6 output blocks movups $inout1,`-16*5`($out) movups $inout2,`-16*4`($out) movups $inout3,`-16*3`($out) movups $inout4,`-16*2`($out) movups $inout5,`-16*1`($out) sub \$16*6,$len - jnc .Lxts_enc_grandloop + jnc .Lxts_enc_grandloop # loop if $len-=6*16 didn't borrow mov \$16+96,$rounds sub $rnds_,$rounds @@ -1867,34 +1986,36 @@ $code.=<<___; shr \$4,$rounds # restore original value .Lxts_enc_short: + # at the point @tweak[0..5] are populated with tweak values mov $rounds,$rnds_ # backup $rounds pxor $rndkey0,@tweak[0] - add \$16*6,$len - jz .Lxts_enc_done + add \$16*6,$len # restore real remaining $len + jz .Lxts_enc_done # done if ($len==0) pxor $rndkey0,@tweak[1] cmp \$0x20,$len - jb .Lxts_enc_one + jb .Lxts_enc_one # $len is 1*16 pxor $rndkey0,@tweak[2] - je .Lxts_enc_two + je .Lxts_enc_two # $len is 2*16 pxor $rndkey0,@tweak[3] cmp \$0x40,$len - jb .Lxts_enc_three + jb .Lxts_enc_three # $len is 3*16 pxor $rndkey0,@tweak[4] - je .Lxts_enc_four + je .Lxts_enc_four # $len is 4*16 - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # $len is 5*16 movdqu 16*1($inp),$inout1 movdqu 16*2($inp),$inout2 pxor @tweak[0],$inout0 movdqu 16*3($inp),$inout3 pxor @tweak[1],$inout1 movdqu 16*4($inp),$inout4 - lea 16*5($inp),$inp + lea 16*5($inp),$inp # $inp+=5*16 pxor @tweak[2],$inout2 pxor @tweak[3],$inout3 pxor @tweak[4],$inout4 + pxor $inout5,$inout5 call _aesni_encrypt6 @@ -1902,35 +2023,35 @@ $code.=<<___; movdqa @tweak[5],@tweak[0] xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 - movdqu $inout0,($out) + movdqu $inout0,($out) # store 5 output blocks xorps @tweak[3],$inout3 movdqu $inout1,16*1($out) xorps @tweak[4],$inout4 movdqu $inout2,16*2($out) movdqu $inout3,16*3($out) movdqu $inout4,16*4($out) - lea 16*5($out),$out + lea 16*5($out),$out # $out+=5*16 jmp .Lxts_enc_done .align 16 .Lxts_enc_one: movups ($inp),$inout0 - lea 16*1($inp),$inp + lea 16*1($inp),$inp # inp+=1*16 xorps @tweak[0],$inout0 ___ &aesni_generate1("enc",$key,$rounds); $code.=<<___; xorps @tweak[0],$inout0 movdqa @tweak[1],@tweak[0] - movups $inout0,($out) - lea 16*1($out),$out + movups $inout0,($out) # store one output block + lea 16*1($out),$out # $out+=1*16 jmp .Lxts_enc_done .align 16 .Lxts_enc_two: movups ($inp),$inout0 movups 16($inp),$inout1 - lea 32($inp),$inp + lea 32($inp),$inp # $inp+=2*16 xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 @@ -1939,9 +2060,9 @@ $code.=<<___; xorps @tweak[0],$inout0 movdqa @tweak[2],@tweak[0] xorps @tweak[1],$inout1 - movups $inout0,($out) + movups $inout0,($out) # store 2 output blocks movups $inout1,16*1($out) - lea 16*2($out),$out + lea 16*2($out),$out # $out+=2*16 jmp .Lxts_enc_done .align 16 @@ -1949,7 +2070,7 @@ $code.=<<___; movups ($inp),$inout0 movups 16*1($inp),$inout1 movups 16*2($inp),$inout2 - lea 16*3($inp),$inp + lea 16*3($inp),$inp # $inp+=3*16 xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 @@ -1960,10 +2081,10 @@ $code.=<<___; movdqa @tweak[3],@tweak[0] xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 - movups $inout0,($out) + movups $inout0,($out) # store 3 output blocks movups $inout1,16*1($out) movups $inout2,16*2($out) - lea 16*3($out),$out + lea 16*3($out),$out # $out+=3*16 jmp .Lxts_enc_done .align 16 @@ -1973,7 +2094,7 @@ $code.=<<___; movups 16*2($inp),$inout2 xorps @tweak[0],$inout0 movups 16*3($inp),$inout3 - lea 16*4($inp),$inp + lea 16*4($inp),$inp # $inp+=4*16 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 xorps @tweak[3],$inout3 @@ -1984,17 +2105,17 @@ $code.=<<___; movdqa @tweak[4],@tweak[0] pxor @tweak[1],$inout1 pxor @tweak[2],$inout2 - movdqu $inout0,($out) + movdqu $inout0,($out) # store 4 output blocks pxor @tweak[3],$inout3 movdqu $inout1,16*1($out) movdqu $inout2,16*2($out) movdqu $inout3,16*3($out) - lea 16*4($out),$out + lea 16*4($out),$out # $out+=4*16 jmp .Lxts_enc_done .align 16 .Lxts_enc_done: - and \$15,$len_ + and \$15,$len_ # see if $len%16 is 0 jz .Lxts_enc_ret mov $len_,$len @@ -2021,18 +2142,60 @@ $code.=<<___; movups $inout0,-16($out) .Lxts_enc_ret: + xorps %xmm0,%xmm0 # clear register bank + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +$code.=<<___ if (!$win64); + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0x00(%rsp) # clear stack + pxor %xmm8,%xmm8 + movaps %xmm0,0x10(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,0x20(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,0x30(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,0x40(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,0x50(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,0x60(%rsp) + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 ___ $code.=<<___ if ($win64); movaps -0xa0(%rbp),%xmm6 + movaps %xmm0,-0xa0(%rbp) # clear stack movaps -0x90(%rbp),%xmm7 + movaps %xmm0,-0x90(%rbp) movaps -0x80(%rbp),%xmm8 + movaps %xmm0,-0x80(%rbp) movaps -0x70(%rbp),%xmm9 + movaps %xmm0,-0x70(%rbp) movaps -0x60(%rbp),%xmm10 + movaps %xmm0,-0x60(%rbp) movaps -0x50(%rbp),%xmm11 + movaps %xmm0,-0x50(%rbp) movaps -0x40(%rbp),%xmm12 + movaps %xmm0,-0x40(%rbp) movaps -0x30(%rbp),%xmm13 + movaps %xmm0,-0x30(%rbp) movaps -0x20(%rbp),%xmm14 + movaps %xmm0,-0x20(%rbp) movaps -0x10(%rbp),%xmm15 + movaps %xmm0,-0x10(%rbp) + movaps %xmm0,0x00(%rsp) + movaps %xmm0,0x10(%rsp) + movaps %xmm0,0x20(%rsp) + movaps %xmm0,0x30(%rsp) + movaps %xmm0,0x40(%rsp) + movaps %xmm0,0x50(%rsp) + movaps %xmm0,0x60(%rsp) ___ $code.=<<___; lea (%rbp),%rsp @@ -2053,7 +2216,7 @@ aesni_xts_decrypt: and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ $code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%rax) + movaps %xmm6,-0xa8(%rax) # offload everything movaps %xmm7,-0x98(%rax) movaps %xmm8,-0x88(%rax) movaps %xmm9,-0x78(%rax) @@ -2116,7 +2279,7 @@ $code.=<<___; movaps $rndkey1,0x60(%rsp) # save round[0]^round[last] sub \$16*6,$len - jc .Lxts_dec_short + jc .Lxts_dec_short # if $len-=6*16 borrowed mov \$16+96,$rounds lea 32($key_,$rnds_),$key # end of key schedule @@ -2131,7 +2294,7 @@ $code.=<<___; movdqu `16*0`($inp),$inout0 # load input movdqa $rndkey0,$twmask movdqu `16*1`($inp),$inout1 - pxor @tweak[0],$inout0 + pxor @tweak[0],$inout0 # intput^=tweak^round[0] movdqu `16*2`($inp),$inout2 pxor @tweak[1],$inout1 aesdec $rndkey1,$inout0 @@ -2150,7 +2313,7 @@ $code.=<<___; lea `16*6`($inp),$inp pxor $twmask,$inout5 - pxor $twres,@tweak[0] + pxor $twres,@tweak[0] # calclulate tweaks^round[last] aesdec $rndkey1,$inout4 pxor $twres,@tweak[1] movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^last round key @@ -2194,7 +2357,7 @@ $code.=<<___; $movkey -80($key,%rax),$rndkey0 jnz .Lxts_dec_loop6 - movdqa (%r8),$twmask + movdqa (%r8),$twmask # start calculating next tweak movdqa $twres,$twtmp paddd $twres,$twres aesdec $rndkey1,$inout0 @@ -2288,15 +2451,15 @@ $code.=<<___; aesdeclast `16*5`(%rsp),$inout5 pxor $twres,@tweak[5] - lea `16*6`($out),$out - movups $inout0,`-16*6`($out) # write output + lea `16*6`($out),$out # $out+=6*16 + movups $inout0,`-16*6`($out) # store 6 output blocks movups $inout1,`-16*5`($out) movups $inout2,`-16*4`($out) movups $inout3,`-16*3`($out) movups $inout4,`-16*2`($out) movups $inout5,`-16*1`($out) sub \$16*6,$len - jnc .Lxts_dec_grandloop + jnc .Lxts_dec_grandloop # loop if $len-=6*16 didn't borrow mov \$16+96,$rounds sub $rnds_,$rounds @@ -2304,31 +2467,32 @@ $code.=<<___; shr \$4,$rounds # restore original value .Lxts_dec_short: + # at the point @tweak[0..5] are populated with tweak values mov $rounds,$rnds_ # backup $rounds pxor $rndkey0,@tweak[0] pxor $rndkey0,@tweak[1] - add \$16*6,$len - jz .Lxts_dec_done + add \$16*6,$len # restore real remaining $len + jz .Lxts_dec_done # done if ($len==0) pxor $rndkey0,@tweak[2] cmp \$0x20,$len - jb .Lxts_dec_one + jb .Lxts_dec_one # $len is 1*16 pxor $rndkey0,@tweak[3] - je .Lxts_dec_two + je .Lxts_dec_two # $len is 2*16 pxor $rndkey0,@tweak[4] cmp \$0x40,$len - jb .Lxts_dec_three - je .Lxts_dec_four + jb .Lxts_dec_three # $len is 3*16 + je .Lxts_dec_four # $len is 4*16 - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # $len is 5*16 movdqu 16*1($inp),$inout1 movdqu 16*2($inp),$inout2 pxor @tweak[0],$inout0 movdqu 16*3($inp),$inout3 pxor @tweak[1],$inout1 movdqu 16*4($inp),$inout4 - lea 16*5($inp),$inp + lea 16*5($inp),$inp # $inp+=5*16 pxor @tweak[2],$inout2 pxor @tweak[3],$inout3 pxor @tweak[4],$inout4 @@ -2338,7 +2502,7 @@ $code.=<<___; xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 - movdqu $inout0,($out) + movdqu $inout0,($out) # store 5 output blocks xorps @tweak[3],$inout3 movdqu $inout1,16*1($out) xorps @tweak[4],$inout4 @@ -2347,7 +2511,7 @@ $code.=<<___; movdqu $inout3,16*3($out) pcmpgtd @tweak[5],$twtmp movdqu $inout4,16*4($out) - lea 16*5($out),$out + lea 16*5($out),$out # $out+=5*16 pshufd \$0x13,$twtmp,@tweak[1] # $twres and \$15,$len_ jz .Lxts_dec_ret @@ -2361,23 +2525,23 @@ $code.=<<___; .align 16 .Lxts_dec_one: movups ($inp),$inout0 - lea 16*1($inp),$inp + lea 16*1($inp),$inp # $inp+=1*16 xorps @tweak[0],$inout0 ___ &aesni_generate1("dec",$key,$rounds); $code.=<<___; xorps @tweak[0],$inout0 movdqa @tweak[1],@tweak[0] - movups $inout0,($out) + movups $inout0,($out) # store one output block movdqa @tweak[2],@tweak[1] - lea 16*1($out),$out + lea 16*1($out),$out # $out+=1*16 jmp .Lxts_dec_done .align 16 .Lxts_dec_two: movups ($inp),$inout0 movups 16($inp),$inout1 - lea 32($inp),$inp + lea 32($inp),$inp # $inp+=2*16 xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 @@ -2387,9 +2551,9 @@ $code.=<<___; movdqa @tweak[2],@tweak[0] xorps @tweak[1],$inout1 movdqa @tweak[3],@tweak[1] - movups $inout0,($out) + movups $inout0,($out) # store 2 output blocks movups $inout1,16*1($out) - lea 16*2($out),$out + lea 16*2($out),$out # $out+=2*16 jmp .Lxts_dec_done .align 16 @@ -2397,7 +2561,7 @@ $code.=<<___; movups ($inp),$inout0 movups 16*1($inp),$inout1 movups 16*2($inp),$inout2 - lea 16*3($inp),$inp + lea 16*3($inp),$inp # $inp+=3*16 xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 @@ -2409,10 +2573,10 @@ $code.=<<___; xorps @tweak[1],$inout1 movdqa @tweak[4],@tweak[1] xorps @tweak[2],$inout2 - movups $inout0,($out) + movups $inout0,($out) # store 3 output blocks movups $inout1,16*1($out) movups $inout2,16*2($out) - lea 16*3($out),$out + lea 16*3($out),$out # $out+=3*16 jmp .Lxts_dec_done .align 16 @@ -2422,7 +2586,7 @@ $code.=<<___; movups 16*2($inp),$inout2 xorps @tweak[0],$inout0 movups 16*3($inp),$inout3 - lea 16*4($inp),$inp + lea 16*4($inp),$inp # $inp+=4*16 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 xorps @tweak[3],$inout3 @@ -2434,17 +2598,17 @@ $code.=<<___; pxor @tweak[1],$inout1 movdqa @tweak[5],@tweak[1] pxor @tweak[2],$inout2 - movdqu $inout0,($out) + movdqu $inout0,($out) # store 4 output blocks pxor @tweak[3],$inout3 movdqu $inout1,16*1($out) movdqu $inout2,16*2($out) movdqu $inout3,16*3($out) - lea 16*4($out),$out + lea 16*4($out),$out # $out+=4*16 jmp .Lxts_dec_done .align 16 .Lxts_dec_done: - and \$15,$len_ + and \$15,$len_ # see if $len%16 is 0 jz .Lxts_dec_ret .Lxts_dec_done2: mov $len_,$len @@ -2482,18 +2646,60 @@ $code.=<<___; movups $inout0,($out) .Lxts_dec_ret: + xorps %xmm0,%xmm0 # clear register bank + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +$code.=<<___ if (!$win64); + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0x00(%rsp) # clear stack + pxor %xmm8,%xmm8 + movaps %xmm0,0x10(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,0x20(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,0x30(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,0x40(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,0x50(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,0x60(%rsp) + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 ___ $code.=<<___ if ($win64); movaps -0xa0(%rbp),%xmm6 + movaps %xmm0,-0xa0(%rbp) # clear stack movaps -0x90(%rbp),%xmm7 + movaps %xmm0,-0x90(%rbp) movaps -0x80(%rbp),%xmm8 + movaps %xmm0,-0x80(%rbp) movaps -0x70(%rbp),%xmm9 + movaps %xmm0,-0x70(%rbp) movaps -0x60(%rbp),%xmm10 + movaps %xmm0,-0x60(%rbp) movaps -0x50(%rbp),%xmm11 + movaps %xmm0,-0x50(%rbp) movaps -0x40(%rbp),%xmm12 + movaps %xmm0,-0x40(%rbp) movaps -0x30(%rbp),%xmm13 + movaps %xmm0,-0x30(%rbp) movaps -0x20(%rbp),%xmm14 + movaps %xmm0,-0x20(%rbp) movaps -0x10(%rbp),%xmm15 + movaps %xmm0,-0x10(%rbp) + movaps %xmm0,0x00(%rsp) + movaps %xmm0,0x10(%rsp) + movaps %xmm0,0x20(%rsp) + movaps %xmm0,0x30(%rsp) + movaps %xmm0,0x40(%rsp) + movaps %xmm0,0x50(%rsp) + movaps %xmm0,0x60(%rsp) ___ $code.=<<___; lea (%rbp),%rsp @@ -2548,7 +2754,11 @@ $code.=<<___; jnc .Lcbc_enc_loop add \$16,$len jnz .Lcbc_enc_tail + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 movups $inout0,($ivp) + pxor $inout0,$inout0 + pxor $inout1,$inout1 jmp .Lcbc_ret .Lcbc_enc_tail: @@ -2568,6 +2778,27 @@ $code.=<<___; #--------------------------- CBC DECRYPT ------------------------------# .align 16 .Lcbc_decrypt: + cmp \$16,$len + jne .Lcbc_decrypt_bulk + + # handle single block without allocating stack frame, + # useful in ciphertext stealing mode + movdqu ($inp),$inout0 # load input + movdqu ($ivp),$inout1 # load iv + movdqa $inout0,$inout2 # future iv +___ + &aesni_generate1("dec",$key,$rnds_); +$code.=<<___; + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 + movdqu $inout2,($ivp) # store iv + xorps $inout1,$inout0 # ^=iv + pxor $inout1,$inout1 + movups $inout0,($out) # store output + pxor $inout0,$inout0 + jmp .Lcbc_ret +.align 16 +.Lcbc_decrypt_bulk: lea (%rsp),%rax push %rbp sub \$$frame_size,%rsp @@ -2609,11 +2840,11 @@ $code.=<<___; cmp \$0x70,$len jbe .Lcbc_dec_six_or_seven - and \$`1<<26|1<<22`,%r9d # isolate XSAVE+MOVBE - sub \$0x50,$len + and \$`1<<26|1<<22`,%r9d # isolate XSAVE+MOVBE + sub \$0x50,$len # $len is biased by -5*16 cmp \$`1<<22`,%r9d # check for MOVBE without XSAVE - je .Lcbc_dec_loop6_enter - sub \$0x20,$len + je .Lcbc_dec_loop6_enter # [which denotes Atom Silvermont] + sub \$0x20,$len # $len is biased by -7*16 lea 0x70($key),$key # size optimization jmp .Lcbc_dec_loop8_enter .align 16 @@ -2740,7 +2971,7 @@ $code.=<<___; movaps $inout7,$inout0 lea -0x70($key),$key add \$0x70,$len - jle .Lcbc_dec_tail_collected + jle .Lcbc_dec_clear_tail_collected movups $inout7,($out) lea 0x10($out),$out cmp \$0x50,$len @@ -2759,14 +2990,19 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank pxor $in2,$inout3 movdqu $inout2,0x20($out) + pxor $inout2,$inout2 pxor $in3,$inout4 movdqu $inout3,0x30($out) + pxor $inout3,$inout3 pxor $in4,$inout5 movdqu $inout4,0x40($out) + pxor $inout4,$inout4 lea 0x50($out),$out movdqa $inout5,$inout0 + pxor $inout5,$inout5 jmp .Lcbc_dec_tail_collected .align 16 @@ -2781,16 +3017,23 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank pxor $in2,$inout3 movdqu $inout2,0x20($out) + pxor $inout2,$inout2 pxor $in3,$inout4 movdqu $inout3,0x30($out) + pxor $inout3,$inout3 pxor $in4,$inout5 movdqu $inout4,0x40($out) + pxor $inout4,$inout4 pxor $inout7,$inout6 movdqu $inout5,0x50($out) + pxor $inout5,$inout5 lea 0x60($out),$out movdqa $inout6,$inout0 + pxor $inout6,$inout6 + pxor $inout7,$inout7 jmp .Lcbc_dec_tail_collected .align 16 @@ -2834,31 +3077,31 @@ $code.=<<___; movdqa $inout5,$inout0 add \$0x50,$len - jle .Lcbc_dec_tail_collected + jle .Lcbc_dec_clear_tail_collected movups $inout5,($out) lea 0x10($out),$out .Lcbc_dec_tail: movups ($inp),$inout0 sub \$0x10,$len - jbe .Lcbc_dec_one + jbe .Lcbc_dec_one # $len is 1*16 or less movups 0x10($inp),$inout1 movaps $inout0,$in0 sub \$0x10,$len - jbe .Lcbc_dec_two + jbe .Lcbc_dec_two # $len is 2*16 or less movups 0x20($inp),$inout2 movaps $inout1,$in1 sub \$0x10,$len - jbe .Lcbc_dec_three + jbe .Lcbc_dec_three # $len is 3*16 or less movups 0x30($inp),$inout3 movaps $inout2,$in2 sub \$0x10,$len - jbe .Lcbc_dec_four + jbe .Lcbc_dec_four # $len is 4*16 or less - movups 0x40($inp),$inout4 + movups 0x40($inp),$inout4 # $len is 5*16 or less movaps $inout3,$in3 movaps $inout4,$in4 xorps $inout5,$inout5 @@ -2869,12 +3112,17 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank pxor $in2,$inout3 movdqu $inout2,0x20($out) + pxor $inout2,$inout2 pxor $in3,$inout4 movdqu $inout3,0x30($out) + pxor $inout3,$inout3 lea 0x40($out),$out movdqa $inout4,$inout0 + pxor $inout4,$inout4 + pxor $inout5,$inout5 sub \$0x10,$len jmp .Lcbc_dec_tail_collected @@ -2896,6 +3144,7 @@ $code.=<<___; pxor $in0,$inout1 movdqu $inout0,($out) movdqa $inout1,$inout0 + pxor $inout1,$inout1 # clear register bank lea 0x10($out),$out jmp .Lcbc_dec_tail_collected .align 16 @@ -2908,7 +3157,9 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank movdqa $inout2,$inout0 + pxor $inout2,$inout2 lea 0x20($out),$out jmp .Lcbc_dec_tail_collected .align 16 @@ -2921,41 +3172,71 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank pxor $in2,$inout3 movdqu $inout2,0x20($out) + pxor $inout2,$inout2 movdqa $inout3,$inout0 + pxor $inout3,$inout3 lea 0x30($out),$out jmp .Lcbc_dec_tail_collected .align 16 +.Lcbc_dec_clear_tail_collected: + pxor $inout1,$inout1 # clear register bank + pxor $inout2,$inout2 + pxor $inout3,$inout3 +___ +$code.=<<___ if (!$win64); + pxor $inout4,$inout4 # %xmm6..9 + pxor $inout5,$inout5 + pxor $inout6,$inout6 + pxor $inout7,$inout7 +___ +$code.=<<___; .Lcbc_dec_tail_collected: movups $iv,($ivp) and \$15,$len jnz .Lcbc_dec_tail_partial movups $inout0,($out) + pxor $inout0,$inout0 jmp .Lcbc_dec_ret .align 16 .Lcbc_dec_tail_partial: movaps $inout0,(%rsp) + pxor $inout0,$inout0 mov \$16,%rcx mov $out,%rdi sub $len,%rcx lea (%rsp),%rsi - .long 0x9066A4F3 # rep movsb + .long 0x9066A4F3 # rep movsb + movdqa $inout0,(%rsp) .Lcbc_dec_ret: + xorps $rndkey0,$rndkey0 # %xmm0 + pxor $rndkey1,$rndkey1 ___ $code.=<<___ if ($win64); movaps 0x10(%rsp),%xmm6 + movaps %xmm0,0x10(%rsp) # clear stack movaps 0x20(%rsp),%xmm7 + movaps %xmm0,0x20(%rsp) movaps 0x30(%rsp),%xmm8 + movaps %xmm0,0x30(%rsp) movaps 0x40(%rsp),%xmm9 + movaps %xmm0,0x40(%rsp) movaps 0x50(%rsp),%xmm10 + movaps %xmm0,0x50(%rsp) movaps 0x60(%rsp),%xmm11 + movaps %xmm0,0x60(%rsp) movaps 0x70(%rsp),%xmm12 + movaps %xmm0,0x70(%rsp) movaps 0x80(%rsp),%xmm13 + movaps %xmm0,0x80(%rsp) movaps 0x90(%rsp),%xmm14 + movaps %xmm0,0x90(%rsp) movaps 0xa0(%rsp),%xmm15 + movaps %xmm0,0xa0(%rsp) ___ $code.=<<___; lea (%rbp),%rsp @@ -2965,8 +3246,15 @@ $code.=<<___; .size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt ___ } -# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey, +# int ${PREFIX}_set_decrypt_key(const unsigned char *inp, # int bits, AES_KEY *key) +# +# input: $inp user-supplied key +# $bits $inp length in bits +# $key pointer to key schedule +# output: %eax 0 denoting success, -1 or -2 - failure (see C) +# *$key key schedule +# { my ($inp,$bits,$key) = @_4args; $bits =~ s/%r/%e/; @@ -3003,7 +3291,9 @@ ${PREFIX}_set_decrypt_key: $movkey ($key),%xmm0 # inverse middle aesimc %xmm0,%xmm0 + pxor %xmm1,%xmm1 $movkey %xmm0,($inp) + pxor %xmm0,%xmm0 .Ldec_key_ret: add \$8,%rsp ret @@ -3020,6 +3310,22 @@ ___ # Agressively optimized in respect to aeskeygenassist's critical path # and is contained in %xmm0-5 to meet Win64 ABI requirement. # +# int ${PREFIX}_set_encrypt_key(const unsigned char *inp, +# int bits, AES_KEY * const key); +# +# input: $inp user-supplied key +# $bits $inp length in bits +# $key pointer to key schedule +# output: %eax 0 denoting success, -1 or -2 - failure (see C) +# $bits rounds-1 (used in aesni_set_decrypt_key) +# *$key key schedule +# $key pointer to key schedule (used in +# aesni_set_decrypt_key) +# +# Subroutine is frame-less, which means that only volatile registers +# are used. Note that it's declared "abi-omnipotent", which means that +# amount of volatile registers is smaller on Windows. +# $code.=<<___; .globl ${PREFIX}_set_encrypt_key .type ${PREFIX}_set_encrypt_key,\@abi-omnipotent @@ -3033,9 +3339,11 @@ __aesni_set_encrypt_key: test $key,$key jz .Lenc_key_ret + mov \$`1<<28|1<<11`,%r10d # AVX and XOP bits movups ($inp),%xmm0 # pull first 128 bits of *userKey xorps %xmm4,%xmm4 # low dword of xmm4 is assumed 0 - lea 16($key),%rax + and OPENSSL_ia32cap_P+4(%rip),%r10d + lea 16($key),%rax # %rax is used as modifiable copy of $key cmp \$256,$bits je .L14rounds cmp \$192,$bits @@ -3045,6 +3353,9 @@ __aesni_set_encrypt_key: .L10rounds: mov \$9,$bits # 10 rounds for 128-bit key + cmp \$`1<<28`,%r10d # AVX, bit no XOP + je .L10rounds_alt + $movkey %xmm0,($key) # round 0 aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1 call .Lkey_expansion_128_cold @@ -3071,10 +3382,80 @@ __aesni_set_encrypt_key: xor %eax,%eax jmp .Lenc_key_ret +.align 16 +.L10rounds_alt: + movdqa .Lkey_rotate(%rip),%xmm5 + mov \$8,%r10d + movdqa .Lkey_rcon1(%rip),%xmm4 + movdqa %xmm0,%xmm2 + movdqu %xmm0,($key) + jmp .Loop_key128 + +.align 16 +.Loop_key128: + pshufb %xmm5,%xmm0 + aesenclast %xmm4,%xmm0 + pslld \$1,%xmm4 + lea 16(%rax),%rax + + movdqa %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,-16(%rax) + movdqa %xmm0,%xmm2 + + dec %r10d + jnz .Loop_key128 + + movdqa .Lkey_rcon1b(%rip),%xmm4 + + pshufb %xmm5,%xmm0 + aesenclast %xmm4,%xmm0 + pslld \$1,%xmm4 + + movdqa %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,(%rax) + + movdqa %xmm0,%xmm2 + pshufb %xmm5,%xmm0 + aesenclast %xmm4,%xmm0 + + movdqa %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,16(%rax) + + mov $bits,96(%rax) # 240($key) + xor %eax,%eax + jmp .Lenc_key_ret + .align 16 .L12rounds: movq 16($inp),%xmm2 # remaining 1/3 of *userKey mov \$11,$bits # 12 rounds for 192 + cmp \$`1<<28`,%r10d # AVX, but no XOP + je .L12rounds_alt + $movkey %xmm0,($key) # round 0 aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2 call .Lkey_expansion_192a_cold @@ -3097,11 +3478,55 @@ __aesni_set_encrypt_key: xor %rax, %rax jmp .Lenc_key_ret +.align 16 +.L12rounds_alt: + movdqa .Lkey_rotate192(%rip),%xmm5 + movdqa .Lkey_rcon1(%rip),%xmm4 + mov \$8,%r10d + movdqu %xmm0,($key) + jmp .Loop_key192 + +.align 16 +.Loop_key192: + movq %xmm2,0(%rax) + movdqa %xmm2,%xmm1 + pshufb %xmm5,%xmm2 + aesenclast %xmm4,%xmm2 + pslld \$1, %xmm4 + lea 24(%rax),%rax + + movdqa %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm3,%xmm0 + + pshufd \$0xff,%xmm0,%xmm3 + pxor %xmm1,%xmm3 + pslldq \$4,%xmm1 + pxor %xmm1,%xmm3 + + pxor %xmm2,%xmm0 + pxor %xmm3,%xmm2 + movdqu %xmm0,-16(%rax) + + dec %r10d + jnz .Loop_key192 + + mov $bits,32(%rax) # 240($key) + xor %eax,%eax + jmp .Lenc_key_ret + .align 16 .L14rounds: movups 16($inp),%xmm2 # remaning half of *userKey mov \$13,$bits # 14 rounds for 256 lea 16(%rax),%rax + cmp \$`1<<28`,%r10d # AVX, but no XOP + je .L14rounds_alt + $movkey %xmm0,($key) # round 0 $movkey %xmm2,16($key) # round 1 aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2 @@ -3135,10 +3560,70 @@ __aesni_set_encrypt_key: xor %rax,%rax jmp .Lenc_key_ret +.align 16 +.L14rounds_alt: + movdqa .Lkey_rotate(%rip),%xmm5 + movdqa .Lkey_rcon1(%rip),%xmm4 + mov \$7,%r10d + movdqu %xmm0,0($key) + movdqa %xmm2,%xmm1 + movdqu %xmm2,16($key) + jmp .Loop_key256 + +.align 16 +.Loop_key256: + pshufb %xmm5,%xmm2 + aesenclast %xmm4,%xmm2 + + movdqa %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm3,%xmm0 + pslld \$1,%xmm4 + + pxor %xmm2,%xmm0 + movdqu %xmm0,(%rax) + + dec %r10d + jz .Ldone_key256 + + pshufd \$0xff,%xmm0,%xmm2 + pxor %xmm3,%xmm3 + aesenclast %xmm3,%xmm2 + + movdqa %xmm1,%xmm3 + pslldq \$4,%xmm1 + pxor %xmm1,%xmm3 + pslldq \$4,%xmm1 + pxor %xmm1,%xmm3 + pslldq \$4,%xmm1 + pxor %xmm3,%xmm1 + + pxor %xmm1,%xmm2 + movdqu %xmm2,16(%rax) + lea 32(%rax),%rax + movdqa %xmm2,%xmm1 + + jmp .Loop_key256 + +.Ldone_key256: + mov $bits,16(%rax) # 240($key) + xor %eax,%eax + jmp .Lenc_key_ret + .align 16 .Lbad_keybits: mov \$-2,%rax .Lenc_key_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 add \$8,%rsp ret .LSEH_end_set_encrypt_key: @@ -3228,6 +3713,14 @@ $code.=<<___; .long 0x87,0,1,0 .Lincrement1: .byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 +.Lkey_rotate: + .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d +.Lkey_rotate192: + .long 0x04070605,0x04070605,0x04070605,0x04070605 +.Lkey_rcon1: + .long 1,1,1,1 +.Lkey_rcon1b: + .long 0x1b,0x1b,0x1b,0x1b .asciz "AES for Intel AES-NI, CRYPTOGAMS by " .align 64 @@ -3345,7 +3838,7 @@ cbc_se_handler: mov 152($context),%rax # pull context->Rsp mov 248($context),%rbx # pull context->Rip - lea .Lcbc_decrypt(%rip),%r10 + lea .Lcbc_decrypt_bulk(%rip),%r10 cmp %r10,%rbx # context->Rip<"prologue" label jb .Lcommon_seh_tail diff --git a/openssl/crypto/aes/asm/aesv8-armx.pl b/openssl/crypto/aes/asm/aesv8-armx.pl index 1e93f8685..95ebae3be 100755 --- a/openssl/crypto/aes/asm/aesv8-armx.pl +++ b/openssl/crypto/aes/asm/aesv8-armx.pl @@ -24,8 +24,12 @@ # # CBC enc CBC dec CTR # Apple A7 2.39 1.20 1.20 -# Cortex-A53 2.45 1.87 1.94 -# Cortex-A57 3.64 1.34 1.32 +# Cortex-A53 1.32 1.29 1.46 +# Cortex-A57(*) 1.95 0.85 0.93 +# Denver 1.96 0.86 0.80 +# +# (*) original 3.64/1.34/1.32 results were for r0p0 revision +# and are still same even for updated module; $flavour = shift; open STDOUT,">".shift; @@ -308,17 +312,17 @@ ${prefix}_${dir}crypt: .Loop_${dir}c: aes$e $inout,$rndkey0 - vld1.32 {$rndkey0},[$key],#16 aes$mc $inout,$inout + vld1.32 {$rndkey0},[$key],#16 subs $rounds,$rounds,#2 aes$e $inout,$rndkey1 - vld1.32 {$rndkey1},[$key],#16 aes$mc $inout,$inout + vld1.32 {$rndkey1},[$key],#16 b.gt .Loop_${dir}c aes$e $inout,$rndkey0 - vld1.32 {$rndkey0},[$key] aes$mc $inout,$inout + vld1.32 {$rndkey0},[$key] aes$e $inout,$rndkey1 veor $inout,$inout,$rndkey0 @@ -336,6 +340,7 @@ my ($rounds,$cnt,$key_,$step,$step1)=($enc,"w6","x7","x8","x12"); my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7)); my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1); +my ($key4,$key5,$key6,$key7)=("x6","x12","x14",$key); ### q8-q15 preloaded key schedule @@ -385,16 +390,42 @@ $code.=<<___; veor $rndzero_n_last,q8,$rndlast b.eq .Lcbc_enc128 + vld1.32 {$in0-$in1},[$key_] + add $key_,$key,#16 + add $key4,$key,#16*4 + add $key5,$key,#16*5 + aese $dat,q8 + aesmc $dat,$dat + add $key6,$key,#16*6 + add $key7,$key,#16*7 + b .Lenter_cbc_enc + +.align 4 .Loop_cbc_enc: aese $dat,q8 - vld1.32 {q8},[$key_],#16 aesmc $dat,$dat - subs $cnt,$cnt,#2 + vst1.8 {$ivec},[$out],#16 +.Lenter_cbc_enc: aese $dat,q9 - vld1.32 {q9},[$key_],#16 aesmc $dat,$dat - b.gt .Loop_cbc_enc + aese $dat,$in0 + aesmc $dat,$dat + vld1.32 {q8},[$key4] + cmp $rounds,#4 + aese $dat,$in1 + aesmc $dat,$dat + vld1.32 {q9},[$key5] + b.eq .Lcbc_enc192 + + aese $dat,q8 + aesmc $dat,$dat + vld1.32 {q8},[$key6] + aese $dat,q9 + aesmc $dat,$dat + vld1.32 {q9},[$key7] + nop +.Lcbc_enc192: aese $dat,q8 aesmc $dat,$dat subs $len,$len,#16 @@ -403,7 +434,6 @@ $code.=<<___; cclr $step,eq aese $dat,q10 aesmc $dat,$dat - add $key_,$key,#16 aese $dat,q11 aesmc $dat,$dat vld1.8 {q8},[$inp],$step @@ -412,16 +442,14 @@ $code.=<<___; veor q8,q8,$rndzero_n_last aese $dat,q13 aesmc $dat,$dat - vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + vld1.32 {q9},[$key_] // re-pre-load rndkey[1] aese $dat,q14 aesmc $dat,$dat aese $dat,q15 - - mov $cnt,$rounds veor $ivec,$dat,$rndlast - vst1.8 {$ivec},[$out],#16 b.hs .Loop_cbc_enc + vst1.8 {$ivec},[$out],#16 b .Lcbc_done .align 5 @@ -483,79 +511,78 @@ $code.=<<___; .Loop3x_cbc_dec: aesd $dat0,q8 - aesd $dat1,q8 - aesd $dat2,q8 - vld1.32 {q8},[$key_],#16 aesimc $dat0,$dat0 + aesd $dat1,q8 aesimc $dat1,$dat1 + aesd $dat2,q8 aesimc $dat2,$dat2 + vld1.32 {q8},[$key_],#16 subs $cnt,$cnt,#2 aesd $dat0,q9 - aesd $dat1,q9 - aesd $dat2,q9 - vld1.32 {q9},[$key_],#16 aesimc $dat0,$dat0 + aesd $dat1,q9 aesimc $dat1,$dat1 + aesd $dat2,q9 aesimc $dat2,$dat2 + vld1.32 {q9},[$key_],#16 b.gt .Loop3x_cbc_dec aesd $dat0,q8 - aesd $dat1,q8 - aesd $dat2,q8 - veor $tmp0,$ivec,$rndlast aesimc $dat0,$dat0 + aesd $dat1,q8 aesimc $dat1,$dat1 + aesd $dat2,q8 aesimc $dat2,$dat2 + veor $tmp0,$ivec,$rndlast + subs $len,$len,#0x30 veor $tmp1,$in0,$rndlast + mov.lo x6,$len // x6, $cnt, is zero at this point aesd $dat0,q9 - aesd $dat1,q9 - aesd $dat2,q9 - veor $tmp2,$in1,$rndlast - subs $len,$len,#0x30 aesimc $dat0,$dat0 + aesd $dat1,q9 aesimc $dat1,$dat1 + aesd $dat2,q9 aesimc $dat2,$dat2 - vorr $ivec,$in2,$in2 - mov.lo x6,$len // x6, $cnt, is zero at this point - aesd $dat0,q12 - aesd $dat1,q12 - aesd $dat2,q12 + veor $tmp2,$in1,$rndlast add $inp,$inp,x6 // $inp is adjusted in such way that // at exit from the loop $dat1-$dat2 // are loaded with last "words" + vorr $ivec,$in2,$in2 + mov $key_,$key + aesd $dat0,q12 aesimc $dat0,$dat0 + aesd $dat1,q12 aesimc $dat1,$dat1 + aesd $dat2,q12 aesimc $dat2,$dat2 - mov $key_,$key - aesd $dat0,q13 - aesd $dat1,q13 - aesd $dat2,q13 vld1.8 {$in0},[$inp],#16 + aesd $dat0,q13 aesimc $dat0,$dat0 + aesd $dat1,q13 aesimc $dat1,$dat1 + aesd $dat2,q13 aesimc $dat2,$dat2 vld1.8 {$in1},[$inp],#16 aesd $dat0,q14 - aesd $dat1,q14 - aesd $dat2,q14 - vld1.8 {$in2},[$inp],#16 aesimc $dat0,$dat0 + aesd $dat1,q14 aesimc $dat1,$dat1 + aesd $dat2,q14 aesimc $dat2,$dat2 - vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + vld1.8 {$in2},[$inp],#16 aesd $dat0,q15 aesd $dat1,q15 aesd $dat2,q15 - + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] add $cnt,$rounds,#2 veor $tmp0,$tmp0,$dat0 veor $tmp1,$tmp1,$dat1 veor $dat2,$dat2,$tmp2 vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] - vorr $dat0,$in0,$in0 vst1.8 {$tmp0},[$out],#16 - vorr $dat1,$in1,$in1 + vorr $dat0,$in0,$in0 vst1.8 {$tmp1},[$out],#16 + vorr $dat1,$in1,$in1 vst1.8 {$dat2},[$out],#16 vorr $dat2,$in2,$in2 b.hs .Loop3x_cbc_dec @@ -566,39 +593,39 @@ $code.=<<___; .Lcbc_dec_tail: aesd $dat1,q8 - aesd $dat2,q8 - vld1.32 {q8},[$key_],#16 aesimc $dat1,$dat1 + aesd $dat2,q8 aesimc $dat2,$dat2 + vld1.32 {q8},[$key_],#16 subs $cnt,$cnt,#2 aesd $dat1,q9 - aesd $dat2,q9 - vld1.32 {q9},[$key_],#16 aesimc $dat1,$dat1 + aesd $dat2,q9 aesimc $dat2,$dat2 + vld1.32 {q9},[$key_],#16 b.gt .Lcbc_dec_tail aesd $dat1,q8 - aesd $dat2,q8 aesimc $dat1,$dat1 + aesd $dat2,q8 aesimc $dat2,$dat2 aesd $dat1,q9 - aesd $dat2,q9 aesimc $dat1,$dat1 + aesd $dat2,q9 aesimc $dat2,$dat2 aesd $dat1,q12 - aesd $dat2,q12 aesimc $dat1,$dat1 + aesd $dat2,q12 aesimc $dat2,$dat2 cmn $len,#0x20 aesd $dat1,q13 - aesd $dat2,q13 aesimc $dat1,$dat1 + aesd $dat2,q13 aesimc $dat2,$dat2 veor $tmp1,$ivec,$rndlast aesd $dat1,q14 - aesd $dat2,q14 aesimc $dat1,$dat1 + aesd $dat2,q14 aesimc $dat2,$dat2 veor $tmp2,$in1,$rndlast aesd $dat1,q15 @@ -699,70 +726,69 @@ $code.=<<___; .align 4 .Loop3x_ctr32: aese $dat0,q8 - aese $dat1,q8 - aese $dat2,q8 - vld1.32 {q8},[$key_],#16 aesmc $dat0,$dat0 + aese $dat1,q8 aesmc $dat1,$dat1 + aese $dat2,q8 aesmc $dat2,$dat2 + vld1.32 {q8},[$key_],#16 subs $cnt,$cnt,#2 aese $dat0,q9 - aese $dat1,q9 - aese $dat2,q9 - vld1.32 {q9},[$key_],#16 aesmc $dat0,$dat0 + aese $dat1,q9 aesmc $dat1,$dat1 + aese $dat2,q9 aesmc $dat2,$dat2 + vld1.32 {q9},[$key_],#16 b.gt .Loop3x_ctr32 aese $dat0,q8 - aese $dat1,q8 - aese $dat2,q8 - mov $key_,$key aesmc $tmp0,$dat0 - vld1.8 {$in0},[$inp],#16 + aese $dat1,q8 aesmc $tmp1,$dat1 - aesmc $dat2,$dat2 + vld1.8 {$in0},[$inp],#16 vorr $dat0,$ivec,$ivec - aese $tmp0,q9 + aese $dat2,q8 + aesmc $dat2,$dat2 vld1.8 {$in1},[$inp],#16 - aese $tmp1,q9 - aese $dat2,q9 vorr $dat1,$ivec,$ivec + aese $tmp0,q9 aesmc $tmp0,$tmp0 - vld1.8 {$in2},[$inp],#16 + aese $tmp1,q9 aesmc $tmp1,$tmp1 + vld1.8 {$in2},[$inp],#16 + mov $key_,$key + aese $dat2,q9 aesmc $tmp2,$dat2 vorr $dat2,$ivec,$ivec add $tctr0,$ctr,#1 aese $tmp0,q12 + aesmc $tmp0,$tmp0 aese $tmp1,q12 - aese $tmp2,q12 + aesmc $tmp1,$tmp1 veor $in0,$in0,$rndlast add $tctr1,$ctr,#2 - aesmc $tmp0,$tmp0 - aesmc $tmp1,$tmp1 + aese $tmp2,q12 aesmc $tmp2,$tmp2 veor $in1,$in1,$rndlast add $ctr,$ctr,#3 aese $tmp0,q13 + aesmc $tmp0,$tmp0 aese $tmp1,q13 - aese $tmp2,q13 + aesmc $tmp1,$tmp1 veor $in2,$in2,$rndlast rev $tctr0,$tctr0 - aesmc $tmp0,$tmp0 - vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] - aesmc $tmp1,$tmp1 + aese $tmp2,q13 aesmc $tmp2,$tmp2 vmov.32 ${dat0}[3], $tctr0 rev $tctr1,$tctr1 aese $tmp0,q14 + aesmc $tmp0,$tmp0 aese $tmp1,q14 - aese $tmp2,q14 + aesmc $tmp1,$tmp1 vmov.32 ${dat1}[3], $tctr1 rev $tctr2,$ctr - aesmc $tmp0,$tmp0 - aesmc $tmp1,$tmp1 + aese $tmp2,q14 aesmc $tmp2,$tmp2 vmov.32 ${dat2}[3], $tctr2 subs $len,$len,#3 @@ -770,13 +796,14 @@ $code.=<<___; aese $tmp1,q15 aese $tmp2,q15 - mov $cnt,$rounds veor $in0,$in0,$tmp0 + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + vst1.8 {$in0},[$out],#16 veor $in1,$in1,$tmp1 + mov $cnt,$rounds + vst1.8 {$in1},[$out],#16 veor $in2,$in2,$tmp2 vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] - vst1.8 {$in0},[$out],#16 - vst1.8 {$in1},[$out],#16 vst1.8 {$in2},[$out],#16 b.hs .Loop3x_ctr32 @@ -788,40 +815,40 @@ $code.=<<___; .Lctr32_tail: aese $dat0,q8 - aese $dat1,q8 - vld1.32 {q8},[$key_],#16 aesmc $dat0,$dat0 + aese $dat1,q8 aesmc $dat1,$dat1 + vld1.32 {q8},[$key_],#16 subs $cnt,$cnt,#2 aese $dat0,q9 - aese $dat1,q9 - vld1.32 {q9},[$key_],#16 aesmc $dat0,$dat0 + aese $dat1,q9 aesmc $dat1,$dat1 + vld1.32 {q9},[$key_],#16 b.gt .Lctr32_tail aese $dat0,q8 - aese $dat1,q8 aesmc $dat0,$dat0 + aese $dat1,q8 aesmc $dat1,$dat1 aese $dat0,q9 - aese $dat1,q9 aesmc $dat0,$dat0 + aese $dat1,q9 aesmc $dat1,$dat1 vld1.8 {$in0},[$inp],$step aese $dat0,q12 - aese $dat1,q12 - vld1.8 {$in1},[$inp] aesmc $dat0,$dat0 + aese $dat1,q12 aesmc $dat1,$dat1 + vld1.8 {$in1},[$inp] aese $dat0,q13 - aese $dat1,q13 aesmc $dat0,$dat0 + aese $dat1,q13 aesmc $dat1,$dat1 - aese $dat0,q14 - aese $dat1,q14 veor $in0,$in0,$rndlast + aese $dat0,q14 aesmc $dat0,$dat0 + aese $dat1,q14 aesmc $dat1,$dat1 veor $in1,$in1,$rndlast aese $dat0,q15 diff --git a/openssl/crypto/asn1/Makefile b/openssl/crypto/asn1/Makefile index 2e2a09739..330fe81b7 100644 --- a/openssl/crypto/asn1/Makefile +++ b/openssl/crypto/asn1/Makefile @@ -93,6 +93,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/asn1/a_int.c b/openssl/crypto/asn1/a_int.c index 70c2b8e62..7e26704a5 100644 --- a/openssl/crypto/asn1/a_int.c +++ b/openssl/crypto/asn1/a_int.c @@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) else { ret = a->length; i = a->data[0]; + if (ret == 1 && i == 0) + neg = 0; if (!neg && (i > 127)) { pad = 1; pb = 0; @@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) p += a->length - 1; i = a->length; /* Copy zeros to destination as long as source is zero */ - while (!*n) { + while (!*n && i > 1) { *(p--) = 0; n--; i--; @@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); goto err; } - if (BN_is_negative(bn)) + if (BN_is_negative(bn) && !BN_is_zero(bn)) ret->type = V_ASN1_NEG_INTEGER; else ret->type = V_ASN1_INTEGER; diff --git a/openssl/crypto/asn1/ameth_lib.c b/openssl/crypto/asn1/ameth_lib.c index 02300dfed..5389c0434 100644 --- a/openssl/crypto/asn1/ameth_lib.c +++ b/openssl/crypto/asn1/ameth_lib.c @@ -464,3 +464,21 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, { ameth->pkey_ctrl = pkey_ctrl; } + +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)) +{ + ameth->item_sign = item_sign; + ameth->item_verify = item_verify; +} diff --git a/openssl/crypto/asn1/asn1_gen.c b/openssl/crypto/asn1/asn1_gen.c index 11b582dd3..65749239b 100644 --- a/openssl/crypto/asn1/asn1_gen.c +++ b/openssl/crypto/asn1/asn1_gen.c @@ -74,6 +74,8 @@ #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} #define ASN1_FLAG_EXP_MAX 20 +/* Maximum number of nested sequences */ +#define ASN1_GEN_SEQ_MAX_DEPTH 50 /* Input formats */ @@ -110,13 +112,16 @@ typedef struct { int exp_count; } tag_exp_arg; +static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, + int *perr); static int bitstr_cb(const char *elem, int len, void *bitstr); static int asn1_cb(const char *elem, int len, void *bitstr); static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok); static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass); -static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); +static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, + int depth, int *perr); static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); static int asn1_str2tag(const char *tagstr, int len); @@ -132,6 +137,16 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) } ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) +{ + int err = 0; + ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); + if (err) + ASN1err(ASN1_F_ASN1_GENERATE_V3, err); + return ret; +} + +static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, + int *perr) { ASN1_TYPE *ret; tag_exp_arg asn1_tags; @@ -152,17 +167,22 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) asn1_tags.imp_class = -1; asn1_tags.format = ASN1_GEN_FORMAT_ASCII; asn1_tags.exp_count = 0; - if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) + if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) { + *perr = ASN1_R_UNKNOWN_TAG; return NULL; + } if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET)) { if (!cnf) { - ASN1err(ASN1_F_ASN1_GENERATE_V3, - ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); + *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG; return NULL; } - ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); + if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) { + *perr = ASN1_R_ILLEGAL_NESTED_TAGGING; + return NULL; + } + ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr); } else ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); @@ -280,7 +300,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) int tmp_tag, tmp_class; if (elem == NULL) - return 0; + return -1; for (i = 0, p = elem; i < len; p++, i++) { /* Look for the ':' in name value pairs */ @@ -353,7 +373,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) break; case ASN1_GEN_FLAG_FORMAT: - if(!vstart) { + if (!vstart) { ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); return -1; } @@ -435,7 +455,8 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) /* Handle multiple types: SET and SEQUENCE */ -static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) +static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, + int depth, int *perr) { ASN1_TYPE *ret = NULL; STACK_OF(ASN1_TYPE) *sk = NULL; @@ -454,7 +475,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) goto bad; for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { ASN1_TYPE *typ = - ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); + generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, + depth + 1, perr); if (!typ) goto bad; if (!sk_ASN1_TYPE_push(sk, typ)) diff --git a/openssl/crypto/asn1/asn_mime.c b/openssl/crypto/asn1/asn_mime.c index 7e2f28e6d..96110c540 100644 --- a/openssl/crypto/asn1/asn_mime.c +++ b/openssl/crypto/asn1/asn_mime.c @@ -289,7 +289,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, if ((flags & SMIME_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ - RAND_pseudo_bytes((unsigned char *)bound, 32); + if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0) + return 0; for (i = 0; i < 32; i++) { c = bound[i] & 0xf; if (c < 10) diff --git a/openssl/crypto/asn1/bio_ndef.c b/openssl/crypto/asn1/bio_ndef.c index 4a73ca9ea..31949b879 100644 --- a/openssl/crypto/asn1/bio_ndef.c +++ b/openssl/crypto/asn1/bio_ndef.c @@ -162,7 +162,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); - if(!p) + if (!p) return 0; ndef_aux->derbuf = p; @@ -232,7 +232,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); - if(!p) + if (!p) return 0; ndef_aux->derbuf = p; diff --git a/openssl/crypto/asn1/tasn_new.c b/openssl/crypto/asn1/tasn_new.c index 7d2964f02..b0c73beeb 100644 --- a/openssl/crypto/asn1/tasn_new.c +++ b/openssl/crypto/asn1/tasn_new.c @@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, else asn1_cb = 0; - if (!combine) - *pval = NULL; - #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_push_info(it->sname); diff --git a/openssl/crypto/asn1/tasn_prn.c b/openssl/crypto/asn1/tasn_prn.c index 7c54f9d1d..5e7d53e98 100644 --- a/openssl/crypto/asn1/tasn_prn.c +++ b/openssl/crypto/asn1/tasn_prn.c @@ -290,7 +290,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; seqtt = asn1_do_adb(fld, tt, 1); - if(!seqtt) + if (!seqtt) return 0; tmpfld = asn1_get_field_ptr(fld, seqtt); if (!asn1_template_print_ctx(out, tmpfld, diff --git a/openssl/crypto/asn1/x_x509.c b/openssl/crypto/asn1/x_x509.c index 55319acf9..5f266a26b 100644 --- a/openssl/crypto/asn1/x_x509.c +++ b/openssl/crypto/asn1/x_x509.c @@ -177,7 +177,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) /* Save start position */ q = *pp; - if(!a || *a == NULL) { + if (!a || *a == NULL) { freeret = 1; } ret = d2i_X509(a, pp, length); @@ -192,7 +192,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) goto err; return ret; err: - if(freeret) { + if (freeret) { X509_free(ret); if (a) *a = NULL; diff --git a/openssl/crypto/bf/Makefile b/openssl/crypto/bf/Makefile index d01bfaa31..6dd201553 100644 --- a/openssl/crypto/bf/Makefile +++ b/openssl/crypto/bf/Makefile @@ -72,6 +72,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/bio/Makefile b/openssl/crypto/bio/Makefile index c395d8049..ef526f6be 100644 --- a/openssl/crypto/bio/Makefile +++ b/openssl/crypto/bio/Makefile @@ -73,6 +73,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/bio/b_print.c b/openssl/crypto/bio/b_print.c index c2cf6e619..7c81e25d4 100644 --- a/openssl/crypto/bio/b_print.c +++ b/openssl/crypto/bio/b_print.c @@ -704,32 +704,29 @@ doapr_outch(char **sbuffer, /* If we haven't at least one buffer, someone has doe a big booboo */ assert(*sbuffer != NULL || buffer != NULL); - if (buffer) { - while (*currlen >= *maxlen) { - if (*buffer == NULL) { - if (*maxlen == 0) - *maxlen = 1024; - *buffer = OPENSSL_malloc(*maxlen); - if(!*buffer) { - /* Panic! Can't really do anything sensible. Just return */ - return; - } - if (*currlen > 0) { - assert(*sbuffer != NULL); - memcpy(*buffer, *sbuffer, *currlen); - } - *sbuffer = NULL; - } else { - *maxlen += 1024; - *buffer = OPENSSL_realloc(*buffer, *maxlen); - if(!*buffer) { - /* Panic! Can't really do anything sensible. Just return */ - return; - } + /* |currlen| must always be <= |*maxlen| */ + assert(*currlen <= *maxlen); + + if (buffer && *currlen == *maxlen) { + *maxlen += 1024; + if (*buffer == NULL) { + *buffer = OPENSSL_malloc(*maxlen); + if (!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } + if (*currlen > 0) { + assert(*sbuffer != NULL); + memcpy(*buffer, *sbuffer, *currlen); + } + *sbuffer = NULL; + } else { + *buffer = OPENSSL_realloc(*buffer, *maxlen); + if (!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; } } - /* What to do if *buffer is NULL? */ - assert(*sbuffer != NULL || *buffer != NULL); } if (*currlen < *maxlen) { diff --git a/openssl/crypto/bio/bf_nbio.c b/openssl/crypto/bio/bf_nbio.c index da88a8a1b..a04f32a00 100644 --- a/openssl/crypto/bio/bf_nbio.c +++ b/openssl/crypto/bio/bf_nbio.c @@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl) BIO_clear_retry_flags(b); #if 1 - RAND_pseudo_bytes(&n, 1); + if (RAND_pseudo_bytes(&n, 1) < 0) + return -1; num = (n & 0x07); if (outl > num) @@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl) num = nt->lwn; nt->lwn = 0; } else { - RAND_pseudo_bytes(&n, 1); + if (RAND_pseudo_bytes(&n, 1) < 0) + return -1; num = (n & 7); } diff --git a/openssl/crypto/bio/bio_lib.c b/openssl/crypto/bio/bio_lib.c index 5267010cb..07934f8a6 100644 --- a/openssl/crypto/bio/bio_lib.c +++ b/openssl/crypto/bio/bio_lib.c @@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in) /* copy app data */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, - &bio->ex_data)) + &bio->ex_data)) { + BIO_free(new_bio); goto err; + } if (ret == NULL) { eoc = new_bio; @@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in) } return (ret); err: - if (ret != NULL) - BIO_free(ret); + BIO_free_all(ret); + return (NULL); } diff --git a/openssl/crypto/bio/bss_dgram.c b/openssl/crypto/bio/bss_dgram.c index 388d90d02..7fcd831da 100644 --- a/openssl/crypto/bio/bss_dgram.c +++ b/openssl/crypto/bio/bss_dgram.c @@ -303,16 +303,17 @@ static void dgram_adjust_rcv_timeout(BIO *b) /* Calculate time left until timer expires */ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); - timeleft.tv_sec -= timenow.tv_sec; - timeleft.tv_usec -= timenow.tv_usec; - if (timeleft.tv_usec < 0) { + if (timeleft.tv_usec < timenow.tv_usec) { + timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec; timeleft.tv_sec--; - timeleft.tv_usec += 1000000; + } else { + timeleft.tv_usec -= timenow.tv_usec; } - - if (timeleft.tv_sec < 0) { + if (timeleft.tv_sec < timenow.tv_sec) { timeleft.tv_sec = 0; timeleft.tv_usec = 1; + } else { + timeleft.tv_sec -= timenow.tv_sec; } /* @@ -896,7 +897,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) perror("setsockopt"); ret = -1; } -# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTUDISCOVER) +# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE) if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, &sockopt_val, sizeof(sockopt_val))) < 0) { @@ -1012,7 +1013,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(sockopt_len); - if(!authchunks) { + if (!authchunks) { BIO_vfree(bio); return (NULL); } @@ -1352,7 +1353,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(optlen); if (!authchunks) { - BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR); + BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE); return -1; } memset(authchunks, 0, sizeof(optlen)); @@ -1423,8 +1424,8 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { char *tmp; data->saved_message.bio = b; - if(!(tmp = OPENSSL_malloc(inl))) { - BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR); + if (!(tmp = OPENSSL_malloc(inl))) { + BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); return -1; } if (data->saved_message.data) diff --git a/openssl/crypto/bn/Makefile b/openssl/crypto/bn/Makefile index 5361dc827..61dce05ad 100644 --- a/openssl/crypto/bn/Makefile +++ b/openssl/crypto/bn/Makefile @@ -176,6 +176,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: bn_prime.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/bn/asm/vis3-mont.pl b/openssl/crypto/bn/asm/vis3-mont.pl index a1357de0e..263ac02b6 100755 --- a/openssl/crypto/bn/asm/vis3-mont.pl +++ b/openssl/crypto/bn/asm/vis3-mont.pl @@ -100,7 +100,7 @@ $code.=<<___; ld [$ap+12], $t3 or $t0, $aj, $aj add $ap, 16, $ap - stxa $aj, [$anp]0xe2 ! converted ap[0] + stx $aj, [$anp] ! converted ap[0] mulx $aj, $m0, $lo0 ! ap[0]*bp[0] umulxhi $aj, $m0, $hi0 @@ -150,7 +150,7 @@ $code.=<<___; sllx $t1, 32, $aj add $ap, 8, $ap or $t0, $aj, $aj - stxa $aj, [$anp]0xe2 ! converted ap[j] + stx $aj, [$anp] ! converted ap[j] ld [$np+0], $t2 ! np[j] addcc $nlo, $hi1, $lo1 @@ -169,7 +169,7 @@ $code.=<<___; addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] umulxhi $nj, $m1, $nj ! nhi=nj addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] + stx $lo1, [$tp] ! tp[j-1] add $tp, 8, $tp ! tp++ brnz,pt $cnt, .L1st @@ -182,12 +182,12 @@ $code.=<<___; addxc $nj, %g0, $hi1 addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] + stx $lo1, [$tp] ! tp[j-1] add $tp, 8, $tp addcc $hi0, $hi1, $hi1 addxc %g0, %g0, $ovf ! upmost overflow bit - stxa $hi1, [$tp]0xe2 + stx $hi1, [$tp] add $tp, 8, $tp ba .Louter diff --git a/openssl/crypto/bn/asm/x86_64-mont5.pl b/openssl/crypto/bn/asm/x86_64-mont5.pl index fa22c30b1..820de3d6f 100644 --- a/openssl/crypto/bn/asm/x86_64-mont5.pl +++ b/openssl/crypto/bn/asm/x86_64-mont5.pl @@ -3226,11 +3226,16 @@ $code.=<<___; .type bn_get_bits5,\@abi-omnipotent .align 16 bn_get_bits5: - mov $inp,%r10 + lea 0($inp),%r10 + lea 1($inp),%r11 mov $num,%ecx - shr \$3,$num - movzw (%r10,$num),%eax - and \$7,%ecx + shr \$4,$num + and \$15,%ecx + lea -8(%ecx),%eax + cmp \$11,%ecx + cmova %r11,%r10 + cmova %eax,%ecx + movzw (%r10,$num,2),%eax shrl %cl,%eax and \$31,%eax ret diff --git a/openssl/crypto/bn/bn.h b/openssl/crypto/bn/bn.h index 78709d384..5696965e9 100644 --- a/openssl/crypto/bn/bn.h +++ b/openssl/crypto/bn/bn.h @@ -779,6 +779,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + /* Debug only - safe to ignore error return */ \ RAND_pseudo_bytes(&_tmp_char, 1); \ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ @@ -892,6 +893,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -907,12 +909,14 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 @@ -920,6 +924,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 diff --git a/openssl/crypto/bn/bn_err.c b/openssl/crypto/bn/bn_err.c index faa7e226b..e7a703826 100644 --- a/openssl/crypto/bn/bn_err.c +++ b/openssl/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, @@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, diff --git a/openssl/crypto/bn/bn_gf2m.c b/openssl/crypto/bn/bn_gf2m.c index aeee49a01..cfa1c7ce1 100644 --- a/openssl/crypto/bn/bn_gf2m.c +++ b/openssl/crypto/bn/bn_gf2m.c @@ -450,8 +450,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) d0 = p[k] % BN_BITS2; d1 = BN_BITS2 - d0; z[n] ^= (zz << d0); - tmp_ulong = zz >> d1; - if (d0 && tmp_ulong) + if (d0 && (tmp_ulong = zz >> d1)) z[n + 1] ^= tmp_ulong; } @@ -694,9 +693,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } # else { - int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy - * of p */ - top = p->top; + int i; + int ubits = BN_num_bits(u); + int vbits = BN_num_bits(v); /* v is copy of p */ + int top = p->top; BN_ULONG *udp, *bdp, *vdp, *cdp; bn_wexpand(u, top); @@ -740,8 +740,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ubits--; } - if (ubits <= BN_BITS2 && udp[0] == 1) - break; + if (ubits <= BN_BITS2) { + if (udp[0] == 0) /* poly was reducible */ + goto err; + if (udp[0] == 1) + break; + } if (ubits < vbits) { i = ubits; diff --git a/openssl/crypto/bn/bn_lcl.h b/openssl/crypto/bn/bn_lcl.h index 7cd58830e..00f4f0994 100644 --- a/openssl/crypto/bn/bn_lcl.h +++ b/openssl/crypto/bn/bn_lcl.h @@ -294,7 +294,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# if __GNUC__>=4 && __GNUC_MINOR__>=4 +# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) /* "h" constraint is no more since 4.4 */ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) # define BN_UMULT_LOHI(low,high,a,b) ({ \ diff --git a/openssl/crypto/bn/bn_print.c b/openssl/crypto/bn/bn_print.c index 4dcaae32b..ab10b957b 100644 --- a/openssl/crypto/bn/bn_print.c +++ b/openssl/crypto/bn/bn_print.c @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; diff --git a/openssl/crypto/bn/bn_rand.c b/openssl/crypto/bn/bn_rand.c index 7ac71ec8e..f9fb2e9e4 100644 --- a/openssl/crypto/bn/bn_rand.c +++ b/openssl/crypto/bn/bn_rand.c @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -157,7 +162,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char c; for (i = 0; i < bytes; i++) { - RAND_pseudo_bytes(&c, 1); + if (RAND_pseudo_bytes(&c, 1) < 0) + goto err; if (c >= 128 && i > 0) buf[i] = buf[i - 1]; else if (c < 42) @@ -168,7 +174,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/openssl/crypto/bn/bn_shift.c b/openssl/crypto/bn/bn_shift.c index 4f3e8ffed..9673d9a30 100644 --- a/openssl/crypto/bn/bn_shift.c +++ b/openssl/crypto/bn/bn_shift.c @@ -137,6 +137,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -174,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; diff --git a/openssl/crypto/buffer/Makefile b/openssl/crypto/buffer/Makefile index 2efba47f0..352efb841 100644 --- a/openssl/crypto/buffer/Makefile +++ b/openssl/crypto/buffer/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/buffer/buffer.c b/openssl/crypto/buffer/buffer.c index d287e340a..eff3e0815 100644 --- a/openssl/crypto/buffer/buffer.c +++ b/openssl/crypto/buffer/buffer.c @@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a) return; if (a->data != NULL) { - memset(a->data, 0, (unsigned int)a->max); + OPENSSL_cleanse(a->data, a->max); OPENSSL_free(a->data); } OPENSSL_free(a); diff --git a/openssl/crypto/camellia/Makefile b/openssl/crypto/camellia/Makefile index 60e896054..ab1225e7d 100644 --- a/openssl/crypto/camellia/Makefile +++ b/openssl/crypto/camellia/Makefile @@ -75,6 +75,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/cast/Makefile b/openssl/crypto/cast/Makefile index f3f485988..4c4b5e9ba 100644 --- a/openssl/crypto/cast/Makefile +++ b/openssl/crypto/cast/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/cmac/Makefile b/openssl/crypto/cmac/Makefile index 54e7cc39d..6a2840867 100644 --- a/openssl/crypto/cmac/Makefile +++ b/openssl/crypto/cmac/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/cmac/cmac.c b/openssl/crypto/cmac/cmac.c index c5597a3f7..774e6dc91 100644 --- a/openssl/crypto/cmac/cmac.c +++ b/openssl/crypto/cmac/cmac.c @@ -126,6 +126,8 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) void CMAC_CTX_free(CMAC_CTX *ctx) { + if (!ctx) + return; CMAC_CTX_cleanup(ctx); OPENSSL_free(ctx); } diff --git a/openssl/crypto/cms/Makefile b/openssl/crypto/cms/Makefile index 644fef399..6f3a83202 100644 --- a/openssl/crypto/cms/Makefile +++ b/openssl/crypto/cms/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/cms/cms_kari.c b/openssl/crypto/cms/cms_kari.c index f8a6cbadb..2cfcdb29c 100755 --- a/openssl/crypto/cms/cms_kari.c +++ b/openssl/crypto/cms/cms_kari.c @@ -66,6 +66,7 @@ DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) +DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) /* Key Agreement Recipient Info (KARI) routines */ @@ -362,6 +363,9 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, if (flags & CMS_USE_KEYID) { rek->rid->type = CMS_REK_KEYIDENTIFIER; + rek->rid->d.rKeyId = M_ASN1_new_of(CMS_RecipientKeyIdentifier); + if (rek->rid->d.rKeyId == NULL) + return 0; if (!cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip)) return 0; } else { diff --git a/openssl/crypto/cms/cms_pwri.c b/openssl/crypto/cms/cms_pwri.c index 076b54578..a8322dcdf 100644 --- a/openssl/crypto/cms/cms_pwri.c +++ b/openssl/crypto/cms/cms_pwri.c @@ -231,7 +231,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, return 0; } tmp = OPENSSL_malloc(inlen); - if(!tmp) + if (!tmp) return 0; /* setup IV by decrypting last two blocks */ EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, @@ -297,8 +297,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, out[3] = in[2] ^ 0xFF; memcpy(out + 4, in, inlen); /* Add random padding to end */ - if (olen > inlen + 4) - RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen); + if (olen > inlen + 4 + && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0) + return 0; /* Encrypt twice */ EVP_EncryptUpdate(ctx, out, &dummy, out, olen); EVP_EncryptUpdate(ctx, out, &dummy, out, olen); diff --git a/openssl/crypto/cms/cms_smime.c b/openssl/crypto/cms/cms_smime.c index 8729e3f9c..b39ed4899 100644 --- a/openssl/crypto/cms/cms_smime.c +++ b/openssl/crypto/cms/cms_smime.c @@ -132,7 +132,7 @@ static void do_free_upto(BIO *f, BIO *upto) BIO_free(f); f = tbio; } - while (f != upto); + while (f && f != upto); } else BIO_free_all(f); } diff --git a/openssl/crypto/comp/Makefile b/openssl/crypto/comp/Makefile index efda832dc..a1e9464a1 100644 --- a/openssl/crypto/comp/Makefile +++ b/openssl/crypto/comp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/openssl/crypto/conf/Makefile b/openssl/crypto/conf/Makefile index 78bb32410..d5f5c5824 100644 --- a/openssl/crypto/conf/Makefile +++ b/openssl/crypto/conf/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/openssl/crypto/cryptlib.c b/openssl/crypto/cryptlib.c index 98526d73d..ca0e3ccc0 100644 --- a/openssl/crypto/cryptlib.c +++ b/openssl/crypto/cryptlib.c @@ -825,8 +825,6 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p != (void *)-1) return (*_OPENSSL_isservice.f) (); - (void)GetDesktopWindow(); /* return value is ignored */ - h = GetProcessWindowStation(); if (h == NULL) return -1; diff --git a/openssl/crypto/des/Makefile b/openssl/crypto/des/Makefile index 060c64795..8b5166ca9 100644 --- a/openssl/crypto/des/Makefile +++ b/openssl/crypto/des/Makefile @@ -96,6 +96,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/des/des.c b/openssl/crypto/des/des.c index 2bff28125..586aed723 100644 --- a/openssl/crypto/des/des.c +++ b/openssl/crypto/des/des.c @@ -455,8 +455,10 @@ void doencryption(void) rem = l % 8; len = l - rem; if (feof(DES_IN)) { - for (i = 7 - rem; i > 0; i--) - RAND_pseudo_bytes(buf + l++, 1); + for (i = 7 - rem; i > 0; i--) { + if (RAND_pseudo_bytes(buf + l++, 1) < 0) + goto problems; + } buf[l++] = rem; ex = 1; len += rem; diff --git a/openssl/crypto/des/enc_writ.c b/openssl/crypto/des/enc_writ.c index b4eecc381..bfaabde51 100644 --- a/openssl/crypto/des/enc_writ.c +++ b/openssl/crypto/des/enc_writ.c @@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len, const unsigned char *cp; static int start = 1; + if (len < 0) + return -1; + if (outbuf == NULL) { outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); if (outbuf == NULL) @@ -132,7 +135,9 @@ int DES_enc_write(int fd, const void *_buf, int len, if (len < 8) { cp = shortbuf; memcpy(shortbuf, buf, len); - RAND_pseudo_bytes(shortbuf + len, 8 - len); + if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) { + return -1; + } rnum = 8; } else { cp = buf; diff --git a/openssl/crypto/dh/Makefile b/openssl/crypto/dh/Makefile index f44790782..46fa5ac57 100644 --- a/openssl/crypto/dh/Makefile +++ b/openssl/crypto/dh/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/dh/dh_ameth.c b/openssl/crypto/dh/dh_ameth.c index c6bfc2d3f..ac72468bd 100644 --- a/openssl/crypto/dh/dh_ameth.c +++ b/openssl/crypto/dh/dh_ameth.c @@ -160,7 +160,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dh = pkey->pkey.dh; str = ASN1_STRING_new(); - if(!str) { + if (!str) { DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/openssl/crypto/dh/dh_pmeth.c b/openssl/crypto/dh/dh_pmeth.c index b3a31472a..b58e3fa86 100644 --- a/openssl/crypto/dh/dh_pmeth.c +++ b/openssl/crypto/dh/dh_pmeth.c @@ -462,7 +462,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, ret = 0; Zlen = DH_size(dh); Z = OPENSSL_malloc(Zlen); - if(!Z) { + if (!Z) { goto err; } if (DH_compute_key_padded(Z, dhpub, dh) <= 0) diff --git a/openssl/crypto/dsa/Makefile b/openssl/crypto/dsa/Makefile index 5fef4ca5a..810920137 100644 --- a/openssl/crypto/dsa/Makefile +++ b/openssl/crypto/dsa/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/dsa/dsa_gen.c b/openssl/crypto/dsa/dsa_gen.c index 892003693..5a328aaab 100644 --- a/openssl/crypto/dsa/dsa_gen.c +++ b/openssl/crypto/dsa/dsa_gen.c @@ -204,7 +204,8 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, goto err; if (!seed_len) { - RAND_pseudo_bytes(seed, qsize); + if (RAND_pseudo_bytes(seed, qsize) < 0) + goto err; seed_is_random = 1; } else { seed_is_random = 0; diff --git a/openssl/crypto/dsa/dsa_ossl.c b/openssl/crypto/dsa/dsa_ossl.c index 665f40a77..f0ec8faa8 100644 --- a/openssl/crypto/dsa/dsa_ossl.c +++ b/openssl/crypto/dsa/dsa_ossl.c @@ -106,23 +106,23 @@ static DSA_METHOD openssl_dsa_meth = { #define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ do { \ int _tmp_res53; \ - if((dsa)->meth->dsa_mod_exp) \ + if ((dsa)->meth->dsa_mod_exp) \ _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ (a2), (p2), (m), (ctx), (in_mont)); \ else \ _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ (m), (ctx), (in_mont)); \ - if(!_tmp_res53) err_instr; \ + if (!_tmp_res53) err_instr; \ } while(0) #define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ do { \ int _tmp_res53; \ - if((dsa)->meth->bn_mod_exp) \ + if ((dsa)->meth->bn_mod_exp) \ _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ (m), (ctx), (m_ctx)); \ else \ _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ - if(!_tmp_res53) err_instr; \ + if (!_tmp_res53) err_instr; \ } while(0) const DSA_METHOD *DSA_OpenSSL(void) diff --git a/openssl/crypto/dso/Makefile b/openssl/crypto/dso/Makefile index fb2709ed6..36b8ead04 100644 --- a/openssl/crypto/dso/Makefile +++ b/openssl/crypto/dso/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/dso/dso_lib.c b/openssl/crypto/dso/dso_lib.c index d2a48bb66..09b8eafcc 100644 --- a/openssl/crypto/dso/dso_lib.c +++ b/openssl/crypto/dso/dso_lib.c @@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) * honest. For one thing, I think I have to return a negative value for any * error because possible DSO_ctrl() commands may return values such as * "size"s that can legitimately be zero (making the standard - * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd + * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd * times. I'd prefer "output" values to be passed by reference and the return * value as success/failure like usual ... but we conform when we must... :-) */ diff --git a/openssl/crypto/dso/dso_vms.c b/openssl/crypto/dso/dso_vms.c index 0eff96ec2..d0794b8fb 100644 --- a/openssl/crypto/dso/dso_vms.c +++ b/openssl/crypto/dso/dso_vms.c @@ -539,7 +539,7 @@ static char *vms_name_converter(DSO *dso, const char *filename) { int len = strlen(filename); char *not_translated = OPENSSL_malloc(len + 1); - if(not_translated) + if (not_translated) strcpy(not_translated, filename); return (not_translated); } diff --git a/openssl/crypto/ebcdic.c b/openssl/crypto/ebcdic.c index 4b7652c0e..fd6df92b4 100644 --- a/openssl/crypto/ebcdic.c +++ b/openssl/crypto/ebcdic.c @@ -3,7 +3,7 @@ #ifndef CHARSET_EBCDIC # include -# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) || defined(__clang__) static void *dummy = &dummy; # endif diff --git a/openssl/crypto/ec/Makefile b/openssl/crypto/ec/Makefile index 0d9f3ab25..359ef4e40 100644 --- a/openssl/crypto/ec/Makefile +++ b/openssl/crypto/ec/Makefile @@ -78,6 +78,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl b/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl index 5b21574a2..84379fce1 100755 --- a/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -30,20 +30,24 @@ # Further optimization by : # -# this/original -# Opteron +12-49% -# Bulldozer +14-45% -# P4 +18-46% -# Westmere +12-34% -# Sandy Bridge +9-35% -# Ivy Bridge +9-35% -# Haswell +8-37% -# Broadwell +18-58% -# Atom +15-50% -# VIA Nano +43-160% +# this/original with/without -DECP_NISTZ256_ASM(*) +# Opteron +12-49% +110-150% +# Bulldozer +14-45% +175-210% +# P4 +18-46% n/a :-( +# Westmere +12-34% +80-87% +# Sandy Bridge +9-35% +110-120% +# Ivy Bridge +9-35% +110-125% +# Haswell +8-37% +140-160% +# Broadwell +18-58% +145-210% +# Atom +15-50% +130-180% +# VIA Nano +43-160% +300-480% +# +# (*) "without -DECP_NISTZ256_ASM" refers to build with +# "enable-ec_nistp_64_gcc_128"; # # Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. +# on benchmark. Lower coefficients are for ECDSA sign, relatively fastest +# server-side operation. Keep in mind that +100% means 2x improvement. $flavour = shift; $output = shift; diff --git a/openssl/crypto/ec/ec.h b/openssl/crypto/ec/ec.h index 98edfdf8b..6d3178f60 100644 --- a/openssl/crypto/ec/ec.h +++ b/openssl/crypto/ec/ec.h @@ -1097,6 +1097,12 @@ void ERR_load_EC_strings(void); # define EC_F_ECPARAMETERS_PRINT_FP 148 # define EC_F_ECPKPARAMETERS_PRINT 149 # define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_SET_WORDS 245 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 # define EC_F_ECP_NIST_MOD_192 203 # define EC_F_ECP_NIST_MOD_224 204 # define EC_F_ECP_NIST_MOD_256 205 @@ -1208,11 +1214,6 @@ void ERR_load_EC_strings(void); # define EC_F_NISTP224_PRE_COMP_NEW 227 # define EC_F_NISTP256_PRE_COMP_NEW 236 # define EC_F_NISTP521_PRE_COMP_NEW 237 -# define EC_F_ECP_NISTZ256_GET_AFFINE 240 -# define EC_F_ECP_NISTZ256_POINTS_MUL 241 -# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 -# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 -# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 # define EC_F_O2I_ECPUBLICKEY 152 # define EC_F_OLD_EC_PRIV_DECODE 222 # define EC_F_PKEY_EC_CTRL 197 diff --git a/openssl/crypto/ec/ec2_oct.c b/openssl/crypto/ec/ec2_oct.c index c245d886d..0d04cc692 100644 --- a/openssl/crypto/ec/ec2_oct.c +++ b/openssl/crypto/ec/ec2_oct.c @@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/openssl/crypto/ec/ec_asn1.c b/openssl/crypto/ec/ec_asn1.c index b4b0e9f3b..4ad849498 100644 --- a/openssl/crypto/ec/ec_asn1.c +++ b/openssl/crypto/ec/ec_asn1.c @@ -1114,7 +1114,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) { int ret = 0, ok = 0; unsigned char *buffer = NULL; - size_t buf_len = 0, tmp_len; + size_t buf_len = 0, tmp_len, bn_len; EC_PRIVATEKEY *priv_key = NULL; if (a == NULL || a->group == NULL || a->priv_key == NULL || @@ -1130,18 +1130,32 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) priv_key->version = a->version; - buf_len = (size_t)BN_num_bytes(a->priv_key); + bn_len = (size_t)BN_num_bytes(a->priv_key); + + /* Octetstring may need leading zeros if BN is to short */ + + buf_len = (EC_GROUP_get_degree(a->group) + 7) / 8; + + if (bn_len > buf_len) { + ECerr(EC_F_I2D_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL); + goto err; + } + buffer = OPENSSL_malloc(buf_len); if (buffer == NULL) { ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (!BN_bn2bin(a->priv_key, buffer)) { + if (!BN_bn2bin(a->priv_key, buffer + buf_len - bn_len)) { ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); goto err; } + if (buf_len - bn_len > 0) { + memset(buffer, 0, buf_len - bn_len); + } + if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) { ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); goto err; diff --git a/openssl/crypto/ec/ec_check.c b/openssl/crypto/ec/ec_check.c index d3f534999..dd6f0ac40 100644 --- a/openssl/crypto/ec/ec_check.c +++ b/openssl/crypto/ec/ec_check.c @@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); goto err; } - if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/openssl/crypto/ec/ec_err.c b/openssl/crypto/ec/ec_err.c index 13b32c78a..6fe5baafd 100644 --- a/openssl/crypto/ec/ec_err.c +++ b/openssl/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* crypto/ec/ec_err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -89,6 +89,13 @@ static ERR_STRING_DATA EC_str_functs[] = { {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_GET_AFFINE), "ecp_nistz256_get_affine"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE), + "ecp_nistz256_mult_precompute"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_SET_WORDS), "ecp_nistz256_set_words"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"}, {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"}, {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"}, {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"}, @@ -239,12 +246,6 @@ static ERR_STRING_DATA EC_str_functs[] = { {ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "NISTP224_PRE_COMP_NEW"}, {ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "NISTP256_PRE_COMP_NEW"}, {ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "NISTP521_PRE_COMP_NEW"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_GET_AFFINE), "ecp_nistz256_get_affine"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE), - "ecp_nistz256_mult_precompute"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"}, {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "OLD_EC_PRIV_DECODE"}, {ERR_FUNC(EC_F_PKEY_EC_CTRL), "PKEY_EC_CTRL"}, diff --git a/openssl/crypto/ec/ec_key.c b/openssl/crypto/ec/ec_key.c index ebdffc821..55ce3fe9b 100644 --- a/openssl/crypto/ec/ec_key.c +++ b/openssl/crypto/ec/ec_key.c @@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) goto err; /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/openssl/crypto/ec/ec_lcl.h b/openssl/crypto/ec/ec_lcl.h index 697eeb528..969fd147e 100644 --- a/openssl/crypto/ec/ec_lcl.h +++ b/openssl/crypto/ec/ec_lcl.h @@ -459,14 +459,6 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int ec_GF2m_have_precompute_mult(const EC_GROUP *group); -/* method functions in ec2_mult.c */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GF2m_have_precompute_mult(const EC_GROUP *group); - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* method functions in ecp_nistp224.c */ int ec_GFp_nistp224_group_init(EC_GROUP *group); diff --git a/openssl/crypto/ec/ec_lib.c b/openssl/crypto/ec/ec_lib.c index 6ffd9fc16..3ffa112cc 100644 --- a/openssl/crypto/ec/ec_lib.c +++ b/openssl/crypto/ec/ec_lib.c @@ -970,6 +970,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { diff --git a/openssl/crypto/ec/eck_prn.c b/openssl/crypto/ec/eck_prn.c index 515b26238..df9b37a75 100644 --- a/openssl/crypto/ec/eck_prn.c +++ b/openssl/crypto/ec/eck_prn.c @@ -346,12 +346,14 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf, if (buf == NULL) return 1; - if (off) { + if (off > 0) { if (off > 128) off = 128; memset(str, ' ', off); if (BIO_write(fp, str, off) <= 0) return 0; + } else { + off = 0; } if (BIO_printf(fp, "%s", name) <= 0) diff --git a/openssl/crypto/ec/ecp_nistz256.c b/openssl/crypto/ec/ecp_nistz256.c index 2cd6599d8..ca44d0aae 100755 --- a/openssl/crypto/ec/ecp_nistz256.c +++ b/openssl/crypto/ec/ecp_nistz256.c @@ -222,6 +222,18 @@ static BN_ULONG is_one(const BN_ULONG a[P256_LIMBS]) return is_zero(res); } +static int ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS]) + { + if (bn_wexpand(a, P256_LIMBS) == NULL) { + ECerr(EC_F_ECP_NISTZ256_SET_WORDS, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(a->d, words, sizeof(BN_ULONG) * P256_LIMBS); + a->top = P256_LIMBS; + bn_correct_top(a); + return 1; +} + #ifndef ECP_NISTZ256_REFERENCE_IMPLEMENTATION void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a); void ecp_nistz256_point_add(P256_POINT *r, @@ -557,13 +569,14 @@ static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS], } /* r = sum(scalar[i]*point[i]) */ -static void ecp_nistz256_windowed_mul(const EC_GROUP *group, +static int ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r, const BIGNUM **scalar, const EC_POINT **point, int num, BN_CTX *ctx) { - int i, j; + + int i, j, ret = 0; unsigned int index; unsigned char (*p_str)[33] = NULL; const unsigned int window_size = 5; @@ -589,6 +602,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, for (i = 0; i < num; i++) { P256_POINT *row = table[i]; + /* This is an unusual input, we don't guarantee constant-timeness. */ if ((BN_num_bits(scalar[i]) > 256) || BN_is_negative(scalar[i])) { BIGNUM *mod; @@ -697,6 +711,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, ecp_nistz256_point_add(r, r, &h); } + ret = 1; err: if (table_storage) OPENSSL_free(table_storage); @@ -704,6 +719,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, OPENSSL_free(p_str); if (scalars) OPENSSL_free(scalars); + return ret; } /* Coordinates of G, for which we have precomputed tables */ @@ -742,6 +758,7 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) EC_POINT *P = NULL, *T = NULL; const EC_POINT *generator; EC_PRE_COMP *pre_comp; + BN_CTX *new_ctx = NULL; int i, j, k, ret = 0; size_t w; @@ -771,7 +788,7 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) return 0; if (ctx == NULL) { - ctx = BN_CTX_new(); + ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) goto err; } @@ -802,30 +819,41 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) P = EC_POINT_new(group); T = EC_POINT_new(group); + if (P == NULL || T == NULL) + goto err; /* * The zero entry is implicitly infinity, and we skip it, storing other * values with -1 offset. */ - EC_POINT_copy(T, generator); + if (!EC_POINT_copy(T, generator)) + goto err; for (k = 0; k < 64; k++) { - EC_POINT_copy(P, T); + if (!EC_POINT_copy(P, T)) + goto err; for (j = 0; j < 37; j++) { /* - * It would be faster to use - * ec_GFp_simple_points_make_affine and make multiple - * points affine at the same time. + * It would be faster to use EC_POINTs_make_affine and + * make multiple points affine at the same time. */ - ec_GFp_simple_make_affine(group, P, ctx); - ecp_nistz256_bignum_to_field_elem(preComputedTable[j] - [k].X, &P->X); - ecp_nistz256_bignum_to_field_elem(preComputedTable[j] - [k].Y, &P->Y); - for (i = 0; i < 7; i++) - ec_GFp_simple_dbl(group, P, P, ctx); + if (!EC_POINT_make_affine(group, P, ctx)) + goto err; + if (!ecp_nistz256_bignum_to_field_elem(preComputedTable[j][k].X, + &P->X) || + !ecp_nistz256_bignum_to_field_elem(preComputedTable[j][k].Y, + &P->Y)) { + ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, + EC_R_COORDINATES_OUT_OF_RANGE); + goto err; + } + for (i = 0; i < 7; i++) { + if (!EC_POINT_dbl(group, P, P, ctx)) + goto err; + } } - ec_GFp_simple_add(group, T, T, generator, ctx); + if (!EC_POINT_add(group, T, T, generator, ctx)) + goto err; } pre_comp->group = group; @@ -849,6 +877,8 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) err: if (ctx != NULL) BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + if (pre_comp) ecp_nistz256_pre_comp_free(pre_comp); if (precomp_storage) @@ -1102,6 +1132,9 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, const EC_PRE_COMP *pre_comp = NULL; const EC_POINT *generator = NULL; unsigned int index = 0; + BN_CTX *new_ctx = NULL; + const BIGNUM **new_scalars = NULL; + const EC_POINT **new_points = NULL; const unsigned int window_size = 7; const unsigned int mask = (1 << (window_size + 1)) - 1; unsigned int wvalue; @@ -1115,6 +1148,7 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } + if ((scalar == NULL) && (num == 0)) return EC_POINT_set_to_infinity(group, r); @@ -1125,13 +1159,13 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, } } - /* Need 256 bits for space for all coordinates. */ - bn_wexpand(&r->X, P256_LIMBS); - bn_wexpand(&r->Y, P256_LIMBS); - bn_wexpand(&r->Z, P256_LIMBS); - r->X.top = P256_LIMBS; - r->Y.top = P256_LIMBS; - r->Z.top = P256_LIMBS; + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + } + + BN_CTX_start(ctx); if (scalar) { generator = EC_GROUP_get0_generator(group); @@ -1156,8 +1190,10 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, goto err; if (!ecp_nistz256_set_from_affine - (pre_comp_generator, group, pre_comp->precomp[0], ctx)) + (pre_comp_generator, group, pre_comp->precomp[0], ctx)) { + EC_POINT_free(pre_comp_generator); goto err; + } if (0 == EC_POINT_cmp(group, generator, pre_comp_generator, ctx)) preComputedTable = (const PRECOMP256_ROW *)pre_comp->precomp; @@ -1255,20 +1291,16 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, * Without a precomputed table for the generator, it has to be * handled like a normal point. */ - const BIGNUM **new_scalars; - const EC_POINT **new_points; - new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *)); if (!new_scalars) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *)); if (!new_points) { - OPENSSL_free(new_scalars); ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } memcpy(new_scalars, scalars, num * sizeof(BIGNUM *)); @@ -1286,27 +1318,31 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, if (p_is_infinity) out = &p.p; - ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx); + if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx)) + goto err; if (!p_is_infinity) ecp_nistz256_point_add(&p.p, &p.p, out); } - if (no_precomp_for_generator) { - OPENSSL_free(points); - OPENSSL_free(scalars); + /* Not constant-time, but we're only operating on the public output. */ + if (!ecp_nistz256_set_words(&r->X, p.p.X) || + !ecp_nistz256_set_words(&r->Y, p.p.Y) || + !ecp_nistz256_set_words(&r->Z, p.p.Z)) { + goto err; } - - memcpy(r->X.d, p.p.X, sizeof(p.p.X)); - memcpy(r->Y.d, p.p.Y, sizeof(p.p.Y)); - memcpy(r->Z.d, p.p.Z, sizeof(p.p.Z)); - bn_correct_top(&r->X); - bn_correct_top(&r->Y); - bn_correct_top(&r->Z); + r->Z_is_one = is_one(p.p.Z) & 1; ret = 1; - err: +err: + if (ctx) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + if (new_points) + OPENSSL_free(new_points); + if (new_scalars) + OPENSSL_free(new_scalars); return ret; } @@ -1319,6 +1355,7 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group, BN_ULONG x_aff[P256_LIMBS]; BN_ULONG y_aff[P256_LIMBS]; BN_ULONG point_x[P256_LIMBS], point_y[P256_LIMBS], point_z[P256_LIMBS]; + BN_ULONG x_ret[P256_LIMBS], y_ret[P256_LIMBS]; if (EC_POINT_is_at_infinity(group, point)) { ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_POINT_AT_INFINITY); @@ -1337,19 +1374,17 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group, ecp_nistz256_mul_mont(x_aff, z_inv2, point_x); if (x != NULL) { - bn_wexpand(x, P256_LIMBS); - x->top = P256_LIMBS; - ecp_nistz256_from_mont(x->d, x_aff); - bn_correct_top(x); + ecp_nistz256_from_mont(x_ret, x_aff); + if (!ecp_nistz256_set_words(x, x_ret)) + return 0; } if (y != NULL) { ecp_nistz256_mul_mont(z_inv3, z_inv3, z_inv2); ecp_nistz256_mul_mont(y_aff, z_inv3, point_y); - bn_wexpand(y, P256_LIMBS); - y->top = P256_LIMBS; - ecp_nistz256_from_mont(y->d, y_aff); - bn_correct_top(y); + ecp_nistz256_from_mont(y_ret, y_aff); + if (!ecp_nistz256_set_words(y, y_ret)) + return 0; } return 1; diff --git a/openssl/crypto/ec/ecp_oct.c b/openssl/crypto/ec/ecp_oct.c index e5cec8be8..1bc3f39ad 100644 --- a/openssl/crypto/ec/ecp_oct.c +++ b/openssl/crypto/ec/ecp_oct.c @@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/openssl/crypto/ec/ectest.c b/openssl/crypto/ec/ectest.c index a18b32761..fede530bc 100644 --- a/openssl/crypto/ec/ectest.c +++ b/openssl/crypto/ec/ectest.c @@ -412,7 +412,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; fprintf(stderr, "Point is not on curve: x = 0x"); @@ -544,7 +544,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; @@ -593,7 +593,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; @@ -646,7 +646,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) @@ -705,7 +705,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -761,7 +761,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -820,7 +820,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -864,7 +864,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -1008,7 +1008,7 @@ static void prime_field_tests(void) # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1026,7 +1026,7 @@ static void prime_field_tests(void) if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1157,7 +1157,7 @@ static void char2_field_tests(void) if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; # endif - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) @@ -1378,7 +1378,7 @@ static void char2_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ diff --git a/openssl/crypto/ecdh/Makefile b/openssl/crypto/ecdh/Makefile index df1b03adb..1b31ba1f0 100644 --- a/openssl/crypto/ecdh/Makefile +++ b/openssl/crypto/ecdh/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/ecdsa/Makefile b/openssl/crypto/ecdsa/Makefile index e89e0c010..4ce00e8f9 100644 --- a/openssl/crypto/ecdsa/Makefile +++ b/openssl/crypto/ecdsa/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/ecdsa/ecdsatest.c b/openssl/crypto/ecdsa/ecdsatest.c index b2d78f3d5..0f301f86d 100644 --- a/openssl/crypto/ecdsa/ecdsatest.c +++ b/openssl/crypto/ecdsa/ecdsatest.c @@ -296,8 +296,8 @@ int test_builtin(BIO *out) int nid, ret = 0; /* fill digest values with some random data */ - if (!RAND_pseudo_bytes(digest, 20) || - !RAND_pseudo_bytes(wrong_digest, 20)) { + if (RAND_pseudo_bytes(digest, 20) <= 0 || + RAND_pseudo_bytes(wrong_digest, 20) <= 0) { BIO_printf(out, "ERROR: unable to get random data\n"); goto builtin_err; } diff --git a/openssl/crypto/engine/Makefile b/openssl/crypto/engine/Makefile index 2ee6c7236..426388e9b 100644 --- a/openssl/crypto/engine/Makefile +++ b/openssl/crypto/engine/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/err/Makefile b/openssl/crypto/err/Makefile index 862b23ba1..b6f3ef177 100644 --- a/openssl/crypto/err/Makefile +++ b/openssl/crypto/err/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/evp/Makefile b/openssl/crypto/evp/Makefile index c9afca7cb..aaaad986e 100644 --- a/openssl/crypto/evp/Makefile +++ b/openssl/crypto/evp/Makefile @@ -86,6 +86,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/openssl/crypto/evp/bio_ok.c b/openssl/crypto/evp/bio_ok.c index a4550349b..5c32e35e1 100644 --- a/openssl/crypto/evp/bio_ok.c +++ b/openssl/crypto/evp/bio_ok.c @@ -491,7 +491,8 @@ static int sig_out(BIO *b) * FIXME: there's absolutely no guarantee this makes any sense at all, * particularly now EVP_MD_CTX has been restructured. */ - RAND_pseudo_bytes(md->md_data, md->digest->md_size); + if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0) + goto berr; memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); ctx->buf_len += md->digest->md_size; diff --git a/openssl/crypto/evp/e_aes.c b/openssl/crypto/evp/e_aes.c index 8161b2632..33cbed87f 100644 --- a/openssl/crypto/evp/e_aes.c +++ b/openssl/crypto/evp/e_aes.c @@ -50,6 +50,7 @@ #include #ifndef OPENSSL_NO_AES +#include # include # include # include @@ -1227,7 +1228,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_AEAD_TLS1_AAD: /* Save the AAD for later use */ - if (arg != 13) + if (arg != EVP_AEAD_TLS1_AAD_LEN) return 0; memcpy(c->buf, ptr, arg); gctx->tls_aad_len = arg; @@ -1455,7 +1456,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Retrieve tag */ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ - if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -1895,7 +1896,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!memcmp(tag, ctx->buf, cctx->M)) + if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) rv = len; } } diff --git a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c index e0127a9bb..8330964ee 100644 --- a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -94,7 +94,7 @@ typedef struct { defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) -extern unsigned int OPENSSL_ia32cap_P[3]; +extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, @@ -845,7 +845,12 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + unsigned int len; + + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + + len = p[arg - 2] << 8 | p[arg - 1]; if (ctx->encrypt) { key->payload_length = len; @@ -862,8 +867,6 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - len); } else { - if (arg > 13) - arg = 13; memcpy(key->aux.tls_aad, ptr, arg); key->payload_length = arg; diff --git a/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c index 30398c7ca..b1c586e6f 100755 --- a/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -94,7 +94,7 @@ typedef struct { defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) -extern unsigned int OPENSSL_ia32cap_P[3]; +extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, @@ -813,6 +813,11 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, unsigned char *p = ptr; unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + + len = p[arg - 2] << 8 | p[arg - 1]; + if (ctx->encrypt) { key->payload_length = len; if ((key->aux.tls_ver = @@ -828,8 +833,6 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - len); } else { - if (arg > 13) - arg = 13; memcpy(key->aux.tls_aad, ptr, arg); key->payload_length = arg; diff --git a/openssl/crypto/evp/e_des3.c b/openssl/crypto/evp/e_des3.c index 301d93e13..96f272eb8 100644 --- a/openssl/crypto/evp/e_des3.c +++ b/openssl/crypto/evp/e_des3.c @@ -447,7 +447,8 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, memcpy(out + inl + 8, sha1tmp, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); /* Generate random IV */ - RAND_bytes(ctx->iv, 8); + if (RAND_bytes(ctx->iv, 8) <= 0) + return -1; memcpy(out, ctx->iv, 8); /* Encrypt everything after IV in place */ des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); diff --git a/openssl/crypto/evp/e_rc4_hmac_md5.c b/openssl/crypto/evp/e_rc4_hmac_md5.c index 80735d345..2da111782 100644 --- a/openssl/crypto/evp/e_rc4_hmac_md5.c +++ b/openssl/crypto/evp/e_rc4_hmac_md5.c @@ -54,6 +54,7 @@ #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) +# include # include # include # include @@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); MD5_Final(mac, &key->md); - if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) + if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) return 0; } else { MD5_Update(&key->md, out + md5_off, len - md5_off); @@ -258,7 +259,12 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + unsigned int len; + + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + + len = p[arg - 2] << 8 | p[arg - 1]; if (!ctx->encrypt) { len -= MD5_DIGEST_LENGTH; diff --git a/openssl/crypto/evp/encode.c b/openssl/crypto/evp/encode.c index d1d8a07c1..c361d1f01 100644 --- a/openssl/crypto/evp/encode.c +++ b/openssl/crypto/evp/encode.c @@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, unsigned int total = 0; *outl = 0; - if (inl == 0) + if (inl <= 0) return; OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if ((ctx->num + inl) < ctx->length) { @@ -248,7 +248,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* We parse the input data */ for (i = 0; i < inl; i++) { - /* If the current line is > 80 characters, scream alot */ + /* If the current line is > 80 characters, scream a lot */ if (ln >= 80) { rv = -1; goto end; diff --git a/openssl/crypto/evp/evp.h b/openssl/crypto/evp/evp.h index 47abbac4a..39ab7937d 100644 --- a/openssl/crypto/evp/evp.h +++ b/openssl/crypto/evp/evp.h @@ -103,7 +103,6 @@ # define EVP_PKS_RSA 0x0100 # define EVP_PKS_DSA 0x0200 # define EVP_PKS_EC 0x0400 -# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ # define EVP_PKEY_NONE NID_undef # define EVP_PKEY_RSA NID_rsaEncryption @@ -424,6 +423,9 @@ struct evp_cipher_st { # define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b # define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + typedef struct { unsigned char *out; const unsigned char *inp; @@ -1121,6 +1123,19 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); # define EVP_PKEY_OP_UNDEFINED 0 # define EVP_PKEY_OP_PARAMGEN (1<<1) diff --git a/openssl/crypto/evp/p_seal.c b/openssl/crypto/evp/p_seal.c index caabbf406..ba9dfff21 100644 --- a/openssl/crypto/evp/p_seal.c +++ b/openssl/crypto/evp/p_seal.c @@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, return 1; if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; - if (EVP_CIPHER_CTX_iv_length(ctx)) - RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)); + if (EVP_CIPHER_CTX_iv_length(ctx) + && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) + return 0; if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) return 0; diff --git a/openssl/crypto/hmac/Makefile b/openssl/crypto/hmac/Makefile index 0e91709f6..52e39e586 100644 --- a/openssl/crypto/hmac/Makefile +++ b/openssl/crypto/hmac/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/hmac/hmac.c b/openssl/crypto/hmac/hmac.c index 1fc9e2c3f..51a0a3efc 100644 --- a/openssl/crypto/hmac/hmac.c +++ b/openssl/crypto/hmac/hmac.c @@ -97,12 +97,18 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return FIPS_hmac_init_ex(ctx, key, len, md, NULL); } #endif + /* If we are changing MD then we must have a key */ + if (md != NULL && md != ctx->md && (key == NULL || len < 0)) + return 0; if (md != NULL) { reset = 1; ctx->md = md; - } else + } else if (ctx->md) { md = ctx->md; + } else { + return 0; + } if (key != NULL) { reset = 1; @@ -117,7 +123,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, &ctx->key_length)) goto err; } else { - OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key)); + if (len < 0 || len > (int)sizeof(ctx->key)) + return 0; memcpy(ctx->key, key, len); ctx->key_length = len; } @@ -161,6 +168,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) if (FIPS_mode() && !ctx->i_ctx.engine) return FIPS_hmac_update(ctx, data, len); #endif + if (!ctx->md) + return 0; + return EVP_DigestUpdate(&ctx->md_ctx, data, len); } @@ -173,6 +183,9 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) return FIPS_hmac_final(ctx, md, len); #endif + if (!ctx->md) + goto err; + if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) goto err; if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) @@ -191,6 +204,7 @@ void HMAC_CTX_init(HMAC_CTX *ctx) EVP_MD_CTX_init(&ctx->i_ctx); EVP_MD_CTX_init(&ctx->o_ctx); EVP_MD_CTX_init(&ctx->md_ctx); + ctx->md = NULL; } int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) @@ -242,6 +256,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, HMAC_CTX_cleanup(&c); return md; err: + HMAC_CTX_cleanup(&c); return NULL; } diff --git a/openssl/crypto/hmac/hmactest.c b/openssl/crypto/hmac/hmactest.c index 3d130a03e..271d0ebf2 100644 --- a/openssl/crypto/hmac/hmactest.c +++ b/openssl/crypto/hmac/hmactest.c @@ -85,7 +85,7 @@ static struct test_st { unsigned char data[64]; int data_len; unsigned char *digest; -} test[4] = { +} test[8] = { { "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54, (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86", @@ -113,10 +113,27 @@ static struct test_st { 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd }, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", }, + { + "", 0, "My test data", 12, + (unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc" + }, + { + "", 0, "My test data", 12, + (unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776" + }, + { + "123456", 6, "My test data", 12, + (unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd" + }, + { + "12345", 5, "My test data again", 12, + (unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb" + } }; # endif -static char *pt(unsigned char *md); +static char *pt(unsigned char *md, unsigned int len); + int main(int argc, char *argv[]) { # ifndef OPENSSL_NO_MD5 @@ -124,6 +141,9 @@ int main(int argc, char *argv[]) char *p; # endif int err = 0; + HMAC_CTX ctx, ctx2; + unsigned char buf[EVP_MAX_MD_SIZE]; + unsigned int len; # ifdef OPENSSL_NO_MD5 printf("test skipped: MD5 disabled\n"); @@ -139,27 +159,172 @@ int main(int argc, char *argv[]) for (i = 0; i < 4; i++) { p = pt(HMAC(EVP_md5(), test[i].key, test[i].key_len, - test[i].data, test[i].data_len, NULL, NULL)); + test[i].data, test[i].data_len, NULL, NULL), + MD5_DIGEST_LENGTH); if (strcmp(p, (char *)test[i].digest) != 0) { - printf("error calculating HMAC on %d entry'\n", i); + printf("Error calculating HMAC on %d entry'\n", i); printf("got %s instead of %s\n", p, test[i].digest); err++; } else printf("test %d ok\n", i); } # endif /* OPENSSL_NO_MD5 */ + +/* test4 */ + HMAC_CTX_init(&ctx); + if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) { + printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) { + printf("Should fail to initialise HMAC with empty key (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); + err++; + goto test5; + } + printf("test 4 ok\n"); +test5: + HMAC_CTX_init(&ctx); + if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) { + printf("Should fail to initialise HMAC with empty MD (test 5)\n"); + err++; + goto test6; + } + if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 5)\n"); + err++; + goto test6; + } + if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) { + printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { + printf("Failed to initialise HMAC (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Error updating HMAC with data (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Final(&ctx, buf, &len)) { + printf("Error finalising data (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[4].digest) != 0) { + printf("Error calculating interim HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[4].digest); + err++; + goto test6; + } + if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { + printf("Should disallow changing MD without a new key (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { + printf("Failed to reinitialise HMAC (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) { + printf("Error updating HMAC with data (sha256) (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Final(&ctx, buf, &len)) { + printf("Error finalising data (sha256) (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[5].digest) != 0) { + printf("Error calculating 2nd interim HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[5].digest); + err++; + goto test6; + } + if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) { + printf("Failed to reinitialise HMAC with key (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) { + printf("Error updating HMAC with data (new key) (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Final(&ctx, buf, &len)) { + printf("Error finalising data (new key) (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[6].digest) != 0) { + printf("error calculating HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[6].digest); + err++; + } else { + printf("test 5 ok\n"); + } +test6: + HMAC_CTX_init(&ctx); + if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { + printf("Failed to initialise HMAC (test 6)\n"); + err++; + goto end; + } + if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) { + printf("Error updating HMAC with data (test 6)\n"); + err++; + goto end; + } + if (!HMAC_CTX_copy(&ctx2, &ctx)) { + printf("Failed to copy HMAC_CTX (test 6)\n"); + err++; + goto end; + } + if (!HMAC_Final(&ctx2, buf, &len)) { + printf("Error finalising data (test 6)\n"); + err++; + goto end; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[7].digest) != 0) { + printf("Error calculating HMAC on test 6\n"); + printf("got %s instead of %s\n", p, test[7].digest); + err++; + } else { + printf("test 6 ok\n"); + } +end: EXIT(err); return (0); } # ifndef OPENSSL_NO_MD5 -static char *pt(unsigned char *md) +static char *pt(unsigned char *md, unsigned int len) { - int i; + unsigned int i; static char buf[80]; - for (i = 0; i < MD5_DIGEST_LENGTH; i++) + for (i = 0; i < len; i++) sprintf(&(buf[i * 2]), "%02x", md[i]); return (buf); } diff --git a/openssl/crypto/idea/Makefile b/openssl/crypto/idea/Makefile index 8af0acdad..3dc23e48d 100644 --- a/openssl/crypto/idea/Makefile +++ b/openssl/crypto/idea/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/jpake/Makefile b/openssl/crypto/jpake/Makefile index 110c49ce0..5193fd983 100644 --- a/openssl/crypto/jpake/Makefile +++ b/openssl/crypto/jpake/Makefile @@ -32,6 +32,8 @@ install: chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/krb5/Makefile b/openssl/crypto/krb5/Makefile index 14077390d..8b9a01a29 100644 --- a/openssl/crypto/krb5/Makefile +++ b/openssl/crypto/krb5/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/openssl/crypto/lhash/Makefile b/openssl/crypto/lhash/Makefile index 82bddac47..c7f4365f0 100644 --- a/openssl/crypto/lhash/Makefile +++ b/openssl/crypto/lhash/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/md2/Makefile b/openssl/crypto/md2/Makefile index 17f878aeb..b63011085 100644 --- a/openssl/crypto/md2/Makefile +++ b/openssl/crypto/md2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/md4/Makefile b/openssl/crypto/md4/Makefile index e6f1e4478..3ee436176 100644 --- a/openssl/crypto/md4/Makefile +++ b/openssl/crypto/md4/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/md5/Makefile b/openssl/crypto/md5/Makefile index 390e5f1c7..f5240da74 100644 --- a/openssl/crypto/md5/Makefile +++ b/openssl/crypto/md5/Makefile @@ -79,6 +79,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/mdc2/Makefile b/openssl/crypto/mdc2/Makefile index 141553149..c2d0c5b7c 100644 --- a/openssl/crypto/mdc2/Makefile +++ b/openssl/crypto/mdc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/mem.c b/openssl/crypto/mem.c index 2ce3e8948..fdad49b76 100644 --- a/openssl/crypto/mem.c +++ b/openssl/crypto/mem.c @@ -365,6 +365,9 @@ char *CRYPTO_strdup(const char *str, const char *file, int line) { char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); + if (ret == NULL) + return NULL; + strcpy(ret, str); return ret; } diff --git a/openssl/crypto/modes/Makefile b/openssl/crypto/modes/Makefile index cbcbfad4b..a7863d98b 100644 --- a/openssl/crypto/modes/Makefile +++ b/openssl/crypto/modes/Makefile @@ -95,6 +95,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/modes/asm/ghashv8-armx.pl b/openssl/crypto/modes/asm/ghashv8-armx.pl index 54a1ac4db..0b9cd7359 100755 --- a/openssl/crypto/modes/asm/ghashv8-armx.pl +++ b/openssl/crypto/modes/asm/ghashv8-armx.pl @@ -16,12 +16,17 @@ # other assembly modules. Just like aesv8-armx.pl this module # supports both AArch32 and AArch64 execution modes. # +# July 2014 +# +# Implement 2x aggregated reduction [see ghash-x86.pl for background +# information]. +# # Current performance in cycles per processed byte: # # PMULL[2] 32-bit NEON(*) -# Apple A7 1.76 5.62 -# Cortex-A53 1.45 8.39 -# Cortex-A57 2.22 7.61 +# Apple A7 0.92 5.62 +# Cortex-A53 1.01 8.39 +# Cortex-A57 1.17 7.61 # # (*) presented for reference/comparison purposes; @@ -37,7 +42,7 @@ $inc="x12"; { my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3)); -my ($t0,$t1,$t2,$t3,$H,$Hhl)=map("q$_",(8..14)); +my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14)); $code=<<___; #include "arm_arch.h" @@ -47,114 +52,277 @@ ___ $code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); $code.=".fpu neon\n.code 32\n" if ($flavour !~ /64/); +################################################################################ +# void gcm_init_v8(u128 Htable[16],const u64 H[2]); +# +# input: 128-bit H - secret parameter E(K,0^128) +# output: precomputed table filled with degrees of twisted H; +# H is twisted to handle reverse bitness of GHASH; +# only few of 16 slots of Htable[16] are used; +# data is opaque to outside world (which allows to +# optimize the code independently); +# $code.=<<___; .global gcm_init_v8 .type gcm_init_v8,%function .align 4 gcm_init_v8: - vld1.64 {$t1},[x1] @ load H - vmov.i8 $t0,#0xe1 + vld1.64 {$t1},[x1] @ load input H + vmov.i8 $xC2,#0xe1 + vshl.i64 $xC2,$xC2,#57 @ 0xc2.0 vext.8 $IN,$t1,$t1,#8 - vshl.i64 $t0,$t0,#57 - vshr.u64 $t2,$t0,#63 - vext.8 $t0,$t2,$t0,#8 @ t0=0xc2....01 + vshr.u64 $t2,$xC2,#63 vdup.32 $t1,${t1}[1] - vshr.u64 $t3,$IN,#63 + vext.8 $t0,$t2,$xC2,#8 @ t0=0xc2....01 + vshr.u64 $t2,$IN,#63 vshr.s32 $t1,$t1,#31 @ broadcast carry bit - vand $t3,$t3,$t0 + vand $t2,$t2,$t0 vshl.i64 $IN,$IN,#1 - vext.8 $t3,$t3,$t3,#8 + vext.8 $t2,$t2,$t2,#8 vand $t0,$t0,$t1 - vorr $IN,$IN,$t3 @ H<<<=1 - veor $IN,$IN,$t0 @ twisted H - vst1.64 {$IN},[x0] + vorr $IN,$IN,$t2 @ H<<<=1 + veor $H,$IN,$t0 @ twisted H + vst1.64 {$H},[x0],#16 @ store Htable[0] + + @ calculate H^2 + vext.8 $t0,$H,$H,#8 @ Karatsuba pre-processing + vpmull.p64 $Xl,$H,$H + veor $t0,$t0,$H + vpmull2.p64 $Xh,$H,$H + vpmull.p64 $Xm,$t0,$t0 + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $H2,$Xl,$t2 + + vext.8 $t1,$H2,$H2,#8 @ Karatsuba pre-processing + veor $t1,$t1,$H2 + vext.8 $Hhl,$t0,$t1,#8 @ pack Karatsuba pre-processed + vst1.64 {$Hhl-$H2},[x0] @ store Htable[1..2] ret .size gcm_init_v8,.-gcm_init_v8 - +___ +################################################################################ +# void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]); +# +# input: Xi - current hash value; +# Htable - table precomputed in gcm_init_v8; +# output: Xi - next hash value Xi; +# +$code.=<<___; .global gcm_gmult_v8 .type gcm_gmult_v8,%function .align 4 gcm_gmult_v8: vld1.64 {$t1},[$Xi] @ load Xi - vmov.i8 $t3,#0xe1 - vld1.64 {$H},[$Htbl] @ load twisted H - vshl.u64 $t3,$t3,#57 + vmov.i8 $xC2,#0xe1 + vld1.64 {$H-$Hhl},[$Htbl] @ load twisted H, ... + vshl.u64 $xC2,$xC2,#57 #ifndef __ARMEB__ vrev64.8 $t1,$t1 #endif - vext.8 $Hhl,$H,$H,#8 - mov $len,#0 vext.8 $IN,$t1,$t1,#8 - mov $inc,#0 - veor $Hhl,$Hhl,$H @ Karatsuba pre-processing - mov $inp,$Xi - b .Lgmult_v8 -.size gcm_gmult_v8,.-gcm_gmult_v8 + vpmull.p64 $Xl,$H,$IN @ H.loXi.lo + veor $t1,$t1,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H,$IN @ H.hiXi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)(Xi.lo+Xi.hi) + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $Xl,$Xl,$t2 + +#ifndef __ARMEB__ + vrev64.8 $Xl,$Xl +#endif + vext.8 $Xl,$Xl,$Xl,#8 + vst1.64 {$Xl},[$Xi] @ write out Xi + + ret +.size gcm_gmult_v8,.-gcm_gmult_v8 +___ +################################################################################ +# void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); +# +# input: table precomputed in gcm_init_v8; +# current hash value Xi; +# pointer to input data; +# length of input data in bytes, but divisible by block size; +# output: next hash value Xi; +# +$code.=<<___; .global gcm_ghash_v8 .type gcm_ghash_v8,%function .align 4 gcm_ghash_v8: +___ +$code.=<<___ if ($flavour !~ /64/); + vstmdb sp!,{d8-d15} @ 32-bit ABI says so +___ +$code.=<<___; vld1.64 {$Xl},[$Xi] @ load [rotated] Xi - subs $len,$len,#16 - vmov.i8 $t3,#0xe1 - mov $inc,#16 - vld1.64 {$H},[$Htbl] @ load twisted H - cclr $inc,eq - vext.8 $Xl,$Xl,$Xl,#8 - vshl.u64 $t3,$t3,#57 - vld1.64 {$t1},[$inp],$inc @ load [rotated] inp - vext.8 $Hhl,$H,$H,#8 + @ "[rotated]" means that + @ loaded value would have + @ to be rotated in order to + @ make it appear as in + @ alorithm specification + subs $len,$len,#32 @ see if $len is 32 or larger + mov $inc,#16 @ $inc is used as post- + @ increment for input pointer; + @ as loop is modulo-scheduled + @ $inc is zeroed just in time + @ to preclude oversteping + @ inp[len], which means that + @ last block[s] are actually + @ loaded twice, but last + @ copy is not processed + vld1.64 {$H-$Hhl},[$Htbl],#32 @ load twisted H, ..., H^2 + vmov.i8 $xC2,#0xe1 + vld1.64 {$H2},[$Htbl] + cclr $inc,eq @ is it time to zero $inc? + vext.8 $Xl,$Xl,$Xl,#8 @ rotate Xi + vld1.64 {$t0},[$inp],#16 @ load [rotated] I[0] + vshl.u64 $xC2,$xC2,#57 @ compose 0xc2.0 constant #ifndef __ARMEB__ + vrev64.8 $t0,$t0 vrev64.8 $Xl,$Xl +#endif + vext.8 $IN,$t0,$t0,#8 @ rotate I[0] + b.lo .Lodd_tail_v8 @ $len was less than 32 +___ +{ my ($Xln,$Xmn,$Xhn,$In) = map("q$_",(4..7)); + ####### + # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = + # [(H*Ii+1) + (H*Xi+1)] mod P = + # [(H*Ii+1) + H^2*(Ii+Xi)] mod P + # +$code.=<<___; + vld1.64 {$t1},[$inp],$inc @ load [rotated] I[1] +#ifndef __ARMEB__ vrev64.8 $t1,$t1 #endif - veor $Hhl,$Hhl,$H @ Karatsuba pre-processing - vext.8 $IN,$t1,$t1,#8 - b .Loop_v8 + vext.8 $In,$t1,$t1,#8 + veor $IN,$IN,$Xl @ I[i]^=Xi + vpmull.p64 $Xln,$H,$In @ HIi+1 + veor $t1,$t1,$In @ Karatsuba pre-processing + vpmull2.p64 $Xhn,$H,$In + b .Loop_mod2x_v8 .align 4 -.Loop_v8: +.Loop_mod2x_v8: + vext.8 $t2,$IN,$IN,#8 + subs $len,$len,#32 @ is there more data? + vpmull.p64 $Xl,$H2,$IN @ H^2.loXi.lo + cclr $inc,lo @ is it time to zero $inc? + + vpmull.p64 $Xmn,$Hhl,$t1 + veor $t2,$t2,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H2,$IN @ H^2.hiXi.hi + veor $Xl,$Xl,$Xln @ accumulate + vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)(Xi.lo+Xi.hi) + vld1.64 {$t0},[$inp],$inc @ load [rotated] I[i+2] + + veor $Xh,$Xh,$Xhn + cclr $inc,eq @ is it time to zero $inc? + veor $Xm,$Xm,$Xmn + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + vld1.64 {$t1},[$inp],$inc @ load [rotated] I[i+3] +#ifndef __ARMEB__ + vrev64.8 $t0,$t0 +#endif + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction + +#ifndef __ARMEB__ + vrev64.8 $t1,$t1 +#endif + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + vext.8 $In,$t1,$t1,#8 + vext.8 $IN,$t0,$t0,#8 + veor $Xl,$Xm,$t2 + vpmull.p64 $Xln,$H,$In @ HIi+1 + veor $IN,$IN,$Xh @ accumulate $IN early + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 + veor $IN,$IN,$t2 + veor $t1,$t1,$In @ Karatsuba pre-processing + veor $IN,$IN,$Xl + vpmull2.p64 $Xhn,$H,$In + b.hs .Loop_mod2x_v8 @ there was at least 32 more bytes + + veor $Xh,$Xh,$t2 + vext.8 $IN,$t0,$t0,#8 @ re-construct $IN + adds $len,$len,#32 @ re-construct $len + veor $Xl,$Xl,$Xh @ re-construct $Xl + b.eq .Ldone_v8 @ is $len zero? +___ +} +$code.=<<___; +.Lodd_tail_v8: vext.8 $t2,$Xl,$Xl,#8 veor $IN,$IN,$Xl @ inp^=Xi - veor $t1,$t1,$t2 @ $t1 is rotated inp^Xi + veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi -.Lgmult_v8: vpmull.p64 $Xl,$H,$IN @ H.loXi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing vpmull2.p64 $Xh,$H,$IN @ H.hiXi.hi - subs $len,$len,#16 vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)(Xi.lo+Xi.hi) - cclr $inc,eq vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh veor $Xm,$Xm,$t1 - vld1.64 {$t1},[$inp],$inc @ load [rotated] inp veor $Xm,$Xm,$t2 - vpmull.p64 $t2,$Xl,$t3 @ 1st phase + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl -#ifndef __ARMEB__ - vrev64.8 $t1,$t1 -#endif veor $Xl,$Xm,$t2 - vext.8 $IN,$t1,$t1,#8 - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase - vpmull.p64 $Xl,$Xl,$t3 + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 veor $t2,$t2,$Xh veor $Xl,$Xl,$t2 - b.hs .Loop_v8 +.Ldone_v8: #ifndef __ARMEB__ vrev64.8 $Xl,$Xl #endif vext.8 $Xl,$Xl,$Xl,#8 vst1.64 {$Xl},[$Xi] @ write out Xi +___ +$code.=<<___ if ($flavour !~ /64/); + vldmia sp!,{d8-d15} @ 32-bit ABI says so +___ +$code.=<<___; ret .size gcm_ghash_v8,.-gcm_ghash_v8 ___ @@ -222,7 +390,7 @@ if ($flavour =~ /64/) { ######## 64-bit code foreach(split("\n",$code)) { s/\b[wx]([0-9]+)\b/r$1/go; # new->old registers s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers - s/\/\/\s?/@ /o; # new->old style commentary + s/\/\/\s?/@ /o; # new->old style commentary # fix up remainig new-style suffixes s/\],#[0-9]+/]!/o; @@ -234,7 +402,7 @@ if ($flavour =~ /64/) { ######## 64-bit code s/^(\s+)b\./$1b/o or s/^(\s+)ret/$1bx\tlr/o; - print $_,"\n"; + print $_,"\n"; } } diff --git a/openssl/crypto/modes/gcm128.c b/openssl/crypto/modes/gcm128.c index 24a84a7ae..e299131c1 100644 --- a/openssl/crypto/modes/gcm128.c +++ b/openssl/crypto/modes/gcm128.c @@ -694,7 +694,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) # define GHASH_ASM_X86_OR_64 # define GCM_FUNCREF_4BIT -extern unsigned int OPENSSL_ia32cap_P[2]; +extern unsigned int OPENSSL_ia32cap_P[]; void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]); @@ -1704,7 +1704,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, ctx->Xi.u[1] ^= ctx->EK0.u[1]; if (tag && len <= sizeof(ctx->Xi)) - return memcmp(ctx->Xi.c, tag, len); + return CRYPTO_memcmp(ctx->Xi.c, tag, len); else return -1; } diff --git a/openssl/crypto/modes/modes_lcl.h b/openssl/crypto/modes/modes_lcl.h index 900f54ca2..fe14ec700 100644 --- a/openssl/crypto/modes/modes_lcl.h +++ b/openssl/crypto/modes/modes_lcl.h @@ -38,36 +38,36 @@ typedef unsigned char u8; #if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__GNUC__) && __GNUC__>=2 # if defined(__x86_64) || defined(__x86_64__) -# define BSWAP8(x) ({ u64 ret=(x); \ +# define BSWAP8(x) ({ u64 ret_=(x); \ asm ("bswapq %0" \ - : "+r"(ret)); ret; }) -# define BSWAP4(x) ({ u32 ret=(x); \ + : "+r"(ret_)); ret_; }) +# define BSWAP4(x) ({ u32 ret_=(x); \ asm ("bswapl %0" \ - : "+r"(ret)); ret; }) + : "+r"(ret_)); ret_; }) # elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) -# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ +# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ asm ("bswapl %0; bswapl %1" \ - : "+r"(hi),"+r"(lo)); \ - (u64)hi<<32|lo; }) -# define BSWAP4(x) ({ u32 ret=(x); \ + : "+r"(hi_),"+r"(lo_)); \ + (u64)hi_<<32|lo_; }) +# define BSWAP4(x) ({ u32 ret_=(x); \ asm ("bswapl %0" \ - : "+r"(ret)); ret; }) + : "+r"(ret_)); ret_; }) # elif defined(__aarch64__) -# define BSWAP8(x) ({ u64 ret; \ +# define BSWAP8(x) ({ u64 ret_; \ asm ("rev %0,%1" \ - : "=r"(ret) : "r"(x)); ret; }) -# define BSWAP4(x) ({ u32 ret; \ + : "=r"(ret_) : "r"(x)); ret_; }) +# define BSWAP4(x) ({ u32 ret_; \ asm ("rev %w0,%w1" \ - : "=r"(ret) : "r"(x)); ret; }) + : "=r"(ret_) : "r"(x)); ret_; }) # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) -# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ +# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ asm ("rev %0,%0; rev %1,%1" \ - : "+r"(hi),"+r"(lo)); \ - (u64)hi<<32|lo; }) -# define BSWAP4(x) ({ u32 ret; \ + : "+r"(hi_),"+r"(lo_)); \ + (u64)hi_<<32|lo_; }) +# define BSWAP4(x) ({ u32 ret_; \ asm ("rev %0,%1" \ - : "=r"(ret) : "r"((u32)(x))); \ - ret; }) + : "=r"(ret_) : "r"((u32)(x))); \ + ret_; }) # endif # elif defined(_MSC_VER) # if _MSC_VER>=1300 diff --git a/openssl/crypto/objects/Makefile b/openssl/crypto/objects/Makefile index a8aedbd42..f93d2f9d2 100644 --- a/openssl/crypto/objects/Makefile +++ b/openssl/crypto/objects/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: obj_dat.h obj_mac.h obj_xref.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/objects/o_names.c b/openssl/crypto/objects/o_names.c index c6774f457..24859926a 100644 --- a/openssl/crypto/objects/o_names.c +++ b/openssl/crypto/objects/o_names.c @@ -313,7 +313,7 @@ void OBJ_NAME_do_all_sorted(int type, d.names = OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); /* Really should return an error if !d.names...but its a void function! */ - if(d.names) { + if (d.names) { d.n = 0; OBJ_NAME_do_all(type, do_all_sorted_fn, &d); diff --git a/openssl/crypto/objects/obj_dat.c b/openssl/crypto/objects/obj_dat.c index 5cd755d77..aca382a6e 100644 --- a/openssl/crypto/objects/obj_dat.c +++ b/openssl/crypto/objects/obj_dat.c @@ -400,6 +400,8 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp) j = (a->length - b->length); if (j) return (j); + if (a->length == 0) + return 0; return (memcmp(a->data, b->data, a->length)); } @@ -415,6 +417,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->nid != 0) return (a->nid); + if (a->length == 0) + return NID_undef; + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ diff --git a/openssl/crypto/objects/objects.README b/openssl/crypto/objects/objects.README index 4d745508d..cb1d216ce 100644 --- a/openssl/crypto/objects/objects.README +++ b/openssl/crypto/objects/objects.README @@ -8,9 +8,9 @@ The basic syntax for adding an object is as follows: 1 2 3 4 : shortName : Long Name - If the long name doesn't contain spaces, or no short name - exists, the long name is used as basis for the base name - in C. Otherwise, the short name is used. + If Long Name contains only word characters and hyphen-minus + (0x2D) or full stop (0x2E) then Long Name is used as basis + for the base name in C. Otherwise, the shortName is used. The base name (let's call it 'base') will then be used to create the C macros SN_base, LN_base, NID_base and OBJ_base. @@ -22,7 +22,7 @@ Then there are some extra commands: !Alias foo 1 2 3 4 - This juts makes a name foo for an OID. The C macro + This just makes a name foo for an OID. The C macro OBJ_foo will be created as a result. !Cname foo diff --git a/openssl/crypto/objects/objects.pl b/openssl/crypto/objects/objects.pl index d0ed459d3..389dc3483 100644 --- a/openssl/crypto/objects/objects.pl +++ b/openssl/crypto/objects/objects.pl @@ -67,7 +67,7 @@ while () $myoid = &process_oid($myoid); } - if ($Cname eq "" && !($myln =~ / /)) + if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ )) { $Cname = $myln; $Cname =~ s/\./_/g; diff --git a/openssl/crypto/ocsp/Makefile b/openssl/crypto/ocsp/Makefile index 60c414cf4..96a1b156b 100644 --- a/openssl/crypto/ocsp/Makefile +++ b/openssl/crypto/ocsp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/openssl/crypto/ocsp/ocsp_ext.c b/openssl/crypto/ocsp/ocsp_ext.c index 849cb2f76..c19648c73 100644 --- a/openssl/crypto/ocsp/ocsp_ext.c +++ b/openssl/crypto/ocsp/ocsp_ext.c @@ -361,8 +361,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); if (val) memcpy(tmpval, val, len); - else - RAND_pseudo_bytes(tmpval, len); + else if (RAND_pseudo_bytes(tmpval, len) < 0) + goto err; if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, &os, 0, X509V3_ADD_REPLACE)) goto err; diff --git a/openssl/crypto/ocsp/ocsp_vfy.c b/openssl/crypto/ocsp/ocsp_vfy.c index 6c0ccb565..d4a257c33 100644 --- a/openssl/crypto/ocsp/ocsp_vfy.c +++ b/openssl/crypto/ocsp/ocsp_vfy.c @@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, { X509 *signer, *x; STACK_OF(X509) *chain = NULL; + STACK_OF(X509) *untrusted = NULL; X509_STORE_CTX ctx; int i, ret = 0; ret = ocsp_find_signer(&signer, bs, certs, st, flags); @@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } if (!(flags & OCSP_NOVERIFY)) { int init_res; - if (flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); - else - init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if (flags & OCSP_NOCHAIN) { + untrusted = NULL; + } else if (bs->certs && certs) { + untrusted = sk_X509_dup(bs->certs); + for (i = 0; i < sk_X509_num(certs); i++) { + if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); + goto end; + } + } + } else { + untrusted = bs->certs; + } + init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); if (!init_res) { ret = -1; OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); @@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, end: if (chain) sk_X509_pop_free(chain, X509_free); + if (bs->certs && certs) + sk_X509_free(untrusted); return ret; } diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h index 4f20b97a8..7cc19dc51 100644 --- a/openssl/crypto/opensslv.h +++ b/openssl/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1000201fL +# define OPENSSL_VERSION_NUMBER 0x1000203fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a-fips 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c-fips 12 Jun 2015" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c 12 Jun 2015" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl/crypto/pem/Makefile b/openssl/crypto/pem/Makefile index 7691f83f6..65de60e2a 100644 --- a/openssl/crypto/pem/Makefile +++ b/openssl/crypto/pem/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/openssl/crypto/pem/pem_pk8.c b/openssl/crypto/pem/pem_pk8.c index b98c76c4a..5747c7366 100644 --- a/openssl/crypto/pem/pem_pk8.c +++ b/openssl/crypto/pem/pem_pk8.c @@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, if (kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); + if (p8 == NULL) + return 0; if (isder) ret = i2d_PKCS8_bio(bp, p8); else diff --git a/openssl/crypto/pkcs12/Makefile b/openssl/crypto/pkcs12/Makefile index 3a7498fe7..be5f8c5d2 100644 --- a/openssl/crypto/pkcs12/Makefile +++ b/openssl/crypto/pkcs12/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/pkcs12/p12_mutl.c b/openssl/crypto/pkcs12/p12_mutl.c index 256b210cc..5ab4bf290 100644 --- a/openssl/crypto/pkcs12/p12_mutl.c +++ b/openssl/crypto/pkcs12/p12_mutl.c @@ -60,6 +60,7 @@ #ifndef OPENSSL_NO_HMAC # include # include "cryptlib.h" +# include # include # include # include @@ -123,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) return 0; } if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) - || memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) return 0; return 1; } diff --git a/openssl/crypto/pkcs7/Makefile b/openssl/crypto/pkcs7/Makefile index effe05fc0..decf5e020 100644 --- a/openssl/crypto/pkcs7/Makefile +++ b/openssl/crypto/pkcs7/Makefile @@ -68,6 +68,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/pkcs7/pk7_doit.c b/openssl/crypto/pkcs7/pk7_doit.c index 31a1b983f..c8d7db01b 100644 --- a/openssl/crypto/pkcs7/pk7_doit.c +++ b/openssl/crypto/pkcs7/pk7_doit.c @@ -445,6 +445,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) switch (i) { case NID_pkcs7_signed: + /* + * p7->d.sign->contents is a PKCS7 structure consisting of a contentType + * field and optional content. + * data_body is NULL if that structure has no (=detached) content + * or if the contentType is wrong (i.e., not "data"). + */ data_body = PKCS7_get_octet_string(p7->d.sign->contents); if (!PKCS7_is_detached(p7) && data_body == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE, @@ -456,6 +462,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) case NID_pkcs7_signedAndEnveloped: rsk = p7->d.signed_and_enveloped->recipientinfo; md_sk = p7->d.signed_and_enveloped->md_algs; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); @@ -468,6 +475,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) case NID_pkcs7_enveloped: rsk = p7->d.enveloped->recipientinfo; enc_alg = p7->d.enveloped->enc_data->algorithm; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.enveloped->enc_data->enc_data; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { @@ -481,6 +489,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } + /* Detached content must be supplied via in_bio instead. */ + if (data_body == NULL && in_bio == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + goto err; + } + /* We will be checking the signature */ if (md_sk != NULL) { for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { @@ -623,7 +637,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) etmp = NULL; } #if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) { + if (in_bio != NULL) { bio = in_bio; } else { # if 0 diff --git a/openssl/crypto/pqueue/Makefile b/openssl/crypto/pqueue/Makefile index fb36a0c87..a59b5a939 100644 --- a/openssl/crypto/pqueue/Makefile +++ b/openssl/crypto/pqueue/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/rand/Makefile b/openssl/crypto/rand/Makefile index 27694aa66..df44369a0 100644 --- a/openssl/crypto/rand/Makefile +++ b/openssl/crypto/rand/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/rand/rand_os2.c b/openssl/crypto/rand/rand_os2.c index 02148d5bf..706ab1e81 100644 --- a/openssl/crypto/rand/rand_os2.c +++ b/openssl/crypto/rand/rand_os2.c @@ -149,7 +149,7 @@ int RAND_poll(void) if (DosQuerySysState) { char *buffer = OPENSSL_malloc(256 * 1024); - if(!buffer) + if (!buffer) return 0; if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { diff --git a/openssl/crypto/rc2/Makefile b/openssl/crypto/rc2/Makefile index 8a9d49ab5..b3727a4a6 100644 --- a/openssl/crypto/rc2/Makefile +++ b/openssl/crypto/rc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/rc4/Makefile b/openssl/crypto/rc4/Makefile index 76860aeb4..7434ff737 100644 --- a/openssl/crypto/rc4/Makefile +++ b/openssl/crypto/rc4/Makefile @@ -89,6 +89,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/rc5/Makefile b/openssl/crypto/rc5/Makefile index 8a8b00eb8..6ca0037c6 100644 --- a/openssl/crypto/rc5/Makefile +++ b/openssl/crypto/rc5/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/ripemd/Makefile b/openssl/crypto/ripemd/Makefile index 25140b2a7..1c3f094bb 100644 --- a/openssl/crypto/ripemd/Makefile +++ b/openssl/crypto/ripemd/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/rsa/Makefile b/openssl/crypto/rsa/Makefile index af487b600..e292e84db 100644 --- a/openssl/crypto/rsa/Makefile +++ b/openssl/crypto/rsa/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/rsa/rsa_pmeth.c b/openssl/crypto/rsa/rsa_pmeth.c index ddda0ddc4..203635595 100644 --- a/openssl/crypto/rsa/rsa_pmeth.c +++ b/openssl/crypto/rsa/rsa_pmeth.c @@ -254,8 +254,14 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, return ret; ret = sltmp; } else if (rctx->pad_mode == RSA_X931_PADDING) { - if (!setup_tbuf(rctx, ctx)) + if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) { + RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL); + return -1; + } + if (!setup_tbuf(rctx, ctx)) { + RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE); return -1; + } memcpy(rctx->tbuf, tbs, tbslen); rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, diff --git a/openssl/crypto/seed/Makefile b/openssl/crypto/seed/Makefile index 4bc55e491..70d3d45a2 100644 --- a/openssl/crypto/seed/Makefile +++ b/openssl/crypto/seed/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/sha/Makefile b/openssl/crypto/sha/Makefile index a8c0cf785..de6cdde58 100644 --- a/openssl/crypto/sha/Makefile +++ b/openssl/crypto/sha/Makefile @@ -124,6 +124,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/sha/asm/sha1-armv8.pl b/openssl/crypto/sha/asm/sha1-armv8.pl index deb1238d3..c04432a54 100755 --- a/openssl/crypto/sha/asm/sha1-armv8.pl +++ b/openssl/crypto/sha/asm/sha1-armv8.pl @@ -14,10 +14,14 @@ # # hardware-assisted software(*) # Apple A7 2.31 4.13 (+14%) -# Cortex-A53 2.19 8.73 (+108%) +# Cortex-A53 2.24 8.03 (+97%) # Cortex-A57 2.35 7.88 (+74%) +# Denver 2.13 3.97 (+0%)(**) +# X-Gene 8.80 (+200%) # # (*) Software results are presented mostly for reference purposes. +# (**) Keep in mind that Denver relies on binary translation, which +# optimizes compiler output at run-time. $flavour = shift; open STDOUT,">".shift; diff --git a/openssl/crypto/sha/asm/sha256-armv4.pl b/openssl/crypto/sha/asm/sha256-armv4.pl index f14c9c3cb..4fee74d83 100644 --- a/openssl/crypto/sha/asm/sha256-armv4.pl +++ b/openssl/crypto/sha/asm/sha256-armv4.pl @@ -5,6 +5,8 @@ # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. +# +# Permission to use under GPL terms is granted. # ==================================================================== # SHA256 block procedure for ARMv4. May 2007. @@ -151,10 +153,24 @@ ___ } $code=<<___; -#include "arm_arch.h" +#ifndef __KERNEL__ +# include "arm_arch.h" +#else +# define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ 7 +#endif .text +#if __ARM_ARCH__<7 .code 32 +#else +.syntax unified +# ifdef __thumb2__ +.thumb +# else +.code 32 +# endif +#endif .type K256,%object .align 5 @@ -177,7 +193,7 @@ K256: .word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 .size K256,.-K256 .word 0 @ terminator -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .LOPENSSL_armcap: .word OPENSSL_armcap_P-sha256_block_data_order #endif @@ -186,9 +202,12 @@ K256: .global sha256_block_data_order .type sha256_block_data_order,%function sha256_block_data_order: +#if __ARM_ARCH__<7 sub r3,pc,#8 @ sha256_block_data_order - add $len,$inp,$len,lsl#6 @ len to point at the end of inp -#if __ARM_MAX_ARCH__>=7 +#else + adr r3,sha256_block_data_order +#endif +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P tst r12,#ARMV8_SHA256 @@ -196,6 +215,7 @@ sha256_block_data_order: tst r12,#ARMV7_NEON bne .LNEON #endif + add $len,$inp,$len,lsl#6 @ len to point at the end of inp stmdb sp!,{$ctx,$inp,$len,r4-r11,lr} ldmia $ctx,{$A,$B,$C,$D,$E,$F,$G,$H} sub $Ktbl,r3,#256+32 @ K256 @@ -213,6 +233,9 @@ for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } $code.=".Lrounds_16_xx:\n"; for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } $code.=<<___; +#if __ARM_ARCH__>=7 + ite eq @ Thumb2 thing, sanity check in ARM +#endif ldreq $t3,[sp,#16*4] @ pull ctx bne .Lrounds_16_xx @@ -429,16 +452,19 @@ $code.=<<___; .arch armv7-a .fpu neon +.global sha256_block_data_order_neon .type sha256_block_data_order_neon,%function .align 4 sha256_block_data_order_neon: .LNEON: stmdb sp!,{r4-r12,lr} + sub $H,sp,#16*4+16 + adr $Ktbl,K256 + bic $H,$H,#15 @ align for 128-bit stores mov $t2,sp - sub sp,sp,#16*4+16 @ alloca - sub $Ktbl,r3,#256+32 @ K256 - bic sp,sp,#15 @ align for 128-bit stores + mov sp,$H @ alloca + add $len,$inp,$len,lsl#6 @ len to point at the end of inp vld1.8 {@X[0]},[$inp]! vld1.8 {@X[1]},[$inp]! @@ -490,11 +516,13 @@ $code.=<<___; ldr $t0,[sp,#72] sub $Ktbl,$Ktbl,#256 @ rewind $Ktbl teq $inp,$t0 + it eq subeq $inp,$inp,#64 @ avoid SEGV vld1.8 {@X[0]},[$inp]! @ load next input block vld1.8 {@X[1]},[$inp]! vld1.8 {@X[2]},[$inp]! vld1.8 {@X[3]},[$inp]! + it ne strne $inp,[sp,#68] mov $Xfer,sp ___ @@ -526,10 +554,12 @@ $code.=<<___; str $D,[$t1],#4 stmia $t1,{$E-$H} + ittte ne movne $Xfer,sp ldrne $t1,[sp,#0] eorne $t2,$t2,$t2 ldreq sp,[sp,#76] @ restore original sp + itt ne eorne $t3,$B,$C bne .L_00_48 @@ -548,13 +578,26 @@ my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15)); my $Ktbl="r3"; $code.=<<___; -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) + +# ifdef __thumb2__ +# define INST(a,b,c,d) .byte c,d|0xc,a,b +# else +# define INST(a,b,c,d) .byte a,b,c,d +# endif + .type sha256_block_data_order_armv8,%function .align 5 sha256_block_data_order_armv8: .LARMv8: vld1.32 {$ABCD,$EFGH},[$ctx] - sub $Ktbl,r3,#sha256_block_data_order-K256 +# ifdef __thumb2__ + adr $Ktbl,.LARMv8 + sub $Ktbl,$Ktbl,#.LARMv8-K256 +# else + adrl $Ktbl,K256 +# endif + add $len,$inp,$len,lsl#6 @ len to point at the end of inp .Loop_v8: vld1.8 {@MSG[0]-@MSG[1]},[$inp]! @@ -607,6 +650,7 @@ $code.=<<___; vadd.i32 $ABCD,$ABCD,$ABCD_SAVE vadd.i32 $EFGH,$EFGH,$EFGH_SAVE + it ne bne .Loop_v8 vst1.32 {$ABCD,$EFGH},[$ctx] @@ -619,11 +663,19 @@ ___ $code.=<<___; .asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " .align 2 -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .comm OPENSSL_armcap_P,4,4 #endif ___ +open SELF,$0; +while() { + next if (/^#!/); + last if (!s/^#/@/ and !/^$/); + print; +} +close SELF; + { my %opcode = ( "sha256h" => 0xf3000c40, "sha256h2" => 0xf3100c40, "sha256su0" => 0xf3ba03c0, "sha256su1" => 0xf3200c40 ); @@ -638,7 +690,7 @@ ___ # since ARMv7 instructions are always encoded little-endian. # correct solution is to use .inst directive, but older # assemblers don't implement it:-( - sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s", + sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s", $word&0xff,($word>>8)&0xff, ($word>>16)&0xff,($word>>24)&0xff, $mnemonic,$arg; diff --git a/openssl/crypto/sha/asm/sha512-armv8.pl b/openssl/crypto/sha/asm/sha512-armv8.pl index bd7a0a566..f7b36b986 100755 --- a/openssl/crypto/sha/asm/sha512-armv8.pl +++ b/openssl/crypto/sha/asm/sha512-armv8.pl @@ -14,8 +14,10 @@ # # SHA256-hw SHA256(*) SHA512 # Apple A7 1.97 10.5 (+33%) 6.73 (-1%(**)) -# Cortex-A53 2.38 15.6 (+110%) 10.1 (+190%(***)) +# Cortex-A53 2.38 15.5 (+115%) 10.0 (+150%(***)) # Cortex-A57 2.31 11.6 (+86%) 7.51 (+260%(***)) +# Denver 2.01 10.5 (+26%) 6.70 (+8%) +# X-Gene 20.0 (+100%) 12.8 (+300%(***)) # # (*) Software SHA256 results are of lesser relevance, presented # mostly for informational purposes. @@ -25,7 +27,7 @@ # (***) Super-impressive coefficients over gcc-generated code are # indication of some compiler "pathology", most notably code # generated with -mgeneral-regs-only is significanty faster -# and lags behind assembly only by 50-90%. +# and the gap is only 40-90%. $flavour=shift; $output=shift; diff --git a/openssl/crypto/srp/Makefile b/openssl/crypto/srp/Makefile index ddf674864..414af7bc6 100644 --- a/openssl/crypto/srp/Makefile +++ b/openssl/crypto/srp/Makefile @@ -64,6 +64,8 @@ srptest: top srptest.c $(LIB) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/srp/srp_vfy.c b/openssl/crypto/srp/srp_vfy.c index 701b5cd01..50f75d7e4 100644 --- a/openssl/crypto/srp/srp_vfy.c +++ b/openssl/crypto/srp/srp_vfy.c @@ -497,7 +497,8 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) if (!SRP_user_pwd_set_ids(user, username, NULL)) goto err; - RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH); + if (RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH) < 0) + goto err; EVP_MD_CTX_init(&ctxt); EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); @@ -549,7 +550,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, } if (*salt == NULL) { - RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); + if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0) + goto err; s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } else { @@ -609,7 +611,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, srp_bn_print(g); if (*salt == NULL) { - RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); + if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0) + goto err; *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } diff --git a/openssl/crypto/stack/Makefile b/openssl/crypto/stack/Makefile index 5327692ac..b069c9323 100644 --- a/openssl/crypto/stack/Makefile +++ b/openssl/crypto/stack/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/store/Makefile b/openssl/crypto/store/Makefile index 0dcfd7857..5bc7ca71f 100644 --- a/openssl/crypto/store/Makefile +++ b/openssl/crypto/store/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/threads/th-lock.c b/openssl/crypto/threads/th-lock.c index 28884c2d4..cc8cf2581 100644 --- a/openssl/crypto/threads/th-lock.c +++ b/openssl/crypto/threads/th-lock.c @@ -117,7 +117,7 @@ void CRYPTO_thread_setup(void) int i; lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE)); - if(!lock_cs) { + if (!lock_cs) { /* Nothing we can do about this...void function! */ return; } @@ -172,7 +172,7 @@ void CRYPTO_thread_setup(void) # else lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t)); # endif - if(!lock_cs) { + if (!lock_cs) { /* Nothing we can do about this...void function! */ return; } @@ -260,7 +260,7 @@ void CRYPTO_thread_setup(void) char filename[20]; lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); - if(!lock_cs) { + if (!lock_cs) { /* Nothing we can do about this...void function! */ return; } @@ -328,11 +328,11 @@ void CRYPTO_thread_setup(void) lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); - if(!lock_cs || !lock_count) { + if (!lock_cs || !lock_count) { /* Nothing we can do about this...void function! */ - if(lock_cs) + if (lock_cs) OPENSSL_free(lock_cs); - if(lock_count) + if (lock_count) OPENSSL_free(lock_count); return; } diff --git a/openssl/crypto/ts/Makefile b/openssl/crypto/ts/Makefile index c18234555..cf991efe4 100644 --- a/openssl/crypto/ts/Makefile +++ b/openssl/crypto/ts/Makefile @@ -73,6 +73,8 @@ tags: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/openssl/crypto/txt_db/Makefile b/openssl/crypto/txt_db/Makefile index e6f30331d..4f70b199a 100644 --- a/openssl/crypto/txt_db/Makefile +++ b/openssl/crypto/txt_db/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/ui/Makefile b/openssl/crypto/ui/Makefile index a685659fb..b28fcca6d 100644 --- a/openssl/crypto/ui/Makefile +++ b/openssl/crypto/ui/Makefile @@ -65,6 +65,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/whrlpool/Makefile b/openssl/crypto/whrlpool/Makefile index f4d46e4d1..befd6d6f3 100644 --- a/openssl/crypto/whrlpool/Makefile +++ b/openssl/crypto/whrlpool/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/x509/Makefile b/openssl/crypto/x509/Makefile index cfbb59c37..01aa3bf38 100644 --- a/openssl/crypto/x509/Makefile +++ b/openssl/crypto/x509/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/x509/x509_lu.c b/openssl/crypto/x509/x509_lu.c index ff1fa975f..b0d653903 100644 --- a/openssl/crypto/x509/x509_lu.c +++ b/openssl/crypto/x509/x509_lu.c @@ -216,6 +216,8 @@ X509_STORE *X509_STORE_new(void) static void cleanup(X509_OBJECT *a) { + if (!a) + return; if (a->type == X509_LU_X509) { X509_free(a->data.x509); } else if (a->type == X509_LU_CRL) { diff --git a/openssl/crypto/x509/x509_vfy.c b/openssl/crypto/x509/x509_vfy.c index 1196a2ada..8ce41f9c9 100644 --- a/openssl/crypto/x509/x509_vfy.c +++ b/openssl/crypto/x509/x509_vfy.c @@ -187,11 +187,11 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) int X509_verify_cert(X509_STORE_CTX *ctx) { - X509 *x, *xtmp, *chain_ss = NULL; + X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; int bad_chain = 0; X509_VERIFY_PARAM *param = ctx->param; int depth, i, ok = 0; - int num; + int num, j, retry; int (*cb) (int xok, X509_STORE_CTX *xctx); STACK_OF(X509) *sktmp = NULL; if (ctx->cert == NULL) { @@ -276,91 +276,128 @@ int X509_verify_cert(X509_STORE_CTX *ctx) break; } + /* Remember how many untrusted certs we have */ + j = num; /* * at this point, chain should contain a list of untrusted certificates. * We now need to add at least one trusted one, if possible, otherwise we * complain. */ - /* - * Examine last certificate in chain and see if it is self signed. - */ - - i = sk_X509_num(ctx->chain); - x = sk_X509_value(ctx->chain, i - 1); - if (cert_self_signed(x)) { - /* we have a self signed certificate */ - if (sk_X509_num(ctx->chain) == 1) { - /* - * We have a single self signed certificate: see if we can find - * it in the store. We must have an exact match to avoid possible - * impersonation. - */ - ok = ctx->get_issuer(&xtmp, ctx, x); - if ((ok <= 0) || X509_cmp(x, xtmp)) { - ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - ctx->current_cert = x; - ctx->error_depth = i - 1; - if (ok == 1) - X509_free(xtmp); - bad_chain = 1; - ok = cb(0, ctx); - if (!ok) - goto end; + do { + /* + * Examine last certificate in chain and see if it is self signed. + */ + i = sk_X509_num(ctx->chain); + x = sk_X509_value(ctx->chain, i - 1); + if (cert_self_signed(x)) { + /* we have a self signed certificate */ + if (sk_X509_num(ctx->chain) == 1) { + /* + * We have a single self signed certificate: see if we can + * find it in the store. We must have an exact match to avoid + * possible impersonation. + */ + ok = ctx->get_issuer(&xtmp, ctx, x); + if ((ok <= 0) || X509_cmp(x, xtmp)) { + ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert = x; + ctx->error_depth = i - 1; + if (ok == 1) + X509_free(xtmp); + bad_chain = 1; + ok = cb(0, ctx); + if (!ok) + goto end; + } else { + /* + * We have a match: replace certificate with store + * version so we get any trust settings. + */ + X509_free(x); + x = xtmp; + (void)sk_X509_set(ctx->chain, i - 1, x); + ctx->last_untrusted = 0; + } } else { /* - * We have a match: replace certificate with store version so - * we get any trust settings. + * extract and save self signed certificate for later use */ - X509_free(x); - x = xtmp; - (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted = 0; + chain_ss = sk_X509_pop(ctx->chain); + ctx->last_untrusted--; + num--; + j--; + x = sk_X509_value(ctx->chain, num - 1); } - } else { - /* - * extract and save self signed certificate for later use - */ - chain_ss = sk_X509_pop(ctx->chain); - ctx->last_untrusted--; - num--; - x = sk_X509_value(ctx->chain, num - 1); } - } - - /* We now lookup certs from the certificate store */ - for (;;) { - /* If we have enough, we break */ - if (depth < num) - break; + /* We now lookup certs from the certificate store */ + for (;;) { + /* If we have enough, we break */ + if (depth < num) + break; + /* If we are self signed, we break */ + if (cert_self_signed(x)) + break; + ok = ctx->get_issuer(&xtmp, ctx, x); - /* If we are self signed, we break */ - if (cert_self_signed(x)) - break; + if (ok < 0) + return ok; + if (ok == 0) + break; + x = xtmp; + if (!sk_X509_push(ctx->chain, x)) { + X509_free(xtmp); + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + return 0; + } + num++; + } - ok = ctx->get_issuer(&xtmp, ctx, x); + /* we now have our chain, lets check it... */ + i = check_trust(ctx); - if (ok < 0) - return ok; - if (ok == 0) - break; + /* If explicitly rejected error */ + if (i == X509_TRUST_REJECTED) + goto end; + /* + * If it's not explicitly trusted then check if there is an alternative + * chain that could be used. We only do this if we haven't already + * checked via TRUSTED_FIRST and the user hasn't switched off alternate + * chain checking + */ + retry = 0; + if (i != X509_TRUST_TRUSTED + && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) + && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { + while (j-- > 1) { + xtmp2 = sk_X509_value(ctx->chain, j - 1); + ok = ctx->get_issuer(&xtmp, ctx, xtmp2); + if (ok < 0) + goto end; + /* Check if we found an alternate chain */ + if (ok > 0) { + /* + * Free up the found cert we'll add it again later + */ + X509_free(xtmp); - x = xtmp; - if (!sk_X509_push(ctx->chain, x)) { - X509_free(xtmp); - X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - return 0; + /* + * Dump all the certs above this point - we've found an + * alternate chain + */ + while (num > j) { + xtmp = sk_X509_pop(ctx->chain); + X509_free(xtmp); + num--; + ctx->last_untrusted--; + } + retry = 1; + break; + } + } } - num++; - } + } while (retry); - /* we now have our chain, lets check it... */ - - i = check_trust(ctx); - - /* If explicitly rejected error */ - if (i == X509_TRUST_REJECTED) - goto end; /* * If not explicitly trusted then indicate error unless it's a single * self signed certificate in which case we've indicated an error already @@ -1751,47 +1788,84 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) ASN1_TIME atm; long offset; char buff1[24], buff2[24], *p; - int i, j; + int i, j, remaining; p = buff1; - i = ctm->length; + remaining = ctm->length; str = (char *)ctm->data; + /* + * Note that the following (historical) code allows much more slack in the + * time format than RFC5280. In RFC5280, the representation is fixed: + * UTCTime: YYMMDDHHMMSSZ + * GeneralizedTime: YYYYMMDDHHMMSSZ + */ if (ctm->type == V_ASN1_UTCTIME) { - if ((i < 11) || (i > 17)) + /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ + int min_length = sizeof("YYMMDDHHMMZ") - 1; + int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 10); p += 10; str += 10; + remaining -= 10; } else { - if (i < 13) + /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ + int min_length = sizeof("YYYYMMDDHHMMZ") - 1; + int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 12); p += 12; str += 12; + remaining -= 12; } if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++) = '0'; *(p++) = '0'; } else { + /* SS (seconds) */ + if (remaining < 2) + return 0; *(p++) = *(str++); *(p++) = *(str++); - /* Skip any fractional seconds... */ - if (*str == '.') { + remaining -= 2; + /* + * Skip any (up to three) fractional seconds... + * TODO(emilia): in RFC5280, fractional seconds are forbidden. + * Can we just kill them altogether? + */ + if (remaining && *str == '.') { str++; - while ((*str >= '0') && (*str <= '9')) - str++; + remaining--; + for (i = 0; i < 3 && remaining; i++, str++, remaining--) { + if (*str < '0' || *str > '9') + break; + } } } *(p++) = 'Z'; *(p++) = '\0'; - if (*str == 'Z') + /* We now need either a terminating 'Z' or an offset. */ + if (!remaining) + return 0; + if (*str == 'Z') { + if (remaining != 1) + return 0; offset = 0; - else { + } else { + /* (+-)HHMM */ if ((*str != '+') && (*str != '-')) return 0; + /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ + if (remaining != 5) + return 0; + if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || + str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') + return 0; offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; offset += (str[3] - '0') * 10 + (str[4] - '0'); if (*str == '-') @@ -2169,6 +2243,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (!ctx) + return; X509_STORE_CTX_cleanup(ctx); OPENSSL_free(ctx); } diff --git a/openssl/crypto/x509/x509_vfy.h b/openssl/crypto/x509/x509_vfy.h index a6f0df54c..bd8613c62 100644 --- a/openssl/crypto/x509/x509_vfy.h +++ b/openssl/crypto/x509/x509_vfy.h @@ -432,6 +432,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Allow partial chains if at least one certificate is in trusted store */ # define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 # define X509_VP_FLAG_DEFAULT 0x1 # define X509_VP_FLAG_OVERWRITE 0x2 diff --git a/openssl/crypto/x509/x509_vpm.c b/openssl/crypto/x509/x509_vpm.c index 322239401..1ea0c69f5 100644 --- a/openssl/crypto/x509/x509_vpm.c +++ b/openssl/crypto/x509/x509_vpm.c @@ -172,16 +172,17 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { X509_VERIFY_PARAM *param; X509_VERIFY_PARAM_ID *paramid; - param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); + + param = OPENSSL_malloc(sizeof *param); if (!param) return NULL; - paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); + paramid = OPENSSL_malloc(sizeof *paramid); if (!paramid) { OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof(X509_VERIFY_PARAM)); - memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID)); + memset(param, 0, sizeof *param); + memset(paramid, 0, sizeof *paramid); param->id = paramid; x509_verify_param_zero(param); return param; @@ -189,6 +190,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) { + if (param == NULL) + return; x509_verify_param_zero(param); OPENSSL_free(param->id); OPENSSL_free(param); diff --git a/openssl/crypto/x509/x509type.c b/openssl/crypto/x509/x509type.c index 033175257..9219f753b 100644 --- a/openssl/crypto/x509/x509type.c +++ b/openssl/crypto/x509/x509type.c @@ -121,9 +121,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) } } - /* /8 because it's 1024 bits we look for, not bytes */ - if (EVP_PKEY_size(pk) <= 1024 / 8) - ret |= EVP_PKT_EXP; if (pkey == NULL) EVP_PKEY_free(pk); return (ret); diff --git a/openssl/crypto/x509v3/Makefile b/openssl/crypto/x509v3/Makefile index cdbfd5240..9791b77a0 100644 --- a/openssl/crypto/x509v3/Makefile +++ b/openssl/crypto/x509v3/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @@ -535,26 +537,18 @@ v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h v3_purp.o: ../cryptlib.h v3_purp.c v3_scts.o: ../../e_os.h ../../include/openssl/asn1.h v3_scts.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -v3_scts.o: ../../include/openssl/comp.h ../../include/openssl/conf.h -v3_scts.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -v3_scts.o: ../../include/openssl/dtls1.h ../../include/openssl/e_os2.h -v3_scts.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -v3_scts.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_scts.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -v3_scts.o: ../../include/openssl/kssl.h ../../include/openssl/lhash.h -v3_scts.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_scts.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_scts.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -v3_scts.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -v3_scts.o: ../../include/openssl/pqueue.h ../../include/openssl/rsa.h -v3_scts.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_scts.o: ../../include/openssl/srtp.h ../../include/openssl/ssl.h -v3_scts.o: ../../include/openssl/ssl2.h ../../include/openssl/ssl23.h -v3_scts.o: ../../include/openssl/ssl3.h ../../include/openssl/stack.h -v3_scts.o: ../../include/openssl/symhacks.h ../../include/openssl/tls1.h -v3_scts.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_scts.o: ../../include/openssl/x509v3.h ../../ssl/ssl_locl.h ../cryptlib.h -v3_scts.o: v3_scts.c +v3_scts.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_scts.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_scts.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_scts.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_scts.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_scts.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_scts.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_scts.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_scts.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_scts.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_scts.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_scts.o: ../cryptlib.h v3_scts.c v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h diff --git a/openssl/crypto/x509v3/v3_alt.c b/openssl/crypto/x509v3/v3_alt.c index 807867b91..22ec20284 100644 --- a/openssl/crypto/x509v3/v3_alt.c +++ b/openssl/crypto/x509v3/v3_alt.c @@ -584,24 +584,26 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { - int ret; - STACK_OF(CONF_VALUE) *sk; - X509_NAME *nm; + int ret = 0; + STACK_OF(CONF_VALUE) *sk = NULL; + X509_NAME *nm = NULL; if (!(nm = X509_NAME_new())) - return 0; + goto err; sk = X509V3_get_section(ctx, value); if (!sk) { X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND); ERR_add_error_data(2, "section=", value); - X509_NAME_free(nm); - return 0; + goto err; } /* FIXME: should allow other character types... */ ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); if (!ret) - X509_NAME_free(nm); + goto err; gen->d.dirn = nm; - X509V3_section_free(ctx, sk); +err: + if (ret == 0) + X509_NAME_free(nm); + X509V3_section_free(ctx, sk); return ret; } diff --git a/openssl/crypto/x509v3/v3_cpols.c b/openssl/crypto/x509v3/v3_cpols.c index dca6ab2ec..0febc1b3e 100644 --- a/openssl/crypto/x509v3/v3_cpols.c +++ b/openssl/crypto/x509v3/v3_cpols.c @@ -230,11 +230,11 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, goto merr; if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; - if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { + if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if(!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) + if (!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) @@ -294,7 +294,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, POLICYQUALINFO *qual; if (!(qual = POLICYQUALINFO_new())) goto merr; - if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { + if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); goto err; } @@ -304,7 +304,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); if (!strcmp(cnf->name, "explicitText")) { - if(!(not->exptext = M_ASN1_VISIBLESTRING_new())) + if (!(not->exptext = M_ASN1_VISIBLESTRING_new())) goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) diff --git a/openssl/crypto/x509v3/v3_scts.c b/openssl/crypto/x509v3/v3_scts.c index 9a4c3eba0..6e0b8d684 100755 --- a/openssl/crypto/x509v3/v3_scts.c +++ b/openssl/crypto/x509v3/v3_scts.c @@ -60,7 +60,16 @@ #include "cryptlib.h" #include #include -#include "../ssl/ssl_locl.h" + +/* Signature and hash algorithms from RFC 5246 */ +#define TLSEXT_hash_sha256 4 + +#define TLSEXT_signature_rsa 1 +#define TLSEXT_signature_ecdsa 3 + + +#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ + (((unsigned int)(c[1])) )),c+=2) #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) # define SCT_TIMESTAMP unsigned __int64 diff --git a/openssl/crypto/x509v3/v3_utl.c b/openssl/crypto/x509v3/v3_utl.c index ed6099e12..bdd7b95f4 100644 --- a/openssl/crypto/x509v3/v3_utl.c +++ b/openssl/crypto/x509v3/v3_utl.c @@ -285,6 +285,10 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) int state; /* We are going to modify the line so copy it first */ linebuf = BUF_strdup(line); + if (linebuf == NULL) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); + goto err; + } state = HDR_NAME; ntmp = NULL; /* Go through all characters */ @@ -807,7 +811,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, */ if (p[i] == '*') { int atstart = (state & LABEL_START); - int atend = (i == len - 1 || p[i + i] == '.'); + int atend = (i == len - 1 || p[i + 1] == '.'); /*- * At most one wildcard per pattern. * No wildcards in IDNA labels. diff --git a/openssl/demos/easy_tls/easy-tls.c b/openssl/demos/easy_tls/easy-tls.c index acc688aaf..5682e91a4 100644 --- a/openssl/demos/easy_tls/easy-tls.c +++ b/openssl/demos/easy_tls/easy-tls.c @@ -761,7 +761,8 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) if (tls_dhe1024 == NULL) { int i; - RAND_bytes((unsigned char *)&i, sizeof i); + if (RAND_bytes((unsigned char *)&i, sizeof i) <= 0) + goto err_return; /* * make sure that i is non-negative -- pick one of the provided * seeds diff --git a/openssl/doc/apps/ciphers.pod b/openssl/doc/apps/ciphers.pod index e9280bc50..1c26e3b3d 100644 --- a/openssl/doc/apps/ciphers.pod +++ b/openssl/doc/apps/ciphers.pod @@ -365,10 +365,8 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DH-DSS-DES-CBC-SHA SSL_DH_DSS_WITH_DES_CBC_SHA DH-DSS-DES-CBC-SHA SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA - SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA diff --git a/openssl/doc/apps/cms.pod b/openssl/doc/apps/cms.pod index 76dbf2ca3..4eaedbcd3 100644 --- a/openssl/doc/apps/cms.pod +++ b/openssl/doc/apps/cms.pod @@ -35,6 +35,7 @@ B B [B<-print>] [B<-CAfile file>] [B<-CApath dir>] +[B<-no_alt_chains>] [B<-md digest>] [B<-[cipher]>] [B<-nointern>] @@ -419,7 +420,7 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various certificate chain valiadition option. See the L|verify(1)> manual page for details. @@ -655,4 +656,6 @@ Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added to OpenSSL 1.1.0. +The -no_alt_chains options was first added to OpenSSL 1.0.2b. + =cut diff --git a/openssl/doc/apps/config.pod b/openssl/doc/apps/config.pod index d5cce54f4..e12591528 100644 --- a/openssl/doc/apps/config.pod +++ b/openssl/doc/apps/config.pod @@ -277,6 +277,59 @@ priority and B used if neither is defined: # The above value is used if TEMP isn't in the environment tmpfile=${ENV::TEMP}/tmp.filename +Simple OpenSSL library configuration example to enter FIPS mode: + + # Default appname: should match "appname" parameter (if any) + # supplied to CONF_modules_load_file et al. + openssl_conf = openssl_conf_section + + [openssl_conf_section] + # Configuration module list + alg_section = evp_sect + + [evp_sect] + # Set to "yes" to enter FIPS mode if supported + fips_mode = yes + +Note: in the above example you will get an error in non FIPS capable versions +of OpenSSL. + +More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: + + # Default appname: should match "appname" parameter (if any) + # supplied to CONF_modules_load_file et al. + openssl_conf = openssl_conf_section + + [openssl_conf_section] + # Configuration module list + alg_section = evp_sect + oid_section = new_oids + + [evp_sect] + # This will have no effect as FIPS mode is off by default. + # Set to "yes" to enter FIPS mode, if supported + fips_mode = no + + [new_oids] + # New OID, just short name + newoid1 = 1.2.3.4.1 + # New OID shortname and long name + newoid2 = New OID 2 long name, 1.2.3.4.2 + +The above examples can be used with with any application supporting library +configuration if "openssl_conf" is modified to match the appropriate "appname". + +For example if the second sample file above is saved to "example.cnf" then +the command line: + + OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1 + +will output: + + 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 + +showing that the OID "newoid1" has been added as "1.2.3.4.1". + =head1 BUGS Currently there is no way to include characters using the octal B<\nnn> diff --git a/openssl/doc/apps/dhparam.pod b/openssl/doc/apps/dhparam.pod index 6e27cf5c1..1cd4c7666 100644 --- a/openssl/doc/apps/dhparam.pod +++ b/openssl/doc/apps/dhparam.pod @@ -71,8 +71,10 @@ check if the parameters are valid primes and generator. =item B<-2>, B<-5> -The generator to use, either 2 or 5. 2 is the default. If present then the -input file is ignored and parameters are generated instead. +The generator to use, either 2 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but B is present, parameters are generated with the +default generator 2. =item B<-rand> I @@ -85,9 +87,10 @@ all others. =item I this option specifies that a parameter set should be generated of size -I. It must be the last option. If not present then a value of 512 -is used. If this option is present then the input file is ignored and -parameters are generated instead. +I. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (B<-2> or B<-5>) is +present, parameters are generated with a default length of 2048 bits. =item B<-noout> diff --git a/openssl/doc/apps/ocsp.pod b/openssl/doc/apps/ocsp.pod index 2372b373c..4639502a0 100644 --- a/openssl/doc/apps/ocsp.pod +++ b/openssl/doc/apps/ocsp.pod @@ -29,6 +29,7 @@ B B [B<-path>] [B<-CApath dir>] [B<-CAfile file>] +[B<-no_alt_chains>]] [B<-VAfile file>] [B<-validity_period n>] [B<-status_age n>] @@ -143,6 +144,10 @@ connection timeout to the OCSP responder in seconds file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. +=item B<-no_alt_chains> + +See L|verify(1)> manual page for details. + =item B<-verify_other file> file containing additional certificates to search when attempting to locate @@ -379,3 +384,9 @@ second file. openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem -reqin req.der -respout resp.der + +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.2b. + +=cut diff --git a/openssl/doc/apps/s_client.pod b/openssl/doc/apps/s_client.pod index aad59b181..84d052706 100644 --- a/openssl/doc/apps/s_client.pod +++ b/openssl/doc/apps/s_client.pod @@ -19,6 +19,7 @@ B B [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no_alt_chains>] [B<-reconnect>] [B<-pause>] [B<-showcerts>] @@ -120,7 +121,7 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various certificate chain valiadition option. See the L|verify(1)> manual page for details. @@ -361,4 +362,8 @@ information whenever a session is renegotiated. L, L, L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.2b. + =cut diff --git a/openssl/doc/apps/s_server.pod b/openssl/doc/apps/s_server.pod index b37f410fb..baca77924 100644 --- a/openssl/doc/apps/s_server.pod +++ b/openssl/doc/apps/s_server.pod @@ -33,6 +33,7 @@ B B [B<-state>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no_alt_chains>] [B<-nocert>] [B<-cipher cipherlist>] [B<-serverpref>] @@ -174,6 +175,10 @@ and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested. +=item B<-no_alt_chains> + +See the L|verify(1)> manual page for details. + =item B<-state> prints out the SSL session states. @@ -406,4 +411,8 @@ unknown cipher suites a client says it supports. L, L, L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.2b. + =cut diff --git a/openssl/doc/apps/smime.pod b/openssl/doc/apps/smime.pod index d39a59a90..d5618c8ff 100644 --- a/openssl/doc/apps/smime.pod +++ b/openssl/doc/apps/smime.pod @@ -15,6 +15,7 @@ B B [B<-pk7out>] [B<-[cipher]>] [B<-in file>] +[B<-no_alt_chains>] [B<-certfile file>] [B<-signer file>] [B<-recip file>] @@ -259,7 +260,7 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various options of certificate chain verification. See L|verify(1)> manual page for details. @@ -441,5 +442,6 @@ structures may cause parsing errors. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 +The -no_alt_chains options was first added to OpenSSL 1.0.2b. =cut diff --git a/openssl/doc/apps/verify.pod b/openssl/doc/apps/verify.pod index df0153435..df1b86dfe 100644 --- a/openssl/doc/apps/verify.pod +++ b/openssl/doc/apps/verify.pod @@ -25,6 +25,7 @@ B B [B<-extended_crl>] [B<-use_deltas>] [B<-policy_print>] +[B<-no_alt_chains>] [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] @@ -124,6 +125,14 @@ Set policy variable inhibit-any-policy (see RFC5280). Set policy variable inhibit-policy-mapping (see RFC5280). +=item B<-no_alt_chains> + +When building a certificate chain, if the first certificate chain found is not +trusted, then OpenSSL will continue to check to see if an alternative chain can +be found that is trusted. With this option that behaviour is suppressed so that +only the first chain found is ever used. Using this option will force the +behaviour to match that of previous OpenSSL versions. + =item B<-policy_print> Print out diagnostics related to policy processing. @@ -425,4 +434,8 @@ B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.2b. + =cut diff --git a/openssl/doc/crypto/BN_rand.pod b/openssl/doc/crypto/BN_rand.pod index d6b975ccf..bd6bc8632 100644 --- a/openssl/doc/crypto/BN_rand.pod +++ b/openssl/doc/crypto/BN_rand.pod @@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B is 0, it is set to 1, and if B is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B length. If B is true, the -number will be odd. +number will be odd. The value of B must be zero or greater. If B is +1 then B cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for diff --git a/openssl/doc/crypto/BN_set_bit.pod b/openssl/doc/crypto/BN_set_bit.pod index b7c47b9b0..a32cca2ce 100644 --- a/openssl/doc/crypto/BN_set_bit.pod +++ b/openssl/doc/crypto/BN_set_bit.pod @@ -37,12 +37,12 @@ BN_mask_bits() truncates B to an B bit number shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). BN_lshift1() shifts B left by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_lshift1() shifts +B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). BN_rshift1() shifts B right by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_rshift1() shifts +B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. diff --git a/openssl/doc/crypto/EVP_BytesToKey.pod b/openssl/doc/crypto/EVP_BytesToKey.pod index 5d6059528..a9b6bb0c7 100644 --- a/openssl/doc/crypto/EVP_BytesToKey.pod +++ b/openssl/doc/crypto/EVP_BytesToKey.pod @@ -36,8 +36,8 @@ If the total key and IV length is less than the digest length and B is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data. -Newer applications should use more standard algorithms such as PBKDF2 as -defined in PKCS#5v2.1 for key derivation. +Newer applications should use a more modern algorithm such as PBKDF2 as +defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC. =head1 KEY DERIVATION ALGORITHM diff --git a/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 347d48dfe..44792f91a 100644 --- a/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -197,6 +197,12 @@ verification. If this flag is set then additional status codes will be sent to the verification callback and it B be prepared to handle such cases without assuming they are hard errors. +The B flag suppresses checking for alternative +chains. By default, when building a certificate chain, if the first certificate +chain found is not trusted, then OpenSSL will continue to check to see if an +alternative chain can be found that is trusted. With this flag set the behaviour +will match that of OpenSSL versions prior to 1.0.2b. + =head1 NOTES The above functions should be used to manipulate verification parameters @@ -233,6 +239,6 @@ L =head1 HISTORY -TBA +The B flag was added in OpenSSL 1.0.2b =cut diff --git a/openssl/doc/crypto/pem.pod b/openssl/doc/crypto/pem.pod index 21e9fe3b9..763eb6f53 100644 --- a/openssl/doc/crypto/pem.pod +++ b/openssl/doc/crypto/pem.pod @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS @@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA. The B functions process DSA parameters using a DSA -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459. The B functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter diff --git a/openssl/doc/ssl/SSL_COMP_add_compression_method.pod b/openssl/doc/ssl/SSL_COMP_add_compression_method.pod index f4d191c9b..2bb440379 100644 --- a/openssl/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/openssl/doc/ssl/SSL_COMP_add_compression_method.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods +SSL_COMP_add_compression_method, SSL_COMP_free_compression_methods - handle SSL/TLS integrated compression methods =head1 SYNOPSIS @@ -10,6 +10,8 @@ SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +void SSL_COMP_free_compression_methods(void); + =head1 DESCRIPTION SSL_COMP_add_compression_method() adds the compression method B with @@ -17,6 +19,10 @@ the identifier B to the list of available compression methods. This list is globally maintained for all SSL operations within this application. It cannot be set for specific SSL_CTX or SSL objects. +SSL_COMP_free_compression_methods() frees the internal table of +compression methods that were built internally, and possibly +augmented by adding SSL_COMP_add_compression_method(). + =head1 NOTES The TLS standard (or SSLv3) allows the integration of compression methods @@ -38,8 +44,8 @@ its own compression methods and will unconditionally activate compression when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection basis. -The OpenSSL library has the compression methods B and (when -especially enabled during compilation) B available. +If enabled during compilation, the OpenSSL library will have the +COMP_zlib() compression method available. =head1 WARNINGS diff --git a/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index 7a27eef50..b754c16a8 100644 --- a/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -61,12 +61,12 @@ negotiation is being saved. If "strong" primes were used to generate the DH parameters, it is not strictly necessary to generate a new key for each handshake but it does improve forward -secrecy. If it is not assured, that "strong" primes were used (see especially -the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used -in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE -has an impact on the computer time needed during negotiation, but it is not -very large, so application authors/users should consider to always enable -this option. +secrecy. If it is not assured that "strong" primes were used, +SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup +attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the +computer time needed during negotiation, but it is not very large, so +application authors/users should consider always enabling this option. +The option is required to implement perfect forward secrecy (PFS). As generating DH parameters is extremely time consuming, an application should not generate the parameters on the fly but supply the parameters. @@ -74,82 +74,62 @@ DH parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the -openssl L application. In order to reduce the computer -time needed for this generation, it is possible to use DSA parameters -instead (see L), but in this case SSL_OP_SINGLE_DH_USE -is mandatory. +openssl L application. This application +guarantees that "strong" primes are used. -Application authors may compile in DH parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the -L application. -Authors may also generate their own set of parameters using -L, but a user may not be sure how the parameters were -generated. The generation of DH parameters during installation is therefore -recommended. +L application. Generation of custom DH +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. Files dh1024.pem +and dh512.pem contain old parameters that must not be used by +applications. An application may either directly specify the DH parameters or -can supply the DH parameters via a callback function. The callback approach -has the advantage, that the callback may supply DH parameters for different -key lengths. +can supply the DH parameters via a callback function. -The B is called with the B needed and -the B information. The B flag is set, when the -ephemeral DH key exchange is performed with an export cipher. +Previous versions of the callback used B and B +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export ciphersuites +are advised to either use SSL_CTX_set_tmp_dh() in combination with +SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore +B and B and simply supply at least 2048-bit +parameters in the callback. =head1 EXAMPLES -Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling +Setup DH parameters with a key length of 2048 bits. (Error handling partly left out.) - ... - /* Set up ephemeral DH stuff */ - DH *dh_512 = NULL; - DH *dh_1024 = NULL; - FILE *paramfile; + Command-line parameter generation: + $ openssl dhparam -out dh_param_2048.pem 2048 + + Code for setting up parameters during server initialization: ... - /* "openssl dhparam -out dh_param_512.pem -2 512" */ - paramfile = fopen("dh_param_512.pem", "r"); + SSL_CTX ctx = SSL_CTX_new(); + ... + + /* Set up ephemeral DH parameters. */ + DH *dh_2048 = NULL; + FILE *paramfile; + paramfile = fopen("dh_param_2048.pem", "r"); if (paramfile) { - dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); fclose(paramfile); + } else { + /* Error. */ } - /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ - paramfile = fopen("dh_param_1024.pem", "r"); - if (paramfile) { - dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); + if (dh_2048 == NULL) { + /* Error. */ } - ... - - /* "openssl dhparam -C -2 512" etc... */ - DH *get_dh512() { ... } - DH *get_dh1024() { ... } - - DH *tmp_dh_callback(SSL *s, int is_export, int keylength) - { - DH *dh_tmp=NULL; - - switch (keylength) { - case 512: - if (!dh_512) - dh_512 = get_dh512(); - dh_tmp = dh_512; - break; - case 1024: - if (!dh_1024) - dh_1024 = get_dh1024(); - dh_tmp = dh_1024; - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - setup_dh_parameters_like_above(); - } - return(dh_tmp); + if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { + /* Error. */ } + SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); + ... =head1 RETURN VALUES diff --git a/openssl/e_os2.h b/openssl/e_os2.h index 613607f83..7be9989ac 100644 --- a/openssl/e_os2.h +++ b/openssl/e_os2.h @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS diff --git a/openssl/engines/Makefile b/openssl/engines/Makefile index da6c8750b..2058ff405 100644 --- a/openssl/engines/Makefile +++ b/openssl/engines/Makefile @@ -146,12 +146,15 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @target=lint; $(RECURSIVE_MAKE) -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - fi - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/openssl/engines/ccgost/Makefile b/openssl/engines/ccgost/Makefile index 2f3658083..17e1efbdf 100644 --- a/openssl/engines/ccgost/Makefile +++ b/openssl/engines/ccgost/Makefile @@ -66,12 +66,13 @@ links: tests: -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -261,8 +262,9 @@ gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +gost_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +gost_sign.o: ../../include/openssl/objects.h gost_sign.o: ../../include/openssl/opensslconf.h gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h diff --git a/openssl/engines/ccgost/e_gost_err.c b/openssl/engines/ccgost/e_gost_err.c index 3201b648f..80ef58f8c 100644 --- a/openssl/engines/ccgost/e_gost_err.c +++ b/openssl/engines/ccgost/e_gost_err.c @@ -1,6 +1,6 @@ /* e_gost_err.c */ /* ==================================================================== - * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -90,6 +90,7 @@ static ERR_STRING_DATA GOST_str_functs[] = { {ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"}, {ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"}, {ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"}, + {ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"}, {ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"}, {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"}, {ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"}, diff --git a/openssl/engines/ccgost/e_gost_err.h b/openssl/engines/ccgost/e_gost_err.h index 92be55845..a2018ec4d 100644 --- a/openssl/engines/ccgost/e_gost_err.h +++ b/openssl/engines/ccgost/e_gost_err.h @@ -90,6 +90,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line); # define GOST_F_GOST_IMIT_CTRL 114 # define GOST_F_GOST_IMIT_FINAL 140 # define GOST_F_GOST_IMIT_UPDATE 115 +# define GOST_F_GOST_SIGN_KEYGEN 142 # define GOST_F_PARAM_COPY_GOST01 116 # define GOST_F_PARAM_COPY_GOST94 117 # define GOST_F_PKEY_GOST01CP_DECRYPT 118 diff --git a/openssl/engines/ccgost/gost2001.c b/openssl/engines/ccgost/gost2001.c index 2b9669482..953629543 100644 --- a/openssl/engines/ccgost/gost2001.c +++ b/openssl/engines/ccgost/gost2001.c @@ -41,6 +41,11 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) BN_CTX *ctx = BN_CTX_new(); int ok = 0; + if(!ctx) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE); + goto err; + } + BN_CTX_start(ctx); p = BN_CTX_get(ctx); a = BN_CTX_get(ctx); @@ -48,6 +53,10 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); q = BN_CTX_get(ctx); + if(!p || !a || !b || !x || !y || !q) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE); + goto err; + } while (params->nid != NID_undef && params->nid != nid) params++; if (params->nid == NID_undef) { @@ -55,18 +64,33 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) GOST_R_UNSUPPORTED_PARAMETER_SET); goto err; } - BN_hex2bn(&p, params->p); - BN_hex2bn(&a, params->a); - BN_hex2bn(&b, params->b); + if(!BN_hex2bn(&p, params->p) + || !BN_hex2bn(&a, params->a) + || !BN_hex2bn(&b, params->b)) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, + ERR_R_INTERNAL_ERROR); + goto err; + } grp = EC_GROUP_new_curve_GFp(p, a, b, ctx); + if(!grp) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE); + goto err; + } P = EC_POINT_new(grp); + if(!P) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE); + goto err; + } - BN_hex2bn(&x, params->x); - BN_hex2bn(&y, params->y); - EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx); - BN_hex2bn(&q, params->q); + if(!BN_hex2bn(&x, params->x) + || !BN_hex2bn(&y, params->y) + || !EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx) + || !BN_hex2bn(&q, params->q)) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_KEYS fprintf(stderr, "Set params index %d oid %s\nq=", (params - R3410_2001_paramset), OBJ_nid2sn(params->nid)); @@ -74,16 +98,23 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) fprintf(stderr, "\n"); #endif - EC_GROUP_set_generator(grp, P, q, NULL); + if(!EC_GROUP_set_generator(grp, P, q, NULL)) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR); + goto err; + } EC_GROUP_set_curve_name(grp, params->nid); - - EC_KEY_set_group(eckey, grp); + if(!EC_KEY_set_group(eckey, grp)) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR); + goto err; + } ok = 1; err: - EC_POINT_free(P); - EC_GROUP_free(grp); - BN_CTX_end(ctx); - BN_CTX_free(ctx); + if (P) EC_POINT_free(P); + if (grp) EC_GROUP_free(grp); + if (ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } return ok; } @@ -94,7 +125,7 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) */ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { - DSA_SIG *newsig = NULL; + DSA_SIG *newsig = NULL, *ret = NULL; BIGNUM *md = hashsum2bn(dgst); BIGNUM *order = NULL; const EC_GROUP *group; @@ -103,6 +134,10 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) NULL, *e = NULL; EC_POINT *C = NULL; BN_CTX *ctx = BN_CTX_new(); + if(!ctx || !md) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } BN_CTX_start(ctx); OPENSSL_assert(dlen == 32); newsig = DSA_SIG_new(); @@ -111,11 +146,25 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) goto err; } group = EC_KEY_get0_group(eckey); + if(!group) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } order = BN_CTX_get(ctx); - EC_GROUP_get_order(group, order, ctx); + if(!order || !EC_GROUP_get_order(group, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } priv_key = EC_KEY_get0_private_key(eckey); + if(!priv_key) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } e = BN_CTX_get(ctx); - BN_mod(e, md, order, ctx); + if(!e || !BN_mod(e, md, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_SIGN fprintf(stderr, "digest as bignum="); BN_print_fp(stderr, md); @@ -128,55 +177,80 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) } k = BN_CTX_get(ctx); C = EC_POINT_new(group); + if(!k || !C) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } do { do { if (!BN_rand_range(k, order)) { GOSTerr(GOST_F_GOST2001_DO_SIGN, GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); - DSA_SIG_free(newsig); - newsig = NULL; goto err; } if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) { GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB); - DSA_SIG_free(newsig); - newsig = NULL; goto err; } if (!X) X = BN_CTX_get(ctx); + if (!r) + r = BN_CTX_get(ctx); + if (!X || !r) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) { GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB); - DSA_SIG_free(newsig); - newsig = NULL; goto err; } - if (!r) - r = BN_CTX_get(ctx); - BN_nnmod(r, X, order, ctx); + + if(!BN_nnmod(r, X, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } } while (BN_is_zero(r)); /* s = (r*priv_key+k*e) mod order */ if (!tmp) tmp = BN_CTX_get(ctx); - BN_mod_mul(tmp, priv_key, r, order, ctx); if (!tmp2) tmp2 = BN_CTX_get(ctx); - BN_mod_mul(tmp2, k, e, order, ctx); if (!s) s = BN_CTX_get(ctx); - BN_mod_add(s, tmp, tmp2, order, ctx); + if (!tmp || !tmp2 || !s) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + if(!BN_mod_mul(tmp, priv_key, r, order, ctx) + || !BN_mod_mul(tmp2, k, e, order, ctx) + || !BN_mod_add(s, tmp, tmp2, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } } while (BN_is_zero(s)); newsig->s = BN_dup(s); newsig->r = BN_dup(r); + if(!newsig->s || !newsig->r) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + ret = newsig; err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - EC_POINT_free(C); - BN_free(md); - return newsig; + if(ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if (C) EC_POINT_free(C); + if (md) BN_free(md); + if (!ret && newsig) { + DSA_SIG_free(newsig); + } + return ret; } /* @@ -196,6 +270,11 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, const EC_POINT *pub_key = NULL; int ok = 0; + if(!ctx || !group) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } + BN_CTX_start(ctx); order = BN_CTX_get(ctx); e = BN_CTX_get(ctx); @@ -205,9 +284,17 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, X = BN_CTX_get(ctx); R = BN_CTX_get(ctx); v = BN_CTX_get(ctx); + if(!order || !e || !z1 || !z2 || !tmp || !X || !R || !v) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } - EC_GROUP_get_order(group, order, ctx); pub_key = EC_KEY_get0_public_key(ec); + if(!pub_key || !EC_GROUP_get_order(group, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } + if (BN_is_zero(sig->s) || BN_is_zero(sig->r) || (BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) { GOSTerr(GOST_F_GOST2001_DO_VERIFY, @@ -217,19 +304,28 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, } md = hashsum2bn(dgst); - BN_mod(e, md, order, ctx); + if(!md || !BN_mod(e, md, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_SIGN fprintf(stderr, "digest as bignum: "); BN_print_fp(stderr, md); fprintf(stderr, "\ndigest mod q: "); BN_print_fp(stderr, e); #endif - if (BN_is_zero(e)) - BN_one(e); + if (BN_is_zero(e) && !BN_one(e)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } v = BN_mod_inverse(v, e, order, ctx); - BN_mod_mul(z1, sig->s, v, order, ctx); - BN_sub(tmp, order, sig->r); - BN_mod_mul(z2, tmp, v, order, ctx); + if(!v + || !BN_mod_mul(z1, sig->s, v, order, ctx) + || !BN_sub(tmp, order, sig->r) + || !BN_mod_mul(z2, tmp, v, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_SIGN fprintf(stderr, "\nInverted digest value: "); BN_print_fp(stderr, v); @@ -239,6 +335,10 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, BN_print_fp(stderr, z2); #endif C = EC_POINT_new(group); + if (!C) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) { GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB); goto err; @@ -247,7 +347,10 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB); goto err; } - BN_mod(R, X, order, ctx); + if(!BN_mod(R, X, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_SIGN fprintf(stderr, "\nX="); BN_print_fp(stderr, X); @@ -261,10 +364,12 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, ok = 1; } err: - EC_POINT_free(C); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_free(md); + if (C) EC_POINT_free(C); + if (ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if (md) BN_free(md); return ok; } @@ -287,6 +392,10 @@ int gost2001_compute_public(EC_KEY *ec) return 0; } ctx = BN_CTX_new(); + if(!ctx) { + GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); + goto err; + } BN_CTX_start(ctx); if (!(priv_key = EC_KEY_get0_private_key(ec))) { GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB); @@ -294,6 +403,10 @@ int gost2001_compute_public(EC_KEY *ec) } pub_key = EC_POINT_new(group); + if(!pub_key) { + GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); + goto err; + } if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB); goto err; @@ -304,9 +417,11 @@ int gost2001_compute_public(EC_KEY *ec) } ok = 256; err: - BN_CTX_end(ctx); - EC_POINT_free(pub_key); - BN_CTX_free(ctx); + if (pub_key) EC_POINT_free(pub_key); + if (ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } return ok; } @@ -320,7 +435,13 @@ int gost2001_keygen(EC_KEY *ec) { BIGNUM *order = BN_new(), *d = BN_new(); const EC_GROUP *group = EC_KEY_get0_group(ec); - EC_GROUP_get_order(group, order, NULL); + + if(!group || !EC_GROUP_get_order(group, order, NULL)) { + GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR); + BN_free(d); + BN_free(order); + return 0; + } do { if (!BN_rand_range(d, order)) { @@ -332,7 +453,13 @@ int gost2001_keygen(EC_KEY *ec) } } while (BN_is_zero(d)); - EC_KEY_set_private_key(ec, d); + + if(!EC_KEY_set_private_key(ec, d)) { + GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR); + BN_free(d); + BN_free(order); + return 0; + } BN_free(d); BN_free(order); return gost2001_compute_public(ec); diff --git a/openssl/engines/ccgost/gost94_keyx.c b/openssl/engines/ccgost/gost94_keyx.c index 85f4bc899..ce57f17cb 100644 --- a/openssl/engines/ccgost/gost94_keyx.c +++ b/openssl/engines/ccgost/gost94_keyx.c @@ -104,6 +104,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); gost_ctx cctx; int key_is_ephemeral = 1; + int tmp_outlen; EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx); /* Do not use vizir cipher parameters with cryptopro */ @@ -174,12 +175,13 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); - *outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); - if (*outlen <= 0) { + tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); + if (tmp_outlen <= 0) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); goto err; } + *outlen = tmp_outlen; if (!key_is_ephemeral) { /* Set control "public key from client certificate used" */ if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= diff --git a/openssl/engines/ccgost/gost_ameth.c b/openssl/engines/ccgost/gost_ameth.c index 713a0face..b7c5354c1 100644 --- a/openssl/engines/ccgost/gost_ameth.c +++ b/openssl/engines/ccgost/gost_ameth.c @@ -115,7 +115,10 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg) } param_nid = OBJ_obj2nid(gkp->key_params); GOST_KEY_PARAMS_free(gkp); - EVP_PKEY_set_type(pkey, pkey_nid); + if(!EVP_PKEY_set_type(pkey, pkey_nid)) { + GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, ERR_R_INTERNAL_ERROR); + return 0; + } switch (pkey_nid) { case NID_id_GostR3410_94: { @@ -552,9 +555,19 @@ static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from) } if (!eto) { eto = EC_KEY_new(); - EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto); + if(!eto) { + GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_MALLOC_FAILURE); + return 0; + } + if(!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) { + GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR); + return 0; + } + } + if(!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) { + GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR); + return 0; } - EC_KEY_set_group(eto, EC_KEY_get0_group(efrom)); if (EC_KEY_get0_private_key(eto)) { gost2001_compute_public(eto); } @@ -729,8 +742,21 @@ static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk) } X = BN_new(); Y = BN_new(); - EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec), - pub_key, X, Y, NULL); + if(!X || !Y) { + GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE); + if(X) BN_free(X); + if(Y) BN_free(Y); + BN_free(order); + return 0; + } + if(!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec), + pub_key, X, Y, NULL)) { + GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR); + BN_free(X); + BN_free(Y); + BN_free(order); + return 0; + } data_len = 2 * BN_num_bytes(order); BN_free(order); databuf = OPENSSL_malloc(data_len); diff --git a/openssl/engines/ccgost/gost_pmeth.c b/openssl/engines/ccgost/gost_pmeth.c index a2c7cf27d..4a79a85cf 100644 --- a/openssl/engines/ccgost/gost_pmeth.c +++ b/openssl/engines/ccgost/gost_pmeth.c @@ -510,7 +510,7 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, long keylen; int ret; unsigned char *keybuf = string_to_hex(value, &keylen); - if (keylen != 32) { + if (!keybuf || keylen != 32) { GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_KEY_LENGTH); OPENSSL_free(keybuf); diff --git a/openssl/engines/ccgost/gost_sign.c b/openssl/engines/ccgost/gost_sign.c index 0116e4740..07ad921ab 100644 --- a/openssl/engines/ccgost/gost_sign.c +++ b/openssl/engines/ccgost/gost_sign.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "gost_params.h" #include "gost_lcl.h" @@ -52,11 +53,16 @@ void dump_dsa_sig(const char *message, DSA_SIG *sig) DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL; - DSA_SIG *newsig = DSA_SIG_new(); + DSA_SIG *newsig = NULL, *ret = NULL; BIGNUM *md = hashsum2bn(dgst); /* check if H(M) mod q is zero */ BN_CTX *ctx = BN_CTX_new(); + if(!ctx) { + GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } BN_CTX_start(ctx); + newsig = DSA_SIG_new(); if (!newsig) { GOSTerr(GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY); goto err; @@ -64,6 +70,10 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) tmp = BN_CTX_get(ctx); k = BN_CTX_get(ctx); tmp2 = BN_CTX_get(ctx); + if(!tmp || !k || !tmp2) { + GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } BN_mod(tmp, md, dsa->q, ctx); if (BN_is_zero(tmp)) { BN_one(md); @@ -76,24 +86,41 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) BN_rand_range(k, dsa->q); /* generate r = (a^x mod p) mod q */ BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx); - if (!(newsig->r)) + if (!(newsig->r)) { newsig->r = BN_new(); + if(!newsig->r) { + GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + } BN_mod(newsig->r, tmp, dsa->q, ctx); } while (BN_is_zero(newsig->r)); /* generate s = (xr + k(Hm)) mod q */ BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx); BN_mod_mul(tmp2, k, md, dsa->q, ctx); - if (!newsig->s) + if (!newsig->s) { newsig->s = BN_new(); + if(!newsig->s) { + GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + } BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx); } while (BN_is_zero(newsig->s)); + + ret = newsig; err: BN_free(md); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return newsig; + if(ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if(!ret && newsig) { + DSA_SIG_free(newsig); + } + return ret; } /* @@ -135,17 +162,21 @@ int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen) int gost_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { - BIGNUM *md, *tmp = NULL; + BIGNUM *md = NULL, *tmp = NULL; BIGNUM *q2 = NULL; BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL; BIGNUM *tmp2 = NULL, *tmp3 = NULL; - int ok; + int ok = 0; BN_CTX *ctx = BN_CTX_new(); + if(!ctx) { + GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } BN_CTX_start(ctx); if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) { GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q); - return 0; + goto err; } md = hashsum2bn(dgst); @@ -157,6 +188,10 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len, tmp2 = BN_CTX_get(ctx); tmp3 = BN_CTX_get(ctx); u = BN_CTX_get(ctx); + if(!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) { + GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } BN_mod(tmp, md, dsa->q, ctx); if (BN_is_zero(tmp)) { @@ -172,15 +207,18 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len, BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx); BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx); BN_mod(u, tmp3, dsa->q, ctx); - ok = BN_cmp(u, sig->r); + ok = (BN_cmp(u, sig->r) == 0); - BN_free(md); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - if (ok != 0) { + if (!ok) { GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH); } - return (ok == 0); +err: + if(md) BN_free(md); + if(ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return ok; } /* @@ -190,13 +228,24 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len, int gost94_compute_public(DSA *dsa) { /* Now fill algorithm parameters with correct values */ - BN_CTX *ctx = BN_CTX_new(); + BN_CTX *ctx; if (!dsa->g) { GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED); return 0; } - /* Compute public key y = a^x mod p */ + ctx = BN_CTX_new(); + if(!ctx) { + GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); + return 0; + } + dsa->pub_key = BN_new(); + if(!dsa->pub_key) { + GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); + BN_CTX_free(ctx); + return 0; + } + /* Compute public key y = a^x mod p */ BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx); BN_CTX_free(ctx); return 1; @@ -243,6 +292,10 @@ int fill_GOST94_params(DSA *dsa, int nid) int gost_sign_keygen(DSA *dsa) { dsa->priv_key = BN_new(); + if(!dsa->priv_key) { + GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE); + return 0; + } BN_rand_range(dsa->priv_key, dsa->q); return gost94_compute_public(dsa); } diff --git a/openssl/engines/e_sureware.c b/openssl/engines/e_sureware.c index 1005dfc90..8a23763f7 100644 --- a/openssl/engines/e_sureware.c +++ b/openssl/engines/e_sureware.c @@ -712,10 +712,12 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id, /* set public big nums */ rsatmp->e = BN_new(); rsatmp->n = BN_new(); + if(!rsatmp->e || !rsatmp->n) + goto err; bn_expand2(rsatmp->e, el / sizeof(BN_ULONG)); bn_expand2(rsatmp->n, el / sizeof(BN_ULONG)); - if (!rsatmp->e || rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) || - !rsatmp->n || rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG))) + if (rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) || + rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG))) goto err; ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el, (unsigned long *)rsatmp->n->d, @@ -752,15 +754,16 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id, dsatmp->p = BN_new(); dsatmp->q = BN_new(); dsatmp->g = BN_new(); + if(!dsatmp->pub_key || !dsatmp->p || !dsatmp->q || !dsatmp->g) + goto err; bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG)); bn_expand2(dsatmp->p, el / sizeof(BN_ULONG)); bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG)); bn_expand2(dsatmp->g, el / sizeof(BN_ULONG)); - if (!dsatmp->pub_key - || dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG)) - || !dsatmp->p || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG)) - || !dsatmp->q || dsatmp->q->dmax != 20 / sizeof(BN_ULONG) - || !dsatmp->g || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG))) + if (dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG)) + || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG)) + || dsatmp->q->dmax != 20 / sizeof(BN_ULONG) + || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG))) goto err; ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el, @@ -1038,10 +1041,12 @@ static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen, } psign->r = BN_new(); psign->s = BN_new(); + if(!psign->r || !psign->s) + goto err; bn_expand2(psign->r, 20 / sizeof(BN_ULONG)); bn_expand2(psign->s, 20 / sizeof(BN_ULONG)); - if (!psign->r || psign->r->dmax != 20 / sizeof(BN_ULONG) || - !psign->s || psign->s->dmax != 20 / sizeof(BN_ULONG)) + if (psign->r->dmax != 20 / sizeof(BN_ULONG) || + psign->s->dmax != 20 / sizeof(BN_ULONG)) goto err; ret = p_surewarehk_Dsa_Sign(msg, flen, from, (unsigned long *)psign->r->d, @@ -1070,9 +1075,9 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, char msg[64] = "ENGINE_modexp"; if (!p_surewarehk_Mod_Exp) { SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED); - } else { + } else if (r) { bn_expand2(r, m->top); - if (r && r->dmax == m->top) { + if (r->dmax == m->top) { /* do it */ ret = p_surewarehk_Mod_Exp(msg, m->top * sizeof(BN_ULONG), diff --git a/openssl/openssl.spec b/openssl/openssl.spec index 909f2bfab..e6c758433 100644 --- a/openssl/openssl.spec +++ b/openssl/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2a +Version: 1.0.2c Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/openssl/ssl/Makefile b/openssl/ssl/Makefile index a7bd4ee14..42f1af5c8 100644 --- a/openssl/ssl/Makefile +++ b/openssl/ssl/Makefile @@ -89,12 +89,13 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -486,26 +487,27 @@ s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c s2_pkt.o: ssl_locl.h -s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s2_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h +s2_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h +s2_srvr.o: ../include/openssl/bio.h ../include/openssl/buffer.h +s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h +s2_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c +s2_srvr.o: ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c index 21048003b..b4ee7abe2 100644 --- a/openssl/ssl/d1_both.c +++ b/openssl/ssl/d1_both.c @@ -489,6 +489,12 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) return i; } + if (mt >= 0 && s->s3->tmp.message_type != mt) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + p = (unsigned char *)s->init_buf->data; msg_len = msg_hdr->msg_len; @@ -873,6 +879,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /* parse the message fragment header */ dtls1_get_message_header(wire, &msg_hdr); + len = msg_hdr.msg_len; + frag_off = msg_hdr.frag_off; + frag_len = msg_hdr.frag_len; + + /* + * We must have at least frag_len bytes left in the record to be read. + * Fragments must not span records. + */ + if (frag_len > s->s3->rrec.length) { + al = SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH); + goto f_err; + } + /* * if this is a future (or stale) message it gets buffered * (or dropped)--no further processing at this time @@ -883,10 +903,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) && !(s->d1->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - len = msg_hdr.msg_len; - frag_off = msg_hdr.frag_off; - frag_len = msg_hdr.frag_len; - if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); @@ -917,17 +933,16 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) goto f_err; - /* XDTLS: ressurect this when restart is in place */ - s->state = stn; - if (frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len, 0); + /* - * XDTLS: fix this--message fragments cannot span multiple packets + * This shouldn't ever fail due to NBIO because we already checked + * that we have enough data in the record */ if (i <= 0) { s->rwstate = SSL_READING; @@ -948,6 +963,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) } *ok = 1; + s->state = stn; /* * Note that s->init_num is *not* used as current offset in @@ -1420,7 +1436,10 @@ int dtls1_process_heartbeat(SSL *s) memcpy(bp, pl, payload); bp += payload; /* Random padding */ - RAND_pseudo_bytes(bp, padding); + if (RAND_pseudo_bytes(bp, padding) < 0) { + OPENSSL_free(buffer); + return -1; + } r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); @@ -1454,7 +1473,7 @@ int dtls1_process_heartbeat(SSL *s) int dtls1_heartbeat(SSL *s) { unsigned char *buf, *p; - int ret; + int ret = -1; unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int padding = 16; /* Use minimum padding */ @@ -1502,10 +1521,12 @@ int dtls1_heartbeat(SSL *s) /* Sequence number */ s2n(s->tlsext_hb_seq, p); /* 16 random bytes */ - RAND_pseudo_bytes(p, 16); + if (RAND_pseudo_bytes(p, 16) < 0) + goto err; p += 16; /* Random padding */ - RAND_pseudo_bytes(p, padding); + if (RAND_pseudo_bytes(p, padding) < 0) + goto err; ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); if (ret >= 0) { @@ -1518,6 +1539,7 @@ int dtls1_heartbeat(SSL *s) s->tlsext_hb_pending = 1; } +err: OPENSSL_free(buf); return ret; diff --git a/openssl/ssl/d1_clnt.c b/openssl/ssl/d1_clnt.c index 1858263e1..4c2ccbf5a 100644 --- a/openssl/ssl/d1_clnt.c +++ b/openssl/ssl/d1_clnt.c @@ -228,6 +228,7 @@ int dtls1_connect(SSL *s) (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -237,10 +238,12 @@ int dtls1_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -249,12 +252,14 @@ int dtls1_connect(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -433,6 +438,7 @@ int dtls1_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -564,6 +570,7 @@ int dtls1_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -571,6 +578,7 @@ int dtls1_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } #ifndef OPENSSL_NO_SCTP @@ -751,6 +759,7 @@ int dtls1_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -842,5 +851,6 @@ static int dtls1_get_hello_verify(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return -1; } diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c index 940ca6927..fe30ec7d0 100644 --- a/openssl/ssl/d1_pkt.c +++ b/openssl/ssl/d1_pkt.c @@ -1069,7 +1069,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) (s->d1->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); - goto err; + goto f_err; } /* diff --git a/openssl/ssl/d1_srvr.c b/openssl/ssl/d1_srvr.c index eafa0127b..655333a25 100644 --- a/openssl/ssl/d1_srvr.c +++ b/openssl/ssl/d1_srvr.c @@ -240,11 +240,13 @@ int dtls1_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -252,6 +254,7 @@ int dtls1_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -273,6 +276,7 @@ int dtls1_accept(SSL *s) #endif if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -486,7 +490,7 @@ int dtls1_accept(SSL *s) #ifndef OPENSSL_NO_PSK || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) #endif - || (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) + || (alg_k & SSL_kDHE) || (alg_k & SSL_kEECDH) || ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL @@ -661,11 +665,14 @@ int dtls1_accept(SSL *s) */ if (!s->s3->handshake_buffer) { SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } } else { s->state = SSL3_ST_SR_CERT_VRFY_A; s->init_num = 0; @@ -688,15 +695,6 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->d1->change_cipher_spec_ok = 1; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -713,11 +711,10 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in d1_pkt.c, and remains set until * the client's Finished message is read. @@ -767,6 +764,7 @@ int dtls1_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -795,6 +793,7 @@ int dtls1_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -875,6 +874,7 @@ int dtls1_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -933,6 +933,7 @@ int dtls1_send_hello_verify_request(SSL *s) &(s->d1->cookie_len)) == 0) { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } diff --git a/openssl/ssl/s2_pkt.c b/openssl/ssl/s2_pkt.c index 614b9a35d..7a6188813 100644 --- a/openssl/ssl/s2_pkt.c +++ b/openssl/ssl/s2_pkt.c @@ -576,6 +576,20 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) s->s2->padding = p; s->s2->mac_data = &(s->s2->wbuf[3]); s->s2->wact_data = &(s->s2->wbuf[3 + mac_size]); + + /* + * It would be clearer to write this as follows: + * if (mac_size + len + p > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) + * However |len| is user input that could in theory be very large. We + * know |mac_size| and |p| are small, so to avoid any possibility of + * overflow we write it like this. + * + * In theory this should never fail because the logic above should have + * modified |len| if it is too big. But we are being cautious. + */ + if (len > (SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER - (mac_size + p))) { + return -1; + } /* we copy the data into s->s2->wbuf */ memcpy(s->s2->wact_data, buf, len); if (p) diff --git a/openssl/ssl/s2_srvr.c b/openssl/ssl/s2_srvr.c index 19bb48c9c..4289272b7 100644 --- a/openssl/ssl/s2_srvr.c +++ b/openssl/ssl/s2_srvr.c @@ -111,6 +111,7 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2 +#include "../crypto/constant_time_locl.h" # include # include # include @@ -372,12 +373,15 @@ int ssl2_accept(SSL *s) static int get_client_master_key(SSL *s) { int is_export, i, n, keya; - unsigned int ek; + unsigned int num_encrypted_key_bytes, key_length; unsigned long len; unsigned char *p; const SSL_CIPHER *cp; const EVP_CIPHER *c; const EVP_MD *md; + unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; + unsigned char decrypt_good; + size_t j; p = (unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) { @@ -465,12 +469,6 @@ static int get_client_master_key(SSL *s) return (0); } - if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) { - is_export = 1; - ek = 8; - } else - ek = 5; - /* * The format of the CLIENT-MASTER-KEY message is * 1 byte message type @@ -484,12 +482,27 @@ static int get_client_master_key(SSL *s) * * If the cipher is an export cipher, then the encrypted key bytes * are a fixed portion of the total key (5 or 8 bytes). The size of - * this portion is in |ek|. If the cipher is not an export cipher, - * then the entire key material is encrypted (i.e., clear key length - * must be zero). + * this portion is in |num_encrypted_key_bytes|. If the cipher is not an + * export cipher, then the entire key material is encrypted (i.e., clear + * key length must be zero). */ - if ((!is_export && s->s2->tmp.clear != 0) || - (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) { + key_length = (unsigned int)EVP_CIPHER_key_length(c); + if (key_length > SSL_MAX_MASTER_KEY_LENGTH) { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); + return -1; + } + + if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) { + is_export = 1; + num_encrypted_key_bytes = 8; + } else if (is_export) { + num_encrypted_key_bytes = 5; + } else { + num_encrypted_key_bytes = key_length; + } + + if (s->s2->tmp.clear + num_encrypted_key_bytes != key_length) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); return -1; @@ -499,64 +512,49 @@ static int get_client_master_key(SSL *s) * Decryption can't be expanding, so if we don't have enough encrypted * bytes to fit the key in the buffer, stop now. */ - if ((is_export && s->s2->tmp.enc < ek) || - (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) { + if (s->s2->tmp.enc < num_encrypted_key_bytes) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); return -1; } + /* + * We must not leak whether a decryption failure occurs because of + * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246, + * section 7.4.7.1). The code follows that advice of the TLS RFC and + * generates a random premaster secret for the case that the decrypt + * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1 + */ + + /* + * should be RAND_bytes, but we cannot work around a failure. + */ + if (RAND_pseudo_bytes(rand_premaster_secret, + (int)num_encrypted_key_bytes) <= 0) + return 0; + i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, &(p[s->s2->tmp.clear]), &(p[s->s2->tmp.clear]), (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : RSA_PKCS1_PADDING); - - /* bad decrypt */ -# if 1 + ERR_clear_error(); /* * If a bad decrypt, continue with protocol but with a random master * secret (Bleichenbacher attack) */ - if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) - || (is_export && i != (int)ek))) { - ERR_clear_error(); - if (is_export) - i = ek; - else - i = EVP_CIPHER_key_length(c); - if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) - return 0; - } -# else - if (i < 0) { - error = 1; - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_BAD_RSA_DECRYPT); - } - /* incorrect number of key bytes for non export cipher */ - else if ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) || (s->s2->tmp.clear + i != - EVP_CIPHER_key_length(c))))) { - error = 1; - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_WRONG_NUMBER_OF_KEY_BITS); - } - if (error) { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - return (-1); + decrypt_good = constant_time_eq_int_8(i, (int)num_encrypted_key_bytes); + for (j = 0; j < num_encrypted_key_bytes; j++) { + p[s->s2->tmp.clear + j] = + constant_time_select_8(decrypt_good, p[s->s2->tmp.clear + j], + rand_premaster_secret[j]); } -# endif - if (is_export) - i = EVP_CIPHER_key_length(c); + s->session->master_key_length = (int)key_length; + memcpy(s->session->master_key, p, key_length); + OPENSSL_cleanse(p, key_length); - if (i > SSL_MAX_MASTER_KEY_LENGTH) { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); - return -1; - } - s->session->master_key_length = i; - memcpy(s->session->master_key, p, (unsigned int)i); - return (1); + return 1; } static int get_client_hello(SSL *s) diff --git a/openssl/ssl/s3_both.c b/openssl/ssl/s3_both.c index c92fd721e..019e21cd0 100644 --- a/openssl/ssl/s3_both.c +++ b/openssl/ssl/s3_both.c @@ -168,7 +168,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, s->s3->tmp.finish_md); - if (i == 0) + if (i <= 0) return 0; s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); diff --git a/openssl/ssl/s3_cbc.c b/openssl/ssl/s3_cbc.c index f31dc046f..a0edcef90 100644 --- a/openssl/ssl/s3_cbc.c +++ b/openssl/ssl/s3_cbc.c @@ -149,7 +149,7 @@ int tls1_cbc_remove_padding(const SSL *s, */ if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && + if ((CRYPTO_memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && !(padding_length & 1)) { s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG; } @@ -639,12 +639,22 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, if (k > 0) { if (is_sslv3) { + unsigned overhang; + /* * The SSLv3 header is larger than a single block. overhang is * the number of bytes beyond a single block that the header - * consumes: either 7 bytes (SHA1) or 11 bytes (MD5). + * consumes: either 7 bytes (SHA1) or 11 bytes (MD5). There are no + * ciphersuites in SSLv3 that are not SHA1 or MD5 based and + * therefore we can be confident that the header_length will be + * greater than |md_block_size|. However we add a sanity check just + * in case */ - unsigned overhang = header_length - md_block_size; + if (header_length <= md_block_size) { + /* Should never happen */ + return; + } + overhang = header_length - md_block_size; md_transform(md_state.c, header); memcpy(first_block, header + md_block_size, overhang); memcpy(first_block + overhang, data, md_block_size - overhang); diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index 91053d59e..2346ce50c 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -168,6 +168,9 @@ #endif static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b); +#ifndef OPENSSL_NO_TLSEXT +static int ssl3_check_finished(SSL *s); +#endif #ifndef OPENSSL_NO_SSL3_METHOD static const SSL_METHOD *ssl3_get_client_method(int ver) @@ -235,6 +238,7 @@ int ssl3_connect(SSL *s) if ((s->version & 0xff00) != 0x0300) { SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -245,10 +249,12 @@ int ssl3_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -263,6 +269,7 @@ int ssl3_connect(SSL *s) /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -317,12 +324,24 @@ int ssl3_connect(SSL *s) break; case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: +#ifndef OPENSSL_NO_TLSEXT + /* Noop (ret = 0) for everything but EAP-FAST. */ + ret = ssl3_check_finished(s); + if (ret < 0) + goto end; + if (ret == 1) { + s->hit = 1; + s->state = SSL3_ST_CR_FINISHED_A; + s->init_num = 0; + break; + } +#endif /* Check if it is anon DH/ECDH, SRP auth */ /* or PSK */ if (! (s->s3->tmp. new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) -&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; @@ -358,6 +377,7 @@ int ssl3_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -381,6 +401,7 @@ int ssl3_connect(SSL *s) if ((ret = SRP_Calc_A_param(s)) <= 0) { SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; goto end; } } @@ -472,6 +493,7 @@ int ssl3_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -479,6 +501,7 @@ int ssl3_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -553,7 +576,8 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: - s->s3->flags |= SSL3_FLAGS_CCS_OK; + if (!s->s3->change_cipher_spec) + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) @@ -612,6 +636,7 @@ int ssl3_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -659,9 +684,17 @@ int ssl3_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; - if ((sess == NULL) || - (sess->ssl_version != s->version) || - !sess->session_id_length || (sess->not_resumable)) { + if ((sess == NULL) || (sess->ssl_version != s->version) || +#ifdef OPENSSL_NO_TLSEXT + !sess->session_id_length || +#else + /* + * In the case of EAP-FAST, we can have a pre-shared + * "ticket" without a session ID. + */ + (!sess->session_id_length && !sess->tlsext_tick) || +#endif + (sess->not_resumable)) { if (!ssl_get_new_session(s, 0)) goto err; } @@ -853,6 +886,7 @@ int ssl3_client_hello(SSL *s) /* SSL3_ST_CW_CLNT_HELLO_B */ return ssl_do_write(s); err: + s->state = SSL_ST_ERR; return (-1); } @@ -924,7 +958,7 @@ int ssl3_get_server_hello(SSL *s) al = SSL_AD_PROTOCOL_VERSION; goto f_err; } - s->version = s->method->version; + s->session->ssl_version = s->version = s->method->version; } if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { @@ -952,10 +986,19 @@ int ssl3_get_server_hello(SSL *s) } #ifndef OPENSSL_NO_TLSEXT /* - * check if we want to resume the session based on external pre-shared - * secret + * Check if we can resume the session based on external pre-shared secret. + * EAP-FAST (RFC 4851) supports two types of session resumption. + * Resumption based on server-side state works with session IDs. + * Resumption based on pre-shared Protected Access Credentials (PACs) + * works by overriding the SessionTicket extension at the application + * layer, and does not send a session ID. (We do not know whether EAP-FAST + * servers would honour the session ID.) Therefore, the session ID alone + * is not a reliable indicator of session resumption, so we first check if + * we can resume, and later peek at the next handshake message to see if the + * server wants to resume. */ - if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) { + if (s->version >= TLS1_VERSION && s->tls_session_secret_cb && + s->session->tlsext_tick) { SSL_CIPHER *pref_cipher = NULL; s->session->master_key_length = sizeof(s->session->master_key); if (s->tls_session_secret_cb(s, s->session->master_key, @@ -964,12 +1007,15 @@ int ssl3_get_server_hello(SSL *s) s->tls_session_secret_cb_arg)) { s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, p + j); - s->hit = 1; + } else { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; } } #endif /* OPENSSL_NO_TLSEXT */ - if (!s->hit && j != 0 && j == s->session->session_id_length + if (j != 0 && j == s->session->session_id_length && memcmp(p, s->session->session_id, j) == 0) { if (s->sid_ctx_length != s->session->sid_ctx_length || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { @@ -980,12 +1026,13 @@ int ssl3_get_server_hello(SSL *s) goto f_err; } s->hit = 1; - } - /* a miss or crap from the other end */ - if (!s->hit) { + } else { /* - * If we were trying for session-id reuse, make a new SSL_SESSION so - * we don't stuff up other people + * If we were trying for session-id reuse but the server + * didn't echo the ID, make a new SSL_SESSION. + * In the case of EAP-FAST and PAC, we do not send a session ID, + * so the PAC-based session secret is always preserved. It'll be + * overwritten if the server refuses resumption. */ if (s->session->session_id_length > 0) { if (!ssl_get_new_session(s, 0)) { @@ -1113,6 +1160,7 @@ int ssl3_get_server_hello(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -1298,8 +1346,10 @@ int ssl3_get_server_certificate(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + EVP_PKEY_free(pkey); X509_free(x); sk_X509_pop_free(sk, X509_free); @@ -1621,6 +1671,13 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } + + if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + s->session->sess_cert->peer_rsa_tmp = rsa; rsa = NULL; } @@ -1965,6 +2022,7 @@ int ssl3_get_key_exchange(SSL *s) EC_KEY_free(ecdh); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2140,7 +2198,10 @@ int ssl3_get_certificate_request(SSL *s) ca_sk = NULL; ret = 1; + goto done; err: + s->state = SSL_ST_ERR; + done: if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); @@ -2175,6 +2236,38 @@ int ssl3_get_new_session_ticket(SSL *s) } p = d = (unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ @@ -2217,6 +2310,7 @@ int ssl3_get_new_session_ticket(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2277,6 +2371,7 @@ int ssl3_get_cert_status(SSL *s) return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return (-1); } #endif @@ -2298,12 +2393,32 @@ int ssl3_get_server_done(SSL *s) /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); + s->state = SSL_ST_ERR; return -1; } ret = 1; return (ret); } +#ifndef OPENSSL_NO_DH +static DH *get_server_static_dh_key(SESS_CERT *scert) +{ + DH *dh_srvr = NULL; + EVP_PKEY *spkey = NULL; + int idx = scert->peer_cert_type; + + if (idx >= 0) + spkey = X509_get_pubkey(scert->peer_pkeys[idx].x509); + if (spkey) { + dh_srvr = EVP_PKEY_get1_DH(spkey); + EVP_PKEY_free(spkey); + } + if (dh_srvr == NULL) + SSLerr(SSL_F_GET_SERVER_STATIC_DH_KEY, ERR_R_INTERNAL_ERROR); + return dh_srvr; +} +#endif + int ssl3_send_client_key_exchange(SSL *s) { unsigned char *p; @@ -2546,25 +2661,14 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } - if (scert->peer_dh_tmp != NULL) + if (scert->peer_dh_tmp != NULL) { dh_srvr = scert->peer_dh_tmp; - else { - /* we get them from the cert */ - int idx = scert->peer_cert_type; - EVP_PKEY *spkey = NULL; - dh_srvr = NULL; - if (idx >= 0) - spkey = X509_get_pubkey(scert->peer_pkeys[idx].x509); - if (spkey) { - dh_srvr = EVP_PKEY_get1_DH(spkey); - EVP_PKEY_free(spkey); - } - if (dh_srvr == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + } else { + dh_srvr = get_server_static_dh_key(scert); + if (dh_srvr == NULL) goto err; - } } + if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { /* Use client certificate key */ EVP_PKEY *clkey = s->cert->key->privatekey; @@ -2624,8 +2728,6 @@ int ssl3_send_client_key_exchange(SSL *s) } DH_free(dh_clnt); - - /* perhaps clean things up a bit EAY EAY EAY EAY */ } #endif @@ -2847,7 +2949,10 @@ int ssl3_send_client_key_exchange(SSL *s) EVP_PKEY_encrypt_init(pkey_ctx); /* Generate session key */ - RAND_bytes(premaster_secret, 32); + if (RAND_bytes(premaster_secret, 32) <= 0) { + EVP_PKEY_CTX_free(pkey_ctx); + goto err; + } /* * If we have client certificate, use its secret as peer key */ @@ -3061,6 +3166,7 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -3189,6 +3295,7 @@ int ssl3_send_client_verify(SSL *s) err: EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); + s->state = SSL_ST_ERR; return (-1); } @@ -3252,6 +3359,7 @@ int ssl3_send_client_certificate(SSL *s) } if (i == 0) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } s->rwstate = SSL_NOTHING; @@ -3312,6 +3420,7 @@ int ssl3_send_client_certificate(SSL *s) 2) ? NULL : s->cert->key)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } } @@ -3326,6 +3435,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) int i, idx; long alg_k, alg_a; EVP_PKEY *pkey = NULL; + int pkey_bits; SESS_CERT *sc; #ifndef OPENSSL_NO_RSA RSA *rsa; @@ -3333,6 +3443,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) #ifndef OPENSSL_NO_DH DH *dh; #endif + int al = SSL_AD_HANDSHAKE_FAILURE; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; @@ -3375,6 +3486,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509); + pkey_bits = EVP_PKEY_bits(pkey); i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); EVP_PKEY_free(pkey); @@ -3392,40 +3504,82 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_RSA - if ((alg_k & SSL_kRSA) && - !(has_bits(i, EVP_PK_RSA | EVP_PKT_ENC) || (rsa != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; + if (alg_k & SSL_kRSA) { + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { + if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } + if (rsa != NULL) { + /* server key exchange is not allowed. */ + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); + goto f_err; + } + } + } } #endif #ifndef OPENSSL_NO_DH - if ((alg_k & SSL_kEDH) && - !(has_bits(i, EVP_PK_DH | EVP_PKT_EXCH) || (dh != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY); + if ((alg_k & SSL_kEDH) && dh == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto f_err; - } else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) && + } + if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); goto f_err; } # ifndef OPENSSL_NO_DSA - else if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) && - !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { + if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) && + !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); goto f_err; } # endif -#endif - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { + if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { + int dh_size; + if (alg_k & SSL_kDHE) { + dh_size = BN_num_bits(dh->p); + } else { + DH *dh_srvr = get_server_static_dh_key(sc); + if (dh_srvr == NULL) + goto f_err; + dh_size = BN_num_bits(dh_srvr->p); + DH_free(dh_srvr); + } + + if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768) + || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL); + goto f_err; + } + } +#endif /* !OPENSSL_NO_DH */ + + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { - if (rsa == NULL - || RSA_size(rsa) * 8 > + if (rsa == NULL) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_RSA_KEY); + goto f_err; + } else if (BN_num_bits(rsa->n) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary RSA key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -3433,14 +3587,21 @@ int ssl3_check_cert_and_algorithm(SSL *s) } else #endif #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) { - if (dh == NULL - || DH_size(dh) * 8 > + if (alg_k & SSL_kDHE) { + if (BN_num_bits(dh->p) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary DH key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err; } + } else if (alg_k & (SSL_kDHr | SSL_kDHd)) { + /* The cert should have had an export DH key. */ + al = SSL_AD_EXPORT_RESTRICTION; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_DH_KEY); + goto f_err; } else #endif { @@ -3451,12 +3612,62 @@ int ssl3_check_cert_and_algorithm(SSL *s) } return (1); f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s, SSL3_AL_FATAL, al); err: return (0); } -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifndef OPENSSL_NO_TLSEXT +/* + * Normally, we can tell if the server is resuming the session from + * the session ID. EAP-FAST (RFC 4851), however, relies on the next server + * message after the ServerHello to determine if the server is resuming. + * Therefore, we allow EAP-FAST to peek ahead. + * ssl3_check_finished returns 1 if we are resuming from an external + * pre-shared secret, we have a "ticket" and the next server handshake message + * is Finished; and 0 otherwise. It returns -1 upon an error. + */ +static int ssl3_check_finished(SSL *s) +{ + int ok = 0; + + if (s->version < TLS1_VERSION || !s->tls_session_secret_cb || + !s->session->tlsext_tick) + return 0; + + /* Need to permit this temporarily, in case the next message is Finished. */ + s->s3->flags |= SSL3_FLAGS_CCS_OK; + /* + * This function is called when we might get a Certificate message instead, + * so permit appropriate message length. + * We ignore the return value as we're only interested in the message type + * and not its length. + */ + s->method->ssl_get_message(s, + SSL3_ST_CR_CERT_A, + SSL3_ST_CR_CERT_B, + -1, s->max_cert_list, &ok); + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + + if (!ok) + return -1; + + s->s3->tmp.reuse_message = 1; + + if (s->s3->tmp.message_type == SSL3_MT_FINISHED) + return 1; + + /* If we're not done, then the CCS arrived early and we should bail. */ + if (s->s3->change_cipher_spec) { + SSLerr(SSL_F_SSL3_CHECK_FINISHED, SSL_R_CCS_RECEIVED_EARLY); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + return 0; +} + +# ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_send_next_proto(SSL *s) { unsigned int len, padding_len; @@ -3479,8 +3690,8 @@ int ssl3_send_next_proto(SSL *s) return ssl3_do_write(s, SSL3_RT_HANDSHAKE); } -#endif /* !OPENSSL_NO_TLSEXT && - * !OPENSSL_NO_NEXTPROTONEG */ +#endif /* !OPENSSL_NO_NEXTPROTONEG */ +#endif /* !OPENSSL_NO_TLSEXT */ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { diff --git a/openssl/ssl/s3_lib.c b/openssl/ssl/s3_lib.c index 28129f68d..5db349a23 100644 --- a/openssl/ssl/s3_lib.c +++ b/openssl/ssl/s3_lib.c @@ -330,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { /* The DH ciphers */ /* Cipher 0B */ { - 1, + 0, SSL3_TXT_DH_DSS_DES_40_CBC_SHA, SSL3_CK_DH_DSS_DES_40_CBC_SHA, SSL_kDHd, @@ -378,7 +378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { /* Cipher 0E */ { - 1, + 0, SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA, SSL_kDHr, diff --git a/openssl/ssl/s3_pkt.c b/openssl/ssl/s3_pkt.c index 221ae039e..603c285ac 100644 --- a/openssl/ssl/s3_pkt.c +++ b/openssl/ssl/s3_pkt.c @@ -361,11 +361,22 @@ static int ssl3_get_record(SSL *s) if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) - && !s->enc_write_ctx && !s->write_hash) + && !s->enc_write_ctx && !s->write_hash) { + if (rr->type == SSL3_RT_ALERT) { + /* + * The record is using an incorrect version number, but + * what we've got appears to be an alert. We haven't + * read the body yet to check whether its a fatal or + * not - but chances are it is. We probably shouldn't + * send a fatal alert back. We'll just end. + */ + goto err; + } /* * Send back error using their minor version number :-) */ s->version = (unsigned short)version; + } al = SSL_AD_PROTOCOL_VERSION; goto f_err; } @@ -708,7 +719,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) packlen *= 4; wb->buf = OPENSSL_malloc(packlen); - if(!wb->buf) { + if (!wb->buf) { SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c index c016139b1..8885694c0 100644 --- a/openssl/ssl/s3_srvr.c +++ b/openssl/ssl/s3_srvr.c @@ -266,6 +266,7 @@ int ssl3_accept(SSL *s) if ((s->version >> 8) != 3) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->type = SSL_ST_ACCEPT; @@ -273,11 +274,13 @@ int ssl3_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -285,6 +288,7 @@ int ssl3_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -303,6 +307,7 @@ int ssl3_accept(SSL *s) */ if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -320,6 +325,7 @@ int ssl3_accept(SSL *s) SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); ret = -1; + s->state = SSL_ST_ERR; goto end; } else { /* @@ -379,6 +385,7 @@ int ssl3_accept(SSL *s) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT); ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret = -1; + s->state = SSL_ST_ERR; goto end; } } @@ -529,9 +536,12 @@ int ssl3_accept(SSL *s) skip = 1; s->s3->tmp.cert_request = 0; s->state = SSL3_ST_SW_SRVR_DONE_A; - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } } else { s->s3->tmp.cert_request = 1; ret = ssl3_send_certificate_request(s); @@ -621,11 +631,14 @@ int ssl3_accept(SSL *s) */ if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } } else { int offset = 0; int dgst_num; @@ -639,9 +652,12 @@ int ssl3_accept(SSL *s) * CertificateVerify should be generalized. But it is next * step */ - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++) if (s->s3->handshake_dgst[dgst_num]) { int dgst_size; @@ -657,6 +673,7 @@ int ssl3_accept(SSL *s) dgst_size = EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); if (dgst_size < 0) { + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -667,15 +684,6 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->s3->flags |= SSL3_FLAGS_CCS_OK; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -695,11 +703,10 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: /* - * Enable CCS for resumed handshakes with NPN. - * In a full handshake with NPN, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS for NPN. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until * the client's Finished message is read. @@ -718,10 +725,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes without NPN. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make + * Enable CCS for handshakes without NPN. In NPN the CCS flag has + * already been set. Receiving a CCS clears the flag, so make * sure not to re-enable it to ban duplicates. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until @@ -771,6 +776,7 @@ int ssl3_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -787,6 +793,7 @@ int ssl3_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -849,6 +856,7 @@ int ssl3_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -930,6 +938,16 @@ int ssl3_get_client_hello(SSL *s) s->first_packet = 0; d = p = (unsigned char *)s->init_msg; + /* + * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte + * for session id length + */ + if (n < 2 + SSL3_RANDOM_SIZE + 1) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + /* * use version from inside client hello, not from record header (may * differ: see RFC 2246, Appendix E, second paragraph) @@ -962,6 +980,12 @@ int ssl3_get_client_hello(SSL *s) unsigned int session_length, cookie_length; session_length = *(p + SSL3_RANDOM_SIZE); + + if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); if (cookie_length == 0) @@ -975,6 +999,12 @@ int ssl3_get_client_hello(SSL *s) /* get the session-id */ j = *(p++); + if (p + j > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + s->hit = 0; /* * Versions before 0.9.7 always allow clients to resume sessions in @@ -1019,8 +1049,19 @@ int ssl3_get_client_hello(SSL *s) if (SSL_IS_DTLS(s)) { /* cookie stuff */ + if (p + 1 > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } cookie_len = *(p++); + if (p + cookie_len > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + /* * The ClientHello may contain a cookie even if the * HelloVerify message has not been sent--make sure that it @@ -1086,27 +1127,33 @@ int ssl3_get_client_hello(SSL *s) } } + if (p + 2 > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } n2s(p, i); - if ((i == 0) && (j != 0)) { - /* we need a cipher if we are not resuming a session */ + + if (i == 0) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED); goto f_err; } - if ((p + i) >= (d + n)) { + + /* i bytes of cipher data + 1 byte for compression length later */ + if ((p + i + 1) > (d + n)) { /* not enough data */ al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } - if ((i > 0) && (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) - == NULL)) { + if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL) { goto err; } p += i; /* If it is a hit, check that the cipher is in the list */ - if ((s->hit) && (i > 0)) { + if (s->hit) { j = 0; id = s->session->cipher->id; @@ -1335,8 +1382,8 @@ int ssl3_get_client_hello(SSL *s) sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; if (ciphers == NULL) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_PASSED); + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto f_err; } ciphers = NULL; @@ -1424,8 +1471,10 @@ int ssl3_get_client_hello(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); return ret < 0 ? -1 : ret; @@ -1443,8 +1492,10 @@ int ssl3_send_server_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; #ifdef OPENSSL_NO_TLSEXT p = s->s3->server_random; - if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) + if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { + s->state = SSL_ST_ERR; return -1; + } #endif /* Do the message type and length last */ d = p = ssl_handshake_start(s); @@ -1479,6 +1530,7 @@ int ssl3_send_server_hello(SSL *s) sl = s->session->session_id_length; if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } *(p++) = sl; @@ -1501,6 +1553,7 @@ int ssl3_send_server_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); + s->state = SSL_ST_ERR; return -1; } if ((p = @@ -1508,6 +1561,7 @@ int ssl3_send_server_hello(SSL *s) &al)) == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, al); SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } #endif @@ -1970,6 +2024,7 @@ int ssl3_send_server_key_exchange(SSL *s) BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2063,6 +2118,7 @@ int ssl3_send_certificate_request(SSL *s) /* SSL3_ST_SW_CERT_REQ_B */ return ssl_do_write(s); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2355,6 +2411,7 @@ int ssl3_get_client_key_exchange(SSL *s) int padl, outl; krb5_timestamp authtime = 0; krb5_ticket_times ttimes; + int kerr = 0; EVP_CIPHER_CTX_init(&ciph_ctx); @@ -2458,23 +2515,27 @@ int ssl3_get_client_key_exchange(SSL *s) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } outl += padl; if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) { @@ -2491,7 +2552,8 @@ int ssl3_get_client_key_exchange(SSL *s) if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_AD_DECODE_ERROR); - goto err; + kerr = 1; + goto kclean; } } @@ -2517,6 +2579,11 @@ int ssl3_get_client_key_exchange(SSL *s) * kssl_ctx = kssl_ctx_free(kssl_ctx); * if (s->kssl_ctx) s->kssl_ctx = NULL; */ + + kclean: + OPENSSL_cleanse(pms, sizeof(pms)); + if (kerr) + goto err; } else #endif /* OPENSSL_NO_KRB5 */ @@ -2835,6 +2902,7 @@ int ssl3_get_client_key_exchange(SSL *s) s-> session->master_key, premaster_secret, 32); + OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret)); /* Check if pubkey from client certificate was used */ if (EVP_PKEY_CTX_ctrl (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) @@ -2867,6 +2935,7 @@ int ssl3_get_client_key_exchange(SSL *s) EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -2882,39 +2951,31 @@ int ssl3_get_cert_verify(SSL *s) EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); + /* + * We should only process a CertificateVerify message if we have received + * a Certificate from the client. If so then |s->session->peer| will be non + * NULL. In some instances a CertificateVerify message is not required even + * if the peer has sent a Certificate (e.g. such as in the case of static + * DH). In that case the ClientKeyExchange processing will skip the + * CertificateVerify state so we should not arrive here. + */ + if (s->session->peer == NULL) { + ret = 1; + goto end; + } + n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, - -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); + SSL3_MT_CERTIFICATE_VERIFY, + SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return ((int)n); - if (s->session->peer != NULL) { - peer = s->session->peer; - pkey = X509_get_pubkey(peer); - type = X509_certificate_type(peer, pkey); - } else { - peer = NULL; - pkey = NULL; - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - s->s3->tmp.reuse_message = 1; - if (peer != NULL) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_MISSING_VERIFY_MESSAGE); - goto f_err; - } - ret = 1; - goto end; - } - - if (peer == NULL) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_NO_CLIENT_CERT_RECEIVED); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } + peer = s->session->peer; + pkey = X509_get_pubkey(peer); + type = X509_certificate_type(peer, pkey); if (!(type & EVP_PKT_SIGN)) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, @@ -2923,12 +2984,6 @@ int ssl3_get_cert_verify(SSL *s) goto f_err; } - if (s->s3->change_cipher_spec) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_CCS_RECEIVED_EARLY); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - /* we now have a signature that we need to verify */ p = (unsigned char *)s->init_msg; /* Check for broken implementations of GOST ciphersuites */ @@ -3069,6 +3124,7 @@ int ssl3_get_cert_verify(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; } end: if (s->s3->handshake_buffer) { @@ -3227,8 +3283,10 @@ int ssl3_get_client_certificate(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + if (x != NULL) X509_free(x); if (sk != NULL) @@ -3248,12 +3306,14 @@ int ssl3_send_server_certificate(SSL *s) (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } } if (!ssl3_output_cert_chain(s, cpk)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } s->state = SSL3_ST_SW_CERT_B; @@ -3287,11 +3347,15 @@ int ssl3_send_newsession_ticket(SSL *s) * Some length values are 16 bits, so forget it if session is too * long */ - if (slen_full == 0 || slen_full > 0xFF00) + if (slen_full == 0 || slen_full > 0xFF00) { + s->state = SSL_ST_ERR; return -1; + } senc = OPENSSL_malloc(slen_full); - if (!senc) + if (!senc) { + s->state = SSL_ST_ERR; return -1; + } EVP_CIPHER_CTX_init(&ctx); HMAC_CTX_init(&hctx); @@ -3391,10 +3455,10 @@ int ssl3_send_newsession_ticket(SSL *s) /* Now write out lengths: p points to end of data written */ /* Total length */ len = p - ssl_handshake_start(s); - ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len); /* Skip ticket lifetime hint */ p = ssl_handshake_start(s) + 4; s2n(len - 6, p); + ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len); s->state = SSL3_ST_SW_SESSION_TICKET_B; OPENSSL_free(senc); } @@ -3406,6 +3470,7 @@ int ssl3_send_newsession_ticket(SSL *s) OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); + s->state = SSL_ST_ERR; return -1; } @@ -3419,8 +3484,10 @@ int ssl3_send_cert_status(SSL *s) * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ - if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) + if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) { + s->state = SSL_ST_ERR; return -1; + } p = (unsigned char *)s->init_buf->data; @@ -3463,6 +3530,7 @@ int ssl3_get_next_proto(SSL *s) if (!s->s3->next_proto_neg_seen) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); + s->state = SSL_ST_ERR; return -1; } @@ -3482,11 +3550,14 @@ int ssl3_get_next_proto(SSL *s) */ if (!s->s3->change_cipher_spec) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); + s->state = SSL_ST_ERR; return -1; } - if (n < 2) + if (n < 2) { + s->state = SSL_ST_ERR; return 0; /* The body must be > 1 bytes long */ + } p = (unsigned char *)s->init_msg; @@ -3498,15 +3569,20 @@ int ssl3_get_next_proto(SSL *s) * uint8 padding[padding_len]; */ proto_len = p[0]; - if (proto_len + 2 > s->init_num) + if (proto_len + 2 > s->init_num) { + s->state = SSL_ST_ERR; return 0; + } padding_len = p[proto_len + 1]; - if (proto_len + padding_len + 2 != s->init_num) + if (proto_len + padding_len + 2 != s->init_num) { + s->state = SSL_ST_ERR; return 0; + } s->next_proto_negotiated = OPENSSL_malloc(proto_len); if (!s->next_proto_negotiated) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE); + s->state = SSL_ST_ERR; return 0; } memcpy(s->next_proto_negotiated, p + 1, proto_len); diff --git a/openssl/ssl/ssl.h b/openssl/ssl/ssl.h index a6d845dc9..6fe1a2474 100644 --- a/openssl/ssl/ssl.h +++ b/openssl/ssl/ssl.h @@ -1727,6 +1727,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +# define SSL_ST_ERR 0x05 # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 @@ -2640,6 +2641,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_GET_CLIENT_MASTER_KEY 107 # define SSL_F_GET_SERVER_FINISHED 108 # define SSL_F_GET_SERVER_HELLO 109 +# define SSL_F_GET_SERVER_STATIC_DH_KEY 340 # define SSL_F_GET_SERVER_VERIFY 110 # define SSL_F_I2D_SSL_SESSION 111 # define SSL_F_READ_N 112 @@ -2670,6 +2672,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 # define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 +# define SSL_F_SSL3_CHECK_FINISHED 339 # define SSL_F_SSL3_CLIENT_HELLO 131 # define SSL_F_SSL3_CONNECT 132 # define SSL_F_SSL3_CTRL 213 @@ -2784,6 +2787,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 @@ -2904,6 +2908,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_DATA_LENGTH_TOO_LONG 146 # define SSL_R_DECRYPTION_FAILED 147 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 372 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 # define SSL_R_DIGEST_CHECK_FAILED 149 # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 diff --git a/openssl/ssl/ssl_err.c b/openssl/ssl/ssl_err.c index ab3aa2337..1a6030e62 100644 --- a/openssl/ssl/ssl_err.c +++ b/openssl/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -119,6 +119,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_GET_SERVER_STATIC_DH_KEY), "GET_SERVER_STATIC_DH_KEY"}, {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, {ERR_FUNC(SSL_F_READ_N), "READ_N"}, @@ -151,6 +152,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "ssl3_check_cert_and_algorithm"}, {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "ssl3_check_client_hello"}, + {ERR_FUNC(SSL_F_SSL3_CHECK_FINISHED), "SSL3_CHECK_FINISHED"}, {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "ssl3_client_hello"}, {ERR_FUNC(SSL_F_SSL3_CONNECT), "ssl3_connect"}, {ERR_FUNC(SSL_F_SSL3_CTRL), "ssl3_ctrl"}, @@ -310,6 +312,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { "SSL_SCAN_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT), "SSL_SCAN_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), @@ -458,6 +461,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, + {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"}, {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"}, diff --git a/openssl/ssl/ssl_lib.c b/openssl/ssl/ssl_lib.c index e9ad2bc81..c0931e787 100644 --- a/openssl/ssl/ssl_lib.c +++ b/openssl/ssl/ssl_lib.c @@ -1510,9 +1510,13 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); } - if ((skp == NULL) || (*skp == NULL)) + if ((skp == NULL) || (*skp == NULL)) { sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ - else { + if(sk == NULL) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + return NULL; + } + } else { sk = *skp; sk_SSL_CIPHER_zero(sk); } @@ -2326,7 +2330,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (dh_dsa_export) emask_k |= SSL_kDHd; - if (emask_k & (SSL_kDHr | SSL_kDHd)) + if (mask_k & (SSL_kDHr | SSL_kDHd)) mask_a |= SSL_aDH; if (rsa_enc || rsa_sign) { @@ -2832,6 +2836,12 @@ const char *SSL_get_version(const SSL *s) return ("SSLv3"); else if (s->version == SSL2_VERSION) return ("SSLv2"); + else if (s->version == DTLS1_BAD_VER) + return ("DTLSv0.9"); + else if (s->version == DTLS1_VERSION) + return ("DTLSv1"); + else if (s->version == DTLS1_2_VERSION) + return ("DTLSv1.2"); else return ("unknown"); } diff --git a/openssl/ssl/ssl_locl.h b/openssl/ssl/ssl_locl.h index 79b85b9ed..6c2c551e5 100644 --- a/openssl/ssl/ssl_locl.h +++ b/openssl/ssl/ssl_locl.h @@ -1058,6 +1058,7 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, @@ -1230,7 +1231,6 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); int dtls1_send_change_cipher_spec(SSL *s, int a, int b); -int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); int dtls1_read_failed(SSL *s, int code); int dtls1_buffer_message(SSL *s, int ccs); int dtls1_retransmit_message(SSL *s, unsigned short seq, diff --git a/openssl/ssl/ssl_sess.c b/openssl/ssl/ssl_sess.c index 1e1002fc8..07e7379ab 100644 --- a/openssl/ssl/ssl_sess.c +++ b/openssl/ssl/ssl_sess.c @@ -227,6 +227,130 @@ SSL_SESSION *SSL_SESSION_new(void) return (ss); } +/* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) +{ + SSL_SESSION *dest; + + dest = OPENSSL_malloc(sizeof(*src)); + if (dest == NULL) { + goto err; + } + memcpy(dest, src, sizeof(*dest)); + + /* + * Set the various pointers to NULL so that we can call SSL_SESSION_free in + * the case of an error whilst halfway through constructing dest + */ +#ifndef OPENSSL_NO_PSK + dest->psk_identity_hint = NULL; + dest->psk_identity = NULL; +#endif + dest->ciphers = NULL; +#ifndef OPENSSL_NO_TLSEXT + dest->tlsext_hostname = NULL; +# ifndef OPENSSL_NO_EC + dest->tlsext_ecpointformatlist = NULL; + dest->tlsext_ellipticcurvelist = NULL; +# endif +#endif + dest->tlsext_tick = NULL; +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; +#endif + memset(&dest->ex_data, 0, sizeof(dest->ex_data)); + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + + dest->references = 1; + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + +#ifndef OPENSSL_NO_PSK + if (src->psk_identity_hint) { + dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); + if (dest->psk_identity_hint == NULL) { + goto err; + } + } + if (src->psk_identity) { + dest->psk_identity = BUF_strdup(src->psk_identity); + if (dest->psk_identity == NULL) { + goto err; + } + } +#endif + + if(src->ciphers != NULL) { + dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); + if (dest->ciphers == NULL) + goto err; + } + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, + &dest->ex_data, &src->ex_data)) { + goto err; + } + +#ifndef OPENSSL_NO_TLSEXT + if (src->tlsext_hostname) { + dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); + if (dest->tlsext_hostname == NULL) { + goto err; + } + } +# ifndef OPENSSL_NO_EC + if (src->tlsext_ecpointformatlist) { + dest->tlsext_ecpointformatlist = + BUF_memdup(src->tlsext_ecpointformatlist, + src->tlsext_ecpointformatlist_length); + if (dest->tlsext_ecpointformatlist == NULL) + goto err; + } + if (src->tlsext_ellipticcurvelist) { + dest->tlsext_ellipticcurvelist = + BUF_memdup(src->tlsext_ellipticcurvelist, + src->tlsext_ellipticcurvelist_length); + if (dest->tlsext_ellipticcurvelist == NULL) + goto err; + } +# endif +#endif + + if (ticket != 0) { + dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); + if(dest->tlsext_tick == NULL) + goto err; + } else { + dest->tlsext_tick_lifetime_hint = 0; + dest->tlsext_ticklen = 0; + } + +#ifndef OPENSSL_NO_SRP + if (src->srp_username) { + dest->srp_username = BUF_strdup(src->srp_username); + if (dest->srp_username == NULL) { + goto err; + } + } +#endif + + return dest; +err: + SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); + SSL_SESSION_free(dest); + return NULL; +} + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { @@ -449,9 +573,14 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, int r; #endif - if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) + if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH) goto err; + if (session_id + len > limit) { + fatal = 1; + goto err; + } + if (len == 0) try_session_cache = 0; diff --git a/openssl/ssl/ssl_stat.c b/openssl/ssl/ssl_stat.c index d725d7834..1b9069f97 100644 --- a/openssl/ssl/ssl_stat.c +++ b/openssl/ssl/ssl_stat.c @@ -117,6 +117,9 @@ const char *SSL_state_string_long(const SSL *s) case SSL_ST_OK | SSL_ST_ACCEPT: str = "ok/accept SSL initialization"; break; + case SSL_ST_ERR: + str = "error"; + break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str = "SSLv2 client start encryption"; @@ -496,6 +499,9 @@ const char *SSL_state_string(const SSL *s) case SSL_ST_OK: str = "SSLOK "; break; + case SSL_ST_ERR: + str = "SSLERR"; + break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str = "2CSENC"; diff --git a/openssl/ssl/ssltest.c b/openssl/ssl/ssltest.c index 9f5d58624..6737adf23 100644 --- a/openssl/ssl/ssltest.c +++ b/openssl/ssl/ssltest.c @@ -692,7 +692,9 @@ static void sv_usage(void) " -bytes - number of bytes to swap between client/server\n"); #ifndef OPENSSL_NO_DH fprintf(stderr, - " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); + " -dhe512 - use 512 bit key for DHE (to test failure)\n"); + fprintf(stderr, + " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); @@ -715,6 +717,10 @@ static void sv_usage(void) #endif #ifndef OPENSSL_NO_TLS1 fprintf(stderr, " -tls1 - use TLSv1\n"); +#endif +#ifndef OPENSSL_NO_DTLS + fprintf(stderr, " -dtls1 - use DTLSv1\n"); + fprintf(stderr, " -dtls12 - use DTLSv1.2\n"); #endif fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); @@ -877,7 +883,7 @@ int main(int argc, char *argv[]) int badop = 0; int bio_pair = 0; int force = 0; - int tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1; + int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -897,7 +903,7 @@ int main(int argc, char *argv[]) long bytes = 256L; #ifndef OPENSSL_NO_DH DH *dh; - int dhe1024 = 0, dhe1024dsa = 0; + int dhe512 = 0, dhe1024dsa = 0; #endif #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh = NULL; @@ -977,19 +983,19 @@ int main(int argc, char *argv[]) debug = 1; else if (strcmp(*argv, "-reuse") == 0) reuse = 1; - else if (strcmp(*argv, "-dhe1024") == 0) { + else if (strcmp(*argv, "-dhe512") == 0) { #ifndef OPENSSL_NO_DH - dhe1024 = 1; + dhe512 = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe512, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-dhe1024dsa") == 0) { #ifndef OPENSSL_NO_DH dhe1024dsa = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe1024dsa, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-no_dhe") == 0) no_dhe = 1; @@ -1037,6 +1043,16 @@ int main(int argc, char *argv[]) no_protocol = 1; #endif ssl3 = 1; + } else if (strcmp(*argv, "-dtls1") == 0) { +#ifdef OPENSSL_NO_DTLS + no_protocol = 1; +#endif + dtls1 = 1; + } else if (strcmp(*argv, "-dtls12") == 0) { +#ifdef OPENSSL_NO_DTLS + no_protocol = 1; +#endif + dtls12 = 1; } else if (strncmp(*argv, "-num", 4) == 0) { if (--argc < 1) goto bad; @@ -1172,8 +1188,8 @@ int main(int argc, char *argv[]) goto end; } - if (ssl2 + ssl3 + tls1 > 1) { - fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should " + if (ssl2 + ssl3 + tls1 + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl2, -ssl3, -tls1, -dtls1 or -dtls12 should " "be requested.\n"); EXIT(1); } @@ -1190,10 +1206,10 @@ int main(int argc, char *argv[]) goto end; } - if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) { + if (!ssl2 && !ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl2, -ssl3, -tls1, -reuse\n" + "or add one of ssl2, -ssl3, -tls1, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1271,6 +1287,13 @@ int main(int argc, char *argv[]) meth = SSLv3_method(); else #endif +#ifndef OPENSSL_NO_DTLS + if (dtls1) + meth = DTLSv1_method(); + else if (dtls12) + meth = DTLSv1_2_method(); + else +#endif #ifndef OPENSSL_NO_TLS1 if (tls1) meth = TLSv1_method(); @@ -1297,10 +1320,10 @@ int main(int argc, char *argv[]) */ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); dh = get_dh1024dsa(); - } else if (dhe1024) - dh = get_dh1024(); - else + } else if (dhe512) dh = get_dh512(); + else + dh = get_dh1024(); SSL_CTX_set_tmp_dh(s_ctx, dh); DH_free(dh); } @@ -1318,12 +1341,9 @@ int main(int argc, char *argv[]) BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); goto end; } - } else -# ifdef OPENSSL_NO_EC2M + } else { nid = NID_X9_62_prime256v1; -# else - nid = NID_sect163r2; -# endif + } ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == NULL) { diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c index 577885fe0..e2a8f8691 100644 --- a/openssl/ssl/t1_enc.c +++ b/openssl/ssl/t1_enc.c @@ -260,7 +260,7 @@ static int tls1_PRF(long digest_mask, if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) count++; } - if(!count) { + if (!count) { /* Should never happen */ SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); goto err; @@ -404,9 +404,9 @@ int tls1_change_cipher_state(SSL *s, int which) } #endif /* - * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION + * this is done by dtls1_reset_seq_numbers for DTLS */ - if (s->version != DTLS1_VERSION) + if (!SSL_IS_DTLS(s)) memset(&(s->s3->read_sequence[0]), 0, 8); mac_secret = &(s->s3->read_mac_secret[0]); mac_secret_size = &(s->s3->read_mac_secret_size); @@ -442,9 +442,9 @@ int tls1_change_cipher_state(SSL *s, int which) } #endif /* - * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION + * this is done by dtls1_reset_seq_numbers for DTLS */ - if (s->version != DTLS1_VERSION) + if (!SSL_IS_DTLS(s)) memset(&(s->s3->write_sequence[0]), 0, 8); mac_secret = &(s->s3->write_mac_secret[0]); mac_secret_size = &(s->s3->write_mac_secret_size); @@ -803,7 +803,7 @@ int tls1_enc(SSL *s, int send) bs = EVP_CIPHER_block_size(ds->cipher); if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { - unsigned char buf[13], *seq; + unsigned char buf[EVP_AEAD_TLS1_AAD_LEN], *seq; seq = send ? s->s3->write_sequence : s->s3->read_sequence; @@ -827,7 +827,10 @@ int tls1_enc(SSL *s, int send) buf[10] = (unsigned char)(s->version); buf[11] = rec->length >> 8; buf[12] = rec->length & 0xff; - pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf); + pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, + EVP_AEAD_TLS1_AAD_LEN, buf); + if (pad <= 0) + return -1; if (send) { l += pad; rec->length += pad; diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c index d85d26e59..210a5e874 100644 --- a/openssl/ssl/t1_lib.c +++ b/openssl/ssl/t1_lib.c @@ -113,9 +113,11 @@ #include #include #include +#ifndef OPENSSL_NO_EC #ifdef OPENSSL_NO_EC2M # include #endif +#endif #include #include #include "ssl_locl.h" @@ -260,47 +262,68 @@ static const unsigned char ecformats_default[] = { TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 }; -static const unsigned char eccurves_default[] = { -# ifndef OPENSSL_NO_EC2M - 0, 14, /* sect571r1 (14) */ - 0, 13, /* sect571k1 (13) */ -# endif +/* The client's default curves / the server's 'auto' curves. */ +static const unsigned char eccurves_auto[] = { + /* Prefer P-256 which has the fastest and most secure implementations. */ + 0, 23, /* secp256r1 (23) */ + /* Other >= 256-bit prime curves. */ 0, 25, /* secp521r1 (25) */ 0, 28, /* brainpool512r1 (28) */ + 0, 27, /* brainpoolP384r1 (27) */ + 0, 24, /* secp384r1 (24) */ + 0, 26, /* brainpoolP256r1 (26) */ + 0, 22, /* secp256k1 (22) */ # ifndef OPENSSL_NO_EC2M + /* >= 256-bit binary curves. */ + 0, 14, /* sect571r1 (14) */ + 0, 13, /* sect571k1 (13) */ 0, 11, /* sect409k1 (11) */ 0, 12, /* sect409r1 (12) */ + 0, 9, /* sect283k1 (9) */ + 0, 10, /* sect283r1 (10) */ # endif +}; + +static const unsigned char eccurves_all[] = { + /* Prefer P-256 which has the fastest and most secure implementations. */ + 0, 23, /* secp256r1 (23) */ + /* Other >= 256-bit prime curves. */ + 0, 25, /* secp521r1 (25) */ + 0, 28, /* brainpool512r1 (28) */ 0, 27, /* brainpoolP384r1 (27) */ 0, 24, /* secp384r1 (24) */ + 0, 26, /* brainpoolP256r1 (26) */ + 0, 22, /* secp256k1 (22) */ # ifndef OPENSSL_NO_EC2M + /* >= 256-bit binary curves. */ + 0, 14, /* sect571r1 (14) */ + 0, 13, /* sect571k1 (13) */ + 0, 11, /* sect409k1 (11) */ + 0, 12, /* sect409r1 (12) */ 0, 9, /* sect283k1 (9) */ 0, 10, /* sect283r1 (10) */ # endif - 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - 0, 23, /* secp256r1 (23) */ + /* + * Remaining curves disabled by default but still permitted if set + * via an explicit callback or parameters. + */ + 0, 20, /* secp224k1 (20) */ + 0, 21, /* secp224r1 (21) */ + 0, 18, /* secp192k1 (18) */ + 0, 19, /* secp192r1 (19) */ + 0, 15, /* secp160k1 (15) */ + 0, 16, /* secp160r1 (16) */ + 0, 17, /* secp160r2 (17) */ # ifndef OPENSSL_NO_EC2M 0, 8, /* sect239k1 (8) */ 0, 6, /* sect233k1 (6) */ 0, 7, /* sect233r1 (7) */ -# endif - 0, 20, /* secp224k1 (20) */ - 0, 21, /* secp224r1 (21) */ -# ifndef OPENSSL_NO_EC2M 0, 4, /* sect193r1 (4) */ 0, 5, /* sect193r2 (5) */ -# endif - 0, 18, /* secp192k1 (18) */ - 0, 19, /* secp192r1 (19) */ -# ifndef OPENSSL_NO_EC2M 0, 1, /* sect163k1 (1) */ 0, 2, /* sect163r1 (2) */ 0, 3, /* sect163r2 (3) */ # endif - 0, 15, /* secp160k1 (15) */ - 0, 16, /* secp160r1 (16) */ - 0, 17, /* secp160r2 (17) */ }; static const unsigned char suiteb_curves[] = { @@ -474,8 +497,13 @@ static int tls1_get_curvelist(SSL *s, int sess, } else # endif { - *pcurves = eccurves_default; - pcurveslen = sizeof(eccurves_default); + if (!s->server || (s->cert && s->cert->ecdh_tmp_auto)) { + *pcurves = eccurves_auto; + pcurveslen = sizeof(eccurves_auto); + } else { + *pcurves = eccurves_all; + pcurveslen = sizeof(eccurves_all); + } } } } @@ -565,6 +593,20 @@ int tls1_shared_curve(SSL *s, int nmatch) (s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref, &num_pref)) return nmatch == -1 ? 0 : NID_undef; + + /* + * If the client didn't send the elliptic_curves extension all of them + * are allowed. + */ + if (num_supp == 0 && (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0) { + supp = eccurves_all; + num_supp = sizeof(eccurves_all) / 2; + } else if (num_pref == 0 && + (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0) { + pref = eccurves_all; + num_pref = sizeof(eccurves_all) / 2; + } + k = 0; for (i = 0; i < num_pref; i++, pref += 2) { const unsigned char *tsupp = supp; @@ -761,6 +803,16 @@ static int tls1_check_ec_key(SSL *s, for (j = 0; j <= 1; j++) { if (!tls1_get_curvelist(s, j, &pcurves, &num_curves)) return 0; + if (j == 1 && num_curves == 0) { + /* + * If we've not received any curves then skip this check. + * RFC 4492 does not require the supported elliptic curves extension + * so if it is not sent we can just choose any curve. + * It is invalid to send an empty list in the elliptic curves + * extension, so num_curves == 0 always means no extension. + */ + break; + } for (i = 0; i < num_curves; i++, pcurves += 2) { if (pcurves[0] == curve_id[0] && pcurves[1] == curve_id[1]) break; @@ -1964,19 +2016,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->srtp_profile = NULL; - if (data >= (d + n - 2)) + if (data == d + n) goto ri_check; + + if (data > (d + n - 2)) + goto err; + n2s(data, len); if (data > (d + n - len)) - goto ri_check; + goto err; while (data <= (d + n - 4)) { n2s(data, type); n2s(data, size); if (data + size > (d + n)) - goto ri_check; + goto err; # if 0 fprintf(stderr, "Received extension type %d size %d\n", type, size); # endif @@ -2012,16 +2068,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, int servname_type; int dsize; - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; sdata = data; while (dsize > 3) { @@ -2029,18 +2081,16 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, n2s(sdata, len); dsize -= 3; - if (len > dsize) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (len > dsize) + goto err; + if (s->servername_done == 0) switch (servname_type) { case TLSEXT_NAMETYPE_host_name: if (!s->hit) { - if (s->session->tlsext_hostname) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_hostname) + goto err; + if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; @@ -2074,31 +2124,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, dsize -= len; } - if (dsize != 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != 0) + goto err; } # ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size <= 0 || ((len = data[0])) != (size - 1)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (s->srp_ctx.login != NULL) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size == 0 || ((len = data[0])) != (size - 1)) + goto err; + if (s->srp_ctx.login != NULL) + goto err; if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL) return -1; memcpy(s->srp_ctx.login, &data[1], len); s->srp_ctx.login[len] = '\0'; - if (strlen(s->srp_ctx.login) != len) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (strlen(s->srp_ctx.login) != len) + goto err; } # endif @@ -2108,10 +2150,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, int ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1 || - ecpointformatlist_length < 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + ecpointformatlist_length < 1) + goto err; if (!s->hit) { if (s->session->tlsext_ecpointformatlist) { OPENSSL_free(s->session->tlsext_ecpointformatlist); @@ -2145,15 +2185,13 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, if (ellipticcurvelist_length != size - 2 || ellipticcurvelist_length < 1 || /* Each NamedCurve is 2 bytes. */ - ellipticcurvelist_length & 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + ellipticcurvelist_length & 1) + goto err; + if (!s->hit) { - if (s->session->tlsext_ellipticcurvelist) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_ellipticcurvelist) + goto err; + s->session->tlsext_ellipticcurvelist_length = 0; if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { @@ -2221,26 +2259,18 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, renegotiate_seen = 1; } else if (type == TLSEXT_TYPE_signature_algorithms) { int dsize; - if (s->cert->peer_sigalgs || size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (s->cert->peer_sigalgs || size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize != size || dsize & 1 || !dsize) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (!tls1_save_sigalgs(s, data, dsize)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size || dsize & 1 || !dsize) + goto err; + if (!tls1_save_sigalgs(s, data, dsize)) + goto err; } else if (type == TLSEXT_TYPE_status_request) { - if (size < 5) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 5) + goto err; s->tlsext_status_type = *data++; size--; @@ -2250,35 +2280,26 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, /* Read in responder_id_list */ n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; while (dsize > 0) { OCSP_RESPID *id; int idsize; - if (dsize < 4) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 4) + goto err; n2s(data, idsize); dsize -= 2 + idsize; size -= 2 + idsize; - if (dsize < 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 0) + goto err; sdata = data; data += idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); - if (!id) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!id) + goto err; if (data != sdata) { OCSP_RESPID_free(id); - *al = SSL_AD_DECODE_ERROR; - return 0; + goto err; } if (!s->tlsext_ocsp_ids && !(s->tlsext_ocsp_ids = @@ -2295,16 +2316,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } /* Read in request_extensions */ - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize != size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size) + goto err; sdata = data; if (dsize > 0) { if (s->tlsext_ocsp_exts) { @@ -2314,10 +2331,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &sdata, dsize); - if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) + goto err; } } /* @@ -2389,6 +2404,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, data += size; } + /* Spurious data on the end */ + if (data != d + n) + goto err; + *p = data; ri_check: @@ -2404,6 +2423,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } return 1; +err: + *al = SSL_AD_DECODE_ERROR; + return 0; } /* @@ -3837,7 +3859,10 @@ int tls1_process_heartbeat(SSL *s) memcpy(bp, pl, payload); bp += payload; /* Random padding */ - RAND_pseudo_bytes(bp, padding); + if (RAND_pseudo_bytes(bp, padding) < 0) { + OPENSSL_free(buffer); + return -1; + } r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); @@ -3872,7 +3897,7 @@ int tls1_process_heartbeat(SSL *s) int tls1_heartbeat(SSL *s) { unsigned char *buf, *p; - int ret; + int ret = -1; unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int padding = 16; /* Use minimum padding */ @@ -3920,10 +3945,16 @@ int tls1_heartbeat(SSL *s) /* Sequence number */ s2n(s->tlsext_hb_seq, p); /* 16 random bytes */ - RAND_pseudo_bytes(p, 16); + if (RAND_pseudo_bytes(p, 16) < 0) { + SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } p += 16; /* Random padding */ - RAND_pseudo_bytes(p, padding); + if (RAND_pseudo_bytes(p, padding) < 0) { + SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); if (ret >= 0) { @@ -3935,6 +3966,7 @@ int tls1_heartbeat(SSL *s) s->tlsext_hb_pending = 1; } +err: OPENSSL_free(buf); return ret; diff --git a/openssl/ssl/tls_srp.c b/openssl/ssl/tls_srp.c index d36cfa0a5..bb719ba4c 100644 --- a/openssl/ssl/tls_srp.c +++ b/openssl/ssl/tls_srp.c @@ -454,7 +454,8 @@ int SRP_Calc_A_param(SSL *s) { unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; - RAND_bytes(rnd, sizeof(rnd)); + if (RAND_bytes(rnd, sizeof(rnd)) <= 0) + return -1; s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); OPENSSL_cleanse(rnd, sizeof(rnd)); diff --git a/openssl/test/Makefile b/openssl/test/Makefile index 338867952..a570fadf9 100644 --- a/openssl/test/Makefile +++ b/openssl/test/Makefile @@ -351,12 +351,13 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -368,10 +369,10 @@ clean: rm -f .rnd tmp.bntest tmp.bctest *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ diff --git a/openssl/test/cms-test.pl b/openssl/test/cms-test.pl index 51abeef2c..baa3b5948 100644 --- a/openssl/test/cms-test.pl +++ b/openssl/test/cms-test.pl @@ -128,7 +128,7 @@ else die "Error checking for EC2M support\n"; } -system ("$ossl_path no-ecdh > $null_path"); +system ("$ossl_path no-ec > $null_path"); if ($? == 0) { $no_ecdh = 1; @@ -452,6 +452,14 @@ my @smime_cms_param_tests = ( "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" ], + [ +"enveloped content test streaming S/MIME format, ECDH, key identifier", + "-encrypt -keyid -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smec1.pem", + "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" + ], + [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", "-encrypt -in smcont.txt" diff --git a/openssl/test/evp_extra_test.c b/openssl/test/evp_extra_test.c deleted file mode 100644 index 2f2a8f7b0..000000000 --- a/openssl/test/evp_extra_test.c +++ /dev/null @@ -1 +0,0 @@ -../crypto/evp/evp_extra_test.c \ No newline at end of file diff --git a/openssl/test/evp_extra_test.c b/openssl/test/evp_extra_test.c new file mode 120000 index 000000000..2f2a8f7b0 --- /dev/null +++ b/openssl/test/evp_extra_test.c @@ -0,0 +1 @@ +../crypto/evp/evp_extra_test.c \ No newline at end of file diff --git a/openssl/test/testssl b/openssl/test/testssl index e3b342bfd..ddebf0853 100644 --- a/openssl/test/testssl +++ b/openssl/test/testssl @@ -101,6 +101,30 @@ $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 via BIO pair $ssltest $extra || exit 1 +echo test dtlsv1 +$ssltest -dtls1 $extra || exit 1 + +echo test dtlsv1 with server authentication +$ssltest -dtls1 -server_auth $CA $extra || exit 1 + +echo test dtlsv1 with client authentication +$ssltest -dtls1 -client_auth $CA $extra || exit 1 + +echo test dtlsv1 with both client and server authentication +$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1 + +echo test dtlsv1.2 +$ssltest -dtls12 $extra || exit 1 + +echo test dtlsv1.2 with server authentication +$ssltest -dtls12 -server_auth $CA $extra || exit 1 + +echo test dtlsv1.2 with client authentication +$ssltest -dtls12 -client_auth $CA $extra || exit 1 + +echo test dtlsv1.2 with both client and server authentication +$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1 + if [ $dsa_cert = NO ]; then echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 @@ -121,10 +145,9 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 -echo "Testing ciphersuites" -for protocol in TLSv1.2 SSLv3; do - echo "Testing ciphersuites for $protocol" - for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do +test_cipher() { + local cipher=$1 + local protocol=$2 echo "Testing $cipher" prot="" if [ $protocol = "SSLv3" ] ; then @@ -135,7 +158,38 @@ for protocol in TLSv1.2 SSLv3; do echo "Failed $cipher" exit 1 fi +} + +echo "Testing ciphersuites" +for protocol in TLSv1.2 SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + test_cipher $cipher $protocol done + if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + echo "skipping RSA+DHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + echo "testing connection with weak DH, expecting failure" + if [ $protocol = "SSLv3" ] ; then + $ssltest -cipher EDH -dhe512 -ssl3 + else + $ssltest -cipher EDH -dhe512 + fi + if [ $? -eq 0 ]; then + echo "FAIL: connection with weak DH succeeded" + exit 1 + fi + fi + if ../util/shlib_wrap.sh ../apps/openssl no-ec; then + echo "skipping RSA+ECDHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + fi done ############################################################################# diff --git a/openssl/test/tocsp b/openssl/test/tocsp index 5fc291ca6..48e81bf30 100755 --- a/openssl/test/tocsp +++ b/openssl/test/tocsp @@ -8,7 +8,7 @@ check_time="-attime 1355875200" test_ocsp () { $cmd base64 -d -in $ocspdir/$1 | \ - $cmd ocsp -respin - -partial_chain $check_time \ + $cmd ocsp -respin - -partial_chain $check_time -trusted_first \ -CAfile $ocspdir/$2 -verify_other $ocspdir/$2 -CApath /dev/null [ $? != $3 ] && exit 1 } diff --git a/openssl/tools/Makefile b/openssl/tools/Makefile index bb6fb71f3..c1a2f6bcc 100644 --- a/openssl/tools/Makefile +++ b/openssl/tools/Makefile @@ -44,6 +44,8 @@ tags: errors: +update: depend + depend: dclean: diff --git a/openssl/tools/c_rehash b/openssl/tools/c_rehash index 4a0f0e10e..6a27c0224 100644 --- a/openssl/tools/c_rehash +++ b/openssl/tools/c_rehash @@ -15,13 +15,13 @@ my $symlink_exists=eval {symlink("",""); 1}; my $removelinks = 1; ## Parse flags. -while ( $ARGV[0] =~ '-.*' ) { +while ( $ARGV[0] =~ /^-/ ) { my $flag = shift @ARGV; last if ( $flag eq '--'); - if ( $flag =~ /-old/) { + if ( $flag eq '-old') { $x509hash = "-subject_hash_old"; $crlhash = "-hash_old"; - } elsif ( $flag =~ /-h/) { + } elsif ( $flag eq '-h') { help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; diff --git a/openssl/tools/c_rehash.in b/openssl/tools/c_rehash.in index 887e92712..b086ff9cf 100644 --- a/openssl/tools/c_rehash.in +++ b/openssl/tools/c_rehash.in @@ -15,13 +15,13 @@ my $symlink_exists=eval {symlink("",""); 1}; my $removelinks = 1; ## Parse flags. -while ( $ARGV[0] =~ '-.*' ) { +while ( $ARGV[0] =~ /^-/ ) { my $flag = shift @ARGV; last if ( $flag eq '--'); - if ( $flag =~ /-old/) { + if ( $flag eq '-old') { $x509hash = "-subject_hash_old"; $crlhash = "-hash_old"; - } elsif ( $flag =~ /-h/) { + } elsif ( $flag eq '-h') { help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; diff --git a/openssl/util/libeay.num b/openssl/util/libeay.num index b977e4e4b..7f7487df5 100644 --- a/openssl/util/libeay.num +++ b/openssl/util/libeay.num @@ -4413,3 +4413,4 @@ ECDSA_METHOD_get_app_data 4770 EXIST::FUNCTION:ECDSA X509_VERIFY_PARAM_add1_host 4771 EXIST::FUNCTION: EC_GROUP_get_mont_data 4772 EXIST::FUNCTION:EC i2d_re_X509_tbs 4773 EXIST::FUNCTION: +EVP_PKEY_asn1_set_item 4774 EXIST::FUNCTION: diff --git a/openssl/util/mk1mf.pl b/openssl/util/mk1mf.pl index 7d4491fae..9b8abc0cf 100644 --- a/openssl/util/mk1mf.pl +++ b/openssl/util/mk1mf.pl @@ -340,7 +340,7 @@ open(IN,"<$infile") || die "unable to open $infile:$!\n"; $_=; for (;;) { - chop; + s/\s*$//; # was chop, didn't work in mixture of perls for Windows... ($key,$val)=/^([^=]+)=(.*)/; if ($key eq "RELATIVE_DIRECTORY") diff --git a/openssl/util/mkerr.pl b/openssl/util/mkerr.pl index 7b6776dda..09ebebef9 100644 --- a/openssl/util/mkerr.pl +++ b/openssl/util/mkerr.pl @@ -535,14 +535,21 @@ EOF # First, read any existing reason string definitions: my %err_reason_strings; if (open(IN,"<$cfile")) { + my $line = ""; while () { - if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) { - $err_reason_strings{$1} = $2; - } - if (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) { - if (!exists $ftrans{$1} && ($1 ne $2)) { - print STDERR "WARNING: Mismatched function string $2\n"; - $ftrans{$1} = $2; + chomp; + $_ = $line . $_; + $line = ""; + if (/{ERR_(FUNC|REASON)\(/) { + if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) { + $err_reason_strings{$1} = $2; + } elsif (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) { + if (!exists $ftrans{$1} && ($1 ne $2)) { + print STDERR "WARNING: Mismatched function string $2\n"; + $ftrans{$1} = $2; + } + } else { + $line = $_; } } } diff --git a/openssl/util/pl/BC-32.pl b/openssl/util/pl/BC-32.pl index ed28e65e6..f7161d7bf 100644 --- a/openssl/util/pl/BC-32.pl +++ b/openssl/util/pl/BC-32.pl @@ -130,7 +130,7 @@ sub do_link_rule local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; return($ret); diff --git a/openssl/util/pl/VC-32.pl b/openssl/util/pl/VC-32.pl index 852eb30d0..da05e9dff 100644 --- a/openssl/util/pl/VC-32.pl +++ b/openssl/util/pl/VC-32.pl @@ -357,7 +357,7 @@ sub do_link_rule my($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; if ($standalone == 1) { diff --git a/packages.txt b/packages.txt index 26471d8d8..229a660d9 100644 --- a/packages.txt +++ b/packages.txt @@ -67,7 +67,7 @@ libxcb git version libxkbfile-1.0.8 mesa git version mkfontscale git version -openssl-1.0.2a +openssl-1.0.2c pixman git version presentproto-1.0 pthreads-w32 cvs version -- cgit v1.2.3 From 0b3be550b20ad9f991f77bf979b2c306a7d4ef11 Mon Sep 17 00:00:00 2001 From: marha Date: Mon, 15 Jun 2015 20:22:43 +0200 Subject: Update to freetype 2.6 --- freetype/CMakeLists.txt | 8 +- freetype/ChangeLog | 1639 ++++- freetype/ChangeLog.20 | 2 +- freetype/ChangeLog.21 | 2 +- freetype/ChangeLog.22 | 2 +- freetype/ChangeLog.23 | 2 +- freetype/ChangeLog.24 | 2 +- freetype/Jamfile | 4 +- freetype/Jamrules | 2 +- freetype/Makefile | 2 +- freetype/README | 12 +- freetype/README.git | 2 +- freetype/autogen.sh | 2 +- freetype/builds/amiga/README | 2 +- freetype/builds/amiga/include/config/ftconfig.h | 2 +- freetype/builds/amiga/include/config/ftmodule.h | 2 +- freetype/builds/amiga/makefile | 18 +- freetype/builds/amiga/makefile.os4 | 18 +- freetype/builds/amiga/smakefile | 12 +- freetype/builds/amiga/src/base/ftdebug.c | 2 +- freetype/builds/amiga/src/base/ftsystem.c | 2 +- freetype/builds/ansi/ansi-def.mk | 2 +- freetype/builds/ansi/ansi.mk | 2 +- freetype/builds/beos/beos-def.mk | 2 +- freetype/builds/beos/beos.mk | 2 +- freetype/builds/beos/detect.mk | 2 +- freetype/builds/cmake/iOS.cmake | 2 +- freetype/builds/compiler/ansi-cc.mk | 2 +- freetype/builds/compiler/bcc-dev.mk | 2 +- freetype/builds/compiler/bcc.mk | 2 +- freetype/builds/compiler/emx.mk | 2 +- freetype/builds/compiler/gcc-dev.mk | 2 +- freetype/builds/compiler/gcc.mk | 2 +- freetype/builds/compiler/intelc.mk | 2 +- freetype/builds/compiler/unix-lcc.mk | 2 +- freetype/builds/compiler/visualage.mk | 2 +- freetype/builds/compiler/visualc.mk | 2 +- freetype/builds/compiler/watcom.mk | 2 +- freetype/builds/compiler/win-lcc.mk | 2 +- freetype/builds/detect.mk | 2 +- freetype/builds/dos/detect.mk | 2 +- freetype/builds/dos/dos-def.mk | 2 +- freetype/builds/dos/dos-emx.mk | 2 +- freetype/builds/dos/dos-gcc.mk | 2 +- freetype/builds/dos/dos-wat.mk | 2 +- freetype/builds/exports.mk | 2 +- freetype/builds/freetype.mk | 34 +- freetype/builds/link_dos.mk | 2 +- freetype/builds/link_std.mk | 2 +- freetype/builds/mac/FreeType.m68k_cfm.make.txt | 6 +- freetype/builds/mac/FreeType.m68k_far.make.txt | 6 +- freetype/builds/mac/FreeType.ppc_carbon.make.txt | 6 +- freetype/builds/mac/FreeType.ppc_classic.make.txt | 6 +- freetype/builds/mac/ftmac.c | 2 +- freetype/builds/modules.mk | 2 +- freetype/builds/os2/detect.mk | 2 +- freetype/builds/os2/os2-def.mk | 2 +- freetype/builds/os2/os2-dev.mk | 2 +- freetype/builds/os2/os2-gcc.mk | 2 +- freetype/builds/symbian/bld.inf | 4 +- freetype/builds/symbian/freetype.mmp | 3 +- freetype/builds/toplevel.mk | 44 +- freetype/builds/unix/aclocal.m4 | 662 +- freetype/builds/unix/config.guess | 31 +- freetype/builds/unix/config.sub | 19 +- freetype/builds/unix/configure | 576 +- freetype/builds/unix/configure.ac | 6 +- freetype/builds/unix/configure.raw | 4 +- freetype/builds/unix/detect.mk | 9 +- freetype/builds/unix/freetype-config.in | 2 +- freetype/builds/unix/freetype2.m4 | 2 +- freetype/builds/unix/ft-munmap.m4 | 2 +- freetype/builds/unix/ftconfig.in | 21 +- freetype/builds/unix/ftsystem.c | 2 +- freetype/builds/unix/install-sh | 31 +- freetype/builds/unix/install.mk | 2 +- freetype/builds/unix/ltmain.sh | 173 +- freetype/builds/unix/unix-cc.in | 2 +- freetype/builds/unix/unix-def.in | 2 +- freetype/builds/unix/unix-dev.mk | 2 +- freetype/builds/unix/unix-lcc.mk | 2 +- freetype/builds/unix/unix.mk | 2 +- freetype/builds/unix/unixddef.mk | 2 +- freetype/builds/vms/ftconfig.h | 19 +- freetype/builds/vms/ftsystem.c | 2 +- freetype/builds/wince/ftdebug.c | 2 +- freetype/builds/wince/vc2005-ce/freetype.vcproj | 80 +- freetype/builds/wince/vc2005-ce/index.html | 10 +- freetype/builds/wince/vc2008-ce/freetype.vcproj | 84 +- freetype/builds/wince/vc2008-ce/index.html | 10 +- freetype/builds/windows/detect.mk | 2 +- freetype/builds/windows/ftdebug.c | 2 +- freetype/builds/windows/vc2005/freetype.vcproj | 16 +- freetype/builds/windows/vc2005/index.html | 10 +- freetype/builds/windows/vc2008/freetype.vcproj | 20 +- freetype/builds/windows/vc2008/index.html | 10 +- freetype/builds/windows/vc2010/freetype.vcxproj | 26 +- .../builds/windows/vc2010/freetype.vcxproj.filters | 6 +- freetype/builds/windows/vc2010/index.html | 14 +- freetype/builds/windows/visualc/freetype.dsp | 28 +- freetype/builds/windows/visualc/freetype.vcproj | 20 +- freetype/builds/windows/visualc/index.html | 10 +- freetype/builds/windows/visualce/freetype.dsp | 28 +- freetype/builds/windows/visualce/freetype.vcproj | 92 +- freetype/builds/windows/visualce/index.html | 10 +- freetype/builds/windows/w32-bcc.mk | 2 +- freetype/builds/windows/w32-bccd.mk | 2 +- freetype/builds/windows/w32-dev.mk | 2 +- freetype/builds/windows/w32-gcc.mk | 2 +- freetype/builds/windows/w32-icc.mk | 2 +- freetype/builds/windows/w32-intl.mk | 2 +- freetype/builds/windows/w32-lcc.mk | 2 +- freetype/builds/windows/w32-mingw32.mk | 2 +- freetype/builds/windows/w32-vcc.mk | 2 +- freetype/builds/windows/w32-wat.mk | 2 +- freetype/builds/windows/win32-def.mk | 2 +- freetype/configure | 2 +- freetype/devel/ft2build.h | 2 +- freetype/devel/ftoption.h | 29 +- freetype/docs/CHANGES | 108 +- freetype/docs/CUSTOMIZE | 2 +- freetype/docs/DEBUG | 2 +- freetype/docs/INSTALL | 4 +- freetype/docs/INSTALL.ANY | 10 +- freetype/docs/INSTALL.CROSS | 4 +- freetype/docs/INSTALL.GNU | 2 +- freetype/docs/INSTALL.UNIX | 2 +- freetype/docs/INSTALL.VMS | 2 +- freetype/docs/TODO | 2 +- freetype/docs/VERSION.DLL | 3 +- freetype/docs/formats.txt | 10 +- freetype/docs/freetype-config.1 | 2 +- freetype/docs/raster.txt | 2 +- freetype/docs/reference/ft2-auto_hinter.html | 34 +- freetype/docs/reference/ft2-base_interface.html | 25 +- freetype/docs/reference/ft2-basic_types.html | 7 +- freetype/docs/reference/ft2-bdf_fonts.html | 4 +- freetype/docs/reference/ft2-bitmap_handling.html | 20 +- freetype/docs/reference/ft2-bzip2.html | 4 +- freetype/docs/reference/ft2-cache_subsystem.html | 8 +- freetype/docs/reference/ft2-cff_driver.html | 4 +- freetype/docs/reference/ft2-cid_fonts.html | 4 +- freetype/docs/reference/ft2-computations.html | 4 +- freetype/docs/reference/ft2-font_formats.html | 24 +- freetype/docs/reference/ft2-gasp_table.html | 4 +- freetype/docs/reference/ft2-glyph_management.html | 4 +- freetype/docs/reference/ft2-glyph_stroker.html | 4 +- freetype/docs/reference/ft2-glyph_variants.html | 4 +- freetype/docs/reference/ft2-gx_validation.html | 4 +- freetype/docs/reference/ft2-gzip.html | 4 +- .../docs/reference/ft2-header_file_macros.html | 15 +- freetype/docs/reference/ft2-header_inclusion.html | 4 +- freetype/docs/reference/ft2-incremental.html | 4 +- freetype/docs/reference/ft2-index.html | 544 +- freetype/docs/reference/ft2-lcd_filtering.html | 4 +- freetype/docs/reference/ft2-list_processing.html | 4 +- freetype/docs/reference/ft2-lzw.html | 4 +- freetype/docs/reference/ft2-mac_specific.html | 4 +- freetype/docs/reference/ft2-module_management.html | 8 +- freetype/docs/reference/ft2-multiple_masters.html | 16 +- freetype/docs/reference/ft2-ot_validation.html | 4 +- .../docs/reference/ft2-outline_processing.html | 4 +- freetype/docs/reference/ft2-pfr_fonts.html | 4 +- freetype/docs/reference/ft2-quick_advance.html | 6 +- freetype/docs/reference/ft2-raster.html | 8 +- freetype/docs/reference/ft2-sfnt_names.html | 4 +- freetype/docs/reference/ft2-sizes_management.html | 4 +- freetype/docs/reference/ft2-system_interface.html | 4 +- freetype/docs/reference/ft2-toc.html | 6 +- freetype/docs/reference/ft2-truetype_engine.html | 4 +- freetype/docs/reference/ft2-truetype_tables.html | 6 +- freetype/docs/reference/ft2-tt_driver.html | 57 +- freetype/docs/reference/ft2-type1_tables.html | 6 +- freetype/docs/reference/ft2-user_allocation.html | 4 +- freetype/docs/reference/ft2-version.html | 8 +- freetype/docs/reference/ft2-winfnt_fonts.html | 8 +- freetype/docs/release | 2 +- freetype/include/config/ftconfig.h | 19 +- freetype/include/config/ftheader.h | 12 +- freetype/include/config/ftoption.h | 31 +- freetype/include/config/ftstdlib.h | 5 +- freetype/include/freetype.h | 55 +- freetype/include/ft2build.h | 2 +- freetype/include/ftadvanc.h | 4 +- freetype/include/ftautoh.h | 52 +- freetype/include/ftbbox.h | 2 +- freetype/include/ftbdf.h | 2 +- freetype/include/ftbitmap.h | 14 +- freetype/include/ftbzip2.h | 2 +- freetype/include/ftcache.h | 6 +- freetype/include/ftcffdrv.h | 2 +- freetype/include/ftcid.h | 3 +- freetype/include/fterrdef.h | 2 +- freetype/include/fterrors.h | 2 +- freetype/include/ftfntfmt.h | 92 + freetype/include/ftgasp.h | 2 +- freetype/include/ftglyph.h | 2 +- freetype/include/ftgxval.h | 2 +- freetype/include/ftgzip.h | 2 +- freetype/include/ftimage.h | 20 +- freetype/include/ftincrem.h | 2 +- freetype/include/ftlcdfil.h | 2 +- freetype/include/ftlist.h | 2 +- freetype/include/ftlzw.h | 2 +- freetype/include/ftmac.h | 2 +- freetype/include/ftmm.h | 28 +- freetype/include/ftmodapi.h | 6 +- freetype/include/ftmoderr.h | 2 +- freetype/include/ftotval.h | 2 +- freetype/include/ftoutln.h | 2 +- freetype/include/ftpfr.h | 2 +- freetype/include/ftrender.h | 11 +- freetype/include/ftsizes.h | 2 +- freetype/include/ftsnames.h | 2 +- freetype/include/ftstroke.h | 2 +- freetype/include/ftsynth.h | 8 +- freetype/include/ftsystem.h | 2 +- freetype/include/fttrigon.h | 2 +- freetype/include/ftttdrv.h | 107 +- freetype/include/fttypes.h | 2 +- freetype/include/ftwinfnt.h | 6 +- freetype/include/ftxf86.h | 84 - freetype/include/internal/autohint.h | 2 +- freetype/include/internal/ftcalc.h | 2 +- freetype/include/internal/ftdebug.h | 4 +- freetype/include/internal/ftdriver.h | 2 +- freetype/include/internal/ftgloadr.h | 38 +- freetype/include/internal/ftmemory.h | 28 +- freetype/include/internal/ftobjs.h | 18 +- freetype/include/internal/ftpic.h | 2 +- freetype/include/internal/ftrfork.h | 6 +- freetype/include/internal/ftserv.h | 4 +- freetype/include/internal/ftstream.h | 4 +- freetype/include/internal/fttrace.h | 2 +- freetype/include/internal/ftvalid.h | 2 +- freetype/include/internal/internal.h | 2 +- freetype/include/internal/psaux.h | 20 +- freetype/include/internal/pshints.h | 4 +- freetype/include/internal/services/svbdf.h | 2 +- freetype/include/internal/services/svcid.h | 3 +- freetype/include/internal/services/svfntfmt.h | 55 + freetype/include/internal/services/svgldict.h | 2 +- freetype/include/internal/services/svgxval.h | 2 +- freetype/include/internal/services/svkern.h | 2 +- freetype/include/internal/services/svmm.h | 2 +- freetype/include/internal/services/svotval.h | 2 +- freetype/include/internal/services/svpfr.h | 2 +- freetype/include/internal/services/svpostnm.h | 2 +- freetype/include/internal/services/svprop.h | 2 +- freetype/include/internal/services/svpscmap.h | 2 +- freetype/include/internal/services/svpsinfo.h | 2 +- freetype/include/internal/services/svsfnt.h | 2 +- freetype/include/internal/services/svttcmap.h | 6 +- freetype/include/internal/services/svtteng.h | 2 +- freetype/include/internal/services/svttglyf.h | 3 +- freetype/include/internal/services/svwinfnt.h | 2 +- freetype/include/internal/services/svxf86nm.h | 55 - freetype/include/internal/sfnt.h | 2 +- freetype/include/internal/t1types.h | 20 +- freetype/include/internal/tttypes.h | 12 +- freetype/include/t1tables.h | 7 +- freetype/include/ttnameid.h | 4 +- freetype/include/tttables.h | 4 +- freetype/include/tttags.h | 2 +- freetype/include/ttunpat.h | 2 +- freetype/modules.cfg | 12 +- freetype/src/Jamfile | 2 +- freetype/src/autofit/Jamfile | 2 +- freetype/src/autofit/afangles.c | 4 +- freetype/src/autofit/afblue.c | 32 +- freetype/src/autofit/afblue.cin | 2 +- freetype/src/autofit/afblue.dat | 41 +- freetype/src/autofit/afblue.h | 89 +- freetype/src/autofit/afblue.hin | 14 +- freetype/src/autofit/afcjk.c | 76 +- freetype/src/autofit/afcjk.h | 14 +- freetype/src/autofit/afcover.h | 2 +- freetype/src/autofit/afdummy.c | 2 +- freetype/src/autofit/afdummy.h | 2 +- freetype/src/autofit/aferrors.h | 2 +- freetype/src/autofit/afglobal.c | 7 +- freetype/src/autofit/afglobal.h | 2 +- freetype/src/autofit/afhints.c | 199 +- freetype/src/autofit/afhints.h | 73 +- freetype/src/autofit/afindic.c | 2 +- freetype/src/autofit/afindic.h | 2 +- freetype/src/autofit/aflatin.c | 80 +- freetype/src/autofit/aflatin.h | 30 +- freetype/src/autofit/aflatin2.c | 75 +- freetype/src/autofit/aflatin2.h | 2 +- freetype/src/autofit/afloader.c | 220 +- freetype/src/autofit/afloader.h | 21 +- freetype/src/autofit/afmodule.c | 114 +- freetype/src/autofit/afmodule.h | 19 +- freetype/src/autofit/afpic.c | 2 +- freetype/src/autofit/afpic.h | 2 +- freetype/src/autofit/afranges.c | 19 +- freetype/src/autofit/afranges.h | 2 +- freetype/src/autofit/afscript.h | 12 +- freetype/src/autofit/afstyles.h | 17 +- freetype/src/autofit/aftypes.h | 18 +- freetype/src/autofit/afwarp.c | 8 +- freetype/src/autofit/afwarp.h | 4 +- freetype/src/autofit/afwrtsys.h | 2 +- freetype/src/autofit/autofit.c | 2 +- freetype/src/autofit/hbshim.c | 13 +- freetype/src/autofit/hbshim.h | 2 +- freetype/src/autofit/module.mk | 2 +- freetype/src/autofit/rules.mk | 7 +- freetype/src/base/Jamfile | 2 +- freetype/src/base/basepic.c | 2 +- freetype/src/base/basepic.h | 2 +- freetype/src/base/ftadvanc.c | 2 +- freetype/src/base/ftapi.c | 2 +- freetype/src/base/ftbase.c | 2 +- freetype/src/base/ftbase.h | 2 +- freetype/src/base/ftbbox.c | 9 +- freetype/src/base/ftbdf.c | 2 +- freetype/src/base/ftbitmap.c | 67 +- freetype/src/base/ftcalc.c | 287 +- freetype/src/base/ftcid.c | 3 +- freetype/src/base/ftdbgmem.c | 126 +- freetype/src/base/ftdebug.c | 2 +- freetype/src/base/ftfntfmt.c | 55 + freetype/src/base/ftfstype.c | 2 +- freetype/src/base/ftgasp.c | 2 +- freetype/src/base/ftgloadr.c | 17 +- freetype/src/base/ftglyph.c | 20 +- freetype/src/base/ftgxval.c | 2 +- freetype/src/base/ftinit.c | 10 +- freetype/src/base/ftlcdfil.c | 14 +- freetype/src/base/ftmac.c | 2 +- freetype/src/base/ftmm.c | 2 +- freetype/src/base/ftobjs.c | 142 +- freetype/src/base/ftotval.c | 2 +- freetype/src/base/ftoutln.c | 24 +- freetype/src/base/ftpatent.c | 3 +- freetype/src/base/ftpfr.c | 2 +- freetype/src/base/ftpic.c | 2 +- freetype/src/base/ftrfork.c | 22 +- freetype/src/base/ftsnames.c | 2 +- freetype/src/base/ftstream.c | 88 +- freetype/src/base/ftstroke.c | 40 +- freetype/src/base/ftsynth.c | 2 +- freetype/src/base/ftsystem.c | 16 +- freetype/src/base/fttrigon.c | 75 +- freetype/src/base/fttype1.c | 2 +- freetype/src/base/ftutil.c | 14 +- freetype/src/base/ftwinfnt.c | 2 +- freetype/src/base/ftxf86.c | 40 - freetype/src/base/rules.mk | 7 +- freetype/src/bdf/Jamfile | 2 +- freetype/src/bdf/bdf.h | 10 +- freetype/src/bdf/bdfdrivr.c | 30 +- freetype/src/bdf/bdfdrivr.h | 2 +- freetype/src/bdf/bdflib.c | 133 +- freetype/src/bdf/rules.mk | 5 +- freetype/src/bzip2/Jamfile | 5 +- freetype/src/bzip2/ftbzip2.c | 7 +- freetype/src/bzip2/rules.mk | 9 +- freetype/src/cache/Jamfile | 2 +- freetype/src/cache/ftcache.c | 2 +- freetype/src/cache/ftcbasic.c | 28 +- freetype/src/cache/ftccache.c | 18 +- freetype/src/cache/ftccache.h | 18 +- freetype/src/cache/ftccback.h | 2 +- freetype/src/cache/ftccmap.c | 10 +- freetype/src/cache/ftcerror.h | 2 +- freetype/src/cache/ftcglyph.c | 4 +- freetype/src/cache/ftcglyph.h | 4 +- freetype/src/cache/ftcimage.c | 9 +- freetype/src/cache/ftcimage.h | 2 +- freetype/src/cache/ftcmanag.c | 11 +- freetype/src/cache/ftcmanag.h | 2 +- freetype/src/cache/ftcmru.c | 2 +- freetype/src/cache/ftcmru.h | 2 +- freetype/src/cache/ftcsbits.c | 8 +- freetype/src/cache/ftcsbits.h | 2 +- freetype/src/cache/rules.mk | 9 +- freetype/src/cff/Jamfile | 2 +- freetype/src/cff/cf2arrst.c | 2 +- freetype/src/cff/cf2fixed.h | 22 +- freetype/src/cff/cf2font.h | 7 +- freetype/src/cff/cf2ft.c | 23 +- freetype/src/cff/cf2ft.h | 2 +- freetype/src/cff/cf2hints.c | 6 +- freetype/src/cff/cf2intrp.c | 52 +- freetype/src/cff/cff.c | 2 +- freetype/src/cff/cffcmap.c | 2 +- freetype/src/cff/cffcmap.h | 2 +- freetype/src/cff/cffdrivr.c | 100 +- freetype/src/cff/cffdrivr.h | 2 +- freetype/src/cff/cfferrs.h | 2 +- freetype/src/cff/cffgload.c | 99 +- freetype/src/cff/cffgload.h | 9 +- freetype/src/cff/cffload.c | 12 +- freetype/src/cff/cffload.h | 2 +- freetype/src/cff/cffobjs.c | 41 +- freetype/src/cff/cffobjs.h | 2 +- freetype/src/cff/cffparse.c | 32 +- freetype/src/cff/cffparse.h | 2 +- freetype/src/cff/cffpic.c | 2 +- freetype/src/cff/cffpic.h | 2 +- freetype/src/cff/cfftoken.h | 2 +- freetype/src/cff/cfftypes.h | 2 +- freetype/src/cff/module.mk | 2 +- freetype/src/cff/rules.mk | 7 +- freetype/src/cid/Jamfile | 2 +- freetype/src/cid/ciderrs.h | 2 +- freetype/src/cid/cidgload.c | 24 +- freetype/src/cid/cidgload.h | 2 +- freetype/src/cid/cidload.c | 36 +- freetype/src/cid/cidload.h | 4 +- freetype/src/cid/cidobjs.c | 14 +- freetype/src/cid/cidobjs.h | 2 +- freetype/src/cid/cidparse.c | 19 +- freetype/src/cid/cidparse.h | 6 +- freetype/src/cid/cidriver.c | 6 +- freetype/src/cid/cidriver.h | 2 +- freetype/src/cid/cidtoken.h | 2 +- freetype/src/cid/module.mk | 2 +- freetype/src/cid/rules.mk | 7 +- freetype/src/cid/type1cid.c | 2 +- freetype/src/gxvalid/Jamfile | 2 +- freetype/src/gxvalid/README | 2 +- freetype/src/gxvalid/gxvalid.c | 3 +- freetype/src/gxvalid/gxvalid.h | 3 +- freetype/src/gxvalid/gxvbsln.c | 5 +- freetype/src/gxvalid/gxvcommn.c | 39 +- freetype/src/gxvalid/gxvcommn.h | 6 +- freetype/src/gxvalid/gxverror.h | 4 +- freetype/src/gxvalid/gxvfeat.c | 2 +- freetype/src/gxvalid/gxvfeat.h | 3 +- freetype/src/gxvalid/gxvfgen.c | 3 +- freetype/src/gxvalid/gxvjust.c | 38 +- freetype/src/gxvalid/gxvkern.c | 8 +- freetype/src/gxvalid/gxvlcar.c | 9 +- freetype/src/gxvalid/gxvmod.c | 4 +- freetype/src/gxvalid/gxvmod.h | 3 +- freetype/src/gxvalid/gxvmort.c | 7 +- freetype/src/gxvalid/gxvmort.h | 3 +- freetype/src/gxvalid/gxvmort0.c | 3 +- freetype/src/gxvalid/gxvmort1.c | 5 +- freetype/src/gxvalid/gxvmort2.c | 5 +- freetype/src/gxvalid/gxvmort4.c | 3 +- freetype/src/gxvalid/gxvmort5.c | 3 +- freetype/src/gxvalid/gxvmorx.c | 4 +- freetype/src/gxvalid/gxvmorx.h | 3 +- freetype/src/gxvalid/gxvmorx0.c | 3 +- freetype/src/gxvalid/gxvmorx1.c | 7 +- freetype/src/gxvalid/gxvmorx2.c | 6 +- freetype/src/gxvalid/gxvmorx4.c | 3 +- freetype/src/gxvalid/gxvmorx5.c | 3 +- freetype/src/gxvalid/gxvopbd.c | 5 +- freetype/src/gxvalid/gxvprop.c | 5 +- freetype/src/gxvalid/gxvtrak.c | 10 +- freetype/src/gxvalid/module.mk | 6 +- freetype/src/gxvalid/rules.mk | 8 +- freetype/src/gzip/Jamfile | 2 +- freetype/src/gzip/ftgzip.c | 3 +- freetype/src/gzip/rules.mk | 11 +- freetype/src/lzw/Jamfile | 2 +- freetype/src/lzw/ftlzw.c | 5 +- freetype/src/lzw/ftzopen.c | 5 +- freetype/src/lzw/ftzopen.h | 7 +- freetype/src/lzw/rules.mk | 10 +- freetype/src/otvalid/Jamfile | 2 +- freetype/src/otvalid/module.mk | 2 +- freetype/src/otvalid/otvalid.c | 2 +- freetype/src/otvalid/otvalid.h | 2 +- freetype/src/otvalid/otvbase.c | 2 +- freetype/src/otvalid/otvcommn.c | 4 +- freetype/src/otvalid/otvcommn.h | 2 +- freetype/src/otvalid/otverror.h | 2 +- freetype/src/otvalid/otvgdef.c | 4 +- freetype/src/otvalid/otvgpos.c | 10 +- freetype/src/otvalid/otvgpos.h | 2 +- freetype/src/otvalid/otvgsub.c | 10 +- freetype/src/otvalid/otvjstf.c | 2 +- freetype/src/otvalid/otvmath.c | 10 +- freetype/src/otvalid/otvmod.c | 2 +- freetype/src/otvalid/otvmod.h | 2 +- freetype/src/otvalid/rules.mk | 7 +- freetype/src/pcf/Jamfile | 2 +- freetype/src/pcf/pcf.h | 4 +- freetype/src/pcf/pcfdrivr.c | 50 +- freetype/src/pcf/pcfread.c | 37 +- freetype/src/pcf/rules.mk | 5 +- freetype/src/pfr/Jamfile | 2 +- freetype/src/pfr/module.mk | 2 +- freetype/src/pfr/pfr.c | 2 +- freetype/src/pfr/pfrcmap.c | 2 +- freetype/src/pfr/pfrcmap.h | 2 +- freetype/src/pfr/pfrdrivr.c | 20 +- freetype/src/pfr/pfrdrivr.h | 2 +- freetype/src/pfr/pfrerror.h | 2 +- freetype/src/pfr/pfrgload.c | 8 +- freetype/src/pfr/pfrgload.h | 2 +- freetype/src/pfr/pfrload.c | 19 +- freetype/src/pfr/pfrload.h | 4 +- freetype/src/pfr/pfrobjs.c | 28 +- freetype/src/pfr/pfrobjs.h | 2 +- freetype/src/pfr/pfrsbit.c | 71 +- freetype/src/pfr/pfrsbit.h | 2 +- freetype/src/pfr/pfrtypes.h | 6 +- freetype/src/pfr/rules.mk | 7 +- freetype/src/psaux/Jamfile | 2 +- freetype/src/psaux/afmparse.c | 45 +- freetype/src/psaux/afmparse.h | 5 +- freetype/src/psaux/module.mk | 2 +- freetype/src/psaux/psaux.c | 2 +- freetype/src/psaux/psauxerr.h | 2 +- freetype/src/psaux/psauxmod.c | 2 +- freetype/src/psaux/psauxmod.h | 2 +- freetype/src/psaux/psconv.c | 6 +- freetype/src/psaux/psconv.h | 2 +- freetype/src/psaux/psobjs.c | 36 +- freetype/src/psaux/psobjs.h | 12 +- freetype/src/psaux/rules.mk | 7 +- freetype/src/psaux/t1cmap.c | 10 +- freetype/src/psaux/t1cmap.h | 2 +- freetype/src/psaux/t1decode.c | 32 +- freetype/src/psaux/t1decode.h | 2 +- freetype/src/pshinter/Jamfile | 2 +- freetype/src/pshinter/module.mk | 2 +- freetype/src/pshinter/pshalgo.c | 49 +- freetype/src/pshinter/pshalgo.h | 49 +- freetype/src/pshinter/pshglob.c | 10 +- freetype/src/pshinter/pshglob.h | 2 +- freetype/src/pshinter/pshinter.c | 2 +- freetype/src/pshinter/pshmod.c | 2 +- freetype/src/pshinter/pshmod.h | 2 +- freetype/src/pshinter/pshnterr.h | 2 +- freetype/src/pshinter/pshpic.c | 2 +- freetype/src/pshinter/pshpic.h | 2 +- freetype/src/pshinter/pshrec.c | 190 +- freetype/src/pshinter/pshrec.h | 10 +- freetype/src/pshinter/rules.mk | 7 +- freetype/src/psnames/Jamfile | 2 +- freetype/src/psnames/module.mk | 2 +- freetype/src/psnames/psmodule.c | 4 +- freetype/src/psnames/psmodule.h | 2 +- freetype/src/psnames/psnamerr.h | 2 +- freetype/src/psnames/psnames.c | 2 +- freetype/src/psnames/pspic.c | 2 +- freetype/src/psnames/pspic.h | 2 +- freetype/src/psnames/pstables.h | 2 +- freetype/src/psnames/rules.mk | 7 +- freetype/src/raster/Jamfile | 2 +- freetype/src/raster/ftmisc.h | 2 +- freetype/src/raster/ftraster.c | 715 +-- freetype/src/raster/ftraster.h | 2 +- freetype/src/raster/ftrend1.c | 114 +- freetype/src/raster/ftrend1.h | 2 +- freetype/src/raster/module.mk | 2 +- freetype/src/raster/raster.c | 2 +- freetype/src/raster/rasterrs.h | 2 +- freetype/src/raster/rastpic.c | 2 +- freetype/src/raster/rastpic.h | 2 +- freetype/src/raster/rules.mk | 7 +- freetype/src/sfnt/Jamfile | 2 +- freetype/src/sfnt/module.mk | 2 +- freetype/src/sfnt/pngshim.c | 35 +- freetype/src/sfnt/pngshim.h | 3 +- freetype/src/sfnt/rules.mk | 7 +- freetype/src/sfnt/sfdriver.c | 8 +- freetype/src/sfnt/sfdriver.h | 2 +- freetype/src/sfnt/sferrors.h | 2 +- freetype/src/sfnt/sfnt.c | 2 +- freetype/src/sfnt/sfntpic.c | 2 +- freetype/src/sfnt/sfntpic.h | 2 +- freetype/src/sfnt/sfobjs.c | 33 +- freetype/src/sfnt/sfobjs.h | 2 +- freetype/src/sfnt/ttbdf.c | 2 +- freetype/src/sfnt/ttbdf.h | 2 +- freetype/src/sfnt/ttcmap.c | 24 +- freetype/src/sfnt/ttcmap.h | 2 +- freetype/src/sfnt/ttcmapc.h | 2 +- freetype/src/sfnt/ttkern.c | 6 +- freetype/src/sfnt/ttkern.h | 2 +- freetype/src/sfnt/ttload.c | 57 +- freetype/src/sfnt/ttload.h | 2 +- freetype/src/sfnt/ttmtx.c | 2 +- freetype/src/sfnt/ttmtx.h | 2 +- freetype/src/sfnt/ttpost.c | 34 +- freetype/src/sfnt/ttpost.h | 2 +- freetype/src/sfnt/ttsbit.c | 62 +- freetype/src/sfnt/ttsbit.h | 2 +- freetype/src/smooth/Jamfile | 2 +- freetype/src/smooth/ftgrays.c | 124 +- freetype/src/smooth/ftgrays.h | 2 +- freetype/src/smooth/ftsmerrs.h | 2 +- freetype/src/smooth/ftsmooth.c | 8 +- freetype/src/smooth/ftsmooth.h | 2 +- freetype/src/smooth/ftspic.c | 2 +- freetype/src/smooth/ftspic.h | 2 +- freetype/src/smooth/module.mk | 2 +- freetype/src/smooth/rules.mk | 8 +- freetype/src/smooth/smooth.c | 2 +- freetype/src/tools/afblue.pl | 2 +- freetype/src/tools/apinames.c | 6 +- freetype/src/tools/docmaker/content.py | 2 +- freetype/src/tools/docmaker/docmaker.py | 2 +- freetype/src/tools/docmaker/formatter.py | 2 +- freetype/src/tools/docmaker/sources.py | 2 +- freetype/src/tools/docmaker/tohtml.py | 2 +- freetype/src/tools/docmaker/utils.py | 2 +- freetype/src/tools/glnames.py | 6 +- freetype/src/tools/no-copyright | 61 + freetype/src/tools/test_afm.c | 2 +- freetype/src/tools/update-copyright | 14 + freetype/src/tools/update-copyright-year | 135 + freetype/src/truetype/Jamfile | 2 +- freetype/src/truetype/module.mk | 2 +- freetype/src/truetype/rules.mk | 7 +- freetype/src/truetype/truetype.c | 2 +- freetype/src/truetype/ttdriver.c | 16 +- freetype/src/truetype/ttdriver.h | 2 +- freetype/src/truetype/tterrors.h | 2 +- freetype/src/truetype/ttgload.c | 362 +- freetype/src/truetype/ttgload.h | 2 +- freetype/src/truetype/ttgxvar.c | 931 ++- freetype/src/truetype/ttgxvar.h | 10 +- freetype/src/truetype/ttinterp.c | 6716 +++++++++----------- freetype/src/truetype/ttinterp.h | 64 +- freetype/src/truetype/ttobjs.c | 66 +- freetype/src/truetype/ttobjs.h | 12 +- freetype/src/truetype/ttpic.c | 2 +- freetype/src/truetype/ttpic.h | 2 +- freetype/src/truetype/ttpload.c | 16 +- freetype/src/truetype/ttpload.h | 2 +- freetype/src/truetype/ttsubpix.c | 84 +- freetype/src/truetype/ttsubpix.h | 42 +- freetype/src/type1/Jamfile | 2 +- freetype/src/type1/module.mk | 2 +- freetype/src/type1/rules.mk | 7 +- freetype/src/type1/t1afm.c | 8 +- freetype/src/type1/t1afm.h | 2 +- freetype/src/type1/t1driver.c | 36 +- freetype/src/type1/t1driver.h | 2 +- freetype/src/type1/t1errors.h | 2 +- freetype/src/type1/t1gload.c | 10 +- freetype/src/type1/t1gload.h | 2 +- freetype/src/type1/t1load.c | 237 +- freetype/src/type1/t1load.h | 2 +- freetype/src/type1/t1objs.c | 10 +- freetype/src/type1/t1objs.h | 2 +- freetype/src/type1/t1parse.c | 24 +- freetype/src/type1/t1parse.h | 8 +- freetype/src/type1/t1tokens.h | 2 +- freetype/src/type1/type1.c | 2 +- freetype/src/type42/Jamfile | 2 +- freetype/src/type42/module.mk | 2 +- freetype/src/type42/rules.mk | 7 +- freetype/src/type42/t42drivr.c | 6 +- freetype/src/type42/t42drivr.h | 3 +- freetype/src/type42/t42error.h | 2 +- freetype/src/type42/t42objs.c | 20 +- freetype/src/type42/t42objs.h | 4 +- freetype/src/type42/t42parse.c | 71 +- freetype/src/type42/t42parse.h | 7 +- freetype/src/type42/t42types.h | 5 +- freetype/src/type42/type42.c | 2 +- freetype/src/winfonts/Jamfile | 2 +- freetype/src/winfonts/fnterrs.h | 2 +- freetype/src/winfonts/module.mk | 2 +- freetype/src/winfonts/rules.mk | 7 +- freetype/src/winfonts/winfnt.c | 50 +- freetype/src/winfonts/winfnt.h | 2 +- freetype/vms_make.com | 10 +- packages.txt | 2 +- 671 files changed, 12074 insertions(+), 8875 deletions(-) create mode 100755 freetype/include/ftfntfmt.h delete mode 100644 freetype/include/ftxf86.h create mode 100755 freetype/include/internal/services/svfntfmt.h delete mode 100644 freetype/include/internal/services/svxf86nm.h create mode 100755 freetype/src/base/ftfntfmt.c delete mode 100644 freetype/src/base/ftxf86.c create mode 100755 freetype/src/tools/no-copyright create mode 100755 freetype/src/tools/update-copyright create mode 100755 freetype/src/tools/update-copyright-year diff --git a/freetype/CMakeLists.txt b/freetype/CMakeLists.txt index 8b859a57e..6631fdeb0 100644 --- a/freetype/CMakeLists.txt +++ b/freetype/CMakeLists.txt @@ -1,6 +1,6 @@ # CMakeLists.txt # -# Copyright 2013, 2014 by +# Copyright 2013-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # Written by John Cary @@ -98,8 +98,8 @@ if (BUILD_FRAMEWORK) endif () set(VERSION_MAJOR "2") -set(VERSION_MINOR "5") -set(VERSION_PATCH "5") +set(VERSION_MINOR "6") +set(VERSION_PATCH "0") set(PROJECT_VERSION ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}) # Compiler definitions for building the library @@ -135,6 +135,7 @@ set(BASE_SRCS src/base/ftcid.c src/base/ftdbgmem.c src/base/ftdebug.c + src/base/ftfntfmt.c src/base/ftfstype.c src/base/ftgasp.c src/base/ftgloadr.c @@ -158,7 +159,6 @@ set(BASE_SRCS src/base/fttype1.c src/base/ftutil.c src/base/ftwinfnt.c - src/base/ftxf86.c src/bdf/bdf.c src/bzip2/ftbzip2.c src/cache/ftcache.c diff --git a/freetype/ChangeLog b/freetype/ChangeLog index 809b475f0..fea19b939 100644 --- a/freetype/ChangeLog +++ b/freetype/ChangeLog @@ -1,3 +1,1638 @@ +2015-06-07 Werner Lemberg + + * Version 2.6 released. + ======================= + + + Tag sources with `VER-2-6'. + + * docs/VERSION.DLL: Update documentation and bump version number to + 2.6. + + * README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj, + builds/windows/vc2005/index.html, + builds/windows/vc2008/freetype.vcproj, + builds/windows/vc2008/index.html, + builds/windows/vc2010/freetype.vcxproj, + builds/windows/vc2010/index.html, + builds/windows/visualc/freetype.dsp, + builds/windows/visualc/freetype.vcproj, + builds/windows/visualc/index.html, + builds/windows/visualce/freetype.dsp, + builds/windows/visualce/freetype.vcproj, + builds/windows/visualce/index.html, + builds/wince/vc2005-ce/freetype.vcproj, + builds/wince/vc2005-ce/index.html, + builds/wince/vc2008-ce/freetype.vcproj, + builds/wince/vc2008-ce/index.html: s/2.5.5/2.6/, s/255/26/. + + * include/freetype/freetype.h (FREETYPE_MINOR): Set to 6. + (FREETYPE_PATCH): Set to 0. + + * builds/unix/configure.raw (version_info): Set to 18:0:12. + * CMakeLists.txt (VERSION_MINOR): Set to 0. + (VERSION_PATCH): Set to 6. + + * src/autofit/afmodule.c [!FT_MAKE_OPTION_SINGLE_OBJECT]: Add + declarations for dumping functions. + + * src/truetype/ttinterp.c (TT_New_Context): Pacify compiler. + + * builds/toplevel.mk: Use `freetype.mk's code to compute the version + string. + Don't include a zero patch level in version string. + * builds/freetype.mk: Remove code for computing the version string. + +2015-06-06 Ashish Azad + + Fix Savannah bug #45260. + + * src/pfr/pfrdrivr.c (pfr_get_kerning): Fix typo. + +2015-06-03 Werner Lemberg + + [truetype] Fix memory leak. + + Problem reported by Grissiom ; in + + http://lists.nongnu.org/archive/html/freetype/2015-05/msg00013.html + + there is an example code to trigger the bug. + + * src/truetype/ttobjs.c (tt_size_init_bytecode): Free old `size' + data before allocating again. Bug most probably introduced four + years ago in version 2.4.3. + +2015-06-02 Werner Lemberg + + [raster] Add more tracing. + + * src/raster/ftraster.c (FT_TRACE7) [_STANDALONE_]: Define. + (Vertical_Sweep_Span, Vertical_Sweep_Drop, Horizontal_Sweep_Span, + Horizontal_Sweep_Drop, Render_Glyph): Add tracing calls. + +2015-06-01 Werner Lemberg + + [truetype] While tracing opcodes, show code position and stack. + + * src/truetype/ttinterp.c: Change all existing TRACE7 calls to + TRACE6. + (opcode_name): Add string lengths. + (TT_RunIns): Implement display of code position and stack. + +2015-05-31 Werner Lemberg + + [truetype] In GX, make private point numbers work correctly. + + This is completely missing in Apple's documentation: If a `gvar' + tuple uses private point numbers (this is, deltas are specified for + some points only), the uncovered points must be interpolated for + this tuple similar to the IUP bytecode instruction. Examples that + need this functionality are glyphs `Oslash' and `Q' in Skia.ttf. + + * src/truetype/ttgxvar.c (tt_delta_shift, tt_delta_interpolate, + tt_handle_deltas): New functions. + (TT_Vary_Get_Glyph_Deltas): Renamed to... + (TT_Vary_Apply_Glyph_Deltas): ... this; it directly processes the + points and does no longer return an array of deltas. + Add tracing information. + Call `tt_handle_deltas' to interpolate missing deltas. + Also fix a minor memory leak in case of error. + + * src/truetype/ttgxvar.h: Updated. + + * src/truetype/ttgload.c (TT_Process_Simple_Glyph, + load_truetype_glyph): Updated. + +2015-05-31 Werner Lemberg + + [truetype] In GX, make intermediate tuplets work at extrema. + + * src/truetype/ttgxvar.c (ft_var_apply_tuple): Fix range condition. + +2015-05-31 Werner Lemberg + + [truetype] Add tracing information to GX code. + + * src/truetype/ttgxvar.c (ft_var_load_avar, ft_var_load_gvar, + ft_var_apply_tuple, TT_Get_MM_Var, TT_Set_MM_Blend, + TT_Set_Var_Design, tt_face_vary_cvt): Do it. + +2015-05-28 Werner Lemberg + + * src/tools/apinames.c (names_dump): Fix invalid reference. + + Problem reported by Guzman Mosqueda, Jose R + . + +2015-05-24 Werner Lemberg + + [truetype] Fix commit from 2015-05-22. + + * src/truetype/ttgload.c, src/truetype/ttinterp.c: Guard new code + with `TT_CONFIG_OPTION_SUBPIXEL_HINTING'. + + Problem reported by Nikolaus Waxweiler . + +2015-05-23 Werner Lemberg + + [truetype] Fix return values of GETINFO bytecode instruction. + + * src/truetype/ttinterp.h (TT_ExecContextRec): New fields + `vertical_lcd' and `gray_cleartype'. + + * src/truetype/ttgload.c (tt_loader_init): Initialize new fields. + Change `symmetrical smoothing' to TRUE, since FreeType produces + exactly this. + + * src/truetype/ttinterp.c (Ins_GETINFO): Fix selector/return bit + values for symmetrical smoothing, namely 11/18. + Handle bits for vertical LCD subpixels (8/15) and Gray ClearType + (12/19). + +2015-05-23 Werner Lemberg + + [truetype] Minor. + + * src/truetype/ttinterp.h (TT_ExecContext): + s/subpixel/subpixel_hinting. + + * src/truetype/ttgload.c, src/truetype/ttgload.h: Updated. + +2015-05-22 Werner Lemberg + + [truetype] Support selector index 3 of the INSTCTRL instruction. + + This flag activates `native ClearType hinting', disabling backwards + compatibility mode as described in Greg Hitchcocks whitepaper. In + other words, it enables unrestricted functionality of all TrueType + instructions in ClearType. + + * src/truetype/ttgload.c (tt_get_metrics): Call `sph_set_tweaks' + unconditionally. + (tt_loader_init): Unset `ignore_x_mode' flag if bit 2 of + `GS.instruct_control' is active. + + * src/truetype/ttinterp.c (Ins_INSTCTRL): Handle selector index 3. + (Ins_GETINFO): Updated. + + * docs/CHANGES: Document it. + +2015-05-20 Werner Lemberg + + [truetype] Minor. + + * src/truetype/ttinterp.h (SetSuperRound): Fix type of `GridPeriod' + argument. + +2015-05-17 Werner Lemberg + + [truetype] Fix loading of composite glyphs. + + * src/truetype/ttgload.c (TT_Load_Composite_Glyph): If the + ARGS_ARE_XY_VALUES flag is not set, handle argument values as + unsigned. I trust `ttx' (which has exactly such code) that it does + the right thing here... + + The reason that noone has ever noticed this bug is probably the fact + that point-aligned subglyphs are rare, as are subglyphs with a + number of points in the range [128;255], which is quite large (or + even in the range [32768;65535], which is extremely unlikely). + +2015-05-12 Chris Liddell + + [cff] Make the `*curveto' operators more tolerant. + + * src/cff/cf2intrp.c (cf2_interpT2CharString): The opcodes + `vvcurveto', `hhcurveto', `vhcurveto', and `hvcurveto' all iterate, + pulling values off the stack until the stack is exhausted. + Implicitly the stack must be a multiple (or for subtly different + behaviour) a multiple plus a specific number of extra values deep. + If that's not the case, enforce it (as the old code did). + +2015-05-12 Chris Liddell + + [cff] fix incremental interface with new cff code. + + * src/cff/cf2ft.c (cf2_getSeacComponent): When using the incremental + interface to retrieve glyph data for a SEAC, it be left to the + incremental interface callback to apply the encoding to raw + character index (as it was in the previous code). + +2015-04-29 Alexei Podtelezhnikov + + [autofit] Speed up IUP. + + * src/autofit/afhints.c (af_iup_interp): Separate trivial snapping to + the same position from true interpolation, use `scale' to reduce + divisions. + +2015-04-28 Werner Lemberg + + [cff] Use `name' table for PS name if we have a SFNT-CFF. + + This follows the OpenType 1.7 specification. See + + http://tug.org/pipermail/tex-live/2015-April/036634.html + + for a discussion. + + * src/cff/cffdrivr.c (cff_get_ps_name): Use the `sfnt' service if we + have an SFNT. + +2015-04-27 Alexei Podtelezhnikov + + [truetype] Speed up IUP. + + * src/truetype/ttinterp.c (_iup_worker_interpolate): Separate trivial + snapping to the same position from true interpolation. + +2015-04-21 Werner Lemberg + + [autofit] By default, enable warping code but switch off warping. + + Suggested by Behdad. + + * include/config/ftoption.h: Define AF_CONFIG_OPTION_USE_WARPER. + + * src/autofit/afmodule.c (af_autofitter_init): Initialize `warping' + with `false'. + +2015-04-21 Werner Lemberg + + * docs/CHANGES: Updated. + +2015-04-21 Werner Lemberg + + [autofit] Introduce `warping' property. + + This code replaces the debugging hook from the previous commit with + a better, more generic solution. + + * include/ftautoh.h: Document it. + + * src/autofit/afmodule.h (AF_ModuleRec) + [AF_CONFIG_OPTION_USE_WARPER]: Add `warping' field. + + * src/autofit/afmodule.c (_af_debug_disable_warper): Remove. + (af_property_set, af_property_get, af_autofitter_init) + [AF_CONFIG_OPTION_USE_WARPER]: Handle `warping' option. + + * src/autofit/afhints.h (AF_HINTS_DO_WARP): Remove use of the no + longer existing `_af_debug_disable_warper'. + + * src/autofit/afcjk.c (af_cjk_hints_init), src/autofit/aflatin.c + (af_latin_hints_init), src/autofit/aflatin2.c (af_latin2_hints_init) + [AF_CONFIG_OPTION_USE_WARPER]: Add `AF_SCALER_FLAG_NO_WARPER' to the + scaler flags if warping is off. + + * src/autofit/aftypes.h: Updated. + +2015-04-16 Werner Lemberg + + [autofit] Add debugging hook to disable warper. + + * src/autofit/afmodule.c (_af_debug_disable_warper) + [FT_DEBUG_AUTOFIT]: New global variable. + + * src/autofit/aftypes.h: Updated. + (AF_SCALER_FLAG_NO_WARPER): New macro (not actively used yet). + + * src/autofit/afhints.h (AF_HINTS_DO_WARP): New macro. + + * src/autofi/aflatin.c (af_latin_hints_apply) + [AF_CONFIG_OPTION_USE_WARPER]: Use `AF_HINTS_DO_WARP' to control use + of warper. + + * src/autofit/afcjk.c (af_cjk_hints_init, af_cjk_hints_apply) + [AF_CONFIG_OPTION_USE_WARPER]: Synchronize with `aflatin.c'. + + * src/autofit/aflatin2.c (af_latin2_hints_apply) + [AF_CONFIG_OPTION_USE_WARPER]: Synchronize with `aflatin.c'. + +2015-04-10 Werner Lemberg + + [cff] Update advance width handling to OpenType 1.7. + + Problem reported by Behdad. + + * src/cff/cffdrivr.c (cff_get_advances): Handle SFNT case + separately. + + * src/cff/cffgload.c (cff_slot_load): Use advance width and side + bearing values from `hmtx' table if present. + +2015-04-03 Alexei Podtelezhnikov + + * src/autofit/afhints.c (af_glyph_hints_reload): Use do-while loop. + +2015-04-02 Alexei Podtelezhnikov + + * src/autofit/aflatin.c (af_latin_hint_edges): Reduce logic. + +2015-04-01 Alexei Podtelezhnikov + + [autofit] Finish the thought. + + * src/autofit/afhints.c (af_direction_compute): make sure the long arm + is never negative so that its `FT_ABS' is not necessary. + +2015-04-01 Werner Lemberg + + [autofit] Call dumper functions for tracing. + + * src/autofit/afcjk.c (af_cjk_hints_apply): Remove dead code. + * src/autofit/afhints.c (af_glyph_hints_dump_points): Minor + improvement. + * src/autofit/afmodule.c (af_autofitter_load_glyph): Implement it. + +2015-04-01 Werner Lemberg + + [autofit] Make debugging stuff work again. + + The interface to ftgrid was broken in the series of commits starting + with + + [autofit] Allocate AF_Loader on the stack instead of AF_Module. + + from 2015-01-14. + + * src/autofit/afmodule.c (_af_debug_hints_rec) [FT_DEBUG_AUTOFIT]: + Use a global AF_GlyphHintsRec object for debugging. + (af_autofitter_done, af_autofitter_load_glyph): Updated. + + * src/autofit/afloader.c (af_loader_init, af_loader_done): Updated. + +2015-04-01 Werner Lemberg + + * src/autofit/afhints.c (af_glyph_hints_done): Fix minor thinko. + +2015-03-29 Werner Lemberg + + [cff] Fix Savannah bug #44629. + + * src/cff/cf2font.h (CF2_MAX_SUBR), src/cff/cffgload.h + (CFF_MAX_SUBRS_CALLS): Set to 16. + +2015-03-29 Werner Lemberg + + [type1, truetype] Make the MM API more flexible w.r.t. `num_coords'. + + This commit allows `num_coords' to be larger or smaller than the + number of available axes while selecting a design instance, either + ignoring excess data or using defaults if data is missing. + + * src/truetype/ttgxvar.c (TT_Set_MM_Blend, TT_Set_Var_Design): + Implement it. + + * src/type1/t1load.c (T1_Set_MM_Blend, T1_Set_MM_Design, + T1_Set_Var_Design): Ditto. + +2015-03-29 Werner Lemberg + + [type1] Minor. + + * src/type1/t1load.c (T1_Set_MM_Blend, T1_Set_MM_Design): Use + FT_THROW. + (T1_Set_Var_Design): Use T1_MAX_MM_AXIS and FT_THROW. + +2015-03-27 Werner Lemberg + + [cff] Trace charstring nesting levels. + + * src/cff/cf2intrp.c (cf2_interpT2CharString) : Implement it. + + * src/cff/cffgload.c (cff_decoder_parse_charstrings) + : Ditto. + +2015-03-21 Alexei Podtelezhnikov + + [base] Optimize `FT_Angle_Diff'. + + Under normal circumstances we are usually close to the desired range + of angle values, so that the remainder is not really necessary. + + * src/base/fttrigon.c (FT_Angle_Diff): Use loops instead of remainder. + + * src/autofit/aftypes.h (AF_ANGLE_DIFF): Ditto in the unused macro. + +2015-03-21 Werner Lemberg + + [truetype] Improve `gvar' handling. + + * src/truetype/ttgxvar.c (ft_var_readpackedpoints): Correctly handle + single-element runs. Cf. glyph `Q' in Skia.ttf with weights larger + than the default. + +2015-03-20 Alexei Podtelezhnikov + + * src/base/fttrigon.c (FT_Vector_Rotate): Minor refactoring. + +2015-03-17 Alexei Podtelezhnikov + + Fix Savannah bug #44412 (part 2). + + * src/base/fttrigon.c (FT_Sin, FT_Cos, FT_Tan): Call `FT_Vector_Unit'. + +2015-03-11 Werner Lemberg + + [autofit] Add support for Arabic script. + + Thanks to Titus Nemeth for guidance! + + * src/autofit/afblue.dat: Add blue zone data for Arabic. + + * src/autofit/afblue.c, src/autofit/afblue.h: Regenerated. + + * src/autofit/afscript.h: Add Arabic standard characters. + + * src/autofit/afranges.c: Add Arabic data. + + * src/autofit/afstyles.h: Add Arabic data. + + * docs/CHANGES: Document it. + +2015-03-11 Werner Lemberg + + Rename `svxf86nm.h' to `svfntfmt.h'; update related symbols. + + * include/internal/ftserv.h (FT_SERVICE_XFREE86_NAME_H): Renamed + to... + (FT_SERVICE_FONT_FORMAT_H): This. + + * include/internal/services/svfntfmt.h (FT_XF86_FORMAT_*): Renamed + to ... + (FT_FONT_FORMAT_*): This. + + src/base/ftfntfmt.c, src/bdf/bdfdrivr.c, src/cff/cffdrivr.c, + src/cid/cidriver.c, src/pcf/pcfdrivr.c, src/pfr/pfrdrivr.c, + src/truetype/ttdriver.c, src/type1/t1driver.c, + src/type42/t42drivr.c, src/winfonts/winfnt.c: Updated. + +2015-03-11 Werner Lemberg + + [base] Rename `FT_XFREE86_H' to `FT_FONT_FORMATS_H'. + + * include/config/ftheader.h: Implement it. + * src/base/ftfntfmt.c, docs/CHANGES: Updated. + +2015-03-11 Werner Lemberg + + [base] Rename `FT_Get_X11_Font_Format' to `FT_Get_Font_Format'. + + * include/ftfntfmt.h, src/base/ftfntfmt.c: Implement it. + + * docs/CHANGES: Updated. + +2015-03-11 Werner Lemberg + + Fix automatic copyright updating. + + * src/tools/update-copyright: Make scanning of `no-copyright' + actually work. + + * src/tools/no-copyright: Don't include README in general. + +2015-03-11 Werner Lemberg + + Rename `ftxf86.[ch]' to `ftfntfmt.[ch]'. + + CMakeLists.txt, builds/amiga/makefile, builds/amiga/makefile.os4, + builds/amiga/smakefile, builds/mac/FreeType.m68k_cfm.make.txt, + builds/mac/FreeType.m68k_far.make.txt, + builds/mac/FreeType.ppc_carbon.make.txt, + builds/mac/FreeType.ppc_classic.make.txt, builds/symbian/bld.inf, + builds/symbian/freetype.mmp, builds/wince/vc2005-ce/freetype.vcproj, + builds/wince/vc2008-ce/freetype.vcproj, + builds/windows/vc2005/freetype.vcproj, + builds/windows/vc2008/freetype.vcproj, + builds/windows/vc2010/freetype.vcxproj, + builds/windows/vc2010/freetype.vcxproj.filters, + builds/windows/visualc/freetype.dsp, + builds/windows/visualc/freetype.vcproj, + builds/windows/visualce/freetype.dsp, + builds/windows/visualce/freetype.vcproj, docs/INSTALL.ANY, + include/config/ftheader.h, include/ftfntfmt.h, modules.cfg, + src/base/ftfntfmt.c, vms_make.com: Updated. + +2015-03-10 Alexei Podtelezhnikov + + Fix Savannah bug #44412 (part 1). + + * src/base/ftstroke.c (ft_stroker_inside): Handle near U-turns. + +2015-03-10 Werner Lemberg + + [base] Rename `FT_Bitmap_New' to `FT_Bitmap_Init'. + + * include/ftbitmap.h, src/base/ftbitmap.c: Implement it. + Update all callers. + + * docs/CHANGES: Updated. + +2015-03-06 Werner Lemberg + + * src/sfnt/ttload.c (tt_face_load_font_dir): Fix compiler warning. + + Found by Alexei. + +2015-03-05 Alexei Podtelezhnikov + + * src/base/ftstroke.c: Simplify. + +2015-03-04 Werner Lemberg + + [truetype] Some fixes and code refactoring in `ttgxvar.c'. + + * src/truetype/ttgxvar.c (ft_var_readpackedpoints): Fix return value + of `point_cnt' if two bytes are read. + Use a more vertical coding style. + (ft_var_readpackeddeltas): Use FT_UInt for `delta_cnt' parameter. + Use a more vertical coding style. + +2015-03-03 Werner Lemberg + + [autofit] Fix Savannah bug #44241. + + * src/autofit/aflatin.c (af_latin_metrics_init_blues): Reject glyphs + with less than 3 points. + +2015-03-02 Werner Lemberg + + Simplify `TYPEOF' macro. + + No need for two arguments. + + * include/config/ftconfig.h, builds/unix/ftconfig.in, + builds/vms/ftconfig.h (TYPEOF): Updated. + + * include/internal/ftobjs.h (FT_PAD_FLOOR, FT_PIX_FLOOR), + src/autofit/afwarp.h (AF_WARPER_FLOOR): Updated. + +2015-03-01 Werner Lemberg + + Various compiler warning fixes for `make multi'. + + * src/autofit/afcjk.c (af_cjk_hints_compute_blue_edges), + src/autofit/aflatin.c (af_latin_hint_compute_blue_edges, + af_latin_hint_edges), src/autofit/aflatin2.c + (af_latin2_hints_compute_blue_edges, af_latin2_hint_edges): Declare + as `static'. + + * src/cache/ftccmap.c (FTC_CMAP_QUERY_HASH, FTC_CMAP_NODE_HASH): + Removed. Unused. + * src/cache/ftcimage.c: Include FT_INTERNAL_OBJECTS_H. + * src/cache/ftcmanag.c (FTC_LRU_GET_MANAGER): Removed. Unused. + + * src/cff/cf2intrp.c: Include `cf2intrp.h'. + * src/cff/cffdrivr.c (PAIR_TAG): Removed. Unused. + + * src/gzip/ftgzip.c (NO_DUMMY_DECL): Removed. Unused. + + * src/psaux/afmparse.c (afm_parser_read_int): Declare as `static'. + + * src/pshinter/pshalgo.c (STRONGER, PSH_ZONE_MIN, PSH_ZONE_MAX): + Removed. Unused. + + * src/raster/ftraster.c (Render_Glyph): Declare as `static'. + + * src/sfnt/ttpost.c (load_format_20): Fix signedness warning. + + * src/truetype/ttdriver.c (PAIR_TAG): Removed. Unused. + * src/truetype/ttsubpix.c (is_member_of_family_class, + is_member_of_style_class): Declare as `static'. + + * src/type1/t1gload.c (T1_Parse_Glyph_And_Get_Char_String): Declare + as `static'. + * src/type1/t1load.c (mm_axis_unmap, mm_weights_unmap): Declare as + `static'. + (T1_FIELD_COUNT): Removed. Unused. + * src/type1/t1parse.h (T1_Done_Table): Removed. Unused. + + * src/type42/t42parse.c (T1_Done_Table): Removed. Unused. + +2015-02-25 Werner Lemberg + + [psaux] Signedness fixes. + + * include/internal/psaux.h, src/psaux/afmparse.c, + src/psaux/afmparse.h, src/psaux/psconv.c, src/psaux/psobjs.c, + src/psaux/t1cmap.c, src/psaux/t1decode.c: Apply. + +2015-02-25 Werner Lemberg + + [otvalid] Signedness fixes. + + * src/otvalid/otvcommn.c, src/otvalid/otvgdef.c, + src/otvalid/otvgpos.c, src/otvalid/otvgsub.c, src/otvalid/otvmath.c: + Apply. + +2015-02-25 Werner Lemberg + + * src/bzip2/ftbzip2.c (ft_bzip2_alloc): Signedness fix. + +2015-02-25 Werner Lemberg + + [lzw] Signedness fixes. + + * src/lzw/ftzopen.c, src/lzw/ftzopen.h: Apply. + +2015-02-25 Werner Lemberg + + [gxvalid] Signedness fixes. + + * src/gxvalid/gxvbsln.c, src/gxvalid/gxvcommn.c, + src/gxvalid/gxvcommn.h, src/gxvalid/gxvjust.c, + src/gxvalid/gxvkern.c, src/gxvalid/gxvlcar.c, src/gxvalid/gxvmort.c, + src/gxvalid/gxvmort1.c, src/gxvalid/gxvmort2.c, + src/gxvalid/gxvmorx.c, src/gxvalid/gxvmorx1.c, + src/gxvalid/gxvmorx2.c, src/gxvalid/gxvopbd.c, + src/gxvalid/gxvprop.c, src/gxvalid/gxvtrak.c: Apply. + +2015-02-25 Werner Lemberg + + [cache] Signedness fixes. + + * src/cache/ftcbasic.c, src/cache/ftccmap.c, src/cache/ftcimage.c, + src/cache/ftcmanag.c, src/cache/ftcsbits.c: Apply. + +2015-02-25 Werner Lemberg + + Change dimension fields in `FTC_ImageTypeRec' to unsigned type. + + This doesn't break ABI. + + * include/ftcache.h (FTC_ImageTypeRec): Use unsigned types for + `width' and `height'. + + * docs/CHANGES: Document it. + +2015-02-25 Werner Lemberg + + [cache] Don't use `labs'. + + This is the only place in FreeType where this function was used. + + * include/config/ftstdlib.h (ft_labs): Remove. + + * src/cache/ftcimage.c (ftc_inode_weight): Replace `ft_labs' with + `FT_ABS'. + +2015-02-23 Werner Lemberg + + [cache] Replace `FT_PtrDist' with `FT_Offset'. + + * src/cache/ftccache.h (FTC_NodeRec): `FT_Offset' (a.k.a. `size_t') + is a better choice for `hash' to hold a pointer than `FT_PtrDist' + (a.k.a. `ptrdiff_t'), especially since the latter is signed, + causing zillions of signedness warnings. [Note that `hash' was of + type `FT_UInt32' before the change to `FT_PtrDist'.] + Update all users. + + * src/cache/ftcbasic.c, src/cache/ftccache.c, src/cache/ftccmap.c, + src/cache/ftcglyph.c, src/cache/ftcglyph.h: Updated. + +2015-02-23 Werner Lemberg + + [smooth, raster] Re-enable standalone compilation. + + * src/raster/ftraster.c (FT_RENDER_POOL_SIZE, FT_MAX) + [_STANDALONE_]: Define macros. + + * src/smooth/ftgrays.c (FT_RENDER_POOL_SIZE, FT_MAX, FT_ABS, + FT_HYPOT) [_STANDALONE_]: Define macros. + +2015-02-22 Werner Lemberg + + [smooth] Signedness fixes. + + * src/smooth/ftgrays.c, src/smooth/ftsmooth.c: Apply. + +2015-02-22 Werner Lemberg + + * src/raster/ftraster.c: Use the file's typedefs everywhere. + +2015-02-22 Werner Lemberg + + * src/sfnt/ttpost.c (load_format_20): Fix error tracing message. + + Bug introduced 6 commits earlier. + +2015-02-22 Werner Lemberg + + [pshinter] Fix thinko. + + * src/pshinter/pshalgo.c (psh_glyph_find_strong_points): Correctly + check `count'. + Bug introduced two commits earlier. + +2015-02-22 Werner Lemberg + + [raster] Signedness fixes. + + * src/raster/ftraster.c, src/raster/ftrend1.c: Apply. + +2015-02-22 Werner Lemberg + + [pshinter] Signedness fixes. + + * src/pshinter/pshalgo.c, src/pshinter/pshglob.c, + src/pshinter/pshrec.c: Apply. + +2015-02-22 Werner Lemberg + + [pshinter] Use macros for (unsigned) flags, not enumerations. + + * src/pshinter/pshalgo.h (PSH_Hint_Flags): Replace with macros. + Updated. + * src/pshinter/pshrec.h (PS_Hint_Flags): Replace with macros. + +2015-02-22 Werner Lemberg + + * src/pshinter/pshrec.c: Simplify. + (ps_hints_open, ps_hints_stem): Remove switch statement. + +2015-02-22 Werner Lemberg + + [sfnt] Signedness fixes. + + * src/sfnt/pngshim.c, src/sfnt/sfobjs.c, src/sfnt/ttcmap.c, + src/sfnt/ttkern.c, src/sfnt/ttload.c, src/sfnt/ttpost.c, + src/sfnt/ttsbit.c: Apply. + * src/sfnt/sfdriver.c: Apply. + (sfnt_get_ps_name): Simplify. + +2015-02-22 Werner Lemberg + + [bdf] Signedness fixes. + + * src/bdf/bdf.h, src/bdf/bdfdrivr.c, src/bdf/bdfdrivr.h, + src/bdf/bdflib.c: Apply. + +2015-02-22 Werner Lemberg + + * src/bdf/bdflib.c (_bdf_atous): New function. + (_bdf_parse_glyphs, _bdf_parse_start): Use it. + +2015-02-22 Werner Lemberg + + [pcf] Signedness fixes. + + * src/pcf/pcf.h, src/pcf/pcfdrivr.c: Apply. + * src/pcf/pcfread.c: Apply. + (pcf_get_encodings): Ignore invalid negative encoding offsets. + +2015-02-21 Werner Lemberg + + * src/winfonts/winfnt.c: Signedness fixes. + +2015-02-21 Werner Lemberg + + [type42] Signedness fixes. + + * src/type42/t42parse.c, src/type42/t42parse.h, + src/type42/t42types.h: Apply. + +2015-02-21 Werner Lemberg + + [pfr] Signedness fixes. + + * src/pfr/pfrdrivr.c, src/pfr/pfrgload.c, src/pfr/pfrload.c, + src/pfr/pfrload.h, src/pfr/pfrobjs.c, src/pfr/pfrsbit.c, + src/pfr/pfrtypes.h: Apply. + +2015-02-21 Werner Lemberg + + [cff] Minor signedness fixes related to last commit. + + * src/cff/cf2ft.c, src/cff/cf2intrp.c, src/cff/cffgload.c: Apply. + +2015-02-20 Werner Lemberg + + [cff] Thinkos in bias handling. + + Only the final result is always positive. + + Bug introduced three commits earlier. + + * src/cff/cffgload.c, src/cff/cffgload.h: Apply. + +2015-02-20 Werner Lemberg + + [cid] Fix signedness issues and emit some better error codes. + + * src/cid/cidgload.c, src/cid/cidload.h, src/cid/cidobjs.c, + src/cid/cidparse.h: Apply. + * src/cid/cidload.c: Apply. + (parse_fd_array): Reject negative values for number of dictionaries. + * src/cid/cidparse.c: Apply. + (cid_parser_new): Reject negative values for hex data length. + +2015-02-20 Werner Lemberg + + [cff] Signedness fixes for new engine. + + * src/cff/cf2arrst.c, src/cff/cf2fixed.h, src/cff/cf2ft.c, + src/cff/cf2ft.h, src/cff/cf2hints.c, src/cff/cf2intrp.c: Apply. + +2015-02-20 Werner Lemberg + + [cff] Signedness fixes for basic infrastructure and old engine. + + * include/internal/pshints.h, src/cff/cffdrivr.c, + src/cff/cffgload.c, src/cff/cffgload.h, src/cff/cffload.c, + src/cff/cffobjs.c, src/cff/cffparse.c, src/pshinter/pshrec.c: Apply. + +2015-02-19 Werner Lemberg + + * src/truetype/ttgxvar.c (TT_Get_MM_Var): Ignore `countSizePairs'. + + This is hard-coded to value 2 in `fvar' version 1.0 (and no newer + version exists), but some fonts set it incorrectly. + + Problem reported by Adam Twardoch . + +2015-02-19 Werner Lemberg + + [cff] Emit better error code for invalid private dict size. + + * src/cff/cffparse.c (cff_parse_private_dict): Reject negative + values for size and offset. + +2015-02-19 Werner Lemberg + + [autofit] Fix signedness issues. + + * src/autofit/afangles.c, src/autofit/afcjk.c, + src/autofit/afglobal.c, src/autofit/afhints.c, + src/autofit/aflatin.c, src/autofit/aflatin2.c, src/autofit/afwarp.c, + src/autofit/hbshim.c: Apply. + +2015-02-19 Werner Lemberg + + [autofit] Use macros for (unsigned) flags, not enumerations. + + This harmonizes with other code in FreeType (and reduces the number + of necessary casts to avoid compiler warnings). + + * src/autofit/afblue.hin: Make flag macros unsigned. + * src/autofit/afblue.h: Regenerated. + + * src/autofit/afcjk.h: Replace flag enumeration with macros. + * src/autofit/afcjk.c: Updated. + + * src/autofit/afhints.h (AF_Flags, AF_Edge_Flags): Replace with + macros. + * src/autofit/afhints.c: Updated. + + * src/autofit/aflatin.h: Replace flag enumerations with macros. + * src/autofit/aflatin.c, src/autofit/aflatin2.c: Updated. + + * src/autofit/aftypes.h (AF_ScalerFlags): Replace with macros. + +2015-02-18 Werner Lemberg + + [type1] Fix signedness issues. + + * include/internal/psaux.h, include/internal/t1types.h, + src/psaux/psobjs.c, src/psaux/psobjs.h, src/psaux/t1decode.c, + src/type1/t1gload.c, src/type1/t1load.c, src/type1/t1parse.c: Apply. + +2015-02-18 Werner Lemberg + + [psaux, type1] Fix minor AFM issues. + + * include/internal/t1types.h (AFM_KernPairRec): Make indices + unsigned. + Update users. + (AFM_FontInfoRec): Make element counters unsigned. + Update users. + * src/psaux/afmparse.h (AFM_ValueRec): Add union member for unsigned + int. + + * src/psaux/afmparse.c (afm_parse_track_kern, afm_parse_kern_pairs): + Reject negative values for number of kerning elements. + + * src/type1/t1afm.c, src/tools/test_afm.c: Updated. + +2015-02-18 Werner Lemberg + + Don't use `FT_PtrDist' for lengths. + + Use FT_UInt instead. + + * include/internal/psaux.h (PS_Table_FuncsRec, PS_TableRec, + T1_DecoderRec): Do it. + + * include/internal/t1types.h (T1_FontRec): Ditto. + + * src/cid/cidload.c (cid_parse_dict): Updated. + * src/pfr/pfrload.c (pfr_extra_item_load_font_id): Ditto. + * src/psaux/psobjs.c (ps_table_add), src/psaux/psobjs.h: Ditto. + * src/type1/t1load.c (parse_blend_axis_types, parse_encoding, + parse_chharstrings, parse_dict): Ditto. + * src/type42/t42parse.c (t42_parse_encoding, t42_parse_charstrings, + t42_parse_dict): Ditto. + +2015-02-18 Werner Lemberg + + * src/type1/t1driver.c (t1_ps_get_font_value): Clean up. + This handles negative values better, avoiding many casts. + +2015-02-17 Werner Lemberg + + [base] Fix Savannah bug #44284. + + * src/base/ftcalc.c (FT_MulFix): Typos. + +2015-02-17 Werner Lemberg + + [truetype] Finish compiler warning fixes for signedness issues. + + * src/truetype/ttgxvar.c, src/truetype/ttsubpix.c, + src/truetype/ttsubpix.h: Apply. + +2015-02-17 Werner Lemberg + + * src/truetype/ttsubpix.c: Adding missing `static' keywords. + +2015-02-17 Werner Lemberg + + [truetype] More signedness fixes. + + * include/internal/tttypes.h, src/truetype/ttinterp.h, + src/truetype/ttobjs.h, src/truetype/ttinterp.c, + src/truetype/ttobjs.c: Apply. + +2015-02-17 Werner Lemberg + + [truetype] Various signedness fixes. + + * include/internal/ftgloadr.h, src/truetype/ttpload.c: Apply. + + * src/truetype/ttgload.c: Apply. + (TT_Get_VMetrics): Protect against invalid ascenders and descenders + while constructing advance height. + +2015-02-16 Werner Lemberg + + [base] Finish compiler warning fixes for signedness issues. + + * src/base/ftglyph.c, src/base/ftlcdfil.c, src/base/ftstroke.c: + Apply. + +2015-02-16 Werner Lemberg + + * include/tttables.h (TT_OS2): `fsType' must be FT_UShort. + +2015-02-16 Werner Lemberg + + More minor signedness warning fixes. + + * src/base/ftbbox.c, src/base/ftbitmap.c, src/base/fttrigon.c, + src/base/ftutil.c: Apply. + +2015-02-16 Werner Lemberg + + Next round of minor compiler warning fixes. + + * include/internal/ftrfork.h (FT_RFork_Ref): Change `offset' member + type to `FT_Long'. + (CONST_FT_RFORK_RULE_ARRAY_BEGIN): Add `static' keyword. + + * include/internal/ftstream.h (FT_Stream_Pos): Return `FT_ULong'. + + * src/base/ftoutln.c, src/base/ftrfork.c, src/base/ftstream.c: + Signedess fixes. + +2015-02-16 Werner Lemberg + + Various minor signedness fixes. + + * include/ftadvanc.h, include/internal/ftobjs.h, + src/base/ftgloadr.c, src/base/ftobjs.c: Apply. + +2015-02-16 Werner Lemberg + + New `TYPEOF' macro. + + This helps suppress signedness warnings, avoiding issues with + implicit conversion changes. + + * include/config/ftconfig.h, builds/unix/ftconfig.in, + builds/vms/ftconfig.h (TYPEOF): Define. + + * include/internal/ftobjs.h (FT_PAD_FLOOR, FT_PIX_FLOOR), + src/autofit/afwarp.h (AF_WARPER_FLOOR): Use it. + +2015-02-16 Werner Lemberg + + * src/base/ftsystem.c: Use casts in standard C function wrappers. + (ft_alloc, ft_realloc, ft_ansi_stream_io, FT_Stream_Open): Do it. + +2015-02-16 Werner Lemberg + + Fix Savannah bug #44261. + + * builds/unix/detect.mk (setup) [unix]: Set `CONFIG_SHELL' in the + environment also while calling the configure script. + +2015-02-16 Werner Lemberg + + * include/internal/ftmemory.h: Add some `FT_Offset' casts. + (FT_MEM_SET, FT_MEM_COPY, FT_MEM_MOVE, FT_ARRAY_ZERO, FT_ARRAY_COPY, + FT_MEM_MOVE): Do it. + +2015-02-15 Werner Lemberg + + [base] Clean up signedness issues in `ftdbgmem.c'. + + Also fix other minor issues. + + * src/base/ftdbgmem.c (FT_MemTableRec): Replace all FT_ULong types + with FT_Long for consistency. + (ft_mem_primes): Change type to `FT_Int'. + (ft_mem_closest_prime, ft_mem_table_set): Updated. + + (ft_mem_debug_panic, ft_mem_debug_alloc, ft_mem_debug_free, + ft_mem_debug_realloc): Use `static' keyword and fix signedness + warnings where necessary. + + (ft_mem_table_resize, ft_mem_table_new, ft_mem_table_destroy, + ft_mem_table_get_nodep, ft_mem_debug_init, FT_DumpMemory): Fix types + and add or remove casts to avoid signedness warnings. + +2015-02-15 Werner Lemberg + + [base] Clean up signedness in arithmetic functions. + + This makes the code more readable and reduces compiler warnings. + + * src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_MulFix, + FT_DivFix): Convert input parameters to unsigned, do the + computation, then convert the result back to signed. + (ft_corner_orientation): Fix casts. + +2015-02-07 Werner Lemberg + + [sfnt] Fix Savannah bug #44184. + + * src/sfnt/ttload.c (check_table_dir, tt_face_load_font_dir): No + longer reject `htmx' and `vmtx' tables with invalid length but + sanitize them. + +2015-02-06 Jon Anderson + + [truetype] Fix regression in the incremental glyph loader. + + * src/truetype/ttgload.c (load_truetype_glyph): For incremental + fonts, the glyph index may be greater than the number of glyphs + indicated, so guard the check with a preprocessor conditional. + +2015-02-06 Werner Lemberg + + [autofit] Fix potential memory leak. + + While this doesn't show up with FreeType, exactly the same code + leaks with ttfautohint's modified auto-hinter code (which gets used + in a slightly different way). + + It certainly doesn't harm since it is similar to already existing + checks in the code for embedded arrays. + + * src/autofit/afhints.c (af_glyph_hints_reload): Set `max_contours' + and `max_points' for all cases. + +2015-01-31 Werner Lemberg + + [autofit] Add support for Thai script. + + Thanks to Ben Mitchell for guidance with blue + zone characters! + + * src/autofit/afblue.dat: Add blue zone data for Thai. + + * src/autofit/afblue.c, src/autofit/afblue.h: Regenerated. + + * src/autofit/afscript.h: Add Thai standard characters. + + * src/autofit/afranges.c: Add Thai data. + + * src/autofit/afstyles.h: Add Thai data. + +2015-01-23 Behdad Esfahbod + + [raster] Handle `FT_RASTER_FLAG_AA' correctly. + + This fixes a breakage caused by the commit `[raster] Remove + 5-level gray AA mode from monochrome rasterizer.'. + + Problem reported by Markus Trippelsdorf . + + * src/raster/ftraster.c (ft_black_render): Handle + `FT_RASTER_FLAG_AA'. + + * src/raster/ftrend1.c (ft_raster1_render): Remove gray AA mode + remnants. + +2015-01-18 Werner Lemberg + + * src/base/ftobjs.c (FT_New_Library): Fix compiler warning. + +2015-01-18 Chris Liddell + + [raster] Fix Savannah bug #44022. + + Add fallback for glyphs with degenerate bounding boxes. + + If a glyph has only one very narrow feature, the bbox can end up + with either the width or height of the bbox being 0, in which case + no raster memory is allocated and no attempt is made to render the + glyph. This is less than ideal when the drop-out compensation in + the rendering code would actually result in the glyph being + rendered. + + This problem can be observed with the `I' glyph (gid 47) in the + Autodesk RomanS TrueType font. + + * src/raster/ftrend1.c (ft_raster1_render): Add a fallback if either + dimension is zero to explicitly round up/down (instead of simply + round). + +2015-01-17 Werner Lemberg + + Add some tools to handle yearly copyright notice updates. + + We are now following the GNU guidelines: A new release automatically + means that the copyright year of all affected files gets updated; it + is no longer used to track years of modification changes. + + * src/tools/update-copyright-year: New Perl script. + * src/tools/update-copyright: New shell script that calls + `update-copyright-year' on all files. + * src/tools/no-copyright: Exceptions that should not be handled by + `update-copyright' + +2015-01-14 Werner Lemberg + + * docs/CHANGES: Updated, using a description from Behdad. + +2015-01-14 Behdad Esfahbod + + * src/autofit/afmodule.c (af_autofitter_done): Fix compiler warning. + +2015-01-14 Behdad Esfahbod + + [autofit] Add embedded array of segments and edges. + + Avoids multiple mallocs per typical glyphs. + + With this and recent changes to avoid mallocs, the thread-safe + stack-based loader is now as fast as the previous model that had one + cached singleton. + + * src/autofit/afhints.h (AF_SEGMENTS_EMBEDDED, AF_EDGES_EMBEDDED): + New macros. + (AF_AxisHintsRec): Add two arrays for segments and edges. + + * src/autofit/afhints.c (af_axis_hints_new_segment): Only allocate + data if number of segments exceeds given threshold value. + (af_axis_hints_new_edge): Only allocate data if number of edges + exceeds given threshold value. + (af_glyph_hints_done): Updated. + +2015-01-14 Behdad Esfahbod + + [autofit] Add embedded arrays for points and contours. + + This avoids at least two malloc calls for typical glyphs. + + * src/autofit/afhints.h (AF_POINTS_EMBEDDED, AF_CONTOURS_EMBEDDED): + New macros. + (AF_GlyphHintsRec): Add two arrays for contours and points. + + * src/autofit/afhints.c (af_glyph_hints_init, af_glyph_hints_done): + Updated. + (af_glyph_hints_reload): Only allocate data if number of contours or + points exceeds given threshold values. + +2015-01-14 Behdad Esfahbod + + [autofit] Allocate hints object on the stack. + + This avoids one malloc per load. + + * src/autofit/afloader.h (AF_LoaderRec): Change type of `hints' to + `AF_GlyphHints'. + Update prototype. + + * src/autofit/afloader.c (af_loader_init): Use `AF_GlyphHints' + parameter instead of `FT_Memory'. + (af_loader_done): Directly reset `load_hints'. + (af_loader_load_g): Updated. + + * src/autofit/afmodule.c (af_autofitter_load_glyph): Use local + `hints' object. + +2015-01-14 Behdad Esfahbod + + [autofit] Reuse slot glyph loader. + + No need to create a new glyph loader; we can reuse the one from + `slot->internal->loader'. It's hard to tell why it was written that + way originally, but new code looks sound and correct to me, and + avoids lots of allocations. + + * src/autofit/afloader.c (af_loader_init): Change return type to + `void'. + Don't call `FT_GlyphLoader_New'. + (af_loader_reset): Don't call `FT_GlyphLoader_Rewind'. + (af_loader_load_g): Update code to use `internal->loader', which + doesn't need copying of data. + + * src/autofit/afloader.h (AF_LoaderRec): Remove `gloader' member. + Update prototype. + + * src/autofit/afmodule.c (af_autofitter_load_glyph): Updated. + +2015-01-14 Behdad Esfahbod + + [autofit] Remove (unused) support for composite glyphs. + + We never have to deal with composite glyphs in the autohinter, as + those will be loaded into FORMAT_OUTLINE by the recursed + `FT_Load_Glyph' function. + + In the rare cases that FT_LOAD_NO_RECURSE is set, it will imply + FT_LOAD_NO_SCALE as per `FT_Load_Glyph', which then implies + FT_LOAD_NO_HINTING: + + /* resolve load flags dependencies */ + + if ( load_flags & FT_LOAD_NO_RECURSE ) + load_flags |= FT_LOAD_NO_SCALE | + FT_LOAD_IGNORE_TRANSFORM; + + if ( load_flags & FT_LOAD_NO_SCALE ) + { + load_flags |= FT_LOAD_NO_HINTING | + FT_LOAD_NO_BITMAP; + + load_flags &= ~FT_LOAD_RENDER; + } + + and as such the auto-hinter is never called. Thus, the recursion in + `af_loader_load_g' never actually happens. So remove the depth + counter as well. + + * src/autofit/afloader.c (af_loader_load_g): Remove `depth' + parameter. + : Remove associated code. + (af_loader_load_glyph): Updated. + +2015-01-14 Behdad Esfahbod + + [raster] Fix uninitialized memory access. + + Apparently `ras.cProfile' might be uninitialized. This will be the + case if `ras.top == ras.cProfile->offset', as can be seen in + `End_Profile'. The overshoot code introduced in a change `Fix B/W + rasterization of subglyphs with different drop-out modes.' (from + 2009-06-18) violated this, accessing `ras.cProfile->flags' + unconditionally just before calling `End_Profile' (which then + detected that `cProfile' is uninitialized and didn't touch it). + + This was harmless, and was not detected by valgrind before because + the objects were allocated on the `raster_pool', which was always + initialized. With recent change to allocate raster buffers on the + stack, valgrind now reported this invalid access. + + * src/raster/ftraster.c (Convert_Glyph): Don't access an + uninitialized `cProfile'. + +2015-01-14 Behdad Esfahbod + + [smooth] Fix uninitialized memory access. + + Looks like `ras.span_y' could always be used without initialization. + This was never detected by valgrind before because the library-wide + `raster_pool' was used for the worker object and `raster_pool' was + originally zero'ed. But subsequent reuses of it were using `span_y' + uninitialized. With the recent change to not use `render_pool' and + allocate worker and buffer on the stack, valgrind now detects this + uninitialized access. + + * src/smooth/ftgrays.c (gray_raster_render): Initialize + `ras.span_y'. + +2015-01-14 Behdad Esfahbod + + [base] Don't initialize unused `driver->glyph_loader'. + + * src/base/ftobjs.c (Destroy_Driver): Don't call + `FT_GlyphLoader_Done'. + (FT_Add_Module): Don't call `FT_GlyphLoader_New'. + +2015-01-14 Behdad Esfahbod + + [base] Don't allocate `library->raster_pool' anymore. + + It's unused after the following commits: + + [raster] Allocate render pool for mono rasterizer on the stack. + [raster] Remove 5-level gray AA mode from monochrome rasterizer. + + The value of FT_RENDER_POOL_SIZE still serves the purpose it used to + serve, which is, to adjust the pool size. But the pool is now + allocated on the stack on demand. + + * src/base/ftobjs.c (FT_New_Library, FT_Done_Library): Implement. + +2015-01-14 Behdad Esfahbod + + [base] Do not reorder library->renderers upon use. + + Instead of keeping `library->renderers' in a MRU order, just leave + it as-is. The MRU machinery wasn't thread-safe. + + With this patch, rasterizing glyphs from different faces from + different threads doesn't fail choosing rasterizer + (FT_Err_Cannot_Render_Glyph). + + Easiest to see that crash was to add a `printf' (or otherwise let + thread yield in FT_Throw with debugging enabled). + + * src/base/ftobjs.c (FT_Render_Glyph_Internal), src/base/ftoutln.c + (FT_Outline_Render): Don't call `FT_Set_Renderer'. + +2015-01-14 Behdad Esfahbod + + [raster] Allocate render pool for mono rasterizer on the stack. + + Instead of using the `render_pool' member of `FT_Library' that is + provided down to the rasterizer, completely ignore that and allocate + needed objects on the stack instead. + + With this patch, rasterizing glyphs from different faces from + different threads doesn't crash in the monochrome rasterizer. + + * src/raster/ftraster.c (black_TRaster): Remove `buffer', + `buffer_size', and `worker' members. + + (ft_black_render): Create `buffer' locally. + (ft_black_reset): Updated. + +2015-01-14 Behdad Esfahbod + + [raster] Remove 5-level gray AA mode from monochrome rasterizer. + + It was off by default and couldn't be turned on at runtime. And the + smooth rasterizer superceded it over ten years ago. No point in + keeping. Comments suggested that it was there for compatibility + with FreeType 1. + + 550 lines down. + + * src/raster/ftraster.c (FT_RASTER_OPTION_ANTI_ALIASING, + RASTER_GRAY_LINES): Remove macros and all associated code. + + (black_TWorker): Remove `gray_min_x' and `gray_max_x'. + (black_TRaster): Remove `grays' and `gray_width'. + + (Vertical_Sweep_Init, Vertical_Sweep_Span, Vertical_Sweep_Drop, + ft_black_render): Updated. + + * src/raster/ftrend1.c (ft_raster1_render): Simplify code. + (ft_raster5_renderer_class): Removed. + +2015-01-14 Behdad Esfahbod + + [smooth] Allocate render pool for smooth rasterizer on the stack. + + Instead of using the `render_pool' member of `FT_Library' that is + provided down to the rasterizer, completely ignore that and allocate + needed objects on the stack instead. + + With this patch, rasterizing glyphs from different faces from + different threads doesn't crash in the smooth rasterizer. + + Bugs: + + https://bugzilla.redhat.com/show_bug.cgi?id=678397 + https://bugzilla.redhat.com/show_bug.cgi?id=1004315 + https://bugzilla.redhat.com/show_bug.cgi?id=1165471 + https://bugs.freedesktop.org/show_bug.cgi?id=69034 + + * src/smooth/ftgrays.c (gray_TRaster): Remove `buffer', + `buffer_size', `band_size', and `worker' members. + + (gray_raster_render): Create `buffer', `buffer_size', and + `band_size' locally. + (gray_raster_reset): Updated. + +2015-01-14 Behdad Esfahbod + + [truetype] Allocate TT_ExecContext in TT_Size instead of TT_Driver. + + Previously the code had stipulation for using a per-TT_Size exec + context if `size->debug' was true. But there was no way that + `size->debug' could *ever* be true. As such, the code was always + using the singleton `TT_ExecContext' that was stored in `TT_Driver'. + This was, clearly, not threadsafe. + + With this patch, loading glyphs from different faces from different + threads doesn't crash in the bytecode loader code. + + * src/truetype/ttobjs.h (TT_SizeRec): Remove `debug' member. + (TT_DriverRec): Remove `context' member. + + * src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Remove + `TT_ExecContext' code related to a global `TT_Driver' object. + + (tt_driver_done): Don't remove `TT_ExecContext' object here but ... + (tt_size_done_bytecode): ... here. + + (tt_driver_init): Don't create `TT_ExecContext' object here but ... + (tt_size_init_bytecode): ... here, only on demand. + + * src/truetype/ttinterp.c (TT_Run_Context): Remove defunct debug + code. + (TT_New_Context): Remove `TT_ExecContext' code related to a global + `TT_Driver' object. + + * src/truetype/ttinterp.h: Updated. + + * src/truetype/ttgload.c (TT_Hint_Glyph, tt_loader_init): Updated. + +2015-01-14 Behdad Esfahbod + + [autofit] Allocate AF_Loader on the stack instead of AF_Module. + + Stop sharing a global `AF_Loader'. Allocate one on the stack during + glyph load. + + Right now this results in about 25% slowdown, to be fixed in a + following commit. + + With this patch loading glyphs from different faces from different + threads doesn't immediately crash in the autohinting loader code. + + Bugs: + + https://bugzilla.redhat.com/show_bug.cgi?id=1164941 + + * src/autofit/afloader.c (af_loader_init): Pass + `AF_Loader' and `FT_Memory' instead of `AF_Module' as arguments. + (af_loader_reset, af_loader_load_glyph): Also pass `loader' as + argument. + (af_loader_done): Use `AF_Loader' instead of `AF_Module' as + argument. + + * src/autofit/afmodule.c (af_autofitter_init): Don't call + `af_loader_init'. + (af_autofitter_done): Don't call `af_loader_done'. + (af_autofitter_load_glyph): Use a local `AF_Loader' object. + + * src/autofit/afloader.h: Include `afmodule.h'. + Update prototypes. + Move typedef for `AF_Module' to... + + * src/autofit/afmodule.h: ... this place. + No longer include `afloader.h'. + +2015-01-14 Behdad Esfahbod + + * src/type42/t42objs.h (T42_DriverRec): Remove unused member. + +2015-01-12 Werner Lemberg + + Fix Savannah bug #43976. + + Assure that FreeType's internal include directories are found before + `CPPFLAGS' (which might be set by the user in the environment), and + `CPPFLAGS' before `CFLAGS'. + + * builds/freetype.mk (FT_CFLAGS): Don't add `INCLUDE_FLAGS'. + (FT_COMPILE): Make this a special variable for compiling only the + files handled in `freetype.mk'. + (.c.$O): Removed, unused. + + * src/*/rules.mk (*_COMPILE): Fix order of include directories. + +2015-01-11 Werner Lemberg + + [truetype] Prettyfing. + + * src/truetype/ttinterp.c (project, dualproj, fast_project, + fast_dualproj): Rename to... + (PROJECT, DUALPROJ, FAST_PROJECT, FAST_DUALPROJ): ... this. + +2015-01-11 Werner Lemberg + + * src/truetype/ttinterp.c (Ins_JROT, Ins_JROF): Simplify. + + Based on a patch from Behdad. + +2015-01-11 Werner Lemberg + + * src/truetype/ttinterp.c (Ins_SxVTL): Simplify function call. + +2015-01-11 Werner Lemberg + + * src/truetype/ttinterp.c (Normalize): Remove unused argument. + +2015-01-11 Werner Lemberg + + [truetype] More macro expansions. + + * src/truetype/ttinterp.c (FT_UNUSED_EXEC): Remove macro by + expansion. + +2015-01-11 Werner Lemberg + + [truetype] More macro expansions. + + * src/truetype/ttinterp.c (INS_ARG): Remove macro by expansion, + adjusting funtion calls where necessary. + (FT_UNUSED_ARG): Removed, no longer needed. + +2015-01-10 Werner Lemberg + + [truetype] More macro expansions. + + Based on a patch from Behdad. + + * src/truetype/ttinterp.c (DO_*): Expand macros into corresponding + `Ins_*' functions. + (TT_RunIns): Replace `DO_*' macros with `Ins_*' function calls. + (ARRAY_BOUND_ERROR): Remove second definition, which is no longer + needed. + (Ins_SVTCA, Ins_SPVTCA, Ins_SFVTCA): Replaced with... + (Ins_SxyTCA): New function. + +2015-01-10 Werner Lemberg + + [truetype] Remove TT_CONFIG_OPTION_INTERPRETER_SWITCH. + + Behdad suggested this code simplification, and nobody objected... + + * include/config/ftoption.h, devel/ftoption.h + (TT_CONFIG_OPTION_INTERPRETER_SWITCH): Remove. + + * src/truetype/ttinterp.c [TT_CONFIG_OPTION_INTERPRETER_SWITCH]: + Remove related code. + (ARRAY_BOUND_ERROR): Use do-while loop. + +2015-01-10 Werner Lemberg + + [truetype] More macro expansions. + + * src/truetype/ttinterp.c, src/truetype/ttinterp.h (EXEC_ARG_, + EXEC_ARG): Remove by replacing with expansion. + +2015-01-10 Werner Lemberg + + [truetype] More macro expansions. + + Based on a patch from Behdad. + + * src/truetype/ttinterp.c (SKIP_Code, GET_ShortIns, NORMalize, + SET_SuperRound, ROUND_None, INS_Goto_CodeRange, CUR_Func_move, + CUR_Func_move_orig, CUR_Func_round, CUR_Func_cur_ppem, + CUR_Func_read_cvt, CUR_Func_write_cvt, CUR_Func_move_cvt, + CURRENT_Ratio, INS_SxVTL, COMPUTE_Funcs, COMPUTE_Round, + COMPUTE_Point_Displacement, MOVE_Zp2_Point): Remove by replacing + with expansion. + + (Cur_Func_project, CUR_Func_dualproj, CUR_fast_project, + CUR_fast_dualproj): Replace with macros `project', `dualproj', + `fast_project', `fast_dualproj'. + +2015-01-10 Werner Lemberg + + [truetype] More macro expansions. + + * src/truetype/ttinterp.c (EXEC_OP_, EXEC_OP): Remove by replacing + with expansion. + +2015-01-10 Werner Lemberg + + [truetype] Remove code for static TrueType interpreter. + + This is a follow-up patch. + + * src/truetype/ttinterp.c, src/truetype/ttinterp.h + [TT_CONFIG_OPTION_STATIC_INTERPRETER, + TT_CONFIG_OPTION_STATIC_RASTER]: Remove macros and related code. + +2015-01-10 Werner Lemberg + + * src/truetype/ttinterp.c (CUR): Remove by replacing with expansion. + + This starts a series of patches that simplifies the code of the + bytecode interpreter. + 2014-12-30 Werner Lemberg * Version 2.5.5 released. @@ -32,6 +1667,8 @@ * CMakeLists.txt (VERSION_PATCH): Set to 5. * docs/CHANGES: Updated. + * builds/toplevel.mk (dist): Fix typos. + 2014-12-24 Alexei Podtelezhnikov [base] Formatting and nanooptimizations. @@ -5143,7 +6780,7 @@ ---------------------------------------------------------------------------- -Copyright 2013-2014 by +Copyright 2013-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/ChangeLog.20 b/freetype/ChangeLog.20 index 8fcc5e70a..6dae58ea7 100644 --- a/freetype/ChangeLog.20 +++ b/freetype/ChangeLog.20 @@ -2597,7 +2597,7 @@ ---------------------------------------------------------------------------- -Copyright 2000, 2001, 2002, 2007 by +Copyright 2000-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/ChangeLog.21 b/freetype/ChangeLog.21 index 300a094f2..a6f8be754 100644 --- a/freetype/ChangeLog.21 +++ b/freetype/ChangeLog.21 @@ -9423,7 +9423,7 @@ ---------------------------------------------------------------------------- -Copyright 2002, 2003, 2004, 2005, 2007, 2008 by +Copyright 2002-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/ChangeLog.22 b/freetype/ChangeLog.22 index 4144288a5..08c5877e5 100644 --- a/freetype/ChangeLog.22 +++ b/freetype/ChangeLog.22 @@ -2821,7 +2821,7 @@ ---------------------------------------------------------------------------- -Copyright 2005, 2006, 2007, 2008 by +Copyright 2005-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/ChangeLog.23 b/freetype/ChangeLog.23 index 1a23848f8..93fd33ce8 100644 --- a/freetype/ChangeLog.23 +++ b/freetype/ChangeLog.23 @@ -7932,7 +7932,7 @@ ---------------------------------------------------------------------------- -Copyright 2006, 2007, 2008, 2009, 2010 by +Copyright 2006-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/ChangeLog.24 b/freetype/ChangeLog.24 index 01eb3b75f..df2119d8e 100644 --- a/freetype/ChangeLog.24 +++ b/freetype/ChangeLog.24 @@ -6344,7 +6344,7 @@ ---------------------------------------------------------------------------- -Copyright 2010-2013 by +Copyright 2010-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/Jamfile b/freetype/Jamfile index 16e097ed9..61fa01838 100644 --- a/freetype/Jamfile +++ b/freetype/Jamfile @@ -1,6 +1,6 @@ # FreeType 2 top Jamfile. # -# Copyright 2001-2014 by +# Copyright 2001-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, @@ -195,7 +195,7 @@ rule RefDoc actions RefDoc { - python $(FT2_SRC)/tools/docmaker/docmaker.py --prefix=ft2 --title=FreeType-2.5.5 --output=$(DOC_DIR) $(FT2_INCLUDE)/*.h $(FT2_INCLUDE)/config/*.h + python $(FT2_SRC)/tools/docmaker/docmaker.py --prefix=ft2 --title=FreeType-2.6 --output=$(DOC_DIR) $(FT2_INCLUDE)/*.h $(FT2_INCLUDE)/config/*.h } RefDoc refdoc ; diff --git a/freetype/Jamrules b/freetype/Jamrules index d8d1c7e61..91d196645 100644 --- a/freetype/Jamrules +++ b/freetype/Jamrules @@ -1,6 +1,6 @@ # FreeType 2 JamRules. # -# Copyright 2001, 2002, 2003 by +# Copyright 2001-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/Makefile b/freetype/Makefile index c1fa16cee..c807b0bd2 100644 --- a/freetype/Makefile +++ b/freetype/Makefile @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2002, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/README b/freetype/README index f00a1ab79..ff2074514 100644 --- a/freetype/README +++ b/freetype/README @@ -1,5 +1,5 @@ - FreeType 2.5.5 - ============== + FreeType 2.6 + ============ Homepage: http://www.freetype.org @@ -24,9 +24,9 @@ and download one of the following files. - freetype-doc-2.5.5.tar.bz2 - freetype-doc-2.5.5.tar.gz - ftdoc255.zip + freetype-doc-2.6.tar.bz2 + freetype-doc-2.6.tar.gz + ftdoc26.zip To view the documentation online, go to @@ -70,7 +70,7 @@ ---------------------------------------------------------------------- -Copyright 2006-2014 by +Copyright 2006-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/README.git b/freetype/README.git index 021c12141..2350e78d6 100644 --- a/freetype/README.git +++ b/freetype/README.git @@ -37,7 +37,7 @@ repository. ---------------------------------------------------------------------- -Copyright 2005-2010, 2013 by +Copyright 2005-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/autogen.sh b/freetype/autogen.sh index cc0e661ce..9729af42d 100644 --- a/freetype/autogen.sh +++ b/freetype/autogen.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2005-2010, 2013 by +# Copyright 2005-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/amiga/README b/freetype/builds/amiga/README index 85fcc4330..1a68b107c 100644 --- a/freetype/builds/amiga/README +++ b/freetype/builds/amiga/README @@ -1,7 +1,7 @@ README for the builds/amiga subdirectory. -Copyright 2005, 2013 by +Copyright 2005-2015 by Werner Lemberg and Detlef Wrkner. This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/amiga/include/config/ftconfig.h b/freetype/builds/amiga/include/config/ftconfig.h index a73ace671..790eeec82 100644 --- a/freetype/builds/amiga/include/config/ftconfig.h +++ b/freetype/builds/amiga/include/config/ftconfig.h @@ -4,7 +4,7 @@ /* */ /* Amiga-specific configuration file (specification only). */ /* */ -/* Copyright 2005-2007, 2013 by */ +/* Copyright 2005-2015 by */ /* Werner Lemberg and Detlef Wrkner. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/builds/amiga/include/config/ftmodule.h b/freetype/builds/amiga/include/config/ftmodule.h index 5873bab74..77a66db47 100644 --- a/freetype/builds/amiga/include/config/ftmodule.h +++ b/freetype/builds/amiga/include/config/ftmodule.h @@ -4,7 +4,7 @@ /* */ /* Amiga-specific FreeType module selection. */ /* */ -/* Copyright 2005 by */ +/* Copyright 2005-2015 by */ /* Werner Lemberg and Detlef Wrkner. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/builds/amiga/makefile b/freetype/builds/amiga/makefile index 8a1e4c61b..bcb45b9ed 100644 --- a/freetype/builds/amiga/makefile +++ b/freetype/builds/amiga/makefile @@ -5,7 +5,7 @@ # -# Copyright 2005-2007, 2009, 2013 by +# Copyright 2005-2015 by # Werner Lemberg and Detlef Wrkner. # # This file is part of the FreeType project, and may only be used, modified, @@ -96,6 +96,9 @@ ftbitmap.ppc.o: $(FTSRC)/base/ftbitmap.c ftcid.ppc.o: $(FTSRC)/base/ftcid.c $(CC) -c $(CFLAGS) -o $@ $< +ftfntfmt.ppc.o: $(FTSRC)/base/ftfntfmt.c + $(CC) -c $(CFLAGS) -o $@ $< + ftfstype.ppc.o: $(FTSRC)/base/ftfstype.c $(CC) -c $(CFLAGS) -o $@ $< @@ -135,9 +138,6 @@ fttype1.ppc.o: $(FTSRC)/base/fttype1.c ftwinfnt.ppc.o: $(FTSRC)/base/ftwinfnt.c $(CC) -c $(CFLAGS) -o $@ $< -ftxf86.ppc.o: $(FTSRC)/base/ftxf86.c - $(CC) -c $(CFLAGS) -o $@ $< - # # FreeType2 library autofitting module # @@ -269,11 +269,11 @@ gxvalid.ppc.o: $(FTSRC)/gxvalid/gxvalid.c otvalid.ppc.o: $(FTSRC)/otvalid/otvalid.c $(CC) -c $(CFLAGS) -o $@ $< -BASEPPC = ftbase.ppc.o ftbbox.ppc.o ftbdf.ppc.o ftbitmap.ppc.o ftcid.ppc.o \ - ftfstype.ppc.o ftgasp.ppc.o ftglyph.ppc.o ftgxval.ppc.o \ - ftlcdfil.ppc.o ftmm.ppc.o ftotval.ppc.o ftpatent.ppc.o ftpfr.ppc.o \ - ftstroke.ppc.o ftsynth.ppc.o fttype1.ppc.o ftwinfnt.ppc.o \ - ftxf86.ppc.o +BASEPPC = ftbase.ppc.o ftbbox.ppc.o ftbdf.ppc.o ftbitmap.ppc.o ftcid.ppc.o \ + ftfntfmt.ppc.oftfstype.ppc.o ftgasp.ppc.o ftglyph.ppc.o \ + ftgxval.ppc.o ftlcdfil.ppc.o ftmm.ppc.o ftotval.ppc.o \ + ftpatent.ppc.o ftpfr.ppc.o ftstroke.ppc.o ftsynth.ppc.o \ + fttype1.ppc.o ftwinfnt.ppc.o DEBUGPPC = ftdebug.ppc.o ftdebugpure.ppc.o diff --git a/freetype/builds/amiga/makefile.os4 b/freetype/builds/amiga/makefile.os4 index a2e6ffced..481fe5950 100644 --- a/freetype/builds/amiga/makefile.os4 +++ b/freetype/builds/amiga/makefile.os4 @@ -4,7 +4,7 @@ # -# Copyright 2005-2007, 2009, 2013 by +# Copyright 2005-2015 by # Werner Lemberg and Detlef Wrkner. # # This file is part of the FreeType project, and may only be used, modified, @@ -99,6 +99,9 @@ ftdebug.ppc.o: FT:src/base/ftdebug.c ftdebugpure.ppc.o: src/base/ftdebug.c $(CC) -c $(CFLAGS) -o $@ src/base/ftdebug.c +ftfntfmt.ppc.o: FT:src/base/ftfntfmt.c + $(CC) -c $(CFLAGS) -o $@ /FT/src/base/ftfntfmt.c + ftfstype.ppc.o: FT:src/base/ftfstype.c $(CC) -c $(CFLAGS) -o $@ /FT/src/base/ftfstype.c @@ -138,9 +141,6 @@ fttype1.ppc.o: FT:src/base/fttype1.c ftwinfnt.ppc.o: FT:src/base/ftwinfnt.c $(CC) -c $(CFLAGS) -o $@ /FT/src/base/ftwinfnt.c -ftxf86.ppc.o: FT:src/base/ftxf86.c - $(CC) -c $(CFLAGS) -o $@ /FT/src/base/ftxf86.c - # # FreeType2 library autofitting module # @@ -273,11 +273,11 @@ gxvalid.ppc.o: FT:src/gxvalid/gxvalid.c otvalid.ppc.o: FT:src/otvalid/otvalid.c $(CC) -c $(CFLAGS) -o $@ /FT/src/otvalid/otvalid.c -BASE = ftbase.ppc.o ftbbox.ppc.o ftbdf.ppc.o ftbitmap.ppc.o ftcid.ppc.o \ - ftfstype.ppc.o ftgasp.ppc.o ftglyph.ppc.o ftgxval.ppc.o \ - ftlcdfil.ppc.o ftmm.ppc.o ftotval.ppc.o ftpatent.ppc.o ftpfr.ppc.o \ - ftstroke.ppc.o ftsynth.ppc.o fttype1.ppc.o ftwinfnt.ppc.o \ - ftxf86.ppc.o +BASE = ftbase.ppc.o ftbbox.ppc.o ftbdf.ppc.o ftbitmap.ppc.o ftcid.ppc.o \ + ftfntfmt.ppc.o ftfstype.ppc.o ftgasp.ppc.o ftglyph.ppc.o \ + ftgxval.ppc.o ftlcdfil.ppc.o ftmm.ppc.o ftotval.ppc.o \ + ftpatent.ppc.o ftpfr.ppc.o ftstroke.ppc.o ftsynth.ppc.o \ + fttype1.ppc.o ftwinfnt.ppc.o DEBUG = ftdebug.ppc.o ftdebugpure.ppc.o diff --git a/freetype/builds/amiga/smakefile b/freetype/builds/amiga/smakefile index aee7fb9d4..156beb29f 100644 --- a/freetype/builds/amiga/smakefile +++ b/freetype/builds/amiga/smakefile @@ -3,7 +3,7 @@ # -# Copyright 2005-2007, 2009, 2013 by +# Copyright 2005-2015 by # Werner Lemberg and Detlef Wrkner. # # This file is part of the FreeType project, and may only be used, modified, @@ -42,9 +42,9 @@ # (and either ftdebug.o or ftdebugpure.o if you enabled FT_DEBUG_LEVEL_ERROR or # FT_DEBUG_LEVEL_TRACE in include/config/ftoption.h). -OBJBASE = ftbase.o ftbbox.o ftbdf.o ftbitmap.o ftcid.o ftfstype.o ftgasp.o \ - ftglyph.o ftgxval.o ftlcdfil.o ftmm.o ftotval.o ftpatent.o ftpfr.o \ - ftstroke.o ftsynth.o fttype1.o ftwinfnt.o ftxf86.o +OBJBASE = ftbase.o ftbbox.o ftbdf.o ftbitmap.o ftcid.o ftfntfmt.o ftfstype.o \ + ftgasp.o ftglyph.o ftgxval.o ftlcdfil.o ftmm.o ftotval.o \ + ftpatent.o ftpfr.o ftstroke.o ftsynth.o fttype1.o ftwinfnt.o OBJSYSTEM = ftsystem.o ftsystempure.o @@ -133,6 +133,8 @@ ftbitmap.o: $(CORE)base/ftbitmap.c sc $(SCFLAGS) objname=$@ $< ftcid.o: $(CORE)base/ftcid.c sc $(SCFLAGS) objname=$@ $< +ftfntfmt.o: $(CORE)base/ftfntfmt.c + sc $(SCFLAGS) objname=$@ $< ftfstype.o: $(CORE)base/ftfstype.c sc $(SCFLAGS) objname=$@ $< ftgasp.o: $(CORE)base/ftgasp.c @@ -159,8 +161,6 @@ fttype1.o: $(CORE)base/fttype1.c sc $(SCFLAGS) objname=$@ $< ftwinfnt.o: $(CORE)base/ftwinfnt.c sc $(SCFLAGS) objname=$@ $< -ftxf86.o: $(CORE)base/ftxf86.c - sc $(SCFLAGS) objname=$@ $< # # freetype library autofitter module diff --git a/freetype/builds/amiga/src/base/ftdebug.c b/freetype/builds/amiga/src/base/ftdebug.c index 39688af78..891a597ae 100644 --- a/freetype/builds/amiga/src/base/ftdebug.c +++ b/freetype/builds/amiga/src/base/ftdebug.c @@ -4,7 +4,7 @@ /* */ /* Debugging and logging component for amiga (body). */ /* */ -/* Copyright 1996-2002, 2004, 2005, 2013 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, Werner Lemberg and Detlef Wrkner. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/builds/amiga/src/base/ftsystem.c b/freetype/builds/amiga/src/base/ftsystem.c index 42a552dbe..bb3ccfd13 100644 --- a/freetype/builds/amiga/src/base/ftsystem.c +++ b/freetype/builds/amiga/src/base/ftsystem.c @@ -4,7 +4,7 @@ /* */ /* Amiga-specific FreeType low-level system interface (body). */ /* */ -/* Copyright 1996-2002, 2005-2007, 2010, 2013 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, Werner Lemberg and Detlef Wrkner. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/builds/ansi/ansi-def.mk b/freetype/builds/ansi/ansi-def.mk index 2c5857295..35b9f32fe 100644 --- a/freetype/builds/ansi/ansi-def.mk +++ b/freetype/builds/ansi/ansi-def.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/ansi/ansi.mk b/freetype/builds/ansi/ansi.mk index 32b3bac3e..2816e14fe 100644 --- a/freetype/builds/ansi/ansi.mk +++ b/freetype/builds/ansi/ansi.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/beos/beos-def.mk b/freetype/builds/beos/beos-def.mk index 4371a30aa..5ddedc037 100644 --- a/freetype/builds/beos/beos-def.mk +++ b/freetype/builds/beos/beos-def.mk @@ -5,7 +5,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/beos/beos.mk b/freetype/builds/beos/beos.mk index b5c8bdabe..6c7fca11c 100644 --- a/freetype/builds/beos/beos.mk +++ b/freetype/builds/beos/beos.mk @@ -2,7 +2,7 @@ # FreeType 2 configuration rules for a BeOS system # -# Copyright 1996-2000, 2002, 2005 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/beos/detect.mk b/freetype/builds/beos/detect.mk index 24a087886..b23f94ee7 100644 --- a/freetype/builds/beos/detect.mk +++ b/freetype/builds/beos/detect.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/cmake/iOS.cmake b/freetype/builds/cmake/iOS.cmake index a41a7acf2..7970f2b10 100755 --- a/freetype/builds/cmake/iOS.cmake +++ b/freetype/builds/cmake/iOS.cmake @@ -1,6 +1,6 @@ # iOS.cmake # -# Copyright 2014 by +# Copyright 2014-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # Written by David Wimsey diff --git a/freetype/builds/compiler/ansi-cc.mk b/freetype/builds/compiler/ansi-cc.mk index 3b668e201..c9f66088e 100644 --- a/freetype/builds/compiler/ansi-cc.mk +++ b/freetype/builds/compiler/ansi-cc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/bcc-dev.mk b/freetype/builds/compiler/bcc-dev.mk index 42a99b0c0..8ab957e9c 100644 --- a/freetype/builds/compiler/bcc-dev.mk +++ b/freetype/builds/compiler/bcc-dev.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/bcc.mk b/freetype/builds/compiler/bcc.mk index 855edadf0..f38384064 100644 --- a/freetype/builds/compiler/bcc.mk +++ b/freetype/builds/compiler/bcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/emx.mk b/freetype/builds/compiler/emx.mk index c237005cb..62fe35df7 100644 --- a/freetype/builds/compiler/emx.mk +++ b/freetype/builds/compiler/emx.mk @@ -3,7 +3,7 @@ # -# Copyright 2003, 2006 by +# Copyright 2003-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/gcc-dev.mk b/freetype/builds/compiler/gcc-dev.mk index c63e1262e..fd789af9e 100644 --- a/freetype/builds/compiler/gcc-dev.mk +++ b/freetype/builds/compiler/gcc-dev.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2004, 2005, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/gcc.mk b/freetype/builds/compiler/gcc.mk index f6b7101b3..0970d1c55 100644 --- a/freetype/builds/compiler/gcc.mk +++ b/freetype/builds/compiler/gcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2006, 2009 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/intelc.mk b/freetype/builds/compiler/intelc.mk index 413ce5bac..19e5962ea 100644 --- a/freetype/builds/compiler/intelc.mk +++ b/freetype/builds/compiler/intelc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/unix-lcc.mk b/freetype/builds/compiler/unix-lcc.mk index d79f50846..ebe330654 100644 --- a/freetype/builds/compiler/unix-lcc.mk +++ b/freetype/builds/compiler/unix-lcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/visualage.mk b/freetype/builds/compiler/visualage.mk index c109659bf..db997faa3 100644 --- a/freetype/builds/compiler/visualage.mk +++ b/freetype/builds/compiler/visualage.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/visualc.mk b/freetype/builds/compiler/visualc.mk index 2e19ef86a..900c8bea2 100644 --- a/freetype/builds/compiler/visualc.mk +++ b/freetype/builds/compiler/visualc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2006, 2008 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/watcom.mk b/freetype/builds/compiler/watcom.mk index 4db1e7fec..f83425e2b 100644 --- a/freetype/builds/compiler/watcom.mk +++ b/freetype/builds/compiler/watcom.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/compiler/win-lcc.mk b/freetype/builds/compiler/win-lcc.mk index 5d02d8246..9e4f79df2 100644 --- a/freetype/builds/compiler/win-lcc.mk +++ b/freetype/builds/compiler/win-lcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/detect.mk b/freetype/builds/detect.mk index ff4045d5c..4b789d3ab 100644 --- a/freetype/builds/detect.mk +++ b/freetype/builds/detect.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2003, 2006, 2008, 2013, 2014 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/dos/detect.mk b/freetype/builds/dos/detect.mk index 3e5e967e4..e49ba98ca 100644 --- a/freetype/builds/dos/detect.mk +++ b/freetype/builds/dos/detect.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2004, 2006, 2014 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/dos/dos-def.mk b/freetype/builds/dos/dos-def.mk index 950f581a0..ac0be5ebb 100644 --- a/freetype/builds/dos/dos-def.mk +++ b/freetype/builds/dos/dos-def.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/dos/dos-emx.mk b/freetype/builds/dos/dos-emx.mk index 6ea8f6d87..c421674fb 100644 --- a/freetype/builds/dos/dos-emx.mk +++ b/freetype/builds/dos/dos-emx.mk @@ -3,7 +3,7 @@ # -# Copyright 2003 by +# Copyright 2003-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/dos/dos-gcc.mk b/freetype/builds/dos/dos-gcc.mk index e14255c1f..991fb64ac 100644 --- a/freetype/builds/dos/dos-gcc.mk +++ b/freetype/builds/dos/dos-gcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/dos/dos-wat.mk b/freetype/builds/dos/dos-wat.mk index c763b163c..0c34a0d90 100644 --- a/freetype/builds/dos/dos-wat.mk +++ b/freetype/builds/dos/dos-wat.mk @@ -3,7 +3,7 @@ # -# Copyright 2003 by +# Copyright 2003-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/exports.mk b/freetype/builds/exports.mk index 96b10db87..687ced7ba 100644 --- a/freetype/builds/exports.mk +++ b/freetype/builds/exports.mk @@ -3,7 +3,7 @@ # -# Copyright 2005, 2006 by +# Copyright 2005-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/freetype.mk b/freetype/builds/freetype.mk index 8b2e2eace..5ea13f058 100644 --- a/freetype/builds/freetype.mk +++ b/freetype/builds/freetype.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2006, 2008, 2013, 2014 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, @@ -155,15 +155,13 @@ ifneq ($(wildcard $(OBJ_DIR)/ftoption.h),) FTOPTION_FLAG := $DFT_CONFIG_OPTIONS_H="" endif -# Note that a build with the `configure' script uses $(CFLAGS) only. +# `CPPFLAGS' might be specified by the user in the environment. # FT_CFLAGS = $(CPPFLAGS) \ - $(INCLUDE_FLAGS) \ $(CFLAGS) \ $DFT2_BUILD_LIBRARY \ $DFT_CONFIG_MODULES_H="" \ $(FTOPTION_FLAG) -FT_COMPILE = $(CC) $(ANSIFLAGS) $(FT_CFLAGS) # Include the `exports' rules file. @@ -195,6 +193,8 @@ DEVEL_H := $(wildcard $(TOP_DIR)/devel/*.h) FREETYPE_H := $(PUBLIC_H) $(INTERNAL_H) $(CONFIG_H) $(DEVEL_H) +FT_COMPILE := $(CC) $(ANSIFLAGS) $(INCLUDE_FLAGS) $(FT_CFLAGS) + # ftsystem component # FTSYS_SRC ?= $(BASE_DIR)/ftsystem.c @@ -270,32 +270,6 @@ objects: $(OBJECTS_LIST) library: $(PROJECT_LIBRARY) -.c.$O: - $(FT_COMPILE) $T$(subst /,$(COMPILER_SEP),$@ $<) - - -ifneq ($(findstring refdoc,$(MAKECMDGOALS)),) - # poor man's `sed' emulation with make's built-in string functions - work := $(strip $(shell $(CAT) $(PUBLIC_DIR)/freetype.h)) - work := $(subst |,x,$(work)) - work := $(subst $(space),|,$(work)) - work := $(subst \#define|FREETYPE_MAJOR|,$(space),$(work)) - work := $(word 2,$(work)) - major := $(subst |,$(space),$(work)) - major := $(firstword $(major)) - - work := $(subst \#define|FREETYPE_MINOR|,$(space),$(work)) - work := $(word 2,$(work)) - minor := $(subst |,$(space),$(work)) - minor := $(firstword $(minor)) - - work := $(subst \#define|FREETYPE_PATCH|,$(space),$(work)) - work := $(word 2,$(work)) - patch := $(subst |,$(space),$(work)) - patch := $(firstword $(patch)) - - version := $(major).$(minor).$(patch) -endif # Option `-B' disables generation of .pyc files (available since python 2.6) # diff --git a/freetype/builds/link_dos.mk b/freetype/builds/link_dos.mk index c37ac7e52..694845b9e 100644 --- a/freetype/builds/link_dos.mk +++ b/freetype/builds/link_dos.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/link_std.mk b/freetype/builds/link_std.mk index 0bd2163bb..886b2e6b3 100644 --- a/freetype/builds/link_std.mk +++ b/freetype/builds/link_std.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/mac/FreeType.m68k_cfm.make.txt b/freetype/builds/mac/FreeType.m68k_cfm.make.txt index 425f9f9ce..c0a55f510 100644 --- a/freetype/builds/mac/FreeType.m68k_cfm.make.txt +++ b/freetype/builds/mac/FreeType.m68k_cfm.make.txt @@ -38,6 +38,7 @@ SrcFiles = \xB6 :src:base:ftbdf.c \xB6 :src:base:ftbitmap.c \xB6 :src:base:ftdebug.c \xB6 + :src:base:ftfntfmt.c \xB6 :src:base:ftfstype.c \xB6 :src:base:ftglyph.c \xB6 :src:base:ftgxval.c \xB6 @@ -50,7 +51,6 @@ SrcFiles = \xB6 :src:base:ftsystem.c \xB6 :src:base:fttype1.c \xB6 :src:base:ftwinfnt.c \xB6 - :src:base:ftxf86.c \xB6 :src:cache:ftcache.c \xB6 :src:bdf:bdf.c \xB6 :src:cff:cff.c \xB6 @@ -83,6 +83,7 @@ ObjFiles-68K = \xB6 "{ObjDir}ftbdf.c.o" \xB6 "{ObjDir}ftbitmap.c.o" \xB6 "{ObjDir}ftdebug.c.o" \xB6 + "{ObjDir}ftfntfmt.c.o" \xB6 "{ObjDir}ftfstype.c.o" \xB6 "{ObjDir}ftglyph.c.o" \xB6 "{ObjDir}ftgxval.c.o" \xB6 @@ -95,7 +96,6 @@ ObjFiles-68K = \xB6 "{ObjDir}ftsystem.c.o" \xB6 "{ObjDir}fttype1.c.o" \xB6 "{ObjDir}ftwinfnt.c.o" \xB6 - "{ObjDir}ftxf86.c.o" \xB6 "{ObjDir}ftcache.c.o" \xB6 "{ObjDir}bdf.c.o" \xB6 "{ObjDir}cff.c.o" \xB6 @@ -161,6 +161,7 @@ FreeType.m68k_cfm.o \xC4\xC4 {ObjFiles-68K} {LibFiles-68K} {\xA5MondoBuild\xA5 "{ObjDir}ftbdf.c.o" \xC4 :src:base:ftbdf.c "{ObjDir}ftbitmap.c.o" \xC4 :src:base:ftbitmap.c "{ObjDir}ftdebug.c.o" \xC4 :src:base:ftdebug.c +"{ObjDir}ftfntfmt.c.o" \xC4 :src:base:ftfntfmt.c "{ObjDir}ftfstype.c.o" \xC4 :src:base:ftfstype.c "{ObjDir}ftglyph.c.o" \xC4 :src:base:ftglyph.c "{ObjDir}ftgxval.c.o" \xC4 :src:base:ftgxval.c @@ -173,7 +174,6 @@ FreeType.m68k_cfm.o \xC4\xC4 {ObjFiles-68K} {LibFiles-68K} {\xA5MondoBuild\xA5 "{ObjDir}ftsystem.c.o" \xC4 :src:base:ftsystem.c "{ObjDir}fttype1.c.o" \xC4 :src:base:fttype1.c "{ObjDir}ftwinfnt.c.o" \xC4 :src:base:ftwinfnt.c -"{ObjDir}ftxf86.c.o" \xC4 :src:base:ftxf86.c "{ObjDir}ftcache.c.o" \xC4 :src:cache:ftcache.c "{ObjDir}bdf.c.o" \xC4 :src:bdf:bdf.c "{ObjDir}cff.c.o" \xC4 :src:cff:cff.c diff --git a/freetype/builds/mac/FreeType.m68k_far.make.txt b/freetype/builds/mac/FreeType.m68k_far.make.txt index ebf5a1b56..e9b7f6f5f 100644 --- a/freetype/builds/mac/FreeType.m68k_far.make.txt +++ b/freetype/builds/mac/FreeType.m68k_far.make.txt @@ -37,6 +37,7 @@ SrcFiles = \xB6 :src:base:ftbdf.c \xB6 :src:base:ftbitmap.c \xB6 :src:base:ftdebug.c \xB6 + :src:base:ftfntfmt.c \xB6 :src:base:ftfstype.c \xB6 :src:base:ftglyph.c \xB6 :src:base:ftgxval.c \xB6 @@ -49,7 +50,6 @@ SrcFiles = \xB6 :src:base:ftsystem.c \xB6 :src:base:fttype1.c \xB6 :src:base:ftwinfnt.c \xB6 - :src:base:ftxf86.c \xB6 :src:cache:ftcache.c \xB6 :src:bdf:bdf.c \xB6 :src:cff:cff.c \xB6 @@ -82,6 +82,7 @@ ObjFiles-68K = \xB6 "{ObjDir}ftbdf.c.o" \xB6 "{ObjDir}ftbitmap.c.o" \xB6 "{ObjDir}ftdebug.c.o" \xB6 + "{ObjDir}ftfntfmt.c.o" \xB6 "{ObjDir}ftfstype.c.o" \xB6 "{ObjDir}ftglyph.c.o" \xB6 "{ObjDir}ftgxval.c.o" \xB6 @@ -94,7 +95,6 @@ ObjFiles-68K = \xB6 "{ObjDir}ftsystem.c.o" \xB6 "{ObjDir}fttype1.c.o" \xB6 "{ObjDir}ftwinfnt.c.o" \xB6 - "{ObjDir}ftxf86.c.o" \xB6 "{ObjDir}ftcache.c.o" \xB6 "{ObjDir}bdf.c.o" \xB6 "{ObjDir}cff.c.o" \xB6 @@ -160,6 +160,7 @@ FreeType.m68k_far.o \xC4\xC4 {ObjFiles-68K} {LibFiles-68K} {\xA5MondoBuild\xA5 "{ObjDir}ftbdf.c.o" \xC4 :src:base:ftbdf.c "{ObjDir}ftbitmap.c.o" \xC4 :src:base:ftbitmap.c "{ObjDir}ftdebug.c.o" \xC4 :src:base:ftdebug.c +"{ObjDir}ftfntfmt.c.o" \xC4 :src:base:ftfntfmt.c "{ObjDir}ftfstype.c.o" \xC4 :src:base:ftfstype.c "{ObjDir}ftglyph.c.o" \xC4 :src:base:ftglyph.c "{ObjDir}ftgxval.c.o" \xC4 :src:base:ftgxval.c @@ -172,7 +173,6 @@ FreeType.m68k_far.o \xC4\xC4 {ObjFiles-68K} {LibFiles-68K} {\xA5MondoBuild\xA5 "{ObjDir}ftsystem.c.o" \xC4 :src:base:ftsystem.c "{ObjDir}fttype1.c.o" \xC4 :src:base:fttype1.c "{ObjDir}ftwinfnt.c.o" \xC4 :src:base:ftwinfnt.c -"{ObjDir}ftxf86.c.o" \xC4 :src:base:ftxf86.c "{ObjDir}ftcache.c.o" \xC4 :src:cache:ftcache.c "{ObjDir}bdf.c.o" \xC4 :src:bdf:bdf.c "{ObjDir}cff.c.o" \xC4 :src:cff:cff.c diff --git a/freetype/builds/mac/FreeType.ppc_carbon.make.txt b/freetype/builds/mac/FreeType.ppc_carbon.make.txt index 2926413f3..9eb1dac4e 100644 --- a/freetype/builds/mac/FreeType.ppc_carbon.make.txt +++ b/freetype/builds/mac/FreeType.ppc_carbon.make.txt @@ -38,6 +38,7 @@ SrcFiles = \xB6 :src:base:ftbdf.c \xB6 :src:base:ftbitmap.c \xB6 :src:base:ftdebug.c \xB6 + :src:base:ftfntfmt.c \xB6 :src:base:ftfstype.c \xB6 :src:base:ftglyph.c \xB6 :src:base:ftgxval.c \xB6 @@ -50,7 +51,6 @@ SrcFiles = \xB6 :src:base:ftsystem.c \xB6 :src:base:fttype1.c \xB6 :src:base:ftwinfnt.c \xB6 - :src:base:ftxf86.c \xB6 :src:cache:ftcache.c \xB6 :src:bdf:bdf.c \xB6 :src:cff:cff.c \xB6 @@ -83,6 +83,7 @@ ObjFiles-PPC = \xB6 "{ObjDir}ftbdf.c.x" \xB6 "{ObjDir}ftbitmap.c.x" \xB6 "{ObjDir}ftdebug.c.x" \xB6 + "{ObjDir}ftfntfmt.c.x" \xB6 "{ObjDir}ftfstype.c.x" \xB6 "{ObjDir}ftglyph.c.x" \xB6 "{ObjDir}ftgxval.c.x" \xB6 @@ -95,7 +96,6 @@ ObjFiles-PPC = \xB6 "{ObjDir}ftsystem.c.x" \xB6 "{ObjDir}fttype1.c.x" \xB6 "{ObjDir}ftwinfnt.c.x" \xB6 - "{ObjDir}ftxf86.c.x" \xB6 "{ObjDir}ftcache.c.x" \xB6 "{ObjDir}bdf.c.x" \xB6 "{ObjDir}cff.c.x" \xB6 @@ -164,6 +164,7 @@ FreeType.ppc_carbon.o \xC4\xC4 {ObjFiles-PPC} {LibFiles-PPC} {\xA5MondoBuild\x "{ObjDir}ftbdf.c.x" \xC4 :src:base:ftbdf.c "{ObjDir}ftbitmap.c.x" \xC4 :src:base:ftbitmap.c "{ObjDir}ftdebug.c.x" \xC4 :src:base:ftdebug.c +"{ObjDir}ftfntfmt.c.x" \xC4 :src:base:ftfntfmt.c "{ObjDir}ftfstype.c.x" \xC4 :src:base:ftfstype.c "{ObjDir}ftglyph.c.x" \xC4 :src:base:ftglyph.c "{ObjDir}ftgxval.c.x" \xC4 :src:base:ftgxval.c @@ -176,7 +177,6 @@ FreeType.ppc_carbon.o \xC4\xC4 {ObjFiles-PPC} {LibFiles-PPC} {\xA5MondoBuild\x "{ObjDir}ftsystem.c.x" \xC4 :src:base:ftsystem.c "{ObjDir}fttype1.c.x" \xC4 :src:base:fttype1.c "{ObjDir}ftwinfnt.c.x" \xC4 :src:base:ftwinfnt.c -"{ObjDir}ftxf86.c.x" \xC4 :src:base:ftxf86.c "{ObjDir}ftcache.c.x" \xC4 :src:cache:ftcache.c "{ObjDir}bdf.c.x" \xC4 :src:bdf:bdf.c "{ObjDir}cff.c.x" \xC4 :src:cff:cff.c diff --git a/freetype/builds/mac/FreeType.ppc_classic.make.txt b/freetype/builds/mac/FreeType.ppc_classic.make.txt index 377de9ab9..0627eeaa9 100644 --- a/freetype/builds/mac/FreeType.ppc_classic.make.txt +++ b/freetype/builds/mac/FreeType.ppc_classic.make.txt @@ -38,6 +38,7 @@ SrcFiles = \xB6 :src:base:ftbdf.c \xB6 :src:base:ftbitmap.c \xB6 :src:base:ftdebug.c \xB6 + :src:base:ftfntfmt.c \xB6 :src:base:ftfstype.c \xB6 :src:base:ftglyph.c \xB6 :src:base:ftgxval.c \xB6 @@ -50,7 +51,6 @@ SrcFiles = \xB6 :src:base:ftsystem.c \xB6 :src:base:fttype1.c \xB6 :src:base:ftwinfnt.c \xB6 - :src:base:ftxf86.c \xB6 :src:cache:ftcache.c \xB6 :src:bdf:bdf.c \xB6 :src:cff:cff.c \xB6 @@ -83,6 +83,7 @@ ObjFiles-PPC = \xB6 "{ObjDir}ftbdf.c.x" \xB6 "{ObjDir}ftbitmap.c.x" \xB6 "{ObjDir}ftdebug.c.x" \xB6 + "{ObjDir}ftfntfmt.c.x" \xB6 "{ObjDir}ftfstype.c.x" \xB6 "{ObjDir}ftglyph.c.x" \xB6 "{ObjDir}ftgxval.c.x" \xB6 @@ -95,7 +96,6 @@ ObjFiles-PPC = \xB6 "{ObjDir}ftsystem.c.x" \xB6 "{ObjDir}fttype1.c.x" \xB6 "{ObjDir}ftwinfnt.c.x" \xB6 - "{ObjDir}ftxf86.c.x" \xB6 "{ObjDir}ftcache.c.x" \xB6 "{ObjDir}bdf.c.x" \xB6 "{ObjDir}cff.c.x" \xB6 @@ -164,6 +164,7 @@ FreeType.ppc_classic.o \xC4\xC4 {ObjFiles-PPC} {LibFiles-PPC} {\xA5MondoBuild\ "{ObjDir}ftbdf.c.x" \xC4 :src:base:ftbdf.c "{ObjDir}ftbitmap.c.x" \xC4 :src:base:ftbitmap.c "{ObjDir}ftdebug.c.x" \xC4 :src:base:ftdebug.c +"{ObjDir}ftfntfmt.c.x" \xC4 :src:base:ftfntfmt.c "{ObjDir}ftfstype.c.x" \xC4 :src:base:ftfstype.c "{ObjDir}ftglyph.c.x" \xC4 :src:base:ftglyph.c "{ObjDir}ftgxval.c.x" \xC4 :src:base:ftgxval.c @@ -176,7 +177,6 @@ FreeType.ppc_classic.o \xC4\xC4 {ObjFiles-PPC} {LibFiles-PPC} {\xA5MondoBuild\ "{ObjDir}ftsystem.c.x" \xC4 :src:base:ftsystem.c "{ObjDir}fttype1.c.x" \xC4 :src:base:fttype1.c "{ObjDir}ftwinfnt.c.x" \xC4 :src:base:ftwinfnt.c -"{ObjDir}ftxf86.c.x" \xC4 :src:base:ftxf86.c "{ObjDir}ftcache.c.x" \xC4 :src:cache:ftcache.c "{ObjDir}bdf.c.x" \xC4 :src:bdf:bdf.c "{ObjDir}cff.c.x" \xC4 :src:cff:cff.c diff --git a/freetype/builds/mac/ftmac.c b/freetype/builds/mac/ftmac.c index 27b5511c0..7e2f292d1 100644 --- a/freetype/builds/mac/ftmac.c +++ b/freetype/builds/mac/ftmac.c @@ -5,7 +5,7 @@ /* Mac FOND support. Written by just@letterror.com. */ /* Heavily Fixed by mpsuzuki, George Williams and Sean McBride */ /* */ -/* Copyright 1996-2008, 2013, 2014 by */ +/* Copyright 1996-2015 by */ /* Just van Rossum, David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/builds/modules.mk b/freetype/builds/modules.mk index 3c1b083dd..0b8b0c1ff 100644 --- a/freetype/builds/modules.mk +++ b/freetype/builds/modules.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006, 2008, 2014 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/os2/detect.mk b/freetype/builds/os2/detect.mk index 47a40a2f8..fde932743 100644 --- a/freetype/builds/os2/detect.mk +++ b/freetype/builds/os2/detect.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/os2/os2-def.mk b/freetype/builds/os2/os2-def.mk index 01cda9285..691036f1d 100644 --- a/freetype/builds/os2/os2-def.mk +++ b/freetype/builds/os2/os2-def.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/os2/os2-dev.mk b/freetype/builds/os2/os2-dev.mk index 83da8dea3..eacf58f8a 100644 --- a/freetype/builds/os2/os2-dev.mk +++ b/freetype/builds/os2/os2-dev.mk @@ -5,7 +5,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/os2/os2-gcc.mk b/freetype/builds/os2/os2-gcc.mk index 446073e4f..8390a36fe 100644 --- a/freetype/builds/os2/os2-gcc.mk +++ b/freetype/builds/os2/os2-gcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/symbian/bld.inf b/freetype/builds/symbian/bld.inf index bc8c1609c..d3637f238 100644 --- a/freetype/builds/symbian/bld.inf +++ b/freetype/builds/symbian/bld.inf @@ -2,7 +2,7 @@ // FreeType 2 project for the symbian platform // -// Copyright 2008, 2009, 2013 by +// Copyright 2008-2015 by // David Turner, Robert Wilhelm, and Werner Lemberg. // // This file is part of the FreeType project, and may only be used, modified, @@ -32,6 +32,7 @@ PRJ_EXPORTS ../../include/ftcid.h ftcid.h ../../include/fterrdef.h fterrdef.h ../../include/fterrors.h fterrors.h +../../include/ftfntfmt.h ftfntfmt.h ../../include/ftgasp.h ftgasp.h ../../include/ftglyph.h ftglyph.h ../../include/ftgxval.h ftgxval.h @@ -58,7 +59,6 @@ PRJ_EXPORTS ../../include/fttrigon.h fttrigon.h ../../include/fttypes.h fttypes.h ../../include/ftwinfnt.h ftwinfnt.h -../../include/ftxf86.h ftxf86.h ../../include/t1tables.h t1tables.h ../../include/ttnameid.h ttnameid.h ../../include/tttables.h tttables.h diff --git a/freetype/builds/symbian/freetype.mmp b/freetype/builds/symbian/freetype.mmp index cb0008c44..b7691f07f 100644 --- a/freetype/builds/symbian/freetype.mmp +++ b/freetype/builds/symbian/freetype.mmp @@ -2,7 +2,7 @@ // FreeType 2 makefile for the symbian platform // -// Copyright 2008, 2009 by +// Copyright 2008-2015 by // David Turner, Robert Wilhelm, and Werner Lemberg. // // This file is part of the FreeType project, and may only be used, modified, @@ -28,6 +28,7 @@ source ftbbox.c source ftbdf.c source ftbitmap.c source ftcid.c +source ftfntfmt.c source ftfstype.c source ftgasp.c source ftglyph.c diff --git a/freetype/builds/toplevel.mk b/freetype/builds/toplevel.mk index 16d4be837..9fe364db5 100644 --- a/freetype/builds/toplevel.mk +++ b/freetype/builds/toplevel.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2001, 2003, 2006, 2008-2010, 2012-2014 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, @@ -169,23 +169,41 @@ modules: include $(TOP_DIR)/builds/modules.mk +# get FreeType version string, using a +# poor man's `sed' emulation with make's built-in string functions +# +work := $(strip $(shell $(CAT) $(TOP_DIR)/include/freetype.h)) +work := $(subst |,x,$(work)) +work := $(subst $(space),|,$(work)) +work := $(subst \#define|FREETYPE_MAJOR|,$(space),$(work)) +work := $(word 2,$(work)) +major := $(subst |,$(space),$(work)) +major := $(firstword $(major)) + +work := $(subst \#define|FREETYPE_MINOR|,$(space),$(work)) +work := $(word 2,$(work)) +minor := $(subst |,$(space),$(work)) +minor := $(firstword $(minor)) + +work := $(subst \#define|FREETYPE_PATCH|,$(space),$(work)) +work := $(word 2,$(work)) +patch := $(subst |,$(space),$(work)) +patch := $(firstword $(patch)) + +ifneq ($(findstring x0x,x$(patch)x),) + version := $(major).$(minor) + winversion := $(major)$(minor) +else + version := $(major).$(minor).$(patch) + winversion := $(major)$(minor)$(patch) +endif + + # This target builds the tarballs. # # Not to be run by a normal user -- there are no attempts to make it # generic. -# we check for `dist', not `distclean' -ifneq ($(findstring distx,$(MAKECMDGOALS)x),) - FT_H := include/freetype.h - - major := $(shell sed -n 's/.*FREETYPE_MAJOR[^0-9]*\([0-9]\+\)/\1/p' < $(FT_H)) - minor := $(shell sed -n 's/.*FREETYPE_MINOR[^0-9]*\([0-9]\+\)/\1/p' < $(FT_H)) - patch := $(shell sed -n 's/.*FREETYPE_PATCH[^0-9]*\([0-9]\+\)/\1/p' < $(FT_H)) - - version := $(major).$(minor).$(patch) - winversion := $(major)$(minor)$(patch) -endif - dist: -rm -rf tmp rm -f freetype-$(version).tar.gz diff --git a/freetype/builds/unix/aclocal.m4 b/freetype/builds/unix/aclocal.m4 index 2c0316495..0a8c94d38 100644 --- a/freetype/builds/unix/aclocal.m4 +++ b/freetype/builds/unix/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.14 -*- Autoconf -*- +# generated automatically by aclocal 1.15 -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,7 @@ m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # -# Copyright (C) 1996-2001, 2003-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -73,7 +73,7 @@ esac # LT_INIT([OPTIONS]) # ------------------ AC_DEFUN([LT_INIT], -[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT +[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl @@ -117,19 +117,36 @@ dnl AC_DEFUN([AC_PROG_LIBTOOL], []) dnl AC_DEFUN([AM_PROG_LIBTOOL], []) +# _LT_PREPARE_CC_BASENAME +# ----------------------- +m4_defun([_LT_PREPARE_CC_BASENAME], [ +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in @S|@*""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} +])# _LT_PREPARE_CC_BASENAME + + # _LT_CC_BASENAME(CC) # ------------------- -# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME, +# but that macro is also expanded into generated libtool script, which +# arranges for $SED and $ECHO to be set by different means. m4_defun([_LT_CC_BASENAME], -[for cc_temp in $1""; do - case $cc_temp in - compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; - distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +[m4_require([_LT_PREPARE_CC_BASENAME])dnl +AC_REQUIRE([_LT_DECL_SED])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl +func_cc_basename $1 +cc_basename=$func_cc_basename_result ]) @@ -183,6 +200,7 @@ m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl m4_require([_LT_CMD_OLD_ARCHIVE])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_WITH_SYSROOT])dnl +m4_require([_LT_CMD_TRUNCATE])dnl _LT_CONFIG_LIBTOOL_INIT([ # See if we are running on zsh, and set the options that allow our @@ -727,11 +745,25 @@ _LT_CONFIG_SAVE_COMMANDS([ _LT_COPYING _LT_LIBTOOL_TAGS +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + # ### BEGIN LIBTOOL CONFIG _LT_LIBTOOL_CONFIG_VARS _LT_LIBTOOL_TAG_VARS # ### END LIBTOOL CONFIG +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +_LT_PREPARE_MUNGE_PATH_LIST +_LT_PREPARE_CC_BASENAME + +# ### END FUNCTIONS SHARED WITH CONFIGURE + _LT_EOF case $host_os in @@ -1048,7 +1080,7 @@ _LT_EOF case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - 10.[[012]]*) + 10.[[012]][[,.]]*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; @@ -1845,7 +1877,7 @@ else # endif #endif -/* When -fvisbility=hidden is used, assume the code has been annotated +/* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); @@ -2207,6 +2239,47 @@ _LT_DECL([], [striplib], [1]) ])# _LT_CMD_STRIPLIB +# _LT_PREPARE_MUNGE_PATH_LIST +# --------------------------- +# Make sure func_munge_path_list() is defined correctly. +m4_defun([_LT_PREPARE_MUNGE_PATH_LIST], +[[# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x@S|@2 in + x) + ;; + *:) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\" + ;; + x:*) + eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\" + ;; + *) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + esac +} +]])# _LT_PREPARE_PATH_LIST + + # _LT_SYS_DYNAMIC_LINKER([TAG]) # ----------------------------- # PORTME Fill in your ld.so characteristics @@ -2217,6 +2290,7 @@ m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ @@ -2311,6 +2385,9 @@ hardcode_into_libs=no # flags to be left without arguments need_version=unknown +AC_ARG_VAR([LT_SYS_LIBRARY_PATH], +[User-defined run-time library search path.]) + case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor @@ -2347,20 +2424,70 @@ aix[[4-9]]*) fi ;; esac + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. - if test yes = "$aix_use_runtimelinking"; then + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - else + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a[(]lib.so.V[)]' # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='$libname$release.a $libname.a' soname_spec='$libname$release$shared_ext$major' - fi + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac shlibpath_var=LIBPATH fi ;; @@ -2548,7 +2675,8 @@ freebsd* | dragonfly*) version_type=freebsd-$objformat case $version_type in freebsd-elf*) - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' need_version=no need_lib_prefix=no ;; @@ -2608,10 +2736,11 @@ hpux9* | hpux10* | hpux11*) soname_spec='$libname$release$shared_ext$major' if test 32 = "$HPUX_IA64_MODE"; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' @@ -2744,7 +2873,12 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) # before this can be enabled. hardcode_into_libs=yes - # Append ld.so.conf contents to the search path + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" @@ -2813,11 +2947,32 @@ openbsd* | bitrig*) os2*) libname_spec='$name' + version_type=windows shrext_cmds=.dll + need_version=no need_lib_prefix=no - library_names_spec='$libname$shared_ext $libname.a' + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' ;; osf3* | osf4* | osf5*) @@ -2893,7 +3048,7 @@ sysv4*MP*) ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf + version_type=sco need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' @@ -2947,10 +3102,20 @@ fi if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec fi + if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec fi +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + _LT_DECL([], [variables_saved_for_relink], [1], [Variables whose values should be saved in libtool wrapper scripts and restored at link time]) @@ -2983,8 +3148,10 @@ _LT_DECL([], [hardcode_into_libs], [0], [Whether we should hardcode library paths into libraries]) _LT_DECL([], [sys_lib_search_path_spec], [2], [Compile-time system search path for libraries]) -_LT_DECL([], [sys_lib_dlsearch_path_spec], [2], - [Run-time system search path for libraries]) +_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2], + [Detected run-time system search path for libraries]) +_LT_DECL([], [configure_time_lt_sys_library_path], [2], + [Explicit LT_SYS_LIBRARY_PATH set during ./configure time]) ])# _LT_SYS_DYNAMIC_LINKER @@ -3222,6 +3389,43 @@ _LT_TAGDECL([], [reload_cmds], [2])dnl ])# _LT_CMD_RELOAD +# _LT_PATH_DD +# ----------- +# find a working dd +m4_defun([_LT_PATH_DD], +[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD], +[printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd], +[if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi]) +rm -f conftest.i conftest2.i conftest.out]) +])# _LT_PATH_DD + + +# _LT_CMD_TRUNCATE +# ---------------- +# find command to truncate a binary pipe +m4_defun([_LT_CMD_TRUNCATE], +[m4_require([_LT_PATH_DD]) +AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin], +[printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"]) +_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1], + [Command to truncate a binary pipe]) +])# _LT_CMD_TRUNCATE + + # _LT_CHECK_MAGIC_METHOD # ---------------------- # how to check for library dependencies @@ -3420,6 +3624,9 @@ sysv4 | sysv4.3*) tpf*) lt_cv_deplibs_check_method=pass_all ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; esac ]) @@ -3477,8 +3684,13 @@ else # Adding the 'sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file - case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in - */dev/null* | *'Invalid file or object type'*) + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break 2 ;; @@ -4023,6 +4235,11 @@ m4_if([$1], [CXX], [ # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac ;; darwin* | rhapsody*) # PIC is the default on this platform @@ -4342,6 +4559,11 @@ m4_if([$1], [CXX], [ # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac ;; darwin* | rhapsody*) @@ -4439,6 +4661,11 @@ m4_if([$1], [CXX], [ # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac ;; hpux9* | hpux10* | hpux11*) @@ -4688,13 +4915,17 @@ m4_if([$1], [CXX], [ case $host_os in aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - # Also, AIX nm treats weak defined symbols like other global defined - # symbols, whereas GNU nm marks them as "W". + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi ;; pw32*) @@ -4905,6 +5136,34 @@ _LT_EOF _LT_TAGVAR(link_all_deplibs, $1)=yes ;; + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no @@ -4978,6 +5237,9 @@ _LT_EOF fi case $cc_basename in + tcc*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic' + ;; xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' @@ -5107,19 +5369,35 @@ _LT_EOF no_entry_flag= else # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - # Also, AIX nm treats weak defined symbols like other global - # defined symbols, whereas GNU nm marks them as "W". + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then @@ -5127,6 +5405,13 @@ _LT_EOF break fi done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi ;; esac @@ -5146,6 +5431,14 @@ _LT_EOF _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac if test yes = "$GCC"; then case $host_os in aix4.[[012]]|aix4.[[012]].*) @@ -5173,6 +5466,11 @@ _LT_EOF if test yes = "$aix_use_runtimelinking"; then shared_flag="$shared_flag "'$wl-G' fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' else # not using gcc if test ia64 = "$host_cpu"; then @@ -5185,6 +5483,8 @@ _LT_EOF else shared_flag='$wl-bM:SRE' fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' fi fi @@ -5192,7 +5492,7 @@ _LT_EOF # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_TAGVAR(always_export_symbols, $1)=yes - if test yes = "$aix_use_runtimelinking"; then + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' @@ -5223,8 +5523,20 @@ _LT_EOF _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared libraries. - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $wl-bnoentry $compiler_flags $wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' fi fi ;; @@ -5478,6 +5790,16 @@ _LT_EOF _LT_TAGVAR(link_all_deplibs, $1)=yes ;; + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + _LT_TAGVAR(ld_shlibs, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out @@ -5523,8 +5845,28 @@ _LT_EOF _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes ;; osf3*) @@ -5915,8 +6257,12 @@ if test -n "$compiler"; then ;; aix[[4-9]]*) - if test ia64 != "$host_cpu" && test no = "$aix_use_runtimelinking"; then - test yes = "$enable_shared" && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -6104,7 +6450,19 @@ if test yes != "$_lt_caught_CXX_error"; then # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do case $ld_flag in @@ -6114,6 +6472,13 @@ if test yes != "$_lt_caught_CXX_error"; then ;; esac done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi ;; esac @@ -6133,6 +6498,14 @@ if test yes != "$_lt_caught_CXX_error"; then _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac if test yes = "$GXX"; then case $host_os in aix4.[[012]]|aix4.[[012]].*) @@ -6159,6 +6532,11 @@ if test yes != "$_lt_caught_CXX_error"; then if test yes = "$aix_use_runtimelinking"; then shared_flag=$shared_flag' $wl-G' fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' else # not using gcc if test ia64 = "$host_cpu"; then @@ -6171,6 +6549,8 @@ if test yes != "$_lt_caught_CXX_error"; then else shared_flag='$wl-bM:SRE' fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' fi fi @@ -6179,10 +6559,11 @@ if test yes != "$_lt_caught_CXX_error"; then # underscore (_), so it is better to generate a list of symbols to # export. _LT_TAGVAR(always_export_symbols, $1)=yes - if test yes = "$aix_use_runtimelinking"; then + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # The "-G" linker flag allows undefined symbols. + _LT_TAGVAR(no_undefined_flag, $1)='-bernotok' # Determine the default libpath from the value encoded in an empty # executable. _LT_SYS_MODULE_PATH_AIX([$1]) @@ -6211,9 +6592,21 @@ if test yes != "$_lt_caught_CXX_error"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared - # libraries. - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $wl-bnoentry $compiler_flags $wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared + # libraries. Need -bnortl late, we may have -brtl in LDFLAGS. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' fi fi ;; @@ -6313,6 +6706,34 @@ if test yes != "$_lt_caught_CXX_error"; then _LT_DARWIN_LINKER_FEATURES($1) ;; + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + dgux*) case $cc_basename in ec++*) @@ -7026,6 +7447,7 @@ func_stripname_cnf () } # func_stripname_cnf ])# _LT_FUNC_STRIPNAME_CNF + # _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) # --------------------------------- # Figure out "hidden" library dependencies from verbose @@ -7204,51 +7626,6 @@ interix[[3-9]]*) _LT_TAGVAR(postdep_objects,$1)= _LT_TAGVAR(postdeps,$1)= ;; - -linux*) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C++ 5.9 - - # The more standards-conforming stlport4 library is - # incompatible with the Cstd library. Avoid specifying - # it if it's in CXXFLAGS. Ignore libCrun as - # -library=stlport4 depends on it. - case " $CXX $CXXFLAGS " in - *" -library=stlport4 "*) - solaris_use_stlport4=yes - ;; - esac - - if test yes != "$solaris_use_stlport4"; then - _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' - fi - ;; - esac - ;; - -solaris*) - case $cc_basename in - CC* | sunCC*) - # The more standards-conforming stlport4 library is - # incompatible with the Cstd library. Avoid specifying - # it if it's in CXXFLAGS. Ignore libCrun as - # -library=stlport4 depends on it. - case " $CXX $CXXFLAGS " in - *" -library=stlport4 "*) - solaris_use_stlport4=yes - ;; - esac - - # Adding this requires a known-good setup of shared libraries for - # Sun compiler versions before 5.6, else PIC objects from an old - # archive will be linked into the output, leading to subtle bugs. - if test yes != "$solaris_use_stlport4"; then - _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' - fi - ;; - esac - ;; esac ]) @@ -7366,8 +7743,12 @@ if test yes != "$_lt_disable_F77"; then fi ;; aix[[4-9]]*) - if test ia64 != "$host_cpu" && test no = "$aix_use_runtimelinking"; then - test yes = "$enable_shared" && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -7500,8 +7881,12 @@ if test yes != "$_lt_disable_FC"; then fi ;; aix[[4-9]]*) - if test ia64 != "$host_cpu" && test no = "$aix_use_runtimelinking"; then - test yes = "$enable_shared" && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -7977,7 +8362,7 @@ _LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], # Helper functions for option handling. -*- Autoconf -*- # -# Copyright (C) 2004-2005, 2007-2009, 2011-2014 Free Software +# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software # Foundation, Inc. # Written by Gary V. Vaughan, 2004 # @@ -8059,6 +8444,8 @@ m4_if([$1],[LT_INIT],[ _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], [_LT_ENABLE_FAST_INSTALL]) + _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4], + [_LT_WITH_AIX_SONAME([aix])]) ]) ])# _LT_SET_OPTIONS @@ -8293,6 +8680,59 @@ dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) +# _LT_WITH_AIX_SONAME([DEFAULT]) +# ---------------------------------- +# implement the --with-aix-soname flag, and support the `aix-soname=aix' +# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT +# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'. +m4_define([_LT_WITH_AIX_SONAME], +[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl +shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[[5-9]]*,yes) + AC_MSG_CHECKING([which variant of shared library versioning to provide]) + AC_ARG_WITH([aix-soname], + [AS_HELP_STRING([--with-aix-soname=aix|svr4|both], + [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])], + [case $withval in + aix|svr4|both) + ;; + *) + AC_MSG_ERROR([Unknown argument to --with-aix-soname]) + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname], + [AC_CACHE_VAL([lt_cv_with_aix_soname], + [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT) + with_aix_soname=$lt_cv_with_aix_soname]) + AC_MSG_RESULT([$with_aix_soname]) + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + +_LT_DECL([], [shared_archive_member_spec], [0], + [Shared archive member basename, for filename based shared library versioning on AIX])dnl +])# _LT_WITH_AIX_SONAME + +LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])]) + + # _LT_WITH_PIC([MODE]) # -------------------- # implement the --with-pic flag, and support the 'pic-only' and 'no-pic' @@ -8354,7 +8794,7 @@ LT_OPTION_DEFINE([LTDL_INIT], [convenience], # ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # -# Copyright (C) 2004-2005, 2007-2008, 2011-2014 Free Software +# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software # Foundation, Inc. # Written by Gary V. Vaughan, 2004 # @@ -8479,7 +8919,7 @@ m4_define([lt_dict_filter], # ltversion.m4 -- version numbers -*- Autoconf -*- # -# Copyright (C) 2004, 2011-2014 Free Software Foundation, Inc. +# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives @@ -8488,22 +8928,22 @@ m4_define([lt_dict_filter], # @configure_input@ -# serial 4092 ltversion.m4 +# serial 4179 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.4.2.444.28-053d]) -m4_define([LT_PACKAGE_REVISION], [2.4.2.444.28]) +m4_define([LT_PACKAGE_VERSION], [2.4.6]) +m4_define([LT_PACKAGE_REVISION], [2.4.6]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.4.2.444.28-053d' -macro_revision='2.4.2.444.28' +[macro_version='2.4.6' +macro_revision='2.4.6' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # -# Copyright (C) 2004-2005, 2007, 2009, 2011-2014 Free Software +# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software # Foundation, Inc. # Written by Scott James Remnant, 2004. # diff --git a/freetype/builds/unix/config.guess b/freetype/builds/unix/config.guess index 6c32c8645..f7eb141e7 100644 --- a/freetype/builds/unix/config.guess +++ b/freetype/builds/unix/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2014 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2014-11-04' +timestamp='2015-03-04' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2014 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -168,20 +168,27 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + /sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || \ + echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` + machine=${arch}${endian}-unknown + ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) + arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ @@ -197,6 +204,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in os=netbsd ;; esac + # Determine ABI tags. + case "${UNAME_MACHINE_ARCH}" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need @@ -213,7 +227,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "${machine}-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` @@ -933,6 +947,9 @@ EOF crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; + e2k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; diff --git a/freetype/builds/unix/config.sub b/freetype/builds/unix/config.sub index 7ffe37378..8f1229c6f 100644 --- a/freetype/builds/unix/config.sub +++ b/freetype/builds/unix/config.sub @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2014 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2014-12-03' +timestamp='2015-03-08' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -68,7 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright 1992-2014 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -117,7 +117,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os @@ -259,8 +259,8 @@ case $basic_machine in | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ @@ -381,7 +381,7 @@ case $basic_machine in | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ @@ -518,6 +518,9 @@ case $basic_machine in basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -1373,7 +1376,7 @@ case $os in | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ diff --git a/freetype/builds/unix/configure b/freetype/builds/unix/configure index 08357a9cb..919d38e65 100644 --- a/freetype/builds/unix/configure +++ b/freetype/builds/unix/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for FreeType 2.5.5. +# Generated by GNU Autoconf 2.69 for FreeType 2.6. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='FreeType' PACKAGE_TARNAME='freetype' -PACKAGE_VERSION='2.5.5' -PACKAGE_STRING='FreeType 2.5.5' +PACKAGE_VERSION='2.6' +PACKAGE_STRING='FreeType 2.6' PACKAGE_BUGREPORT='freetype@nongnu.org' PACKAGE_URL='' @@ -659,6 +659,7 @@ INSTALL_PROGRAM RMDIR EXEEXT_BUILD CC_BUILD +LT_SYS_LIBRARY_PATH OTOOL64 OTOOL LIPO @@ -749,6 +750,7 @@ enable_shared enable_static with_pic enable_fast_install +with_aix_soname with_gnu_ld with_sysroot enable_libtool_lock @@ -777,6 +779,7 @@ CPP PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR +LT_SYS_LIBRARY_PATH ZLIB_CFLAGS ZLIB_LIBS BZIP2_CFLAGS @@ -1325,7 +1328,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures FreeType 2.5.5 to adapt to many kinds of systems. +\`configure' configures FreeType 2.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1390,7 +1393,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of FreeType 2.5.5:";; + short | recursive ) echo "Configuration of FreeType 2.6:";; esac cat <<\_ACEOF @@ -1412,6 +1415,9 @@ Optional Packages: --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] + --with-aix-soname=aix|svr4|both + shared library versioning (aka "SONAME") variant to + provide on AIX, [default=aix]. --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot[=DIR] Search for dependent libraries within DIR (or the compiler's sysroot if not specified). @@ -1452,6 +1458,8 @@ Some influential environment variables: directories to add to pkg-config's search path PKG_CONFIG_LIBDIR path overriding pkg-config's built-in search path + LT_SYS_LIBRARY_PATH + User-defined run-time library search path. ZLIB_CFLAGS C compiler flags for ZLIB, overriding pkg-config ZLIB_LIBS linker flags for ZLIB, overriding pkg-config BZIP2_CFLAGS @@ -1531,7 +1539,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -FreeType configure 2.5.5 +FreeType configure 2.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2129,7 +2137,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by FreeType $as_me 2.5.5, which was +It was created by FreeType $as_me 2.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2485,7 +2493,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # Don't forget to update docs/VERSION.DLL! -version_info='17:4:11' +version_info='18:0:12' ft_version=`echo $version_info | tr : .` @@ -3654,8 +3662,8 @@ esac -macro_version='2.4.2.444.28-053d' -macro_revision='2.4.2.444.28' +macro_version='2.4.6' +macro_revision='2.4.6' @@ -4174,8 +4182,13 @@ else # Adding the 'sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file - case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in - */dev/null* | *'Invalid file or object type'*) + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break 2 ;; @@ -4948,6 +4961,9 @@ sysv4 | sysv4.3*) tpf*) lt_cv_deplibs_check_method=pass_all ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; esac fi @@ -5970,6 +5986,86 @@ $as_echo "${lt_sysroot:-no}" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 +$as_echo_n "checking for a working dd... " >&6; } +if ${ac_cv_path_lt_DD+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +if test -z "$lt_DD"; then + ac_path_lt_DD_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in dd; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_lt_DD" || continue +if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi + $ac_path_lt_DD_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_lt_DD"; then + : + fi +else + ac_cv_path_lt_DD=$lt_DD +fi + +rm -f conftest.i conftest2.i conftest.out +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 +$as_echo "$ac_cv_path_lt_DD" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 +$as_echo_n "checking how to truncate binary pipes... " >&6; } +if ${lt_cv_truncate_bin+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 +$as_echo "$lt_cv_truncate_bin" >&6; } + + + + + + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then : enableval=$enable_libtool_lock; @@ -6954,7 +7050,7 @@ $as_echo "$lt_cv_ld_force_load" >&6; } case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[91]*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - 10.[012]*) + 10.[012][,.]*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; @@ -6977,6 +7073,41 @@ $as_echo "$lt_cv_ld_force_load" >&6; } ;; esac +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } @@ -7554,6 +7685,58 @@ fi + shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[5-9]*,yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 +$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } + +# Check whether --with-aix-soname was given. +if test "${with_aix_soname+set}" = set; then : + withval=$with_aix_soname; case $withval in + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname +else + if ${lt_cv_with_aix_soname+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_with_aix_soname=aix +fi + + with_aix_soname=$lt_cv_with_aix_soname +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 +$as_echo "$with_aix_soname" >&6; } + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + + + + + + + @@ -7673,15 +7856,8 @@ test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o -for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +func_cc_basename $compiler +cc_basename=$func_cc_basename_result # Only perform the check for file, if the check method requires it @@ -7988,6 +8164,11 @@ lt_prog_compiler_static= # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac ;; darwin* | rhapsody*) @@ -8084,6 +8265,11 @@ lt_prog_compiler_static= # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac ;; hpux9* | hpux10* | hpux11*) @@ -8724,6 +8910,34 @@ _LT_EOF link_all_deplibs=yes ;; + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes + ;; + interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no @@ -8797,6 +9011,9 @@ _LT_EOF fi case $cc_basename in + tcc*) + export_dynamic_flag_spec='-rdynamic' + ;; xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' @@ -8926,19 +9143,35 @@ _LT_EOF no_entry_flag= else # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - # Also, AIX nm treats weak defined symbols like other global - # defined symbols, whereas GNU nm marks them as "W". + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then @@ -8946,6 +9179,13 @@ _LT_EOF break fi done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi ;; esac @@ -8965,6 +9205,14 @@ _LT_EOF hardcode_libdir_separator=':' link_all_deplibs=yes file_list_spec='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + hardcode_direct=no + hardcode_direct_absolute=no + ;; + esac if test yes = "$GCC"; then case $host_os in aix4.[012]|aix4.[012].*) @@ -8992,6 +9240,11 @@ _LT_EOF if test yes = "$aix_use_runtimelinking"; then shared_flag="$shared_flag "'$wl-G' fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' else # not using gcc if test ia64 = "$host_cpu"; then @@ -9004,6 +9257,8 @@ _LT_EOF else shared_flag='$wl-bM:SRE' fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' fi fi @@ -9011,7 +9266,7 @@ _LT_EOF # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes - if test yes = "$aix_use_runtimelinking"; then + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' @@ -9126,8 +9381,20 @@ fi whole_archive_flag_spec='$convenience' fi archive_cmds_need_lc=yes - # This is similar to how AIX traditionally builds its shared libraries. - archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $wl-bnoentry $compiler_flags $wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d' fi fi ;; @@ -9446,6 +9713,16 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } link_all_deplibs=yes ;; + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + ld_shlibs=yes + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out @@ -9491,8 +9768,28 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported - archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes ;; osf3*) @@ -10015,6 +10312,8 @@ hardcode_into_libs=no # flags to be left without arguments need_version=unknown + + case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor @@ -10051,20 +10350,70 @@ aix[4-9]*) fi ;; esac + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. - if test yes = "$aix_use_runtimelinking"; then + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - else + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a(lib.so.V)' # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='$libname$release.a $libname.a' soname_spec='$libname$release$shared_ext$major' - fi + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac shlibpath_var=LIBPATH fi ;; @@ -10252,7 +10601,8 @@ freebsd* | dragonfly*) version_type=freebsd-$objformat case $version_type in freebsd-elf*) - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' need_version=no need_lib_prefix=no ;; @@ -10312,10 +10662,11 @@ hpux9* | hpux10* | hpux11*) soname_spec='$libname$release$shared_ext$major' if test 32 = "$HPUX_IA64_MODE"; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' @@ -10467,7 +10818,12 @@ fi # before this can be enabled. hardcode_into_libs=yes - # Append ld.so.conf contents to the search path + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" @@ -10536,11 +10892,32 @@ openbsd* | bitrig*) os2*) libname_spec='$name' + version_type=windows shrext_cmds=.dll + need_version=no need_lib_prefix=no - library_names_spec='$libname$shared_ext $libname.a' + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' ;; osf3* | osf4* | osf5*) @@ -10616,7 +10993,7 @@ sysv4*MP*) ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf + version_type=sco need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' @@ -10671,10 +11048,25 @@ fi if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec fi + if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec fi +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + + + + + + @@ -11145,7 +11537,7 @@ else # endif #endif -/* When -fvisbility=hidden is used, assume the code has been annotated +/* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); @@ -11251,7 +11643,7 @@ else # endif #endif -/* When -fvisbility=hidden is used, assume the code has been annotated +/* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); @@ -11400,8 +11792,12 @@ $as_echo_n "checking whether to build shared libraries... " >&6; } ;; aix[4-9]*) - if test ia64 != "$host_cpu" && test no = "$aix_use_runtimelinking"; then - test yes = "$enable_shared" && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -14288,7 +14684,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by FreeType $as_me 2.5.5, which was +This file was extended by FreeType $as_me 2.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14354,7 +14750,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -FreeType config.status 2.5.5 +FreeType config.status 2.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -14490,6 +14886,7 @@ enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' +shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`' SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' @@ -14543,6 +14940,7 @@ lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_ lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`' nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' +lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`' objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' @@ -14607,7 +15005,8 @@ finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' -sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' +configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' +configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' @@ -14664,6 +15063,7 @@ lt_cv_sys_global_symbol_to_c_name_address \ lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ lt_cv_nm_interface \ nm_file_list_spec \ +lt_cv_truncate_bin \ lt_prog_compiler_no_builtin_flag \ lt_prog_compiler_pic \ lt_prog_compiler_wl \ @@ -14725,7 +15125,8 @@ postinstall_cmds \ postuninstall_cmds \ finish_cmds \ sys_lib_search_path_spec \ -sys_lib_dlsearch_path_spec; do +configure_time_dlsearch_path \ +configure_time_lt_sys_library_path; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes @@ -15367,6 +15768,9 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} # The names of the tagged configurations supported by this script. available_tags='' +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + # ### BEGIN LIBTOOL CONFIG # Which release of libtool.m4 was used? @@ -15394,6 +15798,9 @@ pic_mode=$pic_mode # Whether or not to optimize for fast installation. fast_install=$enable_fast_install +# Shared archive member basename,for filename based shared library versioning on AIX. +shared_archive_member_spec=$shared_archive_member_spec + # Shell to use when invoking shell scripts. SHELL=$lt_SHELL @@ -15523,6 +15930,9 @@ nm_file_list_spec=$lt_nm_file_list_spec # The root where to search for dependent libraries,and where our libraries should be installed. lt_sysroot=$lt_sysroot +# Command to truncate a binary pipe. +lt_truncate_bin=$lt_lt_cv_truncate_bin + # The name of the directory that contains temporary libtool files. objdir=$objdir @@ -15613,8 +16023,11 @@ hardcode_into_libs=$hardcode_into_libs # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec -# Run-time system search path for libraries. -sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec +# Detected run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path + +# Explicit LT_SYS_LIBRARY_PATH set during ./configure time. +configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path # Whether dlopen is supported. dlopen_support=$enable_dlopen @@ -15763,6 +16176,65 @@ hardcode_action=$hardcode_action # ### END LIBTOOL CONFIG +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + + +# ### END FUNCTIONS SHARED WITH CONFIGURE + _LT_EOF case $host_os in diff --git a/freetype/builds/unix/configure.ac b/freetype/builds/unix/configure.ac index f6f754699..d69a62655 100644 --- a/freetype/builds/unix/configure.ac +++ b/freetype/builds/unix/configure.ac @@ -2,7 +2,7 @@ # # Process this file with autoconf to produce a configure script. # -# Copyright 2001-2014 by +# Copyright 2001-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, @@ -11,13 +11,13 @@ # indicate that you have read the license and understand and accept it # fully. -AC_INIT([FreeType], [2.5.5], [freetype@nongnu.org], [freetype]) +AC_INIT([FreeType], [2.6], [freetype@nongnu.org], [freetype]) AC_CONFIG_SRCDIR([ftconfig.in]) # Don't forget to update docs/VERSION.DLL! -version_info='17:4:11' +version_info='18:0:12' AC_SUBST([version_info]) ft_version=`echo $version_info | tr : .` AC_SUBST([ft_version]) diff --git a/freetype/builds/unix/configure.raw b/freetype/builds/unix/configure.raw index 72543cf88..b828bf095 100644 --- a/freetype/builds/unix/configure.raw +++ b/freetype/builds/unix/configure.raw @@ -2,7 +2,7 @@ # # Process this file with autoconf to produce a configure script. # -# Copyright 2001-2014 by +# Copyright 2001-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, @@ -17,7 +17,7 @@ AC_CONFIG_SRCDIR([ftconfig.in]) # Don't forget to update docs/VERSION.DLL! -version_info='17:4:11' +version_info='18:0:12' AC_SUBST([version_info]) ft_version=`echo $version_info | tr : .` AC_SUBST([ft_version]) diff --git a/freetype/builds/unix/detect.mk b/freetype/builds/unix/detect.mk index 0506e7d04..ef007bf39 100644 --- a/freetype/builds/unix/detect.mk +++ b/freetype/builds/unix/detect.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2002-2004, 2006, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, @@ -81,9 +81,12 @@ ifeq ($(PLATFORM),unix) ifdef must_configure ifneq ($(have_Makefile),) # we are building FT2 not in the src tree - $(CONFIG_SHELL) $(TOP_DIR)/builds/unix/configure $(value CFG) + CONFIG_SHELL="$(CONFIG_SHELL)" \ + $(CONFIG_SHELL) $(TOP_DIR)/builds/unix/configure $(value CFG) else - cd builds/unix; $(CONFIG_SHELL) ./configure $(value CFG) + cd builds/unix; \ + CONFIG_SHELL="$(CONFIG_SHELL)" \ + $(CONFIG_SHELL) ./configure $(value CFG) endif endif diff --git a/freetype/builds/unix/freetype-config.in b/freetype/builds/unix/freetype-config.in index ebc311f07..269356c96 100644 --- a/freetype/builds/unix/freetype-config.in +++ b/freetype/builds/unix/freetype-config.in @@ -1,6 +1,6 @@ #! /bin/sh # -# Copyright 2000-2005, 2008, 2009, 2013, 2014 by +# Copyright 2000-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/unix/freetype2.m4 b/freetype/builds/unix/freetype2.m4 index 3a806d90f..3dc88076a 100644 --- a/freetype/builds/unix/freetype2.m4 +++ b/freetype/builds/unix/freetype2.m4 @@ -1,7 +1,7 @@ # Configure paths for FreeType2 # Marcelo Magallon 2001-10-26, based on gtk.m4 by Owen Taylor # -# Copyright 2001, 2003, 2007, 2009, 2014 by +# Copyright 2001-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/unix/ft-munmap.m4 b/freetype/builds/unix/ft-munmap.m4 index 68b3361e2..72b08645d 100644 --- a/freetype/builds/unix/ft-munmap.m4 +++ b/freetype/builds/unix/ft-munmap.m4 @@ -1,6 +1,6 @@ ## FreeType specific autoconf tests # -# Copyright 2002, 2003, 2004 by +# Copyright 2002-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/unix/ftconfig.in b/freetype/builds/unix/ftconfig.in index e66f3eab3..f6d459f2e 100644 --- a/freetype/builds/unix/ftconfig.in +++ b/freetype/builds/unix/ftconfig.in @@ -4,7 +4,7 @@ /* */ /* UNIX-specific configuration file (specification only). */ /* */ -/* Copyright 1996-2004, 2006-2009, 2011, 2013, 2014 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -89,7 +89,7 @@ FT_BEGIN_HEADER /* is copied from default include/config/ftconfig.h. */ /* If any improvement is required for this file, it should be */ /* applied to the original header file for the builders that */ - /* does not use configure script. */ + /* do not use configure script. */ /* The size of an `int' type. */ #if FT_UINT_MAX == 0xFFFFUL @@ -349,11 +349,28 @@ FT_BEGIN_HEADER #endif + /*************************************************************************/ + /* */ + /* miscellaneous */ + /* */ + /*************************************************************************/ + + #define FT_BEGIN_STMNT do { #define FT_END_STMNT } while ( 0 ) #define FT_DUMMY_STMNT FT_BEGIN_STMNT FT_END_STMNT + /* typeof condition taken from gnulib's `intprops.h' header file */ +#if ( __GNUC__ >= 2 || \ + defined( __IBM__TYPEOF__ ) || \ + ( __SUNPRO_C >= 0x5110 && !__STDC__ ) ) +#define TYPEOF( type ) (__typeof__ (type)) +#else +#define TYPEOF( type ) /* empty */ +#endif + + #ifdef FT_MAKE_OPTION_SINGLE_OBJECT #define FT_LOCAL( x ) static x diff --git a/freetype/builds/unix/ftsystem.c b/freetype/builds/unix/ftsystem.c index 7f7b3acb3..d7513d9e9 100644 --- a/freetype/builds/unix/ftsystem.c +++ b/freetype/builds/unix/ftsystem.c @@ -4,7 +4,7 @@ /* */ /* Unix-specific FreeType low-level system interface (body). */ /* */ -/* Copyright 1996-2002, 2004-2008, 2013 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/builds/unix/install-sh b/freetype/builds/unix/install-sh index 043673775..0b0fdcbba 100644 --- a/freetype/builds/unix/install-sh +++ b/freetype/builds/unix/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2013-10-30.23; # UTC +scriptversion=2013-12-25.23; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -82,7 +82,7 @@ dir_arg= dst_arg= copy_on_change=false -no_target_directory= +is_target_a_directory=possibly usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE @@ -139,14 +139,16 @@ while test $# -ne 0; do -s) stripcmd=$stripprog;; - -t) dst_arg=$2 + -t) + is_target_a_directory=always + dst_arg=$2 # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac shift;; - -T) no_target_directory=true;; + -T) is_target_a_directory=never;; --version) echo "$0 $scriptversion"; exit $?;; @@ -161,6 +163,16 @@ while test $# -ne 0; do shift done +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. @@ -191,6 +203,15 @@ if test $# -eq 0; then exit 0 fi +if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 @@ -253,7 +274,7 @@ do # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then - if test -n "$no_target_directory"; then + if test "$is_target_a_directory" = never; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi diff --git a/freetype/builds/unix/install.mk b/freetype/builds/unix/install.mk index 83525ee41..35cff2021 100644 --- a/freetype/builds/unix/install.mk +++ b/freetype/builds/unix/install.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2002, 2003, 2006, 2013, 2014 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/unix/ltmain.sh b/freetype/builds/unix/ltmain.sh index 08f3a26e3..0f0a2da3f 100644 --- a/freetype/builds/unix/ltmain.sh +++ b/freetype/builds/unix/ltmain.sh @@ -2,11 +2,11 @@ ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in ## by inline-source v2014-01-03.01 -# libtool (GNU libtool) 2.4.2.444.28-053d +# libtool (GNU libtool) 2.4.6 # Provide generalized library-building support services. # Written by Gordon Matzigkeit , 1996 -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -31,8 +31,8 @@ PROGRAM=libtool PACKAGE=libtool -VERSION=2.4.2.444.28-053d -package_revision=2.4.2.444.28 +VERSION=2.4.6 +package_revision=2.4.6 ## ------ ## @@ -64,12 +64,12 @@ package_revision=2.4.2.444.28 # libraries, which are installed to $pkgauxdir. # Set a version string for this script. -scriptversion=2014-02-10.13; # UTC +scriptversion=2015-01-20.17; # UTC # General shell script boiler plate, and helper functions. # Written by Gary V. Vaughan, 2004 -# Copyright (C) 2004-2014 Free Software Foundation, Inc. +# Copyright (C) 2004-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -192,7 +192,7 @@ func_path_progs () _G_path_prog_max=0 _G_path_prog_found=false - _G_save_IFS=$IFS; IFS=$PATH_SEPARATOR + _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} for _G_dir in $_G_PATH; do IFS=$_G_save_IFS test -z "$_G_dir" && _G_dir=. @@ -1333,7 +1333,7 @@ func_warning () # ----------------------- # 'sort -V' is not generally available. # Note this deviates from the version comparison in automake -# in that it treats 1.5 < 1.5.0, and treats 1.4-p12a < 1.4-p3a +# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a # but this should suffice as we won't be specifying old # version formats or redundant trailing .0 in bootstrap.conf. # If we did want full compatibility then we should probably @@ -1375,7 +1375,7 @@ scriptversion=2014-01-07.03; # UTC # A portable, pluggable option parser for Bourne shell. # Written by Gary V. Vaughan, 2010 -# Copyright (C) 2010-2014 Free Software Foundation, Inc. +# Copyright (C) 2010-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -1977,7 +1977,7 @@ func_version () # End: # Set a version string. -scriptversion='(GNU libtool) 2.4.2.444.28-053d' +scriptversion='(GNU libtool) 2.4.6' # func_echo ARG... @@ -2039,7 +2039,12 @@ usage_message="Options: " # Additional text appended to 'usage_message' in response to '--help'. -long_help_message=$long_help_message" +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message MODE must be one of the following: @@ -2063,13 +2068,15 @@ include the following information: compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname (GNU libtool) 2.4.2.444.28-053d + version: $progname (GNU libtool) 2.4.6 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` Report bugs to . -GNU libtool home page: . +GNU libtool home page: . General help using GNU software: ." + exit 0 +} # func_lo2o OBJECT-NAME @@ -2411,7 +2418,7 @@ libtool_validate_options () case $host in # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 - *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2*) + *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) # don't eliminate duplications in $postdeps and $predeps opt_duplicate_compiler_generated_deps=: ;; @@ -2482,6 +2489,14 @@ $1 _LTECHO_EOF' } +# func_generated_by_libtool +# True iff stdin has been generated by Libtool. This function is only +# a basic sanity check; it will hardly flush out determined imposters. +func_generated_by_libtool_p () +{ + $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + # func_lalib_p file # True iff FILE is a libtool '.la' library or '.lo' object file. # This function is only a basic sanity check; it will hardly flush out @@ -2489,8 +2504,7 @@ _LTECHO_EOF' func_lalib_p () { test -f "$1" && - $SED -e 4q "$1" 2>/dev/null \ - | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 + $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p } # func_lalib_unsafe_p file @@ -2522,7 +2536,8 @@ func_lalib_unsafe_p () # determined imposters. func_ltwrapper_script_p () { - func_lalib_p "$1" + test -f "$1" && + $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p } # func_ltwrapper_executable_p file @@ -3722,7 +3737,8 @@ The following components of LINK-COMMAND are treated specially: -no-install link a not-installable executable -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects - -objectlist FILE Use a list of object files found in FILE to specify objects + -objectlist FILE use a list of object files found in FILE to specify objects + -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) -precious-files-regex REGEX don't remove output files matching REGEX -release RELEASE specify package release information @@ -4304,6 +4320,13 @@ func_mode_install () ;; esac ;; + os2*) + case $realname in + *_dll.a) + tstripme= + ;; + esac + ;; esac if test -n "$tstripme" && test -n "$striplib"; then func_show_eval "$striplib $destdir/$realname" 'exit $?' @@ -5145,7 +5168,7 @@ func_extract_archives () $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" done # $darwin_arches ## Okay now we've a bunch of thin objects, gotta fatten them up :) - darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` darwin_file= darwin_files= for darwin_file in $darwin_filelist; do @@ -5418,7 +5441,7 @@ func_exec_program () if test -n \"\$relink_command\"; then if relink_command_output=\`eval \$relink_command 2>&1\`; then : else - $ECHO \"\$relink_command_output\" >&2 + \$ECHO \"\$relink_command_output\" >&2 $RM \"\$progdir/\$file\" exit 1 fi @@ -5650,7 +5673,12 @@ void lt_dump_script (FILE *f); EOF cat <&1 | sed 5q` in + *Sun\ C*) # Sun C++ 5.9 + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + + solaris*) + func_cc_basename "$CC" + case $func_cc_basename_result in + CC* | sunCC*) + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + esac + } + # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= @@ -8694,13 +8805,13 @@ func_mode_link () # case $version_type in # correct linux to gnu/linux during the next big refactor - darwin|linux|osf|windows|none) + darwin|freebsd-elf|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result age=$number_minor revision=$number_revision ;; - freebsd-aout|freebsd-elf|qnx|sunos) + freebsd-aout|qnx|sunos) current=$number_major revision=$number_minor age=0 @@ -8786,8 +8897,9 @@ func_mode_link () ;; freebsd-elf) - major=.$current - versuffix=.$current + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision ;; irix | nonstopux) @@ -8850,6 +8962,11 @@ func_mode_link () versuffix=.$current ;; + sco) + major=.$current + versuffix=.$current + ;; + sunos) major=.$current versuffix=.$current.$revision diff --git a/freetype/builds/unix/unix-cc.in b/freetype/builds/unix/unix-cc.in index b84bc5d27..d53b25f6d 100644 --- a/freetype/builds/unix/unix-cc.in +++ b/freetype/builds/unix/unix-cc.in @@ -2,7 +2,7 @@ # FreeType 2 template for Unix-specific compiler definitions # -# Copyright 1996-2000, 2002, 2003, 2005, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/unix/unix-def.in b/freetype/builds/unix/unix-def.in index 4c06a05c7..ed9fd1ea8 100644 --- a/freetype/builds/unix/unix-def.in +++ b/freetype/builds/unix/unix-def.in @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2002, 2004, 2006, 2008, 2013, 2014 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/unix/unix-dev.mk b/freetype/builds/unix/unix-dev.mk index 76bae3862..62de3445f 100644 --- a/freetype/builds/unix/unix-dev.mk +++ b/freetype/builds/unix/unix-dev.mk @@ -6,7 +6,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/unix/unix-lcc.mk b/freetype/builds/unix/unix-lcc.mk index 6038e5239..328cc80eb 100644 --- a/freetype/builds/unix/unix-lcc.mk +++ b/freetype/builds/unix/unix-lcc.mk @@ -6,7 +6,7 @@ # -# Copyright 1996-2000 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/unix/unix.mk b/freetype/builds/unix/unix.mk index 7f9d9a34f..542aa7fe3 100644 --- a/freetype/builds/unix/unix.mk +++ b/freetype/builds/unix/unix.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2002, 2004, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/unix/unixddef.mk b/freetype/builds/unix/unixddef.mk index 130d6b0f6..f3336408f 100644 --- a/freetype/builds/unix/unixddef.mk +++ b/freetype/builds/unix/unixddef.mk @@ -4,7 +4,7 @@ # -# Copyright 1996-2000, 2003, 2006 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/vms/ftconfig.h b/freetype/builds/vms/ftconfig.h index b3096512e..eff898f36 100644 --- a/freetype/builds/vms/ftconfig.h +++ b/freetype/builds/vms/ftconfig.h @@ -4,7 +4,7 @@ /* */ /* VMS-specific configuration file (specification only). */ /* */ -/* Copyright 1996-2004, 2006-2008, 2011, 2013, 2014 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -292,11 +292,28 @@ FT_BEGIN_HEADER #endif + /*************************************************************************/ + /* */ + /* miscellaneous */ + /* */ + /*************************************************************************/ + + #define FT_BEGIN_STMNT do { #define FT_END_STMNT } while ( 0 ) #define FT_DUMMY_STMNT FT_BEGIN_STMNT FT_END_STMNT + /* typeof condition taken from gnulib's `intprops.h' header file */ +#if ( __GNUC__ >= 2 || \ + defined( __IBM__TYPEOF__ ) || \ + ( __SUNPRO_C >= 0x5110 && !__STDC__ ) ) +#define TYPEOF( type ) (__typeof__ (type)) +#else +#define TYPEOF( type ) /* empty */ +#endif + + #ifdef FT_MAKE_OPTION_SINGLE_OBJECT #define FT_LOCAL( x ) static x diff --git a/freetype/builds/vms/ftsystem.c b/freetype/builds/vms/ftsystem.c index 5c2819edb..74d3392ce 100644 --- a/freetype/builds/vms/ftsystem.c +++ b/freetype/builds/vms/ftsystem.c @@ -4,7 +4,7 @@ /* */ /* VMS-specific FreeType low-level system interface (body). */ /* */ -/* Copyright 1996-2002, 2005, 2010, 2013 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/builds/wince/ftdebug.c b/freetype/builds/wince/ftdebug.c index 24f965828..74c73b56c 100644 --- a/freetype/builds/wince/ftdebug.c +++ b/freetype/builds/wince/ftdebug.c @@ -4,7 +4,7 @@ /* */ /* Debugging and logging component for WinCE (body). */ /* */ -/* Copyright 1996-2002, 2005, 2008, 2009, 2013 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/builds/wince/vc2005-ce/freetype.vcproj b/freetype/builds/wince/vc2005-ce/freetype.vcproj index 5614235cb..a1993b4e6 100644 --- a/freetype/builds/wince/vc2005-ce/freetype.vcproj +++ b/freetype/builds/wince/vc2005-ce/freetype.vcproj @@ -21,7 +21,7 @@ - + @@ -41,7 +41,7 @@ - + @@ -61,7 +61,7 @@ - + @@ -81,7 +81,7 @@ - + @@ -101,7 +101,7 @@ - + @@ -121,7 +121,7 @@ - + @@ -141,7 +141,7 @@ - + @@ -161,7 +161,7 @@ - + @@ -181,7 +181,7 @@ - + @@ -201,7 +201,7 @@ - + @@ -221,7 +221,7 @@ - + @@ -241,7 +241,7 @@ - + @@ -261,7 +261,7 @@ - + @@ -281,7 +281,7 @@ - + @@ -301,7 +301,7 @@ - + @@ -321,7 +321,7 @@ - + @@ -341,7 +341,7 @@ - + @@ -361,7 +361,7 @@ - + @@ -381,7 +381,7 @@ - + @@ -401,7 +401,7 @@ - + @@ -421,7 +421,7 @@ - + @@ -441,7 +441,7 @@ - + @@ -461,7 +461,7 @@ - + @@ -481,7 +481,7 @@ - + @@ -501,7 +501,7 @@ - + @@ -521,7 +521,7 @@ - + @@ -541,7 +541,7 @@ - + @@ -561,7 +561,7 @@ - + @@ -581,7 +581,7 @@ - + @@ -601,7 +601,7 @@ - + @@ -621,7 +621,7 @@ - + @@ -641,7 +641,7 @@ - + @@ -661,7 +661,7 @@ - + @@ -681,7 +681,7 @@ - + @@ -701,7 +701,7 @@ - + @@ -721,7 +721,7 @@ - + @@ -741,7 +741,7 @@ - + @@ -758,7 +758,7 @@ - + @@ -2135,6 +2135,8 @@ + + @@ -2279,8 +2281,6 @@ - - diff --git a/freetype/builds/wince/vc2005-ce/index.html b/freetype/builds/wince/vc2005-ce/index.html index e2160f687..a8e92d700 100644 --- a/freetype/builds/wince/vc2005-ce/index.html +++ b/freetype/builds/wince/vc2005-ce/index.html @@ -21,14 +21,14 @@ the following targets:
  • PPC/SP WM6 (Windows Mobile 6)
    • -It compiles the following libraries from the FreeType 2.5.5 sources:

    +It compiles the following libraries from the FreeType 2.6 sources:

      -    freetype255.lib     - release build; single threaded
-    freetype255_D.lib   - debug build;   single threaded
-    freetype255MT.lib   - release build; multi-threaded
-    freetype255MT_D.lib - debug build;   multi-threaded
      + freetype26.lib - release build; single threaded + freetype26_D.lib - debug build; single threaded + freetype26MT.lib - release build; multi-threaded + freetype26MT_D.lib - debug build; multi-threaded

    Be sure to extract the files with the Windows (CR+LF) line endings. ZIP diff --git a/freetype/builds/wince/vc2008-ce/freetype.vcproj b/freetype/builds/wince/vc2008-ce/freetype.vcproj index e36ccb059..4faf5b400 100644 --- a/freetype/builds/wince/vc2008-ce/freetype.vcproj +++ b/freetype/builds/wince/vc2008-ce/freetype.vcproj @@ -88,7 +88,7 @@ /> + + @@ -8330,10 +8334,6 @@ RelativePath="..\..\..\src\base\ftwinfnt.c" > - - diff --git a/freetype/builds/wince/vc2008-ce/index.html b/freetype/builds/wince/vc2008-ce/index.html index 469baefef..ebf13768b 100644 --- a/freetype/builds/wince/vc2008-ce/index.html +++ b/freetype/builds/wince/vc2008-ce/index.html @@ -21,14 +21,14 @@ the following targets:

  • PPC/SP WM6 (Windows Mobile 6)
    • -It compiles the following libraries from the FreeType 2.5.5 sources:

    +It compiles the following libraries from the FreeType 2.6 sources:

      -    freetype255.lib     - release build; single threaded
-    freetype255_D.lib   - debug build;   single threaded
-    freetype255MT.lib   - release build; multi-threaded
-    freetype255MT_D.lib - debug build;   multi-threaded
      + freetype26.lib - release build; single threaded + freetype26_D.lib - debug build; single threaded + freetype26MT.lib - release build; multi-threaded + freetype26MT_D.lib - debug build; multi-threaded

    Be sure to extract the files with the Windows (CR+LF) line endings. ZIP diff --git a/freetype/builds/windows/detect.mk b/freetype/builds/windows/detect.mk index 9dca26127..26297f20f 100644 --- a/freetype/builds/windows/detect.mk +++ b/freetype/builds/windows/detect.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2004, 2006, 2007, 2014 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/ftdebug.c b/freetype/builds/windows/ftdebug.c index dd2c2ad7c..2adcc52b4 100644 --- a/freetype/builds/windows/ftdebug.c +++ b/freetype/builds/windows/ftdebug.c @@ -4,7 +4,7 @@ /* */ /* Debugging and logging component for Win32 (body). */ /* */ -/* Copyright 1996-2002, 2005, 2008, 2009, 2013 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/builds/windows/vc2005/freetype.vcproj b/freetype/builds/windows/vc2005/freetype.vcproj index 5880b7d27..eb52ab556 100644 --- a/freetype/builds/windows/vc2005/freetype.vcproj +++ b/freetype/builds/windows/vc2005/freetype.vcproj @@ -16,7 +16,7 @@ - + @@ -33,7 +33,7 @@ - + @@ -50,7 +50,7 @@ - + @@ -67,7 +67,7 @@ - + @@ -84,7 +84,7 @@ - + @@ -101,7 +101,7 @@ - + @@ -346,6 +346,8 @@ + + @@ -374,8 +376,6 @@ - - diff --git a/freetype/builds/windows/vc2005/index.html b/freetype/builds/windows/vc2005/index.html index 4929dcdd0..7d47e39a4 100644 --- a/freetype/builds/windows/vc2005/index.html +++ b/freetype/builds/windows/vc2005/index.html @@ -11,14 +11,14 @@

    This directory contains project files for Visual C++, named freetype.vcproj, and Visual Studio, called freetype.sln. It -compiles the following libraries from the FreeType 2.5.5 sources:

    +compiles the following libraries from the FreeType 2.6 sources:

      -    freetype255.lib     - release build; single threaded
-    freetype255_D.lib   - debug build;   single threaded
-    freetype255MT.lib   - release build; multi-threaded
-    freetype255MT_D.lib - debug build;   multi-threaded
      + freetype26.lib - release build; single threaded + freetype26_D.lib - debug build; single threaded + freetype26MT.lib - release build; multi-threaded + freetype26MT_D.lib - debug build; multi-threaded

    Be sure to extract the files with the Windows (CR+LF) line endings. ZIP diff --git a/freetype/builds/windows/vc2008/freetype.vcproj b/freetype/builds/windows/vc2008/freetype.vcproj index 95d722b97..738fe7ccf 100644 --- a/freetype/builds/windows/vc2008/freetype.vcproj +++ b/freetype/builds/windows/vc2008/freetype.vcproj @@ -70,7 +70,7 @@ /> + + @@ -1319,10 +1323,6 @@ RelativePath="..\..\..\src\base\ftwinfnt.c" > - - diff --git a/freetype/builds/windows/vc2008/index.html b/freetype/builds/windows/vc2008/index.html index 7e0d154c3..533337f00 100644 --- a/freetype/builds/windows/vc2008/index.html +++ b/freetype/builds/windows/vc2008/index.html @@ -11,14 +11,14 @@

    This directory contains project files for Visual C++, named freetype.vcproj, and Visual Studio, called freetype.sln. It -compiles the following libraries from the FreeType 2.5.5 sources:

    +compiles the following libraries from the FreeType 2.6 sources:

      -    freetype255.lib     - release build; single threaded
-    freetype255_D.lib   - debug build;   single threaded
-    freetype255MT.lib   - release build; multi-threaded
-    freetype255MT_D.lib - debug build;   multi-threaded
      + freetype26.lib - release build; single threaded + freetype26_D.lib - debug build; single threaded + freetype26MT.lib - release build; multi-threaded + freetype26MT_D.lib - debug build; multi-threaded

    Be sure to extract the files with the Windows (CR+LF) line endings. ZIP diff --git a/freetype/builds/windows/vc2010/freetype.vcxproj b/freetype/builds/windows/vc2010/freetype.vcxproj index 7cafe4539..3fa8cd2d0 100644 --- a/freetype/builds/windows/vc2010/freetype.vcxproj +++ b/freetype/builds/windows/vc2010/freetype.vcxproj @@ -191,18 +191,18 @@ - freetype255d - freetype255d - freetype255MTd - freetype255MTd - freetype255STd - freetype255STd - freetype255 - freetype255 - freetype255MT - freetype255MT - freetype255ST - freetype255ST + freetype26d + freetype26d + freetype26MTd + freetype26MTd + freetype26STd + freetype26STd + freetype26 + freetype26 + freetype26MT + freetype26MT + freetype26ST + freetype26ST @@ -1122,6 +1122,7 @@ %(PreprocessorDefinitions) + Disabled Disabled @@ -1170,7 +1171,6 @@ - diff --git a/freetype/builds/windows/vc2010/freetype.vcxproj.filters b/freetype/builds/windows/vc2010/freetype.vcxproj.filters index 99fc43f22..f762b0b54 100644 --- a/freetype/builds/windows/vc2010/freetype.vcxproj.filters +++ b/freetype/builds/windows/vc2010/freetype.vcxproj.filters @@ -65,6 +65,9 @@ Source Files\FT_MODULES + + Source Files\FT_MODULES + Source Files\FT_MODULES @@ -80,9 +83,6 @@ Source Files\FT_MODULES - - Source Files\FT_MODULES - Source Files\FT_MODULES diff --git a/freetype/builds/windows/vc2010/index.html b/freetype/builds/windows/vc2010/index.html index cb205aa70..37e642d3f 100644 --- a/freetype/builds/windows/vc2010/index.html +++ b/freetype/builds/windows/vc2010/index.html @@ -12,16 +12,16 @@

    This directory contains a project file for Visual C++ (VS.NET 2010 or newer), named freetype.vcxproj, and Visual Studio, called freetype.sln. It compiles the following libraries from the -FreeType 2.5.5 sources:

    +FreeType 2.6 sources:

      -freetype255.lib     - release build
-freetype255d.lib    - debug build
-freetype255ST.lib   - release build; single threaded
-freetype255STd.lib  - debug build;   single threaded
-freetype255MT.lib   - release build; multi-threaded
-freetype255MTd.lib  - debug build;   multi-threaded
      +freetype26.lib - release build +freetype26d.lib - debug build +freetype26ST.lib - release build; single threaded +freetype26STd.lib - debug build; single threaded +freetype26MT.lib - release build; multi-threaded +freetype26MTd.lib - debug build; multi-threaded

    Both Win32 and x64 builds are supported.

    diff --git a/freetype/builds/windows/visualc/freetype.dsp b/freetype/builds/windows/visualc/freetype.dsp index cf76f7c2d..6f0310538 100644 --- a/freetype/builds/windows/visualc/freetype.dsp +++ b/freetype/builds/windows/visualc/freetype.dsp @@ -54,7 +54,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LIB32=link.exe -lib # ADD BASE LIB32 /nologo -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26.lib" !ELSEIF "$(CFG)" == "freetype - Win32 Debug" @@ -78,7 +78,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LIB32=link.exe -lib # ADD BASE LIB32 /nologo -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255_D.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26_D.lib" !ELSEIF "$(CFG)" == "freetype - Win32 Debug Multithreaded" @@ -102,8 +102,8 @@ BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LIB32=link.exe -lib -# ADD BASE LIB32 /nologo /out:"lib\freetype255_D.lib" -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255MT_D.lib" +# ADD BASE LIB32 /nologo /out:"lib\freetype26_D.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26MT_D.lib" !ELSEIF "$(CFG)" == "freetype - Win32 Release Multithreaded" @@ -126,8 +126,8 @@ BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LIB32=link.exe -lib -# ADD BASE LIB32 /nologo /out:"lib\freetype255.lib" -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255MT.lib" +# ADD BASE LIB32 /nologo /out:"lib\freetype26.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26MT.lib" !ELSEIF "$(CFG)" == "freetype - Win32 Release Singlethreaded" @@ -151,8 +151,8 @@ BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LIB32=link.exe -lib -# ADD BASE LIB32 /nologo /out:"..\..\..\objs\freetype255.lib" -# ADD LIB32 /out:"..\..\..\objs\freetype255ST.lib" +# ADD BASE LIB32 /nologo /out:"..\..\..\objs\freetype26.lib" +# ADD LIB32 /out:"..\..\..\objs\freetype26ST.lib" # SUBTRACT LIB32 /nologo !ELSEIF "$(CFG)" == "freetype - Win32 Debug Singlethreaded" @@ -177,8 +177,8 @@ BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LIB32=link.exe -lib -# ADD BASE LIB32 /nologo /out:"..\..\..\objs\freetype255_D.lib" -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255ST_D.lib" +# ADD BASE LIB32 /nologo /out:"..\..\..\objs\freetype26_D.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26ST_D.lib" !ENDIF @@ -226,6 +226,10 @@ SOURCE=..\..\..\src\base\ftbitmap.c # End Source File # Begin Source File +SOURCE=..\..\..\src\base\ftfntfmt.c +# End Source File +# Begin Source File + SOURCE=..\..\..\src\base\ftfstype.c # End Source File # Begin Source File @@ -301,10 +305,6 @@ SOURCE=..\..\..\src\base\ftwinfnt.c # End Source File # Begin Source File -SOURCE=..\..\..\src\base\ftxf86.c -# End Source File -# Begin Source File - SOURCE=..\..\..\src\pcf\pcf.c # SUBTRACT CPP /Fr # End Source File diff --git a/freetype/builds/windows/visualc/freetype.vcproj b/freetype/builds/windows/visualc/freetype.vcproj index a71a0e978..f43496494 100644 --- a/freetype/builds/windows/visualc/freetype.vcproj +++ b/freetype/builds/windows/visualc/freetype.vcproj @@ -69,7 +69,7 @@ />     + + @@ -1318,10 +1322,6 @@ RelativePath="..\..\..\src\base\ftwinfnt.c" > - - diff --git a/freetype/builds/windows/visualc/index.html b/freetype/builds/windows/visualc/index.html index 751d7ad0b..2beb8a913 100644 --- a/freetype/builds/windows/visualc/index.html +++ b/freetype/builds/windows/visualc/index.html @@ -11,14 +11,14 @@

    This directory contains project files for Visual C++, named freetype.dsp, and Visual Studio, called freetype.sln. It -compiles the following libraries from the FreeType 2.5.5 sources:

    +compiles the following libraries from the FreeType 2.6 sources:

      -    freetype255.lib     - release build; single threaded
-    freetype255_D.lib   - debug build;   single threaded
-    freetype255MT.lib   - release build; multi-threaded
-    freetype255MT_D.lib - debug build;   multi-threaded
      + freetype26.lib - release build; single threaded + freetype26_D.lib - debug build; single threaded + freetype26MT.lib - release build; multi-threaded + freetype26MT_D.lib - debug build; multi-threaded

    Be sure to extract the files with the Windows (CR+LF) line endings. ZIP diff --git a/freetype/builds/windows/visualce/freetype.dsp b/freetype/builds/windows/visualce/freetype.dsp index cf76f7c2d..6f0310538 100644 --- a/freetype/builds/windows/visualce/freetype.dsp +++ b/freetype/builds/windows/visualce/freetype.dsp @@ -54,7 +54,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LIB32=link.exe -lib # ADD BASE LIB32 /nologo -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26.lib" !ELSEIF "$(CFG)" == "freetype - Win32 Debug" @@ -78,7 +78,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LIB32=link.exe -lib # ADD BASE LIB32 /nologo -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255_D.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26_D.lib" !ELSEIF "$(CFG)" == "freetype - Win32 Debug Multithreaded" @@ -102,8 +102,8 @@ BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LIB32=link.exe -lib -# ADD BASE LIB32 /nologo /out:"lib\freetype255_D.lib" -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255MT_D.lib" +# ADD BASE LIB32 /nologo /out:"lib\freetype26_D.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26MT_D.lib" !ELSEIF "$(CFG)" == "freetype - Win32 Release Multithreaded" @@ -126,8 +126,8 @@ BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LIB32=link.exe -lib -# ADD BASE LIB32 /nologo /out:"lib\freetype255.lib" -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255MT.lib" +# ADD BASE LIB32 /nologo /out:"lib\freetype26.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26MT.lib" !ELSEIF "$(CFG)" == "freetype - Win32 Release Singlethreaded" @@ -151,8 +151,8 @@ BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LIB32=link.exe -lib -# ADD BASE LIB32 /nologo /out:"..\..\..\objs\freetype255.lib" -# ADD LIB32 /out:"..\..\..\objs\freetype255ST.lib" +# ADD BASE LIB32 /nologo /out:"..\..\..\objs\freetype26.lib" +# ADD LIB32 /out:"..\..\..\objs\freetype26ST.lib" # SUBTRACT LIB32 /nologo !ELSEIF "$(CFG)" == "freetype - Win32 Debug Singlethreaded" @@ -177,8 +177,8 @@ BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LIB32=link.exe -lib -# ADD BASE LIB32 /nologo /out:"..\..\..\objs\freetype255_D.lib" -# ADD LIB32 /nologo /out:"..\..\..\objs\freetype255ST_D.lib" +# ADD BASE LIB32 /nologo /out:"..\..\..\objs\freetype26_D.lib" +# ADD LIB32 /nologo /out:"..\..\..\objs\freetype26ST_D.lib" !ENDIF @@ -226,6 +226,10 @@ SOURCE=..\..\..\src\base\ftbitmap.c # End Source File # Begin Source File +SOURCE=..\..\..\src\base\ftfntfmt.c +# End Source File +# Begin Source File + SOURCE=..\..\..\src\base\ftfstype.c # End Source File # Begin Source File @@ -301,10 +305,6 @@ SOURCE=..\..\..\src\base\ftwinfnt.c # End Source File # Begin Source File -SOURCE=..\..\..\src\base\ftxf86.c -# End Source File -# Begin Source File - SOURCE=..\..\..\src\pcf\pcf.c # SUBTRACT CPP /Fr # End Source File diff --git a/freetype/builds/windows/visualce/freetype.vcproj b/freetype/builds/windows/visualce/freetype.vcproj index e4cddfb0d..69a9e97e8 100644 --- a/freetype/builds/windows/visualce/freetype.vcproj +++ b/freetype/builds/windows/visualce/freetype.vcproj @@ -87,7 +87,7 @@ /> + + @@ -8704,10 +8708,6 @@ RelativePath="..\..\..\src\base\ftwinfnt.c" > - - diff --git a/freetype/builds/windows/visualce/index.html b/freetype/builds/windows/visualce/index.html index 68d15fd25..90334f536 100644 --- a/freetype/builds/windows/visualce/index.html +++ b/freetype/builds/windows/visualce/index.html @@ -21,14 +21,14 @@ the following targets:

  • PPC/SP WM6 (Windows Mobile 6)
    • -It compiles the following libraries from the FreeType 2.5.5 sources:

    +It compiles the following libraries from the FreeType 2.6 sources:

      -    freetype255.lib     - release build; single threaded
-    freetype255_D.lib   - debug build;   single threaded
-    freetype255MT.lib   - release build; multi-threaded
-    freetype255MT_D.lib - debug build;   multi-threaded
      + freetype26.lib - release build; single threaded + freetype26_D.lib - debug build; single threaded + freetype26MT.lib - release build; multi-threaded + freetype26MT_D.lib - debug build; multi-threaded

    Be sure to extract the files with the Windows (CR+LF) line endings. ZIP diff --git a/freetype/builds/windows/w32-bcc.mk b/freetype/builds/windows/w32-bcc.mk index 87d8ea3c2..d483df57a 100644 --- a/freetype/builds/windows/w32-bcc.mk +++ b/freetype/builds/windows/w32-bcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/w32-bccd.mk b/freetype/builds/windows/w32-bccd.mk index dd21eddac..bd72ca117 100644 --- a/freetype/builds/windows/w32-bccd.mk +++ b/freetype/builds/windows/w32-bccd.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2006, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/w32-dev.mk b/freetype/builds/windows/w32-dev.mk index 356122947..11d1afd3f 100644 --- a/freetype/builds/windows/w32-dev.mk +++ b/freetype/builds/windows/w32-dev.mk @@ -5,7 +5,7 @@ # -# Copyright 1996-2000, 2003, 2006, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/w32-gcc.mk b/freetype/builds/windows/w32-gcc.mk index 3bbdd3cc4..1092fb785 100644 --- a/freetype/builds/windows/w32-gcc.mk +++ b/freetype/builds/windows/w32-gcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/w32-icc.mk b/freetype/builds/windows/w32-icc.mk index 44d26bd6c..b2dcbe59d 100644 --- a/freetype/builds/windows/w32-icc.mk +++ b/freetype/builds/windows/w32-icc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2005, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/w32-intl.mk b/freetype/builds/windows/w32-intl.mk index 0f3e22bc3..de9912fa3 100644 --- a/freetype/builds/windows/w32-intl.mk +++ b/freetype/builds/windows/w32-intl.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/w32-lcc.mk b/freetype/builds/windows/w32-lcc.mk index 8bd5b5685..75979f38d 100644 --- a/freetype/builds/windows/w32-lcc.mk +++ b/freetype/builds/windows/w32-lcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/w32-mingw32.mk b/freetype/builds/windows/w32-mingw32.mk index b35dbb0c0..1300a44ac 100644 --- a/freetype/builds/windows/w32-mingw32.mk +++ b/freetype/builds/windows/w32-mingw32.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/w32-vcc.mk b/freetype/builds/windows/w32-vcc.mk index 95f76858f..fcf1aa004 100644 --- a/freetype/builds/windows/w32-vcc.mk +++ b/freetype/builds/windows/w32-vcc.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/w32-wat.mk b/freetype/builds/windows/w32-wat.mk index e1ddf66e3..cc5eaf0a2 100644 --- a/freetype/builds/windows/w32-wat.mk +++ b/freetype/builds/windows/w32-wat.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2013 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/builds/windows/win32-def.mk b/freetype/builds/windows/win32-def.mk index 61af5df0f..516c5cd95 100644 --- a/freetype/builds/windows/win32-def.mk +++ b/freetype/builds/windows/win32-def.mk @@ -3,7 +3,7 @@ # -# Copyright 1996-2000, 2003, 2005, 2006, 2013, 2014 by +# Copyright 1996-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/configure b/freetype/configure index 4d8a945a5..fd525816c 100644 --- a/freetype/configure +++ b/freetype/configure @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright 2002-2006, 2008-2010, 2013 by +# Copyright 2002-2015 by # David Turner, Robert Wilhelm, and Werner Lemberg. # # This file is part of the FreeType project, and may only be used, modified, diff --git a/freetype/devel/ft2build.h b/freetype/devel/ft2build.h index 6cc34b77b..8e9653dbd 100644 --- a/freetype/devel/ft2build.h +++ b/freetype/devel/ft2build.h @@ -4,7 +4,7 @@ /* */ /* FreeType 2 build and setup macros (development version). */ /* */ -/* Copyright 1996-2001, 2003, 2006, 2013 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ diff --git a/freetype/devel/ftoption.h b/freetype/devel/ftoption.h index 10027bb54..ed63aa0cf 100644 --- a/freetype/devel/ftoption.h +++ b/freetype/devel/ftoption.h @@ -4,7 +4,7 @@ /* */ /* User-selectable configuration macros (specification only). */ /* */ -/* Copyright 1996-2014 by */ +/* Copyright 1996-2015 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -378,10 +378,6 @@ FT_BEGIN_HEADER /* The size in bytes of the render pool used by the scan-line converter */ /* to do all of its work. */ /* */ - /* This must be greater than 4KByte if you use FreeType to rasterize */ - /* glyphs; otherwise, you may set it to zero to avoid unnecessary */ - /* allocation of the render pool. */ - /* */ #define FT_RENDER_POOL_SIZE 16384L @@ -435,6 +431,8 @@ FT_BEGIN_HEADER /* af_glyph_hints_dump_points */ /* af_glyph_hints_dump_segments */ /* af_glyph_hints_dump_edges */ + /* af_glyph_hints_get_num_segments */ + /* af_glyph_hints_get_segment_offset */ /* */ /* As an argument, they use another global variable: */ /* */ @@ -657,19 +655,6 @@ FT_BEGIN_HEADER /* #define TT_CONFIG_OPTION_UNPATENTED_HINTING */ - /*************************************************************************/ - /* */ - /* Define TT_CONFIG_OPTION_INTERPRETER_SWITCH to compile the TrueType */ - /* bytecode interpreter with a huge switch statement, rather than a call */ - /* table. This results in smaller and faster code for a number of */ - /* architectures. */ - /* */ - /* Note however that on some compiler/processor combinations, undefining */ - /* this macro will generate faster, though larger, code. */ - /* */ -#define TT_CONFIG_OPTION_INTERPRETER_SWITCH - - /*************************************************************************/ /* */ /* Define TT_CONFIG_OPTION_COMPONENT_OFFSET_SCALED to compile the */ @@ -684,7 +669,7 @@ FT_BEGIN_HEADER /* fonts will not have them. */ /* */ /* http://www.microsoft.com/typography/otspec/glyf.htm */ - /* http://fonts.apple.com/TTRefMan/RM06/Chap6glyf.html */ + /* https://developer.apple.com/fonts/TrueType-Reference-Manual/RM06/Chap6glyf.html */ /* */ #undef TT_CONFIG_OPTION_COMPONENT_OFFSET_SCALED @@ -835,8 +820,10 @@ FT_BEGIN_HEADER /* grid. To find out the optimal scaling and shifting value, various */ /* parameter combinations are tried and scored. */ /* */ - /* This experimental option is only active if the render mode is */ - /* FT_RENDER_MODE_LIGHT. */ + /* This experimental option is active only if the rendering mode is */ + /* FT_RENDER_MODE_LIGHT; you can switch warping on and off with the */ + /* `warping' property of the auto-hinter (see file `ftautoh.h' for more */ + /* information; by default it is switched off). */ /* */ #define AF_CONFIG_OPTION_USE_WARPER diff --git a/freetype/docs/CHANGES b/freetype/docs/CHANGES index bbc31104a..bc177cff6 100644 --- a/freetype/docs/CHANGES +++ b/freetype/docs/CHANGES @@ -1,4 +1,110 @@ +CHANGES BETWEEN 2.5.5 and 2.6 + + I. IMPORTANT CHANGES + + - Behdad Esfahbod contributed code for improved thread-safety, + which results in the following model. + + * An `FT_Face' object can only be safely used from one thread at + a time. + + * An `FT_Library' object can now be used without modification + from multiple threads at the same time. + + * `FT_Face' creation and destruction with the same `FT_Library' + object can only be done from one thread at a time. + + One can use a single `FT_Library' object across threads as long + as a mutex lock is used around `FT_New_Face' and `FT_Done_Face'. + Any calls to `FT_Load_Glyph' and similar API are safe and do not + need the lock to be held as long as the same `FT_Face' is not + used from multiple threads at the same time. + + - Thai script support has been added to the auto-hinter. + + - Arabic script support has been added to the auto-hinter. + + - Following OpenType version 1.7, advance widths and side bearing + values in CFFs (wrapped in an SFNT structure) are now always + taken from the `hmtx' table. + + - Following OpenType version 1.7, the PostScript font name of a + CFF font (wrapped in an SFNT structure) is now always taken from + the `name' table. This is also true for OpenType Collections + (i.e., TTCs using CFFs subfonts instead of TTFs), where it may + have a significant difference. + + - Fonts natively hinted for ClearType are now supported, properly + handling selector index 3 of the INSTCTRL bytecode instruction. + + - Major improvements to the GX TrueType variation font handling. + + + II. MISCELLANEOUS + + - A new auto-hinter property `warping' can switch on and off the + warping code if this experimental feature is compiled in (by + defining the AF_CONFIG_OPTION_USE_WARPER configuration option; + by default this option is now enabled but warping is switched + off). + + The AF_CONFIG_OPTION_USE_WARPER option itself is an old feature, + available since 2006. Warping only works in `light' + auto-hinting mode. The idea of the code is to slightly scale + and shift a glyph along the non-hinted dimension (which is + usually the horizontal axis) so that as much of its segments are + aligned (more or less) to the grid. To find out a glyph's + optimal scaling and shifting value, various parameter + combinations are tried and scored. + + See file `ftautoh.h' for more; the demo programs `ftdiff', + `ftview', and `ftgrid' can toggle warping with key `w'. + + - Some fields in the `FTC_ImageTypeRec' structure have been + changed from signed to unsigned type, which better reflects the + actual usage. It is also an additional means to protect against + malformed input. + + This change doesn't break the ABI; however, it might cause + compiler warnings. + + - Function `FT_Bitmap_New' has been renamed to `FT_Bitmap_Init', + since this name better reflects its function. For backwards + compatibility, the old function name is still available. + + - Function `FT_Get_X11_Font_Format' has been renamed to + `FT_Get_Font_Format', since this name better reflects its + function. For backwards compatibility, the old function name is + still available. + + Additionally, the header file macro for this function has been + renamed to `FT_FONT_FORMATS_H' (the old name `FT_XFREE86_H' is + retained for backwards compatibility). + + - Various improvements to the `ftgrid' demo program. + + . It can now display GX and MM fonts while interactively + manipulating the axes (with keys F2, F3, and F4). + + . Anti-aliasing rendering modes can now be selected (with keys + F5 and F6). + + . The display of point numbers can be toggled with key `D'. + + - Various improvements to the `ftdump' demo program. + + . It now displays information on MM and GX variation axes. + + . New command line option `-u' makes it output data in utf-8 + encoding. + + - The `ftmulti' demo program can now handle up to six MM or GX + axes. + + +====================================================================== + CHANGES BETWEEN 2.5.4 and 2.5.5 I. IMPORTANT BUG FIXES @@ -4159,7 +4265,7 @@ Extensions support: ------------------------------------------------------------------------ -Copyright 2000-2013 by +Copyright 2000-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/CUSTOMIZE b/freetype/docs/CUSTOMIZE index dfadb4658..831edf679 100644 --- a/freetype/docs/CUSTOMIZE +++ b/freetype/docs/CUSTOMIZE @@ -138,7 +138,7 @@ IV. Overriding default configuration and module headers ---------------------------------------------------------------------- -Copyright 2003, 2005, 2006, 2012, 2013 by +Copyright 2003-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/DEBUG b/freetype/docs/DEBUG index d8c79d187..ab2c769ac 100644 --- a/freetype/docs/DEBUG +++ b/freetype/docs/DEBUG @@ -191,7 +191,7 @@ behaviour of FreeType at runtime. ------------------------------------------------------------------------ -Copyright 2002-2005, 2009, 2013 by +Copyright 2002-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/INSTALL b/freetype/docs/INSTALL index 456b76d2b..193c5300a 100644 --- a/freetype/docs/INSTALL +++ b/freetype/docs/INSTALL @@ -75,8 +75,8 @@ II. Custom builds of the library ---------------------------------------------------------------------- -Copyright 2000-2008, 2010-2011, 2013 -by David Turner, Robert Wilhelm, and Werner Lemberg. +Copyright 2000-2015 by +David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, modified, and distributed under the terms of the FreeType project diff --git a/freetype/docs/INSTALL.ANY b/freetype/docs/INSTALL.ANY index 8aa394f1f..e7d6ddd18 100644 --- a/freetype/docs/INSTALL.ANY +++ b/freetype/docs/INSTALL.ANY @@ -39,6 +39,7 @@ I. Standard procedure src/base/ftbdf.c -- optional, see src/base/ftbitmap.c -- optional, see src/base/ftcid.c -- optional, see + src/base/ftfntfmt.c -- optional, see src/base/ftfstype.c -- optional src/base/ftgasp.c -- optional, see src/base/ftgxval.c -- optional, see @@ -51,7 +52,6 @@ I. Standard procedure src/base/ftsynth.c -- optional, see src/base/fttype1.c -- optional, see src/base/ftwinfnt.c -- optional, see - src/base/ftxf86.c -- optional, see src/base/ftmac.c -- only on the Macintosh @@ -103,9 +103,9 @@ I. Standard procedure `type1cid.c' needs `psaux.c', `pshinter.c', and `psnames.c' `type42.c' needs `truetype.c' - To use `ftbzip2.c', an application must be linked with a library - which implements bzip2 support (and the bzip2 header files must - be available also during compilation). + Please consult the central `include/config/ftoption.h' + configuration file for details on additional libraries necessary + for some optional features. Read the file `CUSTOMIZE' in case you want to compile only a subset @@ -143,7 +143,7 @@ II. Support for flat-directory compilation ---------------------------------------------------------------------- -Copyright 2003, 2005, 2006, 2009, 2010, 2013 by +Copyright 2003-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/INSTALL.CROSS b/freetype/docs/INSTALL.CROSS index d372adcfe..a83638d64 100644 --- a/freetype/docs/INSTALL.CROSS +++ b/freetype/docs/INSTALL.CROSS @@ -163,8 +163,8 @@ procedure. ---------------------------------------------------------------------- -Copyright 2006, 2008, 2012, 2014 by suzuki toshiya -David Turner, Robert Wilhelm, and Werner Lemberg. +Copyright 2006-2015 by +suzuki toshiya, David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/INSTALL.GNU b/freetype/docs/INSTALL.GNU index 3b9e0a2df..1a7c09797 100644 --- a/freetype/docs/INSTALL.GNU +++ b/freetype/docs/INSTALL.GNU @@ -148,7 +148,7 @@ instructions in the file `INSTALL.UNIX' instead. ---------------------------------------------------------------------- -Copyright 2003-2006, 2008, 2013, 2014 by +Copyright 2003-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/INSTALL.UNIX b/freetype/docs/INSTALL.UNIX index 251c749a3..0dab2c60a 100644 --- a/freetype/docs/INSTALL.UNIX +++ b/freetype/docs/INSTALL.UNIX @@ -102,7 +102,7 @@ or MSys on Win32: ---------------------------------------------------------------------- -Copyright 2003-2007, 2013, 2014 by +Copyright 2003-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/INSTALL.VMS b/freetype/docs/INSTALL.VMS index 994e56688..48a323eae 100644 --- a/freetype/docs/INSTALL.VMS +++ b/freetype/docs/INSTALL.VMS @@ -49,7 +49,7 @@ V7.2-1. ------------------------------------------------------------------------ -Copyright 2000, 2004 by +Copyright 2000-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/TODO b/freetype/docs/TODO index be60d6f04..43eeae349 100644 --- a/freetype/docs/TODO +++ b/freetype/docs/TODO @@ -27,7 +27,7 @@ Other bugs have been registered at the savannah bugzilla of FreeType. ------------------------------------------------------------------------ -Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007 by +Copyright 2001-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/VERSION.DLL b/freetype/docs/VERSION.DLL index dd4926195..f219c9ac9 100644 --- a/freetype/docs/VERSION.DLL +++ b/freetype/docs/VERSION.DLL @@ -52,6 +52,7 @@ on _most_ systems, but not all of them: release libtool so ------------------------------- + 2.6.0 18.0.12 6.12.0 2.5.5 17.4.11 6.11.4 2.5.4 17.3.11 6.11.3 2.5.3 17.2.11 6.11.2 @@ -115,7 +116,7 @@ other release numbers. ------------------------------------------------------------------------ -Copyright 2002-2014 by +Copyright 2002-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/formats.txt b/freetype/docs/formats.txt index aed885c89..243919850 100644 --- a/freetype/docs/formats.txt +++ b/freetype/docs/formats.txt @@ -122,8 +122,8 @@ MAC --- PS TYPE_1 --- type1 T1_SPEC.pdf probably never supported) ---- --- WINFNT --- --- winfonts MS Windows 3 Developer's Notes ---- --- WINFNT VECTOR --- --- MS Windows 3 Developer's Notes +--- --- WINFNT --- --- winfonts Windows developer's notes [5] +--- --- WINFNT VECTOR --- --- Windows developer's notes [5] [1] Support should be rather simple since this is identical to `CFF' but @@ -159,9 +159,13 @@ MAC --- PS TYPE_1 --- type1 T1_SPEC.pdf http://fontforge.sourceforge.net/pcf-format.html +[5] This is from MS Windows 3; see Microsoft's Knowledge Base article at + + http://support.microsoft.com/kb/65123 + ------------------------------------------------------------------------ -Copyright 2004, 2005, 2008, 2009, 2010 by +Copyright 2004-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/freetype-config.1 b/freetype/docs/freetype-config.1 index 7b4a118f3..cdab34b51 100644 --- a/freetype/docs/freetype-config.1 +++ b/freetype/docs/freetype-config.1 @@ -1,4 +1,4 @@ -.TH FREETYPE-CONFIG 1 "December 2014" "FreeType 2.5.5" +.TH FREETYPE-CONFIG 1 "June 2015" "FreeType 2.6" . . .SH NAME diff --git a/freetype/docs/raster.txt b/freetype/docs/raster.txt index 95d9e2401..dc55d64e5 100644 --- a/freetype/docs/raster.txt +++ b/freetype/docs/raster.txt @@ -618,7 +618,7 @@ II. Rendering Technology ------------------------------------------------------------------------ -Copyright 2003, 2007 by +Copyright 2003-2015 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/freetype/docs/reference/ft2-auto_hinter.html b/freetype/docs/reference/ft2-auto_hinter.html index 71dede419..d03fb9fbe 100644 --- a/freetype/docs/reference/ft2-auto_hinter.html +++ b/freetype/docs/reference/ft2-auto_hinter.html @@ -3,7 +3,7 @@ -FreeType-2.5.5 API Reference +FreeType-2.6 API Reference