diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2011-11-03 02:32:24 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2011-11-03 02:32:24 +0000 |
| commit | a7959014cd175d42de997f40a4d01c8aad021c83 (patch) | |
| tree | 4d9b5e33beecc5bc28de53d3a86820637f4c5b58 | |
| parent | c2554d71737bc93e0e54ef957592cd239b9dda94 (diff) | |
import OpenSSL 1.0.0e
68 files changed, 2325 insertions, 609 deletions
diff --git a/lib/libssl/src/ACKNOWLEDGMENTS b/lib/libssl/src/ACKNOWLEDGMENTS new file mode 100644 index 00000000000..fb6dd912c43 --- /dev/null +++ b/lib/libssl/src/ACKNOWLEDGMENTS @@ -0,0 +1,25 @@ +The OpenSSL project depends on volunteer efforts and financial support from +the end user community. That support comes in the form of donations and paid +sponsorships, software support contracts, paid consulting services +and commissioned software development. + +Since all these activities support the continued development and improvement +of OpenSSL we consider all these clients and customers as sponsors of the +OpenSSL project. + +We would like to identify and thank the following such sponsors for their past +or current significant support of the OpenSSL project: + +Very significant support: + + OpenGear: www.opengear.com + +Significant support: + + PSW Group: www.psw.net + +Please note that we ask permission to identify sponsors and that some sponsors +we consider eligible for inclusion here have requested to remain anonymous. + +Additional sponsorship or financial support is always welcome: for more +information please contact the OpenSSL Software Foundation. diff --git a/lib/libssl/src/VMS/install-vms.com b/lib/libssl/src/VMS/install-vms.com new file mode 100755 index 00000000000..7da8b2153b4 --- /dev/null +++ b/lib/libssl/src/VMS/install-vms.com @@ -0,0 +1,67 @@ +$! install-vms.com -- Installs the files in a given directory tree +$! +$! Author: Richard Levitte <richard@levitte.org> +$! Time of creation: 23-MAY-1998 19:22 +$! +$! P1 root of the directory tree +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$ on error then goto tidy +$ on control_c then goto tidy +$! +$ if p1 .eqs. "" +$ then +$ write sys$output "First argument missing." +$ write sys$output - + "Should be the directory where you want things installed." +$ exit +$ endif +$ +$ if (f$getsyi( "cpu") .lt. 128) +$ then +$ arch = "VAX" +$ else +$ arch = f$edit( f$getsyi( "arch_name"), "upcase") +$ if (arch .eqs. "") then arch = "UNK" +$ endif +$ +$ root = f$parse( P1, "[]A.;0", , , "SYNTAX_ONLY, NO_CONCEAL")- "A.;0" +$ root_dev = f$parse( root, , , "device", "syntax_only") +$ root_dir = f$parse( root, , , "directory", "syntax_only") - - + "[000000." - "][" - "[" - "]" +$ root = root_dev + "[" + root_dir +$ +$ define /nolog wrk_sslroot 'root'.] /translation_attributes = concealed +$ define /nolog wrk_sslinclude wrk_sslroot:[include] +$ +$ if f$parse( "wrk_sslroot:[000000]") .eqs. "" then - + create /directory /log wrk_sslroot:[000000] +$ if f$parse( "wrk_sslinclude:") .eqs. "" then - + create /directory /log wrk_sslinclude: +$ if f$parse( "wrk_sslroot:[vms]") .eqs. "" then - + create /directory /log wrk_sslroot:[vms] +$! +$ copy /log /protection = world:re openssl_startup.com wrk_sslroot:[vms] +$ copy /log /protection = world:re openssl_undo.com wrk_sslroot:[vms] +$ copy /log /protection = world:re openssl_utils.com wrk_sslroot:[vms] +$! +$ tidy: +$! +$ call deass wrk_sslroot +$ call deass wrk_sslinclude +$! +$ exit +$! +$ deass: subroutine +$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "") +$ then +$ deassign /process 'p1' +$ endif +$ endsubroutine +$! diff --git a/lib/libssl/src/VMS/openssl_startup.com b/lib/libssl/src/VMS/openssl_startup.com new file mode 100755 index 00000000000..04bbbde886f --- /dev/null +++ b/lib/libssl/src/VMS/openssl_startup.com @@ -0,0 +1,108 @@ +$! +$! Startup file for OpenSSL 1.x. +$! +$! 2011-03-05 SMS. +$! +$! This procedure must reside in the OpenSSL installation directory. +$! It will fail if it is copied to a different location. +$! +$! P1 qualifier(s) for DEFINE. For example, "/SYSTEM" to get the +$! logical names defined in the system logical name table. +$! +$! P2 "64", to use executables which were built with 64-bit pointers. +$! +$! Good (default) and bad status values. +$! +$ status = %x00010001 ! RMS$_NORMAL, normal successful completion. +$ rms_e_fnf = %x00018292 ! RMS$_FNF, file not found. +$! +$! Prepare for problems. +$! +$ orig_dev_dir = f$environment( "DEFAULT") +$ on control_y then goto clean_up +$ on error then goto clean_up +$! +$! Determine hardware architecture. +$! +$ if (f$getsyi( "cpu") .lt. 128) +$ then +$ arch_name = "VAX" +$ else +$ arch_name = f$edit( f$getsyi( "arch_name"), "upcase") +$ if (arch_name .eqs. "") then arch_name = "UNK" +$ endif +$! +$ if (p2 .eqs. "64") +$ then +$ arch_name_exe = arch_name+ "_64" +$ else +$ arch_name_exe = arch_name +$ endif +$! +$! Derive the OpenSSL installation device:[directory] from the location +$! of this command procedure. +$! +$ proc = f$environment( "procedure") +$ proc_dev_dir = f$parse( "A.;", proc, , , "no_conceal") - "A.;" +$ proc_dev = f$parse( proc_dev_dir, , , "device", "syntax_only") +$ proc_dir = f$parse( proc_dev_dir, , , "directory", "syntax_only") - - + ".][000000"- "[000000."- "]["- "["- "]" +$ proc_dev_dir = proc_dev+ "["+ proc_dir+ "]" +$ set default 'proc_dev_dir' +$ set default [-] +$ ossl_dev_dir = f$environment( "default") +$! +$! Check existence of expected directories (to see if this procedure has +$! been moved away from its proper place). +$! +$ if ((f$search( "certs.dir;1") .eqs. "") .or. - + (f$search( "include.dir;1") .eqs. "") .or. - + (f$search( "private.dir;1") .eqs. "") .or. - + (f$search( "vms.dir;1") .eqs. "")) +$ then +$ write sys$output - + " Can't find expected common OpenSSL directories in:" +$ write sys$output " ''ossl_dev_dir'" +$ status = rms_e_fnf +$ goto clean_up +$ endif +$! +$ if ((f$search( "''arch_name_exe'_exe.dir;1") .eqs. "") .or. - + (f$search( "''arch_name'_lib.dir;1") .eqs. "")) +$ then +$ write sys$output - + " Can't find expected architecture-specific OpenSSL directories in:" +$ write sys$output " ''ossl_dev_dir'" +$ status = rms_e_fnf +$ goto clean_up +$ endif +$! +$! All seems well (enough). Define the OpenSSL logical names. +$! +$ ossl_root = ossl_dev_dir- "]"+ ".]" +$ define /translation_attributes = concealed /nolog'p1 SSLROOT 'ossl_root' +$ define /nolog 'p1' SSLCERTS sslroot:[certs] +$ define /nolog 'p1' SSLINCLUDE sslroot:[include] +$ define /nolog 'p1' SSLPRIVATE sslroot:[private] +$ define /nolog 'p1' SSLEXE sslroot:['arch_name_exe'_exe] +$ define /nolog 'p1' SSLLIB sslroot:['arch_name'_lib] +$! +$! Defining OPENSSL lets a C program use "#include <openssl/{foo}.h>": +$ define /nolog 'p1' OPENSSL SSLINCLUDE: +$! +$! Run a site-specific procedure, if it exists. +$! +$ if f$search( "sslroot:[vms]openssl_systartup.com") .nes."" then - + @ sslroot:[vms]openssl_systartup.com +$! +$! Restore the original default dev:[dir] (if known). +$! +$ clean_up: +$! +$ if (f$type( orig_dev_dir) .nes. "") +$ then +$ set default 'orig_dev_dir' +$ endif +$! +$ EXIT 'status' +$! diff --git a/lib/libssl/src/VMS/openssl_undo.com b/lib/libssl/src/VMS/openssl_undo.com new file mode 100755 index 00000000000..d1623a3160f --- /dev/null +++ b/lib/libssl/src/VMS/openssl_undo.com @@ -0,0 +1,20 @@ +$! +$! Deassign OpenSSL logical names. +$! +$ call deass "OPENSSL" "''p1'" +$ call deass "SSLCERTS" "''p1'" +$ call deass "SSLEXE" "''p1'" +$ call deass "SSLINCLUDE" "''p1'" +$ call deass "SSLLIB" "''p1'" +$ call deass "SSLPRIVATE" "''p1'" +$ call deass "SSLROOT" "''p1'" +$! +$ exit +$! +$deass: subroutine +$ if (f$trnlnm( p1) .nes. "") +$ then +$ deassign 'p2' 'p1' +$ endif +$ endsubroutine +$! diff --git a/lib/libssl/src/apps/ec.c b/lib/libssl/src/apps/ec.c index 31194b48df7..896eabc13fb 100644 --- a/lib/libssl/src/apps/ec.c +++ b/lib/libssl/src/apps/ec.c @@ -85,9 +85,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int ret = 1; EC_KEY *eckey = NULL; const EC_GROUP *group; @@ -254,7 +251,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) diff --git a/lib/libssl/src/apps/ecparam.c b/lib/libssl/src/apps/ecparam.c index e9aa0a184ae..465480bedd0 100644 --- a/lib/libssl/src/apps/ecparam.c +++ b/lib/libssl/src/apps/ecparam.c @@ -129,9 +129,6 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL, *prog; BIO *in = NULL, *out = NULL; int informat, outformat, noout = 0, C = 0, ret = 1; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif char *engine = NULL; BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, @@ -340,7 +337,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (list_curves) diff --git a/lib/libssl/src/apps/install-apps.com b/lib/libssl/src/apps/install-apps.com new file mode 100755 index 00000000000..7a553aa12ec --- /dev/null +++ b/lib/libssl/src/apps/install-apps.com @@ -0,0 +1,107 @@ +$! INSTALL.COM -- Installs the files in a given directory tree +$! +$! Author: Richard Levitte <richard@levitte.org> +$! Time of creation: 22-MAY-1998 10:13 +$! +$! P1 root of the directory tree +$! P2 "64" for 64-bit pointers. +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$ on error then goto tidy +$ on control_c then goto tidy +$! +$ if (p1 .eqs. "") +$ then +$ write sys$output "First argument missing." +$ write sys$output - + "It should be the directory where you want things installed." +$ exit +$ endif +$! +$ if (f$getsyi("cpu") .lt. 128) +$ then +$ arch = "VAX" +$ else +$ arch = f$edit( f$getsyi( "arch_name"), "upcase") +$ if (arch .eqs. "") then arch = "UNK" +$ endif +$! +$ archd = arch +$! +$ if (p2 .nes. "") +$ then +$ if (p2 .eqs. "64") +$ then +$ archd = arch+ "_64" +$ else +$ if (p2 .nes. "32") +$ then +$ write sys$output "Second argument invalid." +$ write sys$output "It should be "32", "64", or nothing." +$ exit +$ endif +$ endif +$ endif +$! +$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0" +$ root_dev = f$parse(root,,,"device","syntax_only") +$ root_dir = f$parse(root,,,"directory","syntax_only") - - + "[000000." - "][" - "[" - "]" +$ root = root_dev + "[" + root_dir +$! +$ define /nolog wrk_sslroot 'root'.] /trans=conc +$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe] +$! +$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then - + create /directory /log wrk_sslroot:[000000] +$ if f$parse("wrk_sslxexe:") .eqs. "" then - + create /directory /log wrk_sslxexe: +$! +$ exe := openssl +$! +$ exe_dir := [-.'archd'.exe.apps] +$! +$! Executables. +$! +$ i = 0 +$ loop_exe: +$ e = f$edit(f$element( i, ",", exe), "trim") +$ i = i + 1 +$ if e .eqs. "," then goto loop_exe_end +$ set noon +$ file = exe_dir+ e+ ".exe" +$ if f$search( file) .nes. "" +$ then +$ copy /protection = w:re 'file' wrk_sslxexe: /log +$ endif +$ set on +$ goto loop_exe +$ loop_exe_end: +$! +$! Miscellaneous. +$! +$ set noon +$ copy /protection = w:re ca.com wrk_sslxexe:ca.com /log +$ copy /protection = w:re openssl-vms.cnf wrk_sslroot:[000000]openssl.cnf /log +$ set on +$! +$ tidy: +$! +$ call deass wrk_sslroot +$ call deass wrk_sslxexe +$! +$ exit +$! +$ deass: subroutine +$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "") +$ then +$ deassign /process 'p1' +$ endif +$ endsubroutine +$! diff --git a/lib/libssl/src/apps/pkeyparam.c b/lib/libssl/src/apps/pkeyparam.c index 7f18010f9d1..6f7a357a36c 100644 --- a/lib/libssl/src/apps/pkeyparam.c +++ b/lib/libssl/src/apps/pkeyparam.c @@ -74,7 +74,6 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey=NULL; int badarg = 0; #ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; char *engine=NULL; #endif int ret = 1; @@ -141,7 +140,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (infile) diff --git a/lib/libssl/src/apps/pkeyutl.c b/lib/libssl/src/apps/pkeyutl.c index 22a6c4bf397..7eb3f5c544d 100644 --- a/lib/libssl/src/apps/pkeyutl.c +++ b/lib/libssl/src/apps/pkeyutl.c @@ -119,17 +119,17 @@ int MAIN(int argc, char **argv) if (!strcmp(*argv,"-in")) { if (--argc < 1) badarg = 1; - infile= *(++argv); + else infile= *(++argv); } else if (!strcmp(*argv,"-out")) { if (--argc < 1) badarg = 1; - outfile= *(++argv); + else outfile= *(++argv); } else if (!strcmp(*argv,"-sigfile")) { if (--argc < 1) badarg = 1; - sigfile= *(++argv); + else sigfile= *(++argv); } else if(!strcmp(*argv, "-inkey")) { @@ -159,17 +159,17 @@ int MAIN(int argc, char **argv) else if (!strcmp(*argv,"-passin")) { if (--argc < 1) badarg = 1; - passargin= *(++argv); + else passargin= *(++argv); } else if (strcmp(*argv,"-peerform") == 0) { if (--argc < 1) badarg = 1; - peerform=str2fmt(*(++argv)); + else peerform=str2fmt(*(++argv)); } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; - keyform=str2fmt(*(++argv)); + else keyform=str2fmt(*(++argv)); } #ifndef OPENSSL_NO_ENGINE else if(!strcmp(*argv, "-engine")) diff --git a/lib/libssl/src/apps/vms_decc_init.c b/lib/libssl/src/apps/vms_decc_init.c new file mode 100755 index 00000000000..f512c8f1bcc --- /dev/null +++ b/lib/libssl/src/apps/vms_decc_init.c @@ -0,0 +1,188 @@ +#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \ + defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000) +# define USE_DECC_INIT 1 +#endif + +#ifdef USE_DECC_INIT + +/* + * 2010-04-26 SMS. + * + *---------------------------------------------------------------------- + * + * decc_init() + * + * On non-VAX systems, uses LIB$INITIALIZE to set a collection of C + * RTL features without using the DECC$* logical name method. + * + *---------------------------------------------------------------------- + */ + +#include <stdio.h> +#include <stdlib.h> +#include <unixlib.h> + + +/* Global storage. */ + +/* Flag to sense if decc_init() was called. */ + +int decc_init_done = -1; + + +/* Structure to hold a DECC$* feature name and its desired value. */ + +typedef struct +{ + char *name; + int value; +} decc_feat_t; + + +/* Array of DECC$* feature names and their desired values. + * Note: DECC$ARGV_PARSE_STYLE is the urgent one. + */ + +decc_feat_t decc_feat_array[] = +{ + /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */ + { "DECC$ARGV_PARSE_STYLE", 1 }, + + /* Preserve case for file names on ODS5 disks. */ + { "DECC$EFS_CASE_PRESERVE", 1 }, + + /* Enable multiple dots (and most characters) in ODS5 file names, + * while preserving VMS-ness of ";version". + */ + { "DECC$EFS_CHARSET", 1 }, + + /* List terminator. */ + { (char *)NULL, 0 } +}; + + +/* LIB$INITIALIZE initialization function. */ + +static void decc_init( void) +{ + char *openssl_debug_decc_init; + int verbose = 0; + int feat_index; + int feat_value; + int feat_value_max; + int feat_value_min; + int i; + int sts; + + /* Get debug option. */ + openssl_debug_decc_init = getenv( "OPENSSL_DEBUG_DECC_INIT"); + if (openssl_debug_decc_init != NULL) + { + verbose = strtol( openssl_debug_decc_init, NULL, 10); + if (verbose <= 0) + { + verbose = 1; + } + } + + /* Set the global flag to indicate that LIB$INITIALIZE worked. */ + decc_init_done = 1; + + /* Loop through all items in the decc_feat_array[]. */ + + for (i = 0; decc_feat_array[ i].name != NULL; i++) + { + /* Get the feature index. */ + feat_index = decc$feature_get_index( decc_feat_array[ i].name); + if (feat_index >= 0) + { + /* Valid item. Collect its properties. */ + feat_value = decc$feature_get_value( feat_index, 1); + feat_value_min = decc$feature_get_value( feat_index, 2); + feat_value_max = decc$feature_get_value( feat_index, 3); + + /* Check the validity of our desired value. */ + if ((decc_feat_array[ i].value >= feat_value_min) && + (decc_feat_array[ i].value <= feat_value_max)) + { + /* Valid value. Set it if necessary. */ + if (feat_value != decc_feat_array[ i].value) + { + sts = decc$feature_set_value( feat_index, + 1, + decc_feat_array[ i].value); + + if (verbose > 1) + { + fprintf( stderr, " %s = %d, sts = %d.\n", + decc_feat_array[ i].name, + decc_feat_array[ i].value, + sts); + } + } + } + else + { + /* Invalid DECC feature value. */ + fprintf( stderr, + " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n", + feat_value, + feat_value_min, decc_feat_array[ i].name, feat_value_max); + } + } + else + { + /* Invalid DECC feature name. */ + fprintf( stderr, + " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[ i].name); + } + } + + if (verbose > 0) + { + fprintf( stderr, " DECC_INIT complete.\n"); + } +} + +/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */ + +#pragma nostandard + +/* Establish the LIB$INITIALIZE PSECTs, with proper alignment and + * other attributes. Note that "nopic" is significant only on VAX. + */ +#pragma extern_model save + +#if __INITIAL_POINTER_SIZE == 64 +# define PSECT_ALIGN 3 +#else +# define PSECT_ALIGN 2 +#endif + +#pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt +const int spare[ 8] = { 0 }; + +#pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt +void (*const x_decc_init)() = decc_init; + +#pragma extern_model restore + +/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */ + +#pragma extern_model save + +int LIB$INITIALIZE( void); + +#pragma extern_model strict_refdef +int dmy_lib$initialize = (int) LIB$INITIALIZE; + +#pragma extern_model restore + +#pragma standard + +#else /* def USE_DECC_INIT */ + +/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */ +int decc_init_dummy( void); + +#endif /* def USE_DECC_INIT */ diff --git a/lib/libssl/src/crypto/LPdir_vms.c b/lib/libssl/src/crypto/LPdir_vms.c index 85b427a623b..7613bd254e7 100644 --- a/lib/libssl/src/crypto/LPdir_vms.c +++ b/lib/libssl/src/crypto/LPdir_vms.c @@ -40,22 +40,18 @@ #ifndef LPDIR_H #include "LPdir.h" #endif +#include "vms_rms.h" -/* Because some compiler options hide this macor */ +/* Some compiler options hide EVMSERR. */ #ifndef EVMSERR -#define EVMSERR 65535 /* error for non-translatable VMS errors */ +# define EVMSERR 65535 /* error for non-translatable VMS errors */ #endif struct LP_dir_context_st { unsigned long VMS_context; -#ifdef NAML$C_MAXRSS - char filespec[NAML$C_MAXRSS+1]; - char result[NAML$C_MAXRSS+1]; -#else - char filespec[256]; - char result[256]; -#endif + char filespec[ NAMX_MAXRSS+ 1]; + char result[ NAMX_MAXRSS+ 1]; struct dsc$descriptor_d filespec_dsc; struct dsc$descriptor_d result_dsc; }; @@ -66,6 +62,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) char *p, *r; size_t l; unsigned long flags = 0; + +/* Arrange 32-bit pointer to (copied) string storage, if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 + char *ctx_filespec_32p; +# pragma pointer_size restore + char ctx_filespec_32[ NAMX_MAXRSS+ 1]; +#endif /* __INITIAL_POINTER_SIZE == 64 */ + #ifdef NAML$C_MAXRSS flags |= LIB$M_FIL_LONG_NAMES; #endif @@ -93,13 +99,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) filespeclen += 4; /* "*.*;" */ - if (filespeclen > -#ifdef NAML$C_MAXRSS - NAML$C_MAXRSS -#else - 255 -#endif - ) + if (filespeclen > NAMX_MAXRSS) { errno = ENAMETOOLONG; return 0; @@ -115,14 +115,21 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) strcpy((*ctx)->filespec,directory); strcat((*ctx)->filespec,"*.*;"); + +/* Arrange 32-bit pointer to (copied) string storage, if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# define CTX_FILESPEC ctx_filespec_32p + /* Copy the file name to storage with a 32-bit pointer. */ + ctx_filespec_32p = ctx_filespec_32; + strcpy( ctx_filespec_32p, (*ctx)->filespec); +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define CTX_FILESPEC (*ctx)->filespec +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + (*ctx)->filespec_dsc.dsc$w_length = filespeclen; (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T; (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S; - (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec; - (*ctx)->result_dsc.dsc$w_length = 0; - (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D; - (*ctx)->result_dsc.dsc$a_pointer = 0; + (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC; } (*ctx)->result_dsc.dsc$w_length = 0; diff --git a/lib/libssl/src/crypto/aes/aes_wrap.c b/lib/libssl/src/crypto/aes/aes_wrap.c index 9feacd65d8c..e2d73d37ced 100644 --- a/lib/libssl/src/crypto/aes/aes_wrap.c +++ b/lib/libssl/src/crypto/aes/aes_wrap.c @@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv, A[7] ^= (unsigned char)(t & 0xff); if (t > 0xff) { - A[6] ^= (unsigned char)((t & 0xff) >> 8); - A[5] ^= (unsigned char)((t & 0xff) >> 16); - A[4] ^= (unsigned char)((t & 0xff) >> 24); + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); } memcpy(R, B + 8, 8); } @@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, A[7] ^= (unsigned char)(t & 0xff); if (t > 0xff) { - A[6] ^= (unsigned char)((t & 0xff) >> 8); - A[5] ^= (unsigned char)((t & 0xff) >> 16); - A[4] ^= (unsigned char)((t & 0xff) >> 24); + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); } memcpy(B + 8, R, 8); AES_decrypt(B, B, key); diff --git a/lib/libssl/src/crypto/aes/asm/aes-armv4.pl b/lib/libssl/src/crypto/aes/asm/aes-armv4.pl index 690244111a6..c51ee1fbf63 100644 --- a/lib/libssl/src/crypto/aes/asm/aes-armv4.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-armv4.pl @@ -16,12 +16,20 @@ # allows to merge logical or arithmetic operation with shift or rotate # in one instruction and emit combined result every cycle. The module # is endian-neutral. The performance is ~42 cycles/byte for 128-bit -# key. +# key [on single-issue Xscale PXA250 core]. # May 2007. # # AES_set_[en|de]crypt_key is added. +# July 2010. +# +# Rescheduling for dual-issue pipeline resulted in 12% improvement on +# Cortex A8 core and ~25 cycles per byte processed with 128-bit key. + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + $s0="r0"; $s1="r1"; $s2="r2"; @@ -164,24 +172,24 @@ AES_encrypt: ldrb $t2,[$rounds,#1] ldrb $t3,[$rounds,#0] orr $s0,$s0,$t1,lsl#8 - orr $s0,$s0,$t2,lsl#16 - orr $s0,$s0,$t3,lsl#24 ldrb $s1,[$rounds,#7] + orr $s0,$s0,$t2,lsl#16 ldrb $t1,[$rounds,#6] + orr $s0,$s0,$t3,lsl#24 ldrb $t2,[$rounds,#5] ldrb $t3,[$rounds,#4] orr $s1,$s1,$t1,lsl#8 - orr $s1,$s1,$t2,lsl#16 - orr $s1,$s1,$t3,lsl#24 ldrb $s2,[$rounds,#11] + orr $s1,$s1,$t2,lsl#16 ldrb $t1,[$rounds,#10] + orr $s1,$s1,$t3,lsl#24 ldrb $t2,[$rounds,#9] ldrb $t3,[$rounds,#8] orr $s2,$s2,$t1,lsl#8 - orr $s2,$s2,$t2,lsl#16 - orr $s2,$s2,$t3,lsl#24 ldrb $s3,[$rounds,#15] + orr $s2,$s2,$t2,lsl#16 ldrb $t1,[$rounds,#14] + orr $s2,$s2,$t3,lsl#24 ldrb $t2,[$rounds,#13] ldrb $t3,[$rounds,#12] orr $s3,$s3,$t1,lsl#8 @@ -196,24 +204,24 @@ AES_encrypt: mov $t3,$s0,lsr#8 strb $t1,[$rounds,#0] strb $t2,[$rounds,#1] - strb $t3,[$rounds,#2] - strb $s0,[$rounds,#3] mov $t1,$s1,lsr#24 + strb $t3,[$rounds,#2] mov $t2,$s1,lsr#16 + strb $s0,[$rounds,#3] mov $t3,$s1,lsr#8 strb $t1,[$rounds,#4] strb $t2,[$rounds,#5] - strb $t3,[$rounds,#6] - strb $s1,[$rounds,#7] mov $t1,$s2,lsr#24 + strb $t3,[$rounds,#6] mov $t2,$s2,lsr#16 + strb $s1,[$rounds,#7] mov $t3,$s2,lsr#8 strb $t1,[$rounds,#8] strb $t2,[$rounds,#9] - strb $t3,[$rounds,#10] - strb $s2,[$rounds,#11] mov $t1,$s3,lsr#24 + strb $t3,[$rounds,#10] mov $t2,$s3,lsr#16 + strb $s2,[$rounds,#11] mov $t3,$s3,lsr#8 strb $t1,[$rounds,#12] strb $t2,[$rounds,#13] @@ -230,141 +238,137 @@ AES_encrypt: .align 2 _armv4_AES_encrypt: str lr,[sp,#-4]! @ push lr - ldr $t1,[$key],#16 - ldr $t2,[$key,#-12] - ldr $t3,[$key,#-8] - ldr $i1,[$key,#-4] - ldr $rounds,[$key,#240-16] + ldmia $key!,{$t1-$i1} eor $s0,$s0,$t1 + ldr $rounds,[$key,#240-16] eor $s1,$s1,$t2 eor $s2,$s2,$t3 eor $s3,$s3,$i1 sub $rounds,$rounds,#1 mov lr,#255 -.Lenc_loop: + and $i1,lr,$s0 and $i2,lr,$s0,lsr#8 and $i3,lr,$s0,lsr#16 - and $i1,lr,$s0 mov $s0,$s0,lsr#24 +.Lenc_loop: ldr $t1,[$tbl,$i1,lsl#2] @ Te3[s0>>0] - ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24] - ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8] - ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16] - and $i1,lr,$s1,lsr#16 @ i0 + ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8] and $i2,lr,$s1 + ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16] and $i3,lr,$s1,lsr#8 + ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24] mov $s1,$s1,lsr#24 + ldr $i1,[$tbl,$i1,lsl#2] @ Te1[s1>>16] - ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24] ldr $i2,[$tbl,$i2,lsl#2] @ Te3[s1>>0] ldr $i3,[$tbl,$i3,lsl#2] @ Te2[s1>>8] eor $s0,$s0,$i1,ror#8 - eor $s1,$s1,$t1,ror#24 - eor $t2,$t2,$i2,ror#8 - eor $t3,$t3,$i3,ror#8 - + ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24] and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$t2,$i2,ror#8 and $i2,lr,$s2,lsr#16 @ i1 + eor $t3,$t3,$i3,ror#8 and $i3,lr,$s2 - mov $s2,$s2,lsr#24 + eor $s1,$s1,$t1,ror#24 ldr $i1,[$tbl,$i1,lsl#2] @ Te2[s2>>8] + mov $s2,$s2,lsr#24 + ldr $i2,[$tbl,$i2,lsl#2] @ Te1[s2>>16] - ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24] ldr $i3,[$tbl,$i3,lsl#2] @ Te3[s2>>0] eor $s0,$s0,$i1,ror#16 - eor $s1,$s1,$i2,ror#8 - eor $s2,$s2,$t2,ror#16 - eor $t3,$t3,$i3,ror#16 - + ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24] and $i1,lr,$s3 @ i0 + eor $s1,$s1,$i2,ror#8 and $i2,lr,$s3,lsr#8 @ i1 + eor $t3,$t3,$i3,ror#16 and $i3,lr,$s3,lsr#16 @ i2 - mov $s3,$s3,lsr#24 + eor $s2,$s2,$t2,ror#16 ldr $i1,[$tbl,$i1,lsl#2] @ Te3[s3>>0] + mov $s3,$s3,lsr#24 + ldr $i2,[$tbl,$i2,lsl#2] @ Te2[s3>>8] ldr $i3,[$tbl,$i3,lsl#2] @ Te1[s3>>16] - ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24] eor $s0,$s0,$i1,ror#24 + ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24] eor $s1,$s1,$i2,ror#16 + ldr $i1,[$key],#16 eor $s2,$s2,$i3,ror#8 + ldr $t1,[$key,#-12] eor $s3,$s3,$t3,ror#8 - ldr $t1,[$key],#16 - ldr $t2,[$key,#-12] - ldr $t3,[$key,#-8] - ldr $i1,[$key,#-4] - eor $s0,$s0,$t1 - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 + ldr $t2,[$key,#-8] + eor $s0,$s0,$i1 + ldr $t3,[$key,#-4] + and $i1,lr,$s0 + eor $s1,$s1,$t1 + and $i2,lr,$s0,lsr#8 + eor $s2,$s2,$t2 + and $i3,lr,$s0,lsr#16 + eor $s3,$s3,$t3 + mov $s0,$s0,lsr#24 subs $rounds,$rounds,#1 bne .Lenc_loop add $tbl,$tbl,#2 - and $i1,lr,$s0 - and $i2,lr,$s0,lsr#8 - and $i3,lr,$s0,lsr#16 - mov $s0,$s0,lsr#24 ldrb $t1,[$tbl,$i1,lsl#2] @ Te4[s0>>0] - ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24] - ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8] - ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16] - and $i1,lr,$s1,lsr#16 @ i0 + ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8] and $i2,lr,$s1 + ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16] and $i3,lr,$s1,lsr#8 + ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24] mov $s1,$s1,lsr#24 + ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s1>>16] - ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24] ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s1>>0] ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s1>>8] eor $s0,$i1,$s0,lsl#8 - eor $s1,$t1,$s1,lsl#24 - eor $t2,$i2,$t2,lsl#8 - eor $t3,$i3,$t3,lsl#8 - + ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24] and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$i2,$t2,lsl#8 and $i2,lr,$s2,lsr#16 @ i1 + eor $t3,$i3,$t3,lsl#8 and $i3,lr,$s2 - mov $s2,$s2,lsr#24 + eor $s1,$t1,$s1,lsl#24 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s2>>8] + mov $s2,$s2,lsr#24 + ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s2>>16] - ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24] ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s2>>0] eor $s0,$i1,$s0,lsl#8 - eor $s1,$s1,$i2,lsl#16 - eor $s2,$t2,$s2,lsl#24 - eor $t3,$i3,$t3,lsl#8 - + ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24] and $i1,lr,$s3 @ i0 + eor $s1,$s1,$i2,lsl#16 and $i2,lr,$s3,lsr#8 @ i1 + eor $t3,$i3,$t3,lsl#8 and $i3,lr,$s3,lsr#16 @ i2 - mov $s3,$s3,lsr#24 + eor $s2,$t2,$s2,lsl#24 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s3>>0] + mov $s3,$s3,lsr#24 + ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s3>>8] ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s3>>16] - ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24] eor $s0,$i1,$s0,lsl#8 + ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24] + ldr $i1,[$key,#0] eor $s1,$s1,$i2,lsl#8 + ldr $t1,[$key,#4] eor $s2,$s2,$i3,lsl#16 + ldr $t2,[$key,#8] eor $s3,$t3,$s3,lsl#24 + ldr $t3,[$key,#12] - ldr lr,[sp],#4 @ pop lr - ldr $t1,[$key,#0] - ldr $t2,[$key,#4] - ldr $t3,[$key,#8] - ldr $i1,[$key,#12] - eor $s0,$s0,$t1 - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 + eor $s0,$s0,$i1 + eor $s1,$s1,$t1 + eor $s2,$s2,$t2 + eor $s3,$s3,$t3 sub $tbl,$tbl,#2 - mov pc,lr @ return + ldr pc,[sp],#4 @ pop and return .size _armv4_AES_encrypt,.-_armv4_AES_encrypt .global AES_set_encrypt_key @@ -399,31 +403,31 @@ AES_set_encrypt_key: ldrb $t2,[$rounds,#1] ldrb $t3,[$rounds,#0] orr $s0,$s0,$t1,lsl#8 - orr $s0,$s0,$t2,lsl#16 - orr $s0,$s0,$t3,lsl#24 ldrb $s1,[$rounds,#7] + orr $s0,$s0,$t2,lsl#16 ldrb $t1,[$rounds,#6] + orr $s0,$s0,$t3,lsl#24 ldrb $t2,[$rounds,#5] ldrb $t3,[$rounds,#4] orr $s1,$s1,$t1,lsl#8 - orr $s1,$s1,$t2,lsl#16 - orr $s1,$s1,$t3,lsl#24 ldrb $s2,[$rounds,#11] + orr $s1,$s1,$t2,lsl#16 ldrb $t1,[$rounds,#10] + orr $s1,$s1,$t3,lsl#24 ldrb $t2,[$rounds,#9] ldrb $t3,[$rounds,#8] orr $s2,$s2,$t1,lsl#8 - orr $s2,$s2,$t2,lsl#16 - orr $s2,$s2,$t3,lsl#24 ldrb $s3,[$rounds,#15] + orr $s2,$s2,$t2,lsl#16 ldrb $t1,[$rounds,#14] + orr $s2,$s2,$t3,lsl#24 ldrb $t2,[$rounds,#13] ldrb $t3,[$rounds,#12] orr $s3,$s3,$t1,lsl#8 - orr $s3,$s3,$t2,lsl#16 - orr $s3,$s3,$t3,lsl#24 str $s0,[$key],#16 + orr $s3,$s3,$t2,lsl#16 str $s1,[$key,#-12] + orr $s3,$s3,$t3,lsl#24 str $s2,[$key,#-8] str $s3,[$key,#-4] @@ -437,27 +441,26 @@ AES_set_encrypt_key: .L128_loop: and $t2,lr,$s3,lsr#24 and $i1,lr,$s3,lsr#16 - and $i2,lr,$s3,lsr#8 - and $i3,lr,$s3 ldrb $t2,[$tbl,$t2] + and $i2,lr,$s3,lsr#8 ldrb $i1,[$tbl,$i1] + and $i3,lr,$s3 ldrb $i2,[$tbl,$i2] - ldrb $i3,[$tbl,$i3] - ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i1,lsl#24 + ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i3,lsl#8 eor $t2,$t2,$t1 eor $s0,$s0,$t2 @ rk[4]=rk[0]^... eor $s1,$s1,$s0 @ rk[5]=rk[1]^rk[4] - eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5] - eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6] str $s0,[$key],#16 + eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5] str $s1,[$key,#-12] + eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6] str $s2,[$key,#-8] - str $s3,[$key,#-4] - subs $rounds,$rounds,#1 + str $s3,[$key,#-4] bne .L128_loop sub r2,$key,#176 b .Ldone @@ -468,16 +471,16 @@ AES_set_encrypt_key: ldrb $t2,[$rounds,#17] ldrb $t3,[$rounds,#16] orr $i2,$i2,$t1,lsl#8 - orr $i2,$i2,$t2,lsl#16 - orr $i2,$i2,$t3,lsl#24 ldrb $i3,[$rounds,#23] + orr $i2,$i2,$t2,lsl#16 ldrb $t1,[$rounds,#22] + orr $i2,$i2,$t3,lsl#24 ldrb $t2,[$rounds,#21] ldrb $t3,[$rounds,#20] orr $i3,$i3,$t1,lsl#8 orr $i3,$i3,$t2,lsl#16 - orr $i3,$i3,$t3,lsl#24 str $i2,[$key],#8 + orr $i3,$i3,$t3,lsl#24 str $i3,[$key,#-4] teq lr,#192 @@ -491,27 +494,26 @@ AES_set_encrypt_key: .L192_loop: and $t2,lr,$i3,lsr#24 and $i1,lr,$i3,lsr#16 - and $i2,lr,$i3,lsr#8 - and $i3,lr,$i3 ldrb $t2,[$tbl,$t2] + and $i2,lr,$i3,lsr#8 ldrb $i1,[$tbl,$i1] + and $i3,lr,$i3 ldrb $i2,[$tbl,$i2] - ldrb $i3,[$tbl,$i3] - ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i1,lsl#24 + ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i3,lsl#8 eor $i3,$t2,$t1 eor $s0,$s0,$i3 @ rk[6]=rk[0]^... eor $s1,$s1,$s0 @ rk[7]=rk[1]^rk[6] - eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7] - eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8] str $s0,[$key],#24 + eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7] str $s1,[$key,#-20] + eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8] str $s2,[$key,#-16] - str $s3,[$key,#-12] - subs $rounds,$rounds,#1 + str $s3,[$key,#-12] subeq r2,$key,#216 beq .Ldone @@ -529,16 +531,16 @@ AES_set_encrypt_key: ldrb $t2,[$rounds,#25] ldrb $t3,[$rounds,#24] orr $i2,$i2,$t1,lsl#8 - orr $i2,$i2,$t2,lsl#16 - orr $i2,$i2,$t3,lsl#24 ldrb $i3,[$rounds,#31] + orr $i2,$i2,$t2,lsl#16 ldrb $t1,[$rounds,#30] + orr $i2,$i2,$t3,lsl#24 ldrb $t2,[$rounds,#29] ldrb $t3,[$rounds,#28] orr $i3,$i3,$t1,lsl#8 orr $i3,$i3,$t2,lsl#16 - orr $i3,$i3,$t3,lsl#24 str $i2,[$key],#8 + orr $i3,$i3,$t3,lsl#24 str $i3,[$key,#-4] mov $rounds,#14 @@ -550,52 +552,51 @@ AES_set_encrypt_key: .L256_loop: and $t2,lr,$i3,lsr#24 and $i1,lr,$i3,lsr#16 - and $i2,lr,$i3,lsr#8 - and $i3,lr,$i3 ldrb $t2,[$tbl,$t2] + and $i2,lr,$i3,lsr#8 ldrb $i1,[$tbl,$i1] + and $i3,lr,$i3 ldrb $i2,[$tbl,$i2] - ldrb $i3,[$tbl,$i3] - ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i1,lsl#24 + ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$t3],#4 @ rcon[i++] orr $t2,$t2,$i3,lsl#8 eor $i3,$t2,$t1 eor $s0,$s0,$i3 @ rk[8]=rk[0]^... eor $s1,$s1,$s0 @ rk[9]=rk[1]^rk[8] - eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9] - eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10] str $s0,[$key],#32 + eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9] str $s1,[$key,#-28] + eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10] str $s2,[$key,#-24] - str $s3,[$key,#-20] - subs $rounds,$rounds,#1 + str $s3,[$key,#-20] subeq r2,$key,#256 beq .Ldone and $t2,lr,$s3 and $i1,lr,$s3,lsr#8 - and $i2,lr,$s3,lsr#16 - and $i3,lr,$s3,lsr#24 ldrb $t2,[$tbl,$t2] + and $i2,lr,$s3,lsr#16 ldrb $i1,[$tbl,$i1] + and $i3,lr,$s3,lsr#24 ldrb $i2,[$tbl,$i2] - ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i1,lsl#8 + ldrb $i3,[$tbl,$i3] orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$key,#-48] orr $t2,$t2,$i3,lsl#24 - ldr $t1,[$key,#-48] ldr $i1,[$key,#-44] ldr $i2,[$key,#-40] - ldr $i3,[$key,#-36] eor $t1,$t1,$t2 @ rk[12]=rk[4]^... + ldr $i3,[$key,#-36] eor $i1,$i1,$t1 @ rk[13]=rk[5]^rk[12] - eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13] - eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14] str $t1,[$key,#-16] + eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13] str $i1,[$key,#-12] + eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14] str $i2,[$key,#-8] str $i3,[$key,#-4] b .L256_loop @@ -816,24 +817,24 @@ AES_decrypt: ldrb $t2,[$rounds,#1] ldrb $t3,[$rounds,#0] orr $s0,$s0,$t1,lsl#8 - orr $s0,$s0,$t2,lsl#16 - orr $s0,$s0,$t3,lsl#24 ldrb $s1,[$rounds,#7] + orr $s0,$s0,$t2,lsl#16 ldrb $t1,[$rounds,#6] + orr $s0,$s0,$t3,lsl#24 ldrb $t2,[$rounds,#5] ldrb $t3,[$rounds,#4] orr $s1,$s1,$t1,lsl#8 - orr $s1,$s1,$t2,lsl#16 - orr $s1,$s1,$t3,lsl#24 ldrb $s2,[$rounds,#11] + orr $s1,$s1,$t2,lsl#16 ldrb $t1,[$rounds,#10] + orr $s1,$s1,$t3,lsl#24 ldrb $t2,[$rounds,#9] ldrb $t3,[$rounds,#8] orr $s2,$s2,$t1,lsl#8 - orr $s2,$s2,$t2,lsl#16 - orr $s2,$s2,$t3,lsl#24 ldrb $s3,[$rounds,#15] + orr $s2,$s2,$t2,lsl#16 ldrb $t1,[$rounds,#14] + orr $s2,$s2,$t3,lsl#24 ldrb $t2,[$rounds,#13] ldrb $t3,[$rounds,#12] orr $s3,$s3,$t1,lsl#8 @@ -848,24 +849,24 @@ AES_decrypt: mov $t3,$s0,lsr#8 strb $t1,[$rounds,#0] strb $t2,[$rounds,#1] - strb $t3,[$rounds,#2] - strb $s0,[$rounds,#3] mov $t1,$s1,lsr#24 + strb $t3,[$rounds,#2] mov $t2,$s1,lsr#16 + strb $s0,[$rounds,#3] mov $t3,$s1,lsr#8 strb $t1,[$rounds,#4] strb $t2,[$rounds,#5] - strb $t3,[$rounds,#6] - strb $s1,[$rounds,#7] mov $t1,$s2,lsr#24 + strb $t3,[$rounds,#6] mov $t2,$s2,lsr#16 + strb $s1,[$rounds,#7] mov $t3,$s2,lsr#8 strb $t1,[$rounds,#8] strb $t2,[$rounds,#9] - strb $t3,[$rounds,#10] - strb $s2,[$rounds,#11] mov $t1,$s3,lsr#24 + strb $t3,[$rounds,#10] mov $t2,$s3,lsr#16 + strb $s2,[$rounds,#11] mov $t3,$s3,lsr#8 strb $t1,[$rounds,#12] strb $t2,[$rounds,#13] @@ -882,146 +883,143 @@ AES_decrypt: .align 2 _armv4_AES_decrypt: str lr,[sp,#-4]! @ push lr - ldr $t1,[$key],#16 - ldr $t2,[$key,#-12] - ldr $t3,[$key,#-8] - ldr $i1,[$key,#-4] - ldr $rounds,[$key,#240-16] + ldmia $key!,{$t1-$i1} eor $s0,$s0,$t1 + ldr $rounds,[$key,#240-16] eor $s1,$s1,$t2 eor $s2,$s2,$t3 eor $s3,$s3,$i1 sub $rounds,$rounds,#1 mov lr,#255 -.Ldec_loop: and $i1,lr,$s0,lsr#16 and $i2,lr,$s0,lsr#8 and $i3,lr,$s0 mov $s0,$s0,lsr#24 +.Ldec_loop: ldr $t1,[$tbl,$i1,lsl#2] @ Td1[s0>>16] - ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24] - ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8] - ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0] - and $i1,lr,$s1 @ i0 + ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8] and $i2,lr,$s1,lsr#16 + ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0] and $i3,lr,$s1,lsr#8 + ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24] mov $s1,$s1,lsr#24 + ldr $i1,[$tbl,$i1,lsl#2] @ Td3[s1>>0] - ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24] ldr $i2,[$tbl,$i2,lsl#2] @ Td1[s1>>16] ldr $i3,[$tbl,$i3,lsl#2] @ Td2[s1>>8] eor $s0,$s0,$i1,ror#24 - eor $s1,$s1,$t1,ror#8 - eor $t2,$i2,$t2,ror#8 - eor $t3,$i3,$t3,ror#8 - + ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24] and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$i2,$t2,ror#8 and $i2,lr,$s2 @ i1 + eor $t3,$i3,$t3,ror#8 and $i3,lr,$s2,lsr#16 - mov $s2,$s2,lsr#24 + eor $s1,$s1,$t1,ror#8 ldr $i1,[$tbl,$i1,lsl#2] @ Td2[s2>>8] + mov $s2,$s2,lsr#24 + ldr $i2,[$tbl,$i2,lsl#2] @ Td3[s2>>0] - ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24] ldr $i3,[$tbl,$i3,lsl#2] @ Td1[s2>>16] eor $s0,$s0,$i1,ror#16 - eor $s1,$s1,$i2,ror#24 - eor $s2,$s2,$t2,ror#8 - eor $t3,$i3,$t3,ror#8 - + ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24] and $i1,lr,$s3,lsr#16 @ i0 + eor $s1,$s1,$i2,ror#24 and $i2,lr,$s3,lsr#8 @ i1 + eor $t3,$i3,$t3,ror#8 and $i3,lr,$s3 @ i2 - mov $s3,$s3,lsr#24 + eor $s2,$s2,$t2,ror#8 ldr $i1,[$tbl,$i1,lsl#2] @ Td1[s3>>16] + mov $s3,$s3,lsr#24 + ldr $i2,[$tbl,$i2,lsl#2] @ Td2[s3>>8] ldr $i3,[$tbl,$i3,lsl#2] @ Td3[s3>>0] - ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24] eor $s0,$s0,$i1,ror#8 + ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24] eor $s1,$s1,$i2,ror#16 eor $s2,$s2,$i3,ror#24 + ldr $i1,[$key],#16 eor $s3,$s3,$t3,ror#8 - ldr $t1,[$key],#16 - ldr $t2,[$key,#-12] - ldr $t3,[$key,#-8] - ldr $i1,[$key,#-4] - eor $s0,$s0,$t1 - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 + ldr $t1,[$key,#-12] + ldr $t2,[$key,#-8] + eor $s0,$s0,$i1 + ldr $t3,[$key,#-4] + and $i1,lr,$s0,lsr#16 + eor $s1,$s1,$t1 + and $i2,lr,$s0,lsr#8 + eor $s2,$s2,$t2 + and $i3,lr,$s0 + eor $s3,$s3,$t3 + mov $s0,$s0,lsr#24 subs $rounds,$rounds,#1 bne .Ldec_loop add $tbl,$tbl,#1024 - ldr $t1,[$tbl,#0] @ prefetch Td4 - ldr $t2,[$tbl,#32] - ldr $t3,[$tbl,#64] - ldr $i1,[$tbl,#96] - ldr $i2,[$tbl,#128] - ldr $i3,[$tbl,#160] - ldr $t1,[$tbl,#192] - ldr $t2,[$tbl,#224] + ldr $t2,[$tbl,#0] @ prefetch Td4 + ldr $t3,[$tbl,#32] + ldr $t1,[$tbl,#64] + ldr $t2,[$tbl,#96] + ldr $t3,[$tbl,#128] + ldr $t1,[$tbl,#160] + ldr $t2,[$tbl,#192] + ldr $t3,[$tbl,#224] - and $i1,lr,$s0,lsr#16 - and $i2,lr,$s0,lsr#8 - and $i3,lr,$s0 - ldrb $s0,[$tbl,$s0,lsr#24] @ Td4[s0>>24] + ldrb $s0,[$tbl,$s0] @ Td4[s0>>24] ldrb $t1,[$tbl,$i1] @ Td4[s0>>16] - ldrb $t2,[$tbl,$i2] @ Td4[s0>>8] - ldrb $t3,[$tbl,$i3] @ Td4[s0>>0] - and $i1,lr,$s1 @ i0 + ldrb $t2,[$tbl,$i2] @ Td4[s0>>8] and $i2,lr,$s1,lsr#16 + ldrb $t3,[$tbl,$i3] @ Td4[s0>>0] and $i3,lr,$s1,lsr#8 + ldrb $i1,[$tbl,$i1] @ Td4[s1>>0] ldrb $s1,[$tbl,$s1,lsr#24] @ Td4[s1>>24] ldrb $i2,[$tbl,$i2] @ Td4[s1>>16] - ldrb $i3,[$tbl,$i3] @ Td4[s1>>8] eor $s0,$i1,$s0,lsl#24 + ldrb $i3,[$tbl,$i3] @ Td4[s1>>8] eor $s1,$t1,$s1,lsl#8 - eor $t2,$t2,$i2,lsl#8 - eor $t3,$t3,$i3,lsl#8 - and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$t2,$i2,lsl#8 and $i2,lr,$s2 @ i1 - and $i3,lr,$s2,lsr#16 + eor $t3,$t3,$i3,lsl#8 ldrb $i1,[$tbl,$i1] @ Td4[s2>>8] + and $i3,lr,$s2,lsr#16 + ldrb $i2,[$tbl,$i2] @ Td4[s2>>0] ldrb $s2,[$tbl,$s2,lsr#24] @ Td4[s2>>24] - ldrb $i3,[$tbl,$i3] @ Td4[s2>>16] eor $s0,$s0,$i1,lsl#8 + ldrb $i3,[$tbl,$i3] @ Td4[s2>>16] eor $s1,$i2,$s1,lsl#16 - eor $s2,$t2,$s2,lsl#16 - eor $t3,$t3,$i3,lsl#16 - and $i1,lr,$s3,lsr#16 @ i0 + eor $s2,$t2,$s2,lsl#16 and $i2,lr,$s3,lsr#8 @ i1 - and $i3,lr,$s3 @ i2 + eor $t3,$t3,$i3,lsl#16 ldrb $i1,[$tbl,$i1] @ Td4[s3>>16] + and $i3,lr,$s3 @ i2 + ldrb $i2,[$tbl,$i2] @ Td4[s3>>8] ldrb $i3,[$tbl,$i3] @ Td4[s3>>0] ldrb $s3,[$tbl,$s3,lsr#24] @ Td4[s3>>24] eor $s0,$s0,$i1,lsl#16 + ldr $i1,[$key,#0] eor $s1,$s1,$i2,lsl#8 + ldr $t1,[$key,#4] eor $s2,$i3,$s2,lsl#8 + ldr $t2,[$key,#8] eor $s3,$t3,$s3,lsl#24 + ldr $t3,[$key,#12] - ldr lr,[sp],#4 @ pop lr - ldr $t1,[$key,#0] - ldr $t2,[$key,#4] - ldr $t3,[$key,#8] - ldr $i1,[$key,#12] - eor $s0,$s0,$t1 - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 + eor $s0,$s0,$i1 + eor $s1,$s1,$t1 + eor $s2,$s2,$t2 + eor $s3,$s3,$t3 sub $tbl,$tbl,#1024 - mov pc,lr @ return + ldr pc,[sp],#4 @ pop and return .size _armv4_AES_decrypt,.-_armv4_AES_decrypt .asciz "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" .align 2 @@ -1029,3 +1027,4 @@ ___ $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 print $code; +close STDOUT; # enforce flush diff --git a/lib/libssl/src/crypto/alphacpuid.pl b/lib/libssl/src/crypto/alphacpuid.pl new file mode 100644 index 00000000000..4b3cbb9827d --- /dev/null +++ b/lib/libssl/src/crypto/alphacpuid.pl @@ -0,0 +1,126 @@ +#!/usr/bin/env perl +print <<'___'; +.text + +.set noat + +.globl OPENSSL_cpuid_setup +.ent OPENSSL_cpuid_setup +OPENSSL_cpuid_setup: + .frame $30,0,$26 + .prologue 0 + ret ($26) +.end OPENSSL_cpuid_setup + +.globl OPENSSL_wipe_cpu +.ent OPENSSL_wipe_cpu +OPENSSL_wipe_cpu: + .frame $30,0,$26 + .prologue 0 + clr $1 + clr $2 + clr $3 + clr $4 + clr $5 + clr $6 + clr $7 + clr $8 + clr $16 + clr $17 + clr $18 + clr $19 + clr $20 + clr $21 + clr $22 + clr $23 + clr $24 + clr $25 + clr $27 + clr $at + clr $29 + fclr $f0 + fclr $f1 + fclr $f10 + fclr $f11 + fclr $f12 + fclr $f13 + fclr $f14 + fclr $f15 + fclr $f16 + fclr $f17 + fclr $f18 + fclr $f19 + fclr $f20 + fclr $f21 + fclr $f22 + fclr $f23 + fclr $f24 + fclr $f25 + fclr $f26 + fclr $f27 + fclr $f28 + fclr $f29 + fclr $f30 + mov $sp,$0 + ret ($26) +.end OPENSSL_wipe_cpu + +.globl OPENSSL_atomic_add +.ent OPENSSL_atomic_add +OPENSSL_atomic_add: + .frame $30,0,$26 + .prologue 0 +1: ldl_l $0,0($16) + addl $0,$17,$1 + stl_c $1,0($16) + beq $1,1b + addl $0,$17,$0 + ret ($26) +.end OPENSSL_atomic_add + +.globl OPENSSL_rdtsc +.ent OPENSSL_rdtsc +OPENSSL_rdtsc: + .frame $30,0,$26 + .prologue 0 + rpcc $0 + ret ($26) +.end OPENSSL_rdtsc + +.globl OPENSSL_cleanse +.ent OPENSSL_cleanse +OPENSSL_cleanse: + .frame $30,0,$26 + .prologue 0 + beq $17,.Ldone + and $16,7,$0 + bic $17,7,$at + beq $at,.Little + beq $0,.Laligned + +.Little: + subq $0,8,$0 + ldq_u $1,0($16) + mov $16,$2 +.Lalign: + mskbl $1,$16,$1 + lda $16,1($16) + subq $17,1,$17 + addq $0,1,$0 + beq $17,.Lout + bne $0,.Lalign +.Lout: stq_u $1,0($2) + beq $17,.Ldone + bic $17,7,$at + beq $at,.Little + +.Laligned: + stq $31,0($16) + subq $17,8,$17 + lda $16,8($16) + bic $17,7,$at + bne $at,.Laligned + bne $17,.Little +.Ldone: ret ($26) +.end OPENSSL_cleanse +___ diff --git a/lib/libssl/src/crypto/asn1/ameth_lib.c b/lib/libssl/src/crypto/asn1/ameth_lib.c index 9a8b6cc2226..5a581b90ead 100644 --- a/lib/libssl/src/crypto/asn1/ameth_lib.c +++ b/lib/libssl/src/crypto/asn1/ameth_lib.c @@ -172,7 +172,6 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) { const EVP_PKEY_ASN1_METHOD *t; - ENGINE *e; for (;;) { @@ -184,6 +183,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) if (pe) { #ifndef OPENSSL_NO_ENGINE + ENGINE *e; /* type will contain the final unaliased type */ e = ENGINE_get_pkey_asn1_meth_engine(type); if (e) diff --git a/lib/libssl/src/crypto/asn1/bio_ndef.c b/lib/libssl/src/crypto/asn1/bio_ndef.c index 370389b1e6e..b91f97a1b13 100644 --- a/lib/libssl/src/crypto/asn1/bio_ndef.c +++ b/lib/libssl/src/crypto/asn1/bio_ndef.c @@ -57,9 +57,6 @@ #include <openssl/bio.h> #include <openssl/err.h> -#ifndef OPENSSL_SYSNAME_NETWARE -#include <memory.h> -#endif #include <stdio.h> /* Experimental NDEF ASN1 BIO support routines */ diff --git a/lib/libssl/src/crypto/bn/asm/alpha-mont.pl b/lib/libssl/src/crypto/bn/asm/alpha-mont.pl index f7e0ca1646c..03596e2014d 100644 --- a/lib/libssl/src/crypto/bn/asm/alpha-mont.pl +++ b/lib/libssl/src/crypto/bn/asm/alpha-mont.pl @@ -41,8 +41,12 @@ $j="s4"; $m1="s5"; $code=<<___; +#ifdef __linux__ +#include <asm/regdef.h> +#else #include <asm.h> #include <regdef.h> +#endif .text @@ -76,7 +80,7 @@ bn_mul_mont: ldq $aj,8($ap) subq sp,AT,sp ldq $bi,0($bp) # bp[0] - mov -4096,AT + lda AT,-4096(zero) # mov -4096,AT ldq $n0,0($n0) and sp,AT,sp @@ -106,9 +110,9 @@ bn_mul_mont: .align 4 .L1st: .set noreorder - ldq $aj,($aj) + ldq $aj,0($aj) addl $j,1,$j - ldq $nj,($nj) + ldq $nj,0($nj) lda $tp,8($tp) addq $alo,$hi0,$lo0 @@ -159,12 +163,12 @@ bn_mul_mont: .align 4 .Louter: s8addq $i,$bp,$bi - ldq $hi0,($ap) + ldq $hi0,0($ap) ldq $aj,8($ap) - ldq $bi,($bi) - ldq $hi1,($np) + ldq $bi,0($bi) + ldq $hi1,0($np) ldq $nj,8($np) - ldq $tj,(sp) + ldq $tj,0(sp) mulq $hi0,$bi,$lo0 umulh $hi0,$bi,$hi0 @@ -195,10 +199,10 @@ bn_mul_mont: .set noreorder ldq $tj,8($tp) #L0 nop #U1 - ldq $aj,($aj) #L1 + ldq $aj,0($aj) #L1 s8addq $j,$np,$nj #U0 - ldq $nj,($nj) #L0 + ldq $nj,0($nj) #L0 nop #U1 addq $alo,$hi0,$lo0 #L1 lda $tp,8($tp) @@ -247,7 +251,7 @@ bn_mul_mont: addq $hi1,v0,$hi1 addq $hi1,$hi0,$lo1 - stq $j,($tp) + stq $j,0($tp) cmpult $lo1,$hi0,$hi1 addq $lo1,$tj,$lo1 cmpult $lo1,$tj,AT @@ -265,8 +269,8 @@ bn_mul_mont: mov 0,$hi0 # clear borrow bit .align 4 -.Lsub: ldq $lo0,($tp) - ldq $lo1,($np) +.Lsub: ldq $lo0,0($tp) + ldq $lo1,0($np) lda $tp,8($tp) lda $np,8($np) subq $lo0,$lo1,$lo1 # tp[i]-np[i] @@ -274,7 +278,7 @@ bn_mul_mont: subq $lo1,$hi0,$lo0 cmpult $lo1,$lo0,$hi0 or $hi0,AT,$hi0 - stq $lo0,($rp) + stq $lo0,0($rp) cmpult $tp,$tj,v0 lda $rp,8($rp) bne v0,.Lsub @@ -288,7 +292,7 @@ bn_mul_mont: bis $bp,$ap,$ap # ap=borrow?tp:rp .align 4 -.Lcopy: ldq $aj,($ap) # copy or in-place refresh +.Lcopy: ldq $aj,0($ap) # copy or in-place refresh lda $tp,8($tp) lda $rp,8($rp) lda $ap,8($ap) @@ -309,8 +313,8 @@ bn_mul_mont: lda sp,48(sp) ret (ra) .end bn_mul_mont -.rdata -.asciiz "Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>" +.ascii "Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 ___ print $code; diff --git a/lib/libssl/src/crypto/bn/asm/s390x-mont.pl b/lib/libssl/src/crypto/bn/asm/s390x-mont.pl index d23251033b0..f61246f5b6a 100644 --- a/lib/libssl/src/crypto/bn/asm/s390x-mont.pl +++ b/lib/libssl/src/crypto/bn/asm/s390x-mont.pl @@ -69,8 +69,8 @@ bn_mul_mont: cghi $num,16 # lghi %r2,0 # blr %r14 # if($num<16) return 0; - cghi $num,128 # - bhr %r14 # if($num>128) return 0; + cghi $num,96 # + bhr %r14 # if($num>96) return 0; stmg %r3,%r15,24($sp) diff --git a/lib/libssl/src/crypto/bn/asm/s390x.S b/lib/libssl/src/crypto/bn/asm/s390x.S index 8f45f5d513c..43fcb79bc01 100755 --- a/lib/libssl/src/crypto/bn/asm/s390x.S +++ b/lib/libssl/src/crypto/bn/asm/s390x.S @@ -1,4 +1,4 @@ -.ident "s390x.S, version 1.0" +.ident "s390x.S, version 1.1" // ==================================================================== // Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL // project. @@ -24,67 +24,67 @@ bn_mul_add_words: bler %r14 // if (len<=0) return 0; stmg %r6,%r10,48(%r15) + lghi %r10,3 lghi %r8,0 // carry = 0 - srag %r10,%r4,2 // cnt=len/4 - jz .Loop1_madd + nr %r10,%r4 // len%4 + sra %r4,2 // cnt=len/4 + jz .Loop1_madd // carry is incidentally cleared if branch taken + algr zero,zero // clear carry .Loop4_madd: lg %r7,0(%r2,%r3) // ap[i] mlgr %r6,%r5 // *=w - algr %r7,%r8 // +=carry + alcgr %r7,%r8 // +=carry alcgr %r6,zero alg %r7,0(%r2,%r1) // +=rp[i] - alcgr %r6,zero stg %r7,0(%r2,%r1) // rp[i]= lg %r9,8(%r2,%r3) mlgr %r8,%r5 - algr %r9,%r6 + alcgr %r9,%r6 alcgr %r8,zero alg %r9,8(%r2,%r1) - alcgr %r8,zero stg %r9,8(%r2,%r1) lg %r7,16(%r2,%r3) mlgr %r6,%r5 - algr %r7,%r8 + alcgr %r7,%r8 alcgr %r6,zero alg %r7,16(%r2,%r1) - alcgr %r6,zero stg %r7,16(%r2,%r1) lg %r9,24(%r2,%r3) mlgr %r8,%r5 - algr %r9,%r6 + alcgr %r9,%r6 alcgr %r8,zero alg %r9,24(%r2,%r1) - alcgr %r8,zero stg %r9,24(%r2,%r1) la %r2,32(%r2) // i+=4 - brct %r10,.Loop4_madd + brct %r4,.Loop4_madd - lghi %r10,3 - nr %r4,%r10 // cnt=len%4 - jz .Lend_madd + la %r10,1(%r10) // see if len%4 is zero ... + brct %r10,.Loop1_madd // without touching condition code:-) + +.Lend_madd: + alcgr %r8,zero // collect carry bit + lgr %r2,%r8 + lmg %r6,%r10,48(%r15) + br %r14 .Loop1_madd: lg %r7,0(%r2,%r3) // ap[i] mlgr %r6,%r5 // *=w - algr %r7,%r8 // +=carry + alcgr %r7,%r8 // +=carry alcgr %r6,zero alg %r7,0(%r2,%r1) // +=rp[i] - alcgr %r6,zero stg %r7,0(%r2,%r1) // rp[i]= lgr %r8,%r6 la %r2,8(%r2) // i++ - brct %r4,.Loop1_madd + brct %r10,.Loop1_madd -.Lend_madd: - lgr %r2,%r8 - lmg %r6,%r10,48(%r15) - br %r14 + j .Lend_madd .size bn_mul_add_words,.-bn_mul_add_words // BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5); @@ -99,57 +99,57 @@ bn_mul_words: bler %r14 // if (len<=0) return 0; stmg %r6,%r10,48(%r15) + lghi %r10,3 lghi %r8,0 // carry = 0 - srag %r10,%r4,2 // cnt=len/4 - jz .Loop1_mul + nr %r10,%r4 // len%4 + sra %r4,2 // cnt=len/4 + jz .Loop1_mul // carry is incidentally cleared if branch taken + algr zero,zero // clear carry .Loop4_mul: lg %r7,0(%r2,%r3) // ap[i] mlgr %r6,%r5 // *=w - algr %r7,%r8 // +=carry - alcgr %r6,zero + alcgr %r7,%r8 // +=carry stg %r7,0(%r2,%r1) // rp[i]= lg %r9,8(%r2,%r3) mlgr %r8,%r5 - algr %r9,%r6 - alcgr %r8,zero + alcgr %r9,%r6 stg %r9,8(%r2,%r1) lg %r7,16(%r2,%r3) mlgr %r6,%r5 - algr %r7,%r8 - alcgr %r6,zero + alcgr %r7,%r8 stg %r7,16(%r2,%r1) lg %r9,24(%r2,%r3) mlgr %r8,%r5 - algr %r9,%r6 - alcgr %r8,zero + alcgr %r9,%r6 stg %r9,24(%r2,%r1) la %r2,32(%r2) // i+=4 - brct %r10,.Loop4_mul + brct %r4,.Loop4_mul - lghi %r10,3 - nr %r4,%r10 // cnt=len%4 - jz .Lend_mul + la %r10,1(%r10) // see if len%4 is zero ... + brct %r10,.Loop1_mul // without touching condition code:-) + +.Lend_mul: + alcgr %r8,zero // collect carry bit + lgr %r2,%r8 + lmg %r6,%r10,48(%r15) + br %r14 .Loop1_mul: lg %r7,0(%r2,%r3) // ap[i] mlgr %r6,%r5 // *=w - algr %r7,%r8 // +=carry - alcgr %r6,zero + alcgr %r7,%r8 // +=carry stg %r7,0(%r2,%r1) // rp[i]= lgr %r8,%r6 la %r2,8(%r2) // i++ - brct %r4,.Loop1_mul + brct %r10,.Loop1_mul -.Lend_mul: - lgr %r2,%r8 - lmg %r6,%r10,48(%r15) - br %r14 + j .Lend_mul .size bn_mul_words,.-bn_mul_words // void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4) diff --git a/lib/libssl/src/crypto/dsa/dsa_pmeth.c b/lib/libssl/src/crypto/dsa/dsa_pmeth.c index 4ce91e20c64..e2df54fec6a 100644 --- a/lib/libssl/src/crypto/dsa/dsa_pmeth.c +++ b/lib/libssl/src/crypto/dsa/dsa_pmeth.c @@ -187,6 +187,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_MD: if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && EVP_MD_type((const EVP_MD *)p2) != NID_dsa && + EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256) { diff --git a/lib/libssl/src/crypto/ec/ec2_mult.c b/lib/libssl/src/crypto/ec/ec2_mult.c index ab631a50a22..e12b9b284a0 100644 --- a/lib/libssl/src/crypto/ec/ec2_mult.c +++ b/lib/libssl/src/crypto/ec/ec2_mult.c @@ -319,6 +319,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, int ret = 0; size_t i; EC_POINT *p=NULL; + EC_POINT *acc = NULL; if (ctx == NULL) { @@ -338,15 +339,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } if ((p = EC_POINT_new(group)) == NULL) goto err; + if ((acc = EC_POINT_new(group)) == NULL) goto err; - if (!EC_POINT_set_to_infinity(group, r)) goto err; + if (!EC_POINT_set_to_infinity(group, acc)) goto err; if (scalar) { if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err; - if (BN_is_negative(scalar)) + if (BN_is_negative(scalar)) if (!group->meth->invert(group, p, ctx)) goto err; - if (!group->meth->add(group, r, r, p, ctx)) goto err; + if (!group->meth->add(group, acc, acc, p, ctx)) goto err; } for (i = 0; i < num; i++) @@ -354,13 +356,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err; if (BN_is_negative(scalars[i])) if (!group->meth->invert(group, p, ctx)) goto err; - if (!group->meth->add(group, r, r, p, ctx)) goto err; + if (!group->meth->add(group, acc, acc, p, ctx)) goto err; } + if (!EC_POINT_copy(r, acc)) goto err; + ret = 1; err: if (p) EC_POINT_free(p); + if (acc) EC_POINT_free(acc); if (new_ctx != NULL) BN_CTX_free(new_ctx); return ret; diff --git a/lib/libssl/src/crypto/ec/ec_key.c b/lib/libssl/src/crypto/ec/ec_key.c index 12fb0e6d6d7..522802c07ae 100644 --- a/lib/libssl/src/crypto/ec/ec_key.c +++ b/lib/libssl/src/crypto/ec/ec_key.c @@ -304,7 +304,13 @@ int EC_KEY_check_key(const EC_KEY *eckey) ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } - + + if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); + goto err; + } + if ((ctx = BN_CTX_new()) == NULL) goto err; if ((point = EC_POINT_new(eckey->group)) == NULL) diff --git a/lib/libssl/src/crypto/ecdh/ech_lib.c b/lib/libssl/src/crypto/ecdh/ech_lib.c index e89b1d47728..4d8ea03d3df 100644 --- a/lib/libssl/src/crypto/ecdh/ech_lib.c +++ b/lib/libssl/src/crypto/ecdh/ech_lib.c @@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void) int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) { - const ECDH_METHOD *mtmp; ECDH_DATA *ecdh; ecdh = ecdh_check(eckey); @@ -104,8 +103,8 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) if (ecdh == NULL) return 0; - mtmp = ecdh->meth; #if 0 + mtmp = ecdh->meth; if (mtmp->finish) mtmp->finish(eckey); #endif diff --git a/lib/libssl/src/crypto/ecdsa/ecdsatest.c b/lib/libssl/src/crypto/ecdsa/ecdsatest.c index aa4e1481a8f..26a4a9ee7c9 100644 --- a/lib/libssl/src/crypto/ecdsa/ecdsatest.c +++ b/lib/libssl/src/crypto/ecdsa/ecdsatest.c @@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num) return 0; } fbytes_counter ++; - ret = BN_bn2bin(tmp, buf); - if (ret == 0 || ret != num) + if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf)) ret = 0; - else + else ret = 1; if (tmp) BN_free(tmp); diff --git a/lib/libssl/src/crypto/ecdsa/ecs_lib.c b/lib/libssl/src/crypto/ecdsa/ecs_lib.c index 85e8a3a7ed9..2ebae3aa27d 100644 --- a/lib/libssl/src/crypto/ecdsa/ecs_lib.c +++ b/lib/libssl/src/crypto/ecdsa/ecs_lib.c @@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void) int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) { - const ECDSA_METHOD *mtmp; ECDSA_DATA *ecdsa; ecdsa = ecdsa_check(eckey); @@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) if (ecdsa == NULL) return 0; - mtmp = ecdsa->meth; #ifndef OPENSSL_NO_ENGINE if (ecdsa->engine) { diff --git a/lib/libssl/src/crypto/ecdsa/ecs_ossl.c b/lib/libssl/src/crypto/ecdsa/ecs_ossl.c index 551cf5068fa..1bbf328de54 100644 --- a/lib/libssl/src/crypto/ecdsa/ecs_ossl.c +++ b/lib/libssl/src/crypto/ecdsa/ecs_ossl.c @@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, } while (BN_is_zero(k)); + /* We do not want timing information to leak the length of k, + * so we compute G*k using an equivalent scalar of fixed + * bit-length. */ + + if (!BN_add(k, k, order)) goto err; + if (BN_num_bits(k) <= BN_num_bits(order)) + if (!BN_add(k, k, order)) goto err; + /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { diff --git a/lib/libssl/src/crypto/evp/m_sigver.c b/lib/libssl/src/crypto/evp/m_sigver.c index f0b7f95059e..7e2731f4a4e 100644 --- a/lib/libssl/src/crypto/evp/m_sigver.c +++ b/lib/libssl/src/crypto/evp/m_sigver.c @@ -137,7 +137,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) sctx = 0; if (sigret) { - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; EVP_MD_CTX_init(&tmp_ctx); @@ -173,7 +173,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen) { - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; unsigned char md[EVP_MAX_MD_SIZE]; int r; unsigned int mdlen; diff --git a/lib/libssl/src/crypto/evp/pmeth_lib.c b/lib/libssl/src/crypto/evp/pmeth_lib.c index b2d8de3a8de..5481d4b8a5b 100644 --- a/lib/libssl/src/crypto/evp/pmeth_lib.c +++ b/lib/libssl/src/crypto/evp/pmeth_lib.c @@ -134,6 +134,8 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) id = pkey->ameth->pkey_id; } #ifndef OPENSSL_NO_ENGINE + if (pkey && pkey->engine) + e = pkey->engine; /* Try to find an ENGINE which implements this method */ if (e) { diff --git a/lib/libssl/src/crypto/hmac/hm_pmeth.c b/lib/libssl/src/crypto/hmac/hm_pmeth.c index 985921ca1ae..71e8567a142 100644 --- a/lib/libssl/src/crypto/hmac/hm_pmeth.c +++ b/lib/libssl/src/crypto/hmac/hm_pmeth.c @@ -147,6 +147,8 @@ static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count) static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { + HMAC_PKEY_CTX *hctx = ctx->data; + HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); mctx->update = int_update; return 1; diff --git a/lib/libssl/src/crypto/install-crypto.com b/lib/libssl/src/crypto/install-crypto.com new file mode 100755 index 00000000000..85b3d583cf6 --- /dev/null +++ b/lib/libssl/src/crypto/install-crypto.com @@ -0,0 +1,196 @@ +$! INSTALL.COM -- Installs the files in a given directory tree +$! +$! Author: Richard Levitte <richard@levitte.org> +$! Time of creation: 22-MAY-1998 10:13 +$! +$! Changes by Zoltan Arpadffy <zoli@polarhome.com> +$! +$! P1 root of the directory tree +$! P2 "64" for 64-bit pointers. +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$ on error then goto tidy +$ on control_c then goto tidy +$! +$ if (p1 .eqs. "") +$ then +$ write sys$output "First argument missing." +$ write sys$output - + "It should be the directory where you want things installed." +$ exit +$ endif +$! +$ if (f$getsyi( "cpu") .lt. 128) +$ then +$ arch = "VAX" +$ else +$ arch = f$edit( f$getsyi( "arch_name"), "upcase") +$ if (arch .eqs. "") then arch = "UNK" +$ endif +$! +$ archd = arch +$ lib32 = "32" +$ shr = "_SHR32" +$! +$ if (p2 .nes. "") +$ then +$ if (p2 .eqs. "64") +$ then +$ archd = arch+ "_64" +$ lib32 = "" +$ shr = "_SHR" +$ else +$ if (p2 .nes. "32") +$ then +$ write sys$output "Second argument invalid." +$ write sys$output "It should be "32", "64", or nothing." +$ exit +$ endif +$ endif +$ endif +$! +$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0" +$ root_dev = f$parse( root, , , "device", "syntax_only") +$ root_dir = f$parse( root, , , "directory", "syntax_only") - - + "[000000." - "][" - "[" - "]" +$ root = root_dev + "[" + root_dir +$! +$ define /nolog wrk_sslroot 'root'.] /trans=conc +$ define /nolog wrk_sslinclude wrk_sslroot:[include] +$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib] +$! +$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then - + create /directory /log wrk_sslroot:[000000] +$ if f$parse("wrk_sslinclude:") .eqs. "" then - + create /directory /log wrk_sslinclude: +$ if f$parse("wrk_sslxlib:") .eqs. "" then - + create /directory /log wrk_sslxlib: +$! +$ sdirs := , - + 'archd', - + objects, - + md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, - + des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, - + bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, - + buffer, bio, stack, lhash, rand, err, - + evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, - + ui, krb5, - + store, cms, pqueue, ts, jpake +$! +$ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h +$ exheader_'archd' := opensslconf.h +$ exheader_objects := objects.h, obj_mac.h +$ exheader_md2 := md2.h +$ exheader_md4 := md4.h +$ exheader_md5 := md5.h +$ exheader_sha := sha.h +$ exheader_mdc2 := mdc2.h +$ exheader_hmac := hmac.h +$ exheader_ripemd := ripemd.h +$ exheader_whrlpool := whrlpool.h +$ exheader_des := des.h, des_old.h +$ exheader_aes := aes.h +$ exheader_rc2 := rc2.h +$ exheader_rc4 := rc4.h +$ exheader_rc5 := rc5.h +$ exheader_idea := idea.h +$ exheader_bf := blowfish.h +$ exheader_cast := cast.h +$ exheader_camellia := camellia.h +$ exheader_seed := seed.h +$ exheader_modes := modes.h +$ exheader_bn := bn.h +$ exheader_ec := ec.h +$ exheader_rsa := rsa.h +$ exheader_dsa := dsa.h +$ exheader_ecdsa := ecdsa.h +$ exheader_dh := dh.h +$ exheader_ecdh := ecdh.h +$ exheader_dso := dso.h +$ exheader_engine := engine.h +$ exheader_buffer := buffer.h +$ exheader_bio := bio.h +$ exheader_stack := stack.h, safestack.h +$ exheader_lhash := lhash.h +$ exheader_rand := rand.h +$ exheader_err := err.h +$ exheader_evp := evp.h +$ exheader_asn1 := asn1.h, asn1_mac.h, asn1t.h +$ exheader_pem := pem.h, pem2.h +$ exheader_x509 := x509.h, x509_vfy.h +$ exheader_x509v3 := x509v3.h +$ exheader_conf := conf.h, conf_api.h +$ exheader_txt_db := txt_db.h +$ exheader_pkcs7 := pkcs7.h +$ exheader_pkcs12 := pkcs12.h +$ exheader_comp := comp.h +$ exheader_ocsp := ocsp.h +$ exheader_ui := ui.h, ui_compat.h +$ exheader_krb5 := krb5_asn.h +$! exheader_store := store.h, str_compat.h +$ exheader_store := store.h +$ exheader_cms := cms.h +$ exheader_pqueue := pqueue.h +$ exheader_ts := ts.h +$ exheader_jpake := jpake.h +$ libs := ssl_libcrypto +$! +$ exe_dir := [-.'archd'.exe.crypto] +$! +$! Header files. +$! +$ i = 0 +$ loop_sdirs: +$ d = f$edit( f$element( i, ",", sdirs), "trim") +$ i = i + 1 +$ if d .eqs. "," then goto loop_sdirs_end +$ tmp = exheader_'d' +$ if (d .nes. "") then d = "."+ d +$ copy /protection = w:re ['d']'tmp' wrk_sslinclude: /log +$ goto loop_sdirs +$ loop_sdirs_end: +$! +$! Object libraries, shareable images. +$! +$ i = 0 +$ loop_lib: +$ e = f$edit( f$element( i, ",", libs), "trim") +$ i = i + 1 +$ if e .eqs. "," then goto loop_lib_end +$ set noon +$ file = exe_dir+ e+ lib32+ ".olb" +$ if f$search( file) .nes. "" +$ then +$ copy /protection = w:re 'file' wrk_sslxlib: /log +$ endif +$! +$ file = exe_dir+ e+ shr+ ".exe" +$ if f$search( file) .nes. "" +$ then +$ copy /protection = w:re 'file' wrk_sslxlib: /log +$ endif +$ set on +$ goto loop_lib +$ loop_lib_end: +$! +$ tidy: +$! +$ call deass wrk_sslroot +$ call deass wrk_sslinclude +$ call deass wrk_sslxlib +$! +$ exit +$! +$ deass: subroutine +$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "") +$ then +$ deassign /process 'p1' +$ endif +$ endsubroutine +$! diff --git a/lib/libssl/src/crypto/jpake/jpake.c b/lib/libssl/src/crypto/jpake/jpake.c index 086d9f47e06..8e4b633ccc5 100644 --- a/lib/libssl/src/crypto/jpake/jpake.c +++ b/lib/libssl/src/crypto/jpake/jpake.c @@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) return 1; } +/* g^x is a legal value */ +static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) + { + BIGNUM *t; + int res; + + if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) + return 0; + + t = BN_new(); + BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); + res = BN_is_one(t); + BN_free(t); + + return res; + } + int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) { + if(!is_legal(received->p1.gx, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); + return 0; + } + + if(!is_legal(received->p2.gx, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); + return 0; + } + /* verify their ZKP(xc) */ if(!verify_zkp(&received->p1, ctx->p.g, ctx)) { diff --git a/lib/libssl/src/crypto/jpake/jpake.h b/lib/libssl/src/crypto/jpake/jpake.h index 693ea188cb8..fd143b4d9bd 100644 --- a/lib/libssl/src/crypto/jpake/jpake.h +++ b/lib/libssl/src/crypto/jpake/jpake.h @@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void); #define JPAKE_F_VERIFY_ZKP 100 /* Reason codes. */ +#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 +#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 #define JPAKE_R_G_TO_THE_X4_IS_ONE 105 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 #define JPAKE_R_HASH_OF_KEY_MISMATCH 107 diff --git a/lib/libssl/src/crypto/jpake/jpake_err.c b/lib/libssl/src/crypto/jpake/jpake_err.c index 1b950679679..a9a9dee75c1 100644 --- a/lib/libssl/src/crypto/jpake/jpake_err.c +++ b/lib/libssl/src/crypto/jpake/jpake_err.c @@ -1,6 +1,6 @@ /* crypto/jpake/jpake_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]= static ERR_STRING_DATA JPAKE_str_reasons[]= { +{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"}, +{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"}, {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"}, {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"}, {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"}, diff --git a/lib/libssl/src/crypto/pem/pvkfmt.c b/lib/libssl/src/crypto/pem/pvkfmt.c index d998a67fa52..5f130c45286 100644 --- a/lib/libssl/src/crypto/pem/pvkfmt.c +++ b/lib/libssl/src/crypto/pem/pvkfmt.c @@ -662,7 +662,7 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, { const unsigned char *p = *in; - unsigned int pvk_magic, keytype, is_encrypted; + unsigned int pvk_magic, is_encrypted; if (skip_magic) { if (length < 20) @@ -689,7 +689,7 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, } /* Skip reserved */ p += 4; - keytype = read_ledword(&p); + /*keytype = */read_ledword(&p); is_encrypted = read_ledword(&p); *psaltlen = read_ledword(&p); *pkeylen = read_ledword(&p); @@ -839,7 +839,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb, void *u) { - int outlen = 24, noinc, pklen; + int outlen = 24, pklen; unsigned char *p, *salt = NULL; if (enclevel) outlen += PVK_SALTLEN; @@ -850,10 +850,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, if (!out) return outlen; if (*out) - { p = *out; - noinc = 0; - } else { p = OPENSSL_malloc(outlen); @@ -863,7 +860,6 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, return -1; } *out = p; - noinc = 1; } write_ledword(&p, MS_PVKMAGIC); diff --git a/lib/libssl/src/crypto/pqueue/pqueue.c b/lib/libssl/src/crypto/pqueue/pqueue.c index 99a6fb874dc..eab13a12501 100644 --- a/lib/libssl/src/crypto/pqueue/pqueue.c +++ b/lib/libssl/src/crypto/pqueue/pqueue.c @@ -167,14 +167,13 @@ pqueue_pop(pqueue_s *pq) pitem * pqueue_find(pqueue_s *pq, unsigned char *prio64be) { - pitem *next, *prev = NULL; + pitem *next; pitem *found = NULL; if ( pq->items == NULL) return NULL; - for ( next = pq->items; next->next != NULL; - prev = next, next = next->next) + for ( next = pq->items; next->next != NULL; next = next->next) { if ( memcmp(next->priority, prio64be,8) == 0) { diff --git a/lib/libssl/src/crypto/rand/rand_nw.c b/lib/libssl/src/crypto/rand/rand_nw.c index f177ffbe82b..8d5b8d2e321 100644 --- a/lib/libssl/src/crypto/rand/rand_nw.c +++ b/lib/libssl/src/crypto/rand/rand_nw.c @@ -160,8 +160,8 @@ int RAND_poll(void) rdtsc mov tsc, eax } -#else - asm volatile("rdtsc":"=A" (tsc)); +#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) + asm volatile("rdtsc":"=a"(tsc)::"edx"); #endif RAND_add(&tsc, sizeof(tsc), 1); diff --git a/lib/libssl/src/crypto/rc5/rc5_locl.h b/lib/libssl/src/crypto/rc5/rc5_locl.h index 282dd388223..d337f73fad9 100644 --- a/lib/libssl/src/crypto/rc5/rc5_locl.h +++ b/lib/libssl/src/crypto/rc5/rc5_locl.h @@ -154,14 +154,14 @@ # define ROTATE_l32(a,n) ({ register unsigned int ret; \ asm ("roll %%cl,%0" \ : "=r"(ret) \ - : "c"(n),"0"(a) \ + : "c"(n),"0"((unsigned int)(a)) \ : "cc"); \ ret; \ }) # define ROTATE_r32(a,n) ({ register unsigned int ret; \ asm ("rorl %%cl,%0" \ : "=r"(ret) \ - : "c"(n),"0"(a) \ + : "c"(n),"0"((unsigned int)(a)) \ : "cc"); \ ret; \ }) diff --git a/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl b/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl index 88861af6411..6e65fe3e018 100644 --- a/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl @@ -37,9 +37,18 @@ # modes are limited. As result it takes more instructions to do # the same job in Thumb, therefore the code is never twice as # small and always slower. -# [***] which is also ~35% better than compiler generated code. +# [***] which is also ~35% better than compiler generated code. Dual- +# issue Cortex A8 core was measured to process input block in +# ~990 cycles. -$output=shift; +# August 2010. +# +# Rescheduling for dual-issue pipeline resulted in 13% improvement on +# Cortex A8 core and in absolute terms ~870 cycles per input block +# [or 13.6 cycles per byte]. + + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $ctx="r0"; @@ -58,43 +67,22 @@ $t3="r12"; $Xi="r14"; @V=($a,$b,$c,$d,$e); -# One can optimize this for aligned access on big-endian architecture, -# but code's endian neutrality makes it too pretty:-) -sub Xload { -my ($a,$b,$c,$d,$e)=@_; -$code.=<<___; - ldrb $t0,[$inp],#4 - ldrb $t1,[$inp,#-3] - ldrb $t2,[$inp,#-2] - ldrb $t3,[$inp,#-1] - add $e,$K,$e,ror#2 @ E+=K_00_19 - orr $t0,$t1,$t0,lsl#8 - add $e,$e,$a,ror#27 @ E+=ROR(A,27) - orr $t0,$t2,$t0,lsl#8 - eor $t1,$c,$d @ F_xx_xx - orr $t0,$t3,$t0,lsl#8 - add $e,$e,$t0 @ E+=X[i] - str $t0,[$Xi,#-4]! -___ -} sub Xupdate { -my ($a,$b,$c,$d,$e,$flag)=@_; +my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_; $code.=<<___; ldr $t0,[$Xi,#15*4] ldr $t1,[$Xi,#13*4] ldr $t2,[$Xi,#7*4] - ldr $t3,[$Xi,#2*4] add $e,$K,$e,ror#2 @ E+=K_xx_xx + ldr $t3,[$Xi,#2*4] eor $t0,$t0,$t1 - eor $t0,$t0,$t2 - eor $t0,$t0,$t3 - add $e,$e,$a,ror#27 @ E+=ROR(A,27) -___ -$code.=<<___ if (!defined($flag)); - eor $t1,$c,$d @ F_xx_xx, but not in 40_59 -___ -$code.=<<___; + eor $t2,$t2,$t3 + eor $t1,$c,$d @ F_xx_xx mov $t0,$t0,ror#31 + add $e,$e,$a,ror#27 @ E+=ROR(A,27) + eor $t0,$t0,$t2,ror#31 + $opt1 @ F_xx_xx + $opt2 @ F_xx_xx add $e,$e,$t0 @ E+=X[i] str $t0,[$Xi,#-4]! ___ @@ -102,19 +90,29 @@ ___ sub BODY_00_15 { my ($a,$b,$c,$d,$e)=@_; - &Xload(@_); $code.=<<___; + ldrb $t0,[$inp],#4 + ldrb $t1,[$inp,#-1] + ldrb $t2,[$inp,#-2] + add $e,$K,$e,ror#2 @ E+=K_00_19 + ldrb $t3,[$inp,#-3] + add $e,$e,$a,ror#27 @ E+=ROR(A,27) + orr $t0,$t1,$t0,lsl#24 + eor $t1,$c,$d @ F_xx_xx + orr $t0,$t0,$t2,lsl#8 + orr $t0,$t0,$t3,lsl#16 and $t1,$b,$t1,ror#2 + add $e,$e,$t0 @ E+=X[i] eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) + str $t0,[$Xi,#-4]! add $e,$e,$t1 @ E+=F_00_19(B,C,D) ___ } sub BODY_16_19 { my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_); + &Xupdate(@_,"and $t1,$b,$t1,ror#2"); $code.=<<___; - and $t1,$b,$t1,ror#2 eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) add $e,$e,$t1 @ E+=F_00_19(B,C,D) ___ @@ -122,22 +120,18 @@ ___ sub BODY_20_39 { my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_); + &Xupdate(@_,"eor $t1,$b,$t1,ror#2"); $code.=<<___; - eor $t1,$b,$t1,ror#2 @ F_20_39(B,C,D) add $e,$e,$t1 @ E+=F_20_39(B,C,D) ___ } sub BODY_40_59 { my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_,1); + &Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d"); $code.=<<___; - and $t1,$b,$c,ror#2 - orr $t2,$b,$c,ror#2 - and $t2,$t2,$d,ror#2 - orr $t1,$t1,$t2 @ F_40_59(B,C,D) add $e,$e,$t1 @ E+=F_40_59(B,C,D) + add $e,$e,$t2,ror#2 ___ } diff --git a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl index 8306fc88ccf..5c161cecd69 100644 --- a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl @@ -276,6 +276,7 @@ $code.=<<___; .type sha1_block_data_order,#function .size sha1_block_data_order,(.-sha1_block_data_order) .asciz "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" +.align 4 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl index 15eb854badc..85e8d68086b 100644 --- a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl @@ -539,6 +539,7 @@ $code.=<<___; .type sha1_block_data_order,#function .size sha1_block_data_order,(.-sha1_block_data_order) .asciz "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>" +.align 4 ___ # Purpose of these subroutines is to explicitly encode VIS instructions, diff --git a/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl b/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl index 48d846deec3..492cb62bc06 100644 --- a/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl +++ b/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl @@ -11,9 +11,14 @@ # Performance is ~2x better than gcc 3.4 generated code and in "abso- # lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per -# byte. +# byte [on single-issue Xscale PXA250 core]. -$output=shift; +# July 2010. +# +# Rescheduling for dual-issue pipeline resulted in 22% improvement on +# Cortex A8 core and ~20 cycles per processed byte. + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $ctx="r0"; $t0="r0"; @@ -52,27 +57,27 @@ $code.=<<___ if ($i<16); ___ $code.=<<___; ldr $t2,[$Ktbl],#4 @ *K256++ - str $T1,[sp,#`$i%16`*4] mov $t0,$e,ror#$Sigma1[0] + str $T1,[sp,#`$i%16`*4] eor $t0,$t0,$e,ror#$Sigma1[1] - eor $t0,$t0,$e,ror#$Sigma1[2] @ Sigma1(e) - add $T1,$T1,$t0 eor $t1,$f,$g + eor $t0,$t0,$e,ror#$Sigma1[2] @ Sigma1(e) and $t1,$t1,$e + add $T1,$T1,$t0 eor $t1,$t1,$g @ Ch(e,f,g) - add $T1,$T1,$t1 add $T1,$T1,$h - add $T1,$T1,$t2 mov $h,$a,ror#$Sigma0[0] + add $T1,$T1,$t1 eor $h,$h,$a,ror#$Sigma0[1] + add $T1,$T1,$t2 eor $h,$h,$a,ror#$Sigma0[2] @ Sigma0(a) orr $t0,$a,$b - and $t0,$t0,$c and $t1,$a,$b + and $t0,$t0,$c + add $h,$h,$T1 orr $t0,$t0,$t1 @ Maj(a,b,c) - add $h,$h,$t0 add $d,$d,$T1 - add $h,$h,$T1 + add $h,$h,$t0 ___ } @@ -80,19 +85,19 @@ sub BODY_16_XX { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; $code.=<<___; - ldr $t1,[sp,#`($i+1)%16`*4] @ $i + ldr $t1,[sp,#`($i+1)%16`*4] @ $i ldr $t2,[sp,#`($i+14)%16`*4] ldr $T1,[sp,#`($i+0)%16`*4] - ldr $inp,[sp,#`($i+9)%16`*4] mov $t0,$t1,ror#$sigma0[0] + ldr $inp,[sp,#`($i+9)%16`*4] eor $t0,$t0,$t1,ror#$sigma0[1] eor $t0,$t0,$t1,lsr#$sigma0[2] @ sigma0(X[i+1]) mov $t1,$t2,ror#$sigma1[0] + add $T1,$T1,$t0 eor $t1,$t1,$t2,ror#$sigma1[1] + add $T1,$T1,$inp eor $t1,$t1,$t2,lsr#$sigma1[2] @ sigma1(X[i+14]) - add $T1,$T1,$t0 add $T1,$T1,$t1 - add $T1,$T1,$inp ___ &BODY_00_15(@_); } diff --git a/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl b/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl index 4fbb94a914f..3a35861ac68 100644 --- a/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl +++ b/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl @@ -10,7 +10,13 @@ # SHA512 block procedure for ARMv4. September 2007. # This code is ~4.5 (four and a half) times faster than code generated -# by gcc 3.4 and it spends ~72 clock cycles per byte. +# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue +# Xscale PXA250 core]. +# +# July 2010. +# +# Rescheduling for dual-issue pipeline resulted in 6% improvement on +# Cortex A8 core and ~40 cycles per processed byte. # Byte order [in]dependence. ========================================= # @@ -22,7 +28,7 @@ $hi=0; $lo=4; # ==================================================================== -$output=shift; +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $ctx="r0"; @@ -73,33 +79,31 @@ $code.=<<___; eor $t0,$t0,$Elo,lsl#23 eor $t1,$t1,$Ehi,lsl#23 @ Sigma1(e) adds $Tlo,$Tlo,$t0 - adc $Thi,$Thi,$t1 @ T += Sigma1(e) - adds $Tlo,$Tlo,$t2 - adc $Thi,$Thi,$t3 @ T += h - ldr $t0,[sp,#$Foff+0] @ f.lo + adc $Thi,$Thi,$t1 @ T += Sigma1(e) ldr $t1,[sp,#$Foff+4] @ f.hi + adds $Tlo,$Tlo,$t2 ldr $t2,[sp,#$Goff+0] @ g.lo + adc $Thi,$Thi,$t3 @ T += h ldr $t3,[sp,#$Goff+4] @ g.hi - str $Elo,[sp,#$Eoff+0] - str $Ehi,[sp,#$Eoff+4] - str $Alo,[sp,#$Aoff+0] - str $Ahi,[sp,#$Aoff+4] eor $t0,$t0,$t2 + str $Elo,[sp,#$Eoff+0] eor $t1,$t1,$t3 + str $Ehi,[sp,#$Eoff+4] and $t0,$t0,$Elo + str $Alo,[sp,#$Aoff+0] and $t1,$t1,$Ehi + str $Ahi,[sp,#$Aoff+4] eor $t0,$t0,$t2 - eor $t1,$t1,$t3 @ Ch(e,f,g) - ldr $t2,[$Ktbl,#4] @ K[i].lo + eor $t1,$t1,$t3 @ Ch(e,f,g) ldr $t3,[$Ktbl,#0] @ K[i].hi - ldr $Elo,[sp,#$Doff+0] @ d.lo - ldr $Ehi,[sp,#$Doff+4] @ d.hi adds $Tlo,$Tlo,$t0 + ldr $Elo,[sp,#$Doff+0] @ d.lo adc $Thi,$Thi,$t1 @ T += Ch(e,f,g) + ldr $Ehi,[sp,#$Doff+4] @ d.hi adds $Tlo,$Tlo,$t2 adc $Thi,$Thi,$t3 @ T += K[i] adds $Elo,$Elo,$Tlo diff --git a/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl b/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl index 54241aab504..ec5d78135e1 100644 --- a/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl +++ b/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl @@ -586,6 +586,7 @@ $code.=<<___; .type sha${label}_block_data_order,#function .size sha${label}_block_data_order,(.-sha${label}_block_data_order) .asciz "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" +.align 4 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/lib/libssl/src/crypto/sparccpuid.S b/lib/libssl/src/crypto/sparccpuid.S index aa8b11efc97..ae61f7f5ced 100644 --- a/lib/libssl/src/crypto/sparccpuid.S +++ b/lib/libssl/src/crypto/sparccpuid.S @@ -225,13 +225,95 @@ _sparcv9_rdtick: xor %o0,%o0,%o0 .word 0x91410000 !rd %tick,%o0 retl - .word 0x93323020 !srlx %o2,32,%o1 + .word 0x93323020 !srlx %o0,32,%o1 .notick: retl xor %o1,%o1,%o1 .type _sparcv9_rdtick,#function .size _sparcv9_rdtick,.-_sparcv9_rdtick +.global _sparcv9_vis1_probe +.align 8 +_sparcv9_vis1_probe: + .word 0x81b00d80 !fxor %f0,%f0,%f0 + add %sp,BIAS+2,%o1 + retl + .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0 +.type _sparcv9_vis1_probe,#function +.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe + +! Probe and instrument VIS1 instruction. Output is number of cycles it +! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit +! is slow (documented to be 6 cycles on T2) and the core is in-order +! single-issue, it should be possible to distinguish Tx reliably... +! Observed return values are: +! +! UltraSPARC IIe 7 +! UltraSPARC III 7 +! UltraSPARC T1 24 +! +! Numbers for T2 and SPARC64 V-VII are more than welcomed. +! +! It would be possible to detect specifically US-T1 by instrumenting +! fmul8ulx16, which is emulated on T1 and as such accounts for quite +! a lot of %tick-s, couple of thousand on Linux... +.global _sparcv9_vis1_instrument +.align 8 +_sparcv9_vis1_instrument: + .word 0x91410000 !rd %tick,%o0 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x93410000 !rd %tick,%o1 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x95410000 !rd %tick,%o2 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x97410000 !rd %tick,%o3 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x99410000 !rd %tick,%o4 + + ! calculate intervals + sub %o1,%o0,%o0 + sub %o2,%o1,%o1 + sub %o3,%o2,%o2 + sub %o4,%o3,%o3 + + ! find minumum value + cmp %o0,%o1 + .word 0x38680002 !bgu,a %xcc,.+8 + mov %o1,%o0 + cmp %o0,%o2 + .word 0x38680002 !bgu,a %xcc,.+8 + mov %o2,%o0 + cmp %o0,%o3 + .word 0x38680002 !bgu,a %xcc,.+8 + mov %o3,%o0 + + retl + nop +.type _sparcv9_vis1_instrument,#function +.size _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument + +.global _sparcv9_vis2_probe +.align 8 +_sparcv9_vis2_probe: + retl + .word 0x81b00980 !bshuffle %f0,%f0,%f0 +.type _sparcv9_vis2_probe,#function +.size _sparcv9_vis2_probe,.-_sparcv9_vis2_probe + +.global _sparcv9_fmadd_probe +.align 8 +_sparcv9_fmadd_probe: + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + retl + .word 0x81b80440 !fmaddd %f0,%f0,%f2,%f0 +.type _sparcv9_fmadd_probe,#function +.size _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe + .global OPENSSL_cleanse .align 32 OPENSSL_cleanse: diff --git a/lib/libssl/src/crypto/sparcv9cap.c b/lib/libssl/src/crypto/sparcv9cap.c index 5f31d20bd07..ed195ab4028 100644 --- a/lib/libssl/src/crypto/sparcv9cap.c +++ b/lib/libssl/src/crypto/sparcv9cap.c @@ -1,6 +1,8 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <setjmp.h> +#include <signal.h> #include <sys/time.h> #include <openssl/bn.h> @@ -9,6 +11,7 @@ #define SPARCV9_VIS1 (1<<2) #define SPARCV9_VIS2 (1<<3) /* reserved */ #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ + static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED; int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num) @@ -23,10 +26,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U return bn_mul_mont_int(rp,ap,bp,np,n0,num); } +unsigned long _sparcv9_rdtick(void); +void _sparcv9_vis1_probe(void); +unsigned long _sparcv9_vis1_instrument(void); +void _sparcv9_vis2_probe(void); +void _sparcv9_fmadd_probe(void); + unsigned long OPENSSL_rdtsc(void) { - unsigned long _sparcv9_rdtick(void); - if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED) #if defined(__sun) && defined(__SVR4) return gethrtime(); @@ -37,8 +44,11 @@ unsigned long OPENSSL_rdtsc(void) return _sparcv9_rdtick(); } -#if defined(__sun) && defined(__SVR4) - +#if 0 && defined(__sun) && defined(__SVR4) +/* This code path is disabled, because of incompatibility of + * libdevinfo.so.1 and libmalloc.so.1 (see below for details) + */ +#include <malloc.h> #include <dlfcn.h> #include <libdevinfo.h> #include <sys/systeminfo.h> @@ -110,7 +120,21 @@ void OPENSSL_cpuid_setup(void) return; } } - +#ifdef M_KEEP + /* + * Solaris libdevinfo.so.1 is effectively incomatible with + * libmalloc.so.1. Specifically, if application is linked with + * -lmalloc, it crashes upon startup with SIGSEGV in + * free(3LIBMALLOC) called by di_fini. Prior call to + * mallopt(M_KEEP,0) somehow helps... But not always... + */ + if ((h = dlopen(NULL,RTLD_LAZY))) + { + union { void *p; int (*f)(int,int); } sym; + if ((sym.p = dlsym(h,"mallopt"))) (*sym.f)(M_KEEP,0); + dlclose(h); + } +#endif if ((h = dlopen("libdevinfo.so.1",RTLD_LAZY))) do { di_init_t di_init; @@ -137,9 +161,19 @@ void OPENSSL_cpuid_setup(void) #else +static sigjmp_buf common_jmp; +static void common_handler(int sig) { siglongjmp(common_jmp,sig); } + void OPENSSL_cpuid_setup(void) { char *e; + struct sigaction common_act,ill_oact,bus_oact; + sigset_t all_masked,oset; + int sig; + static int trigger=0; + + if (trigger) return; + trigger=1; if ((e=getenv("OPENSSL_sparcv9cap"))) { @@ -147,8 +181,57 @@ void OPENSSL_cpuid_setup(void) return; } - /* For now we assume that the rest supports UltraSPARC-I* only */ - OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU|SPARCV9_VIS1; + /* Initial value, fits UltraSPARC-I&II... */ + OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED; + + sigfillset(&all_masked); + sigdelset(&all_masked,SIGILL); + sigdelset(&all_masked,SIGTRAP); +#ifdef SIGEMT + sigdelset(&all_masked,SIGEMT); +#endif + sigdelset(&all_masked,SIGFPE); + sigdelset(&all_masked,SIGBUS); + sigdelset(&all_masked,SIGSEGV); + sigprocmask(SIG_SETMASK,&all_masked,&oset); + + memset(&common_act,0,sizeof(common_act)); + common_act.sa_handler = common_handler; + common_act.sa_mask = all_masked; + + sigaction(SIGILL,&common_act,&ill_oact); + sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */ + + if (sigsetjmp(common_jmp,1) == 0) + { + _sparcv9_rdtick(); + OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; + } + + if (sigsetjmp(common_jmp,1) == 0) + { + _sparcv9_vis1_probe(); + OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; + /* detect UltraSPARC-Tx, see sparccpud.S for details... */ + if (_sparcv9_vis1_instrument() >= 12) + OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU); + else + { + _sparcv9_vis2_probe(); + OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; + } + } + + if (sigsetjmp(common_jmp,1) == 0) + { + _sparcv9_fmadd_probe(); + OPENSSL_sparcv9cap_P |= SPARCV9_FMADD; + } + + sigaction(SIGBUS,&bus_oact,NULL); + sigaction(SIGILL,&ill_oact,NULL); + + sigprocmask(SIG_SETMASK,&oset,NULL); } #endif diff --git a/lib/libssl/src/crypto/ts/ts_verify_ctx.c b/lib/libssl/src/crypto/ts/ts_verify_ctx.c index b079b50fc37..609b7735d42 100644 --- a/lib/libssl/src/crypto/ts/ts_verify_ctx.c +++ b/lib/libssl/src/crypto/ts/ts_verify_ctx.c @@ -56,7 +56,6 @@ * */ -#include <assert.h> #include "cryptlib.h" #include <openssl/objects.h> #include <openssl/ts.h> @@ -74,7 +73,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) { - assert(ctx != NULL); + OPENSSL_assert(ctx != NULL); memset(ctx, 0, sizeof(TS_VERIFY_CTX)); } @@ -116,7 +115,7 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) ASN1_OCTET_STRING *msg; const ASN1_INTEGER *nonce; - assert(req != NULL); + OPENSSL_assert(req != NULL); if (ret) TS_VERIFY_CTX_cleanup(ret); else diff --git a/lib/libssl/src/crypto/vms_rms.h b/lib/libssl/src/crypto/vms_rms.h new file mode 100755 index 00000000000..00a00d993fc --- /dev/null +++ b/lib/libssl/src/crypto/vms_rms.h @@ -0,0 +1,51 @@ + +#ifdef NAML$C_MAXRSS + +# define CC_RMS_NAMX cc$rms_naml +# define FAB_NAMX fab$l_naml +# define FAB_OR_NAML( fab, naml) naml +# define FAB_OR_NAML_DNA naml$l_long_defname +# define FAB_OR_NAML_DNS naml$l_long_defname_size +# define FAB_OR_NAML_FNA naml$l_long_filename +# define FAB_OR_NAML_FNS naml$l_long_filename_size +# define NAMX_ESA naml$l_long_expand +# define NAMX_ESL naml$l_long_expand_size +# define NAMX_ESS naml$l_long_expand_alloc +# define NAMX_NOP naml$b_nop +# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1 + +# if __INITIAL_POINTER_SIZE == 64 +# define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \ + fab.fab$l_fna = (__char_ptr32) -1; +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \ + fab.fab$l_fna = (char *) -1; +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + +# define NAMX_MAXRSS NAML$C_MAXRSS +# define NAMX_STRUCT NAML + +#else /* def NAML$C_MAXRSS */ + +# define CC_RMS_NAMX cc$rms_nam +# define FAB_NAMX fab$l_nam +# define FAB_OR_NAML( fab, naml) fab +# define FAB_OR_NAML_DNA fab$l_dna +# define FAB_OR_NAML_DNS fab$b_dns +# define FAB_OR_NAML_FNA fab$l_fna +# define FAB_OR_NAML_FNS fab$b_fns +# define NAMX_ESA nam$l_esa +# define NAMX_ESL nam$b_esl +# define NAMX_ESS nam$b_ess +# define NAMX_NOP nam$b_nop +# define NAMX_DNA_FNA_SET(fab) +# define NAMX_MAXRSS NAM$C_MAXRSS +# define NAMX_STRUCT NAM +# ifdef NAM$M_NO_SHORT_UPCASE +# define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1 +# else /* def NAM$M_NO_SHORT_UPCASE */ +# define SET_NAMX_NO_SHORT_UPCASE( nam) +# endif /* def NAM$M_NO_SHORT_UPCASE [else] */ + +#endif /* def NAML$C_MAXRSS [else] */ + diff --git a/lib/libssl/src/crypto/x509v3/v3_ncons.c b/lib/libssl/src/crypto/x509v3/v3_ncons.c index 689df46acdc..a01dc64dd22 100644 --- a/lib/libssl/src/crypto/x509v3/v3_ncons.c +++ b/lib/libssl/src/crypto/x509v3/v3_ncons.c @@ -189,7 +189,6 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, print_nc_ipadd(bp, tree->base->d.ip); else GENERAL_NAME_print(bp, tree->base); - tree = sk_GENERAL_SUBTREE_value(trees, i); BIO_puts(bp, "\n"); } return 1; diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod index 10633da3f23..f93e5fc6c3a 100644 --- a/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod @@ -69,7 +69,7 @@ Verify signature using PKCS#1 and SHA256 digest: /* Error */ /* Perform operation */ - ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen); + ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); /* ret == 1 indicates success, 0 verify failure and < 0 for some * other error. diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod index e2a2a8c6f8d..f3605eb8264 100644 --- a/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod @@ -74,7 +74,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest: /* Error */ /* Determine buffer length */ - if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0) + if (EVP_PKEY_verifyrecover(ctx, NULL, &routlen, sig, siglen) <= 0) /* Error */ rout = OPENSSL_malloc(routlen); diff --git a/lib/libssl/src/engines/ccgost/Makefile b/lib/libssl/src/engines/ccgost/Makefile index 64be962f39a..dadb5230ecd 100644 --- a/lib/libssl/src/engines/ccgost/Makefile +++ b/lib/libssl/src/engines/ccgost/Makefile @@ -48,7 +48,7 @@ install: if [ "$(PLATFORM)" != "Cygwin" ]; then \ case "$(CFLAGS)" in \ *DSO_BEOS*) sfx=".so";; \ - *DSO_DLFCN*) sfx=".so";; \ + *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ *DSO_DL*) sfx=".sl";; \ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ diff --git a/lib/libssl/src/engines/ccgost/gost_ameth.c b/lib/libssl/src/engines/ccgost/gost_ameth.c index f620a216c81..e6c2839e5fa 100644 --- a/lib/libssl/src/engines/ccgost/gost_ameth.c +++ b/lib/libssl/src/engines/ccgost/gost_ameth.c @@ -39,7 +39,7 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) ASN1_STRING *params = ASN1_STRING_new(); GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); int pkey_param_nid = NID_undef; - int cipher_param_nid = NID_undef; + if (!params || !gkp) { GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, @@ -52,7 +52,6 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) { case NID_id_GostR3410_2001: pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)key))); - cipher_param_nid = get_encryption_params(NULL)->nid; break; case NID_id_GostR3410_94: pkey_param_nid = (int) gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key)); @@ -64,7 +63,6 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) params=NULL; goto err; } - cipher_param_nid = get_encryption_params(NULL)->nid; break; } gkp->key_params = OBJ_nid2obj(pkey_param_nid); diff --git a/lib/libssl/src/engines/ccgost/gost_crypt.c b/lib/libssl/src/engines/ccgost/gost_crypt.c index 4977d1dcf50..cde58c0e9b7 100644 --- a/lib/libssl/src/engines/ccgost/gost_crypt.c +++ b/lib/libssl/src/engines/ccgost/gost_crypt.c @@ -495,7 +495,8 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params) int gost_imit_init_cpa(EVP_MD_CTX *ctx) { struct ossl_gost_imit_ctx *c = ctx->md_data; - memset(c->buffer,0,16); + memset(c->buffer,0,sizeof(c->buffer)); + memset(c->partial_block,0,sizeof(c->partial_block)); c->count = 0; c->bytes_left=0; c->key_meshing=1; diff --git a/lib/libssl/src/engines/e_aep.c b/lib/libssl/src/engines/e_aep.c index 742b4f9b186..d7f89e5156f 100644 --- a/lib/libssl/src/engines/e_aep.c +++ b/lib/libssl/src/engines/e_aep.c @@ -68,6 +68,8 @@ typedef int pid_t; #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) #define getpid GetThreadID extern int GetThreadID(void); +#elif defined(_WIN32) && !defined(__WATCOMC__) +#define getpid _getpid #endif #include <openssl/crypto.h> @@ -867,13 +869,7 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -#ifdef NETWARE_CLIB - curr_pid = GetThreadID(); -#elif defined(_WIN32) - curr_pid = _getpid(); -#else curr_pid = getpid(); -#endif /*Check if this is the first time this is being called from the current process*/ diff --git a/lib/libssl/src/engines/e_chil.c b/lib/libssl/src/engines/e_chil.c index 9c2729c96db..fdc2100e3de 100644 --- a/lib/libssl/src/engines/e_chil.c +++ b/lib/libssl/src/engines/e_chil.c @@ -1077,11 +1077,11 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, static int hwcrhk_rsa_finish(RSA *rsa) { HWCryptoHook_RSAKeyHandle *hptr; - int ret; + hptr = RSA_get_ex_data(rsa, hndidx_rsa); if (hptr) { - ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); + p_hwcrhk_RSAUnloadKey(*hptr, NULL); OPENSSL_free(hptr); RSA_set_ex_data(rsa, hndidx_rsa, NULL); } diff --git a/lib/libssl/src/engines/e_cswift.c b/lib/libssl/src/engines/e_cswift.c index bc651798464..2e64ff32770 100644 --- a/lib/libssl/src/engines/e_cswift.c +++ b/lib/libssl/src/engines/e_cswift.c @@ -811,7 +811,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) SW_PARAM sw_param; SW_STATUS sw_status; SW_LARGENUMBER arg, res; - unsigned char *ptr; BN_CTX *ctx; BIGNUM *dsa_p = NULL; BIGNUM *dsa_q = NULL; @@ -899,7 +898,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } /* Convert the response */ - ptr = (unsigned char *)result->d; if((to_return = DSA_SIG_new()) == NULL) goto err; to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL); diff --git a/lib/libssl/src/engines/e_padlock.c b/lib/libssl/src/engines/e_padlock.c index 381a746058a..7d09419804f 100644 --- a/lib/libssl/src/engines/e_padlock.c +++ b/lib/libssl/src/engines/e_padlock.c @@ -108,6 +108,8 @@ static ENGINE *ENGINE_padlock (void); # endif #endif +#ifdef OPENSSL_NO_DYNAMIC_ENGINE + void ENGINE_load_padlock (void) { /* On non-x86 CPUs it just returns. */ @@ -120,6 +122,8 @@ void ENGINE_load_padlock (void) #endif } +#endif + #ifdef COMPILE_HW_PADLOCK /* We do these includes here to avoid header problems on platforms that do not have the VIA padlock anyway... */ @@ -1218,6 +1222,8 @@ static RAND_METHOD padlock_rand = { #else /* !COMPILE_HW_PADLOCK */ #ifndef OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); +OPENSSL_EXPORT int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } IMPLEMENT_DYNAMIC_CHECK_FN() #endif diff --git a/lib/libssl/src/engines/makeengines.com b/lib/libssl/src/engines/makeengines.com index 6cf42360776..6329fbbf03a 100644 --- a/lib/libssl/src/engines/makeengines.com +++ b/lib/libssl/src/engines/makeengines.com @@ -28,11 +28,35 @@ $! $! P6 if defined, denotes which engines to build. If not defined, $! all available engines are built. $! +$! P7, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: +$! +$! "" Compile with default (/NOPOINTER_SIZE) +$! 32 Compile with /POINTER_SIZE=32 (SHORT) +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]) +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). +$! +$! P8, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! $!----------------------------------------------------------------------------- $! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$ on control_c then goto exit +$! $! Set the default TCP/IP library to link against if needed $! $ TCPIP_LIB = "" +$ ZLIB_LIB = "" $! $! Check What Architecture We Are Using. $! @@ -56,6 +80,11 @@ $! End The Architecture Check. $! $ ENDIF $! +$ ARCHD = ARCH +$ LIB32 = "32" +$ OPT_FILE = "" +$ POINTER_SIZE = "" +$! $! Set the names of the engines we want to build $! NOTE: Some might think this list ugly. However, it's made this way to $! reflect the LIBNAMES variable in Makefile as closely as possible, @@ -72,28 +101,47 @@ $! $ IF (ARCH .NES. "VAX") THEN - ENGINES = ENGINES+ ",ccgost" $! +$! Check options. +$! +$ OPT_PHASE = P1 +$ ACCEPT_PHASE = "ALL,ENGINES" +$ OPT_DEBUG = P2 +$ OPT_COMPILER = P3 +$ OPT_TCPIP_LIB = P4 +$ OPT_SPECIAL_THREADS = P5 +$ OPT_POINTER_SIZE = P7 +$ ZLIB = P8 +$ +$ GOSUB CHECK_OPTIONS +$! $! Set the goal directories, and create them if necessary $! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES] -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES] +$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.ENGINES] +$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.ENGINES] $ IF F$PARSE(OBJ_DIR) .EQS. "" THEN CREATE/DIRECTORY 'OBJ_DIR' $ IF F$PARSE(EXE_DIR) .EQS. "" THEN CREATE/DIRECTORY 'EXE_DIR' $! $! Set the goal files, and create them if necessary $! -$ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB $ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB' $! -$! OK, time to check options and initialise +$! Specify the destination directory in any /MAP option. +$! +$ if (LINKMAP .eqs. "MAP") +$ then +$ LINKMAP = LINKMAP+ "=''EXE_DIR'" +$ endif +$! +$! Add the location prefix to the linker options file name. +$! +$ if (OPT_FILE .nes. "") +$ then +$ OPT_FILE = EXE_DIR+ OPT_FILE +$ endif +$! +$! Initialise. $! -$ OPT_PHASE = P1 -$ ACCEPT_PHASE = "ALL,ENGINES" -$ OPT_DEBUG = P2 -$ OPT_COMPILER = P3 -$ OPT_TCPIP_LIB = P4 -$ OPT_SPECIAL_THREADS = P5 -$ -$ GOSUB CHECK_OPTIONS $ GOSUB INITIALISE $ GOSUB CHECK_OPT_FILE $! @@ -172,7 +220,7 @@ $! Create a .OPT file for the object files (for a real engine name). $! $ IF ENGINE_NAME .NES. "" $ THEN -$ OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT +$ OPEN /WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT $ ENDIF $! $! Here's the start of per-engine module loop. @@ -257,18 +305,14 @@ $! For shareable libraries, we need to do things a little differently $! depending on if we link with a TCP/IP library or not. $! $ ENGINE_OPT := SYS$DISK:[]'ARCH'.OPT -$ IF TCPIP_LIB .NES. "" -$ THEN -$ LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE - - 'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', - - 'CRYPTO_LIB'/LIBRARY, - - 'ENGINE_OPT'/OPTION,'TCPIP_LIB','OPT_FILE'/OPTION -$ ELSE -$ LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE - - 'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', - - 'CRYPTO_LIB'/LIBRARY, - - 'ENGINE_OPT'/OPTION,'OPT_FILE'/OPTION -$ ENDIF +$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE - + 'EXE_DIR''ENGINE_NAME'.OPT /OPTIONS - + 'TV_OBJ', - + 'CRYPTO_LIB' /LIBRARY, - + 'ENGINE_OPT' /OPTIONS - + 'TCPIP_LIB' - + 'ZLIB_LIB' - + ,'OPT_FILE' /OPTIONS $! $! Next engine $! @@ -302,7 +346,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable VAX C Runtime Library. ! SYS$SHARE:VAXCRTL.EXE/SHARE @@ -331,7 +375,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable C Runtime Library. ! GNU_CC:[000000]GCCLIB/LIBRARY @@ -366,7 +410,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable DEC C Runtime Library. ! SYS$SHARE:DECC$SHR.EXE/SHARE @@ -381,7 +425,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For non-VAX To Link Agianst +! Default System Options File For non-VAX To Link Against ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE @@ -453,8 +497,8 @@ $ IF ("," + ACCEPT_PHASE + ",") - ",ENGINES," - $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " where 'xxx' stands for:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALPHA : Alpha architecture." -$ WRITE SYS$OUTPUT " IA64 : IA64 architecture." +$ WRITE SYS$OUTPUT " ALPHA[64]: Alpha architecture." +$ WRITE SYS$OUTPUT " IA64[64] : IA64 architecture." $ WRITE SYS$OUTPUT " VAX : VAX architecture." $ WRITE SYS$OUTPUT "" $! @@ -475,15 +519,16 @@ $! $ IF (OPT_DEBUG.EQS."NODEBUG") $ THEN $! -$! OPT_DEBUG Is NODEBUG, So Compile Without The Debugger Information. +$! OPT_DEBUG Is NODEBUG, So Compile Without The Debugger Information. $! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ MACRO_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." +$ DEBUGGER = "NODEBUG" +$ LINKMAP = "NOMAP" +$ TRACEBACK = "NOTRACEBACK" +$ GCC_OPTIMIZE = "OPTIMIZE" +$ CC_OPTIMIZE = "OPTIMIZE" +$ MACRO_OPTIMIZE = "OPTIMIZE" +$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. @@ -494,6 +539,7 @@ $! $! Compile With Debugger Information. $! $ DEBUGGER = "DEBUG" +$ LINKMAP = "MAP" $ TRACEBACK = "TRACEBACK" $ GCC_OPTIMIZE = "NOOPTIMIZE" $ CC_OPTIMIZE = "NOOPTIMIZE" @@ -502,7 +548,7 @@ $ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." $ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." $ ELSE $! -$! They Entered An Invalid Option.. +$! They Entered An Invalid Option. $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",OPT_DEBUG," Is Invalid. The Valid Options Are:" @@ -557,6 +603,59 @@ $! End The OPT_SPECIAL_THREADS Check. $! $ ENDIF $! +$! Check OPT_POINTER_SIZE (P7). +$! +$ IF (OPT_POINTER_SIZE .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (OPT_POINTER_SIZE .EQS. "32") +$ THEN +$ POINTER_SIZE = " /POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = F$EDIT( OPT_POINTER_SIZE, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ POINTER_SIZE = " /POINTER_SIZE=64" +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", OPT_POINTER_SIZE, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$ ENDIF +$! +$ ENDIF +$! +$! End The OPT_POINTER_SIZE Check. +$! +$ ENDIF +$! +$! Set basic C compiler /INCLUDE directories. +$! +$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS]" +$! $! Check To See If OPT_COMPILER Is Blank. $! $ IF (OPT_COMPILER.EQS."") @@ -657,11 +756,63 @@ $ CCDEFS = "TCPIP_TYPE_''OPT_TCPIP_LIB',DSO_VMS" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX" +$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS $! -$! Check To See If The User Entered A Valid Paramter. +$! Check To See If We Have A ZLIB Option. +$! +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$ file1 = f$parse( "A.;", ZLIB)- "A.;" +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ EXIT +$ endif +$! +$ CCDEFS = """ZLIB=1"", "+ CCDEFS +$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 +$ ZLIB_LIB = ", ''file2' /library" +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The ZLIB Check. +$! +$ ENDIF +$! +$! Check To See If The User Entered A Valid Parameter. $! $ IF (OPT_COMPILER.EQS."VAXC").OR.(OPT_COMPILER.EQS."DECC").OR.(OPT_COMPILER.EQS."GNUC") $ THEN @@ -684,14 +835,14 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS])" + - - CCEXTRAFLAGS +$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - + "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - + " /INCLUDE=(''CC_INCLUDES') " + - + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -720,7 +871,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - + "/INCLUDE=(''CC_INCLUDES')" + - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! @@ -730,7 +881,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -752,12 +903,12 @@ $! $! Use GNU C... $! $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - + "/INCLUDE=(''CC_INCLUDES')" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -773,12 +924,12 @@ $ IF COMPILER .EQS. "DECC" $ THEN $ IF CCDISABLEWARNINGS .NES. "" $ THEN -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" +$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" $ ENDIF $ ELSE $ CCDISABLEWARNINGS = "" $ ENDIF -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS +$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $! $! Show user the result $! @@ -808,8 +959,12 @@ $ ENDIF $! $! Build a MACRO command for the architecture at hand $! -$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'" -$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" +$ IF ARCH .EQS. "VAX" +$ THEN +$ MACRO = "MACRO/''DEBUGGER'" +$ ELSE +$ MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" +$ ENDIF $! $! Show user the result $! @@ -829,7 +984,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Done with SOCKETSHR $! @@ -855,13 +1010,13 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" $ ENDIF $! $! Done with UCX @@ -875,7 +1030,7 @@ $ THEN $! $! Set the library to use TCPIP (post UCX). $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Done with TCPIP $! @@ -896,7 +1051,7 @@ $ ENDIF $! $! Print info $! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB +$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," $! $! Else The User Entered An Invalid Argument. $! @@ -939,7 +1094,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" $! $! Set up the logical name OPENSSL to point at the include directory $! -$ DEFINE OPENSSL/NOLOG '__INCLUDE' +$ DEFINE OPENSSL /NOLOG '__INCLUDE' $! $! Done $! @@ -947,15 +1102,24 @@ $ RETURN $! $ CLEANUP: $! -$! Restore the logical name OPENSSL if it had a value +$! Restore the saved logical name OPENSSL, if it had a value. $! -$ IF __SAVE_OPENSSL .EQS. "" -$ THEN -$ DEASSIGN OPENSSL -$ ELSE -$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL' -$ ENDIF +$ if (f$type( __SAVE_OPENSSL) .nes. "") +$ then +$ IF __SAVE_OPENSSL .EQS. "" +$ THEN +$ DEASSIGN OPENSSL +$ ELSE +$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL' +$ ENDIF +$ endif +$! +$! Close any open files. +$! +$ if (f$trnlnm( "objects", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then - + close objects $! $! Done $! $ RETURN +$! diff --git a/lib/libssl/src/ms/uplink.c b/lib/libssl/src/ms/uplink.c index 7b7da08d47b..6d59cb1f87c 100644 --- a/lib/libssl/src/ms/uplink.c +++ b/lib/libssl/src/ms/uplink.c @@ -40,7 +40,8 @@ void OPENSSL_Uplink (volatile void **table, int index) * should be sufficient [it prohibits compiler to reorder memory * access instructions]. */ do { - len = _stprintf (msg,_T("OPENSSL_Uplink(%p,%02X): "),table,index); + len = _sntprintf (msg,sizeof(msg)/sizeof(TCHAR), + _T("OPENSSL_Uplink(%p,%02X): "),table,index); _tcscpy (msg+len,_T("unimplemented function")); if ((h=apphandle)==NULL) diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c index 4ce4064cc91..2180c6d4da7 100644 --- a/lib/libssl/src/ssl/d1_both.c +++ b/lib/libssl/src/ssl/d1_both.c @@ -153,7 +153,7 @@ #endif static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; -static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; +static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; /* XDTLS: figure out the right values */ static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; @@ -464,20 +464,9 @@ again: memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - s->d1->handshake_read_seq++; - /* we just read a handshake message from the other side: - * this means that we don't need to retransmit of the - * buffered messages. - * XDTLS: may be able clear out this - * buffer a little sooner (i.e if an out-of-order - * handshake message/record is received at the record - * layer. - * XDTLS: exception is that the server needs to - * know that change cipher spec and finished messages - * have been received by the client before clearing this - * buffer. this can simply be done by waiting for the - * first data segment, but is there a better way? */ - dtls1_clear_record_buffer(s); + /* Don't change sequence numbers while listening */ + if (!s->d1->listen) + s->d1->handshake_read_seq++; s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; return s->init_num; @@ -813,9 +802,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /* * if this is a future (or stale) message it gets buffered - * (or dropped)--no further processing at this time + * (or dropped)--no further processing at this time + * While listening, we accept seq 1 (ClientHello with cookie) + * although we're still expecting seq 0 (ClientHello) */ - if ( msg_hdr.seq != s->d1->handshake_read_seq) + if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); len = msg_hdr.msg_len; @@ -1322,7 +1313,8 @@ unsigned char * dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len) { - if ( frag_off == 0) + /* Don't change sequence numbers while listening */ + if (frag_off == 0 && !s->d1->listen) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->next_handshake_write_seq++; diff --git a/lib/libssl/src/ssl/d1_enc.c b/lib/libssl/src/ssl/d1_enc.c index 8fa57347a99..becbab91c21 100644 --- a/lib/libssl/src/ssl/d1_enc.c +++ b/lib/libssl/src/ssl/d1_enc.c @@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) - { - SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return 0; - } + return -1; } EVP_Cipher(ds,rec->data,rec->input,l); diff --git a/lib/libssl/src/ssl/d1_lib.c b/lib/libssl/src/ssl/d1_lib.c index 96b220e87ce..48e8b6ffbb8 100644 --- a/lib/libssl/src/ssl/d1_lib.c +++ b/lib/libssl/src/ssl/d1_lib.c @@ -129,26 +129,33 @@ int dtls1_new(SSL *s) return(1); } -void dtls1_free(SSL *s) +static void dtls1_clear_queues(SSL *s) { pitem *item = NULL; hm_fragment *frag = NULL; - - ssl3_free(s); + DTLS1_RECORD_DATA *rdata; while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { + rdata = (DTLS1_RECORD_DATA *) item->data; + if (rdata->rbuf.buf) + { + OPENSSL_free(rdata->rbuf.buf); + } OPENSSL_free(item->data); pitem_free(item); } - pqueue_free(s->d1->unprocessed_rcds.q); while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { + rdata = (DTLS1_RECORD_DATA *) item->data; + if (rdata->rbuf.buf) + { + OPENSSL_free(rdata->rbuf.buf); + } OPENSSL_free(item->data); pitem_free(item); } - pqueue_free(s->d1->processed_rcds.q); while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) { @@ -157,7 +164,6 @@ void dtls1_free(SSL *s) OPENSSL_free(frag); pitem_free(item); } - pqueue_free(s->d1->buffered_messages); while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) { @@ -166,7 +172,6 @@ void dtls1_free(SSL *s) OPENSSL_free(frag); pitem_free(item); } - pqueue_free(s->d1->sent_messages); while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { @@ -175,6 +180,18 @@ void dtls1_free(SSL *s) OPENSSL_free(frag); pitem_free(item); } + } + +void dtls1_free(SSL *s) + { + ssl3_free(s); + + dtls1_clear_queues(s); + + pqueue_free(s->d1->unprocessed_rcds.q); + pqueue_free(s->d1->processed_rcds.q); + pqueue_free(s->d1->buffered_messages); + pqueue_free(s->d1->sent_messages); pqueue_free(s->d1->buffered_app_data.q); OPENSSL_free(s->d1); @@ -182,6 +199,36 @@ void dtls1_free(SSL *s) void dtls1_clear(SSL *s) { + pqueue unprocessed_rcds; + pqueue processed_rcds; + pqueue buffered_messages; + pqueue sent_messages; + pqueue buffered_app_data; + + if (s->d1) + { + unprocessed_rcds = s->d1->unprocessed_rcds.q; + processed_rcds = s->d1->processed_rcds.q; + buffered_messages = s->d1->buffered_messages; + sent_messages = s->d1->sent_messages; + buffered_app_data = s->d1->buffered_app_data.q; + + dtls1_clear_queues(s); + + memset(s->d1, 0, sizeof(*(s->d1))); + + if (s->server) + { + s->d1->cookie_len = sizeof(s->d1->cookie); + } + + s->d1->unprocessed_rcds.q = unprocessed_rcds; + s->d1->processed_rcds.q = processed_rcds; + s->d1->buffered_messages = buffered_messages; + s->d1->sent_messages = sent_messages; + s->d1->buffered_app_data.q = buffered_app_data; + } + ssl3_clear(s); if (s->options & SSL_OP_CISCO_ANYCONNECT) s->version=DTLS1_BAD_VER; @@ -330,6 +377,8 @@ void dtls1_stop_timer(SSL *s) memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); + /* Clear retransmission buffer */ + dtls1_clear_record_buffer(s); } int dtls1_handle_timeout(SSL *s) @@ -349,7 +398,7 @@ int dtls1_handle_timeout(SSL *s) { /* fail the connection, enough alerts have been sent */ SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED); - return 0; + return -1; } state->timeout.read_timeouts++; diff --git a/lib/libssl/src/ssl/install-ssl.com b/lib/libssl/src/ssl/install-ssl.com new file mode 100755 index 00000000000..1bd6ccaa7ae --- /dev/null +++ b/lib/libssl/src/ssl/install-ssl.com @@ -0,0 +1,136 @@ +$! INSTALL-SSL.COM -- Installs the files in a given directory tree +$! +$! Author: Richard Levitte <richard@levitte.org> +$! Time of creation: 22-MAY-1998 10:13 +$! +$! P1 root of the directory tree +$! P2 "64" for 64-bit pointers. +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$ on error then goto tidy +$ on control_c then goto tidy +$! +$ if p1 .eqs. "" +$ then +$ write sys$output "First argument missing." +$ write sys$output - + "It should be the directory where you want things installed." +$ exit +$ endif +$! +$ if (f$getsyi( "cpu") .lt. 128) +$ then +$ arch = "VAX" +$ else +$ arch = f$edit( f$getsyi( "arch_name"), "upcase") +$ if (arch .eqs. "") then arch = "UNK" +$ endif +$! +$ archd = arch +$ lib32 = "32" +$ shr = "_SHR32" +$! +$ if (p2 .nes. "") +$ then +$ if (p2 .eqs. "64") +$ then +$ archd = arch+ "_64" +$ lib32 = "" +$ shr = "_SHR" +$ else +$ if (p2 .nes. "32") +$ then +$ write sys$output "Second argument invalid." +$ write sys$output "It should be "32", "64", or nothing." +$ exit +$ endif +$ endif +$ endif +$! +$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0" +$ root_dev = f$parse(root,,,"device","syntax_only") +$ root_dir = f$parse(root,,,"directory","syntax_only") - - + "[000000." - "][" - "[" - "]" +$ root = root_dev + "[" + root_dir +$! +$ define /nolog wrk_sslroot 'root'.] /trans=conc +$ define /nolog wrk_sslinclude wrk_sslroot:[include] +$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe] +$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib] +$! +$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then - + create /directory /log wrk_sslroot:[000000] +$ if f$parse("wrk_sslinclude:") .eqs. "" then - + create /directory /log wrk_sslinclude: +$ if f$parse("wrk_sslxexe:") .eqs. "" then - + create /directory /log wrk_sslxexe: +$ if f$parse("wrk_sslxlib:") .eqs. "" then - + create /directory /log wrk_sslxlib: +$! +$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h +$ e_exe := ssl_task +$ libs := ssl_libssl +$! +$ xexe_dir := [-.'archd'.exe.ssl] +$! +$ copy /protection = w:re 'exheader' wrk_sslinclude: /log +$! +$ i = 0 +$ loop_exe: +$ e = f$edit( f$element( i, ",", e_exe), "trim") +$ i = i + 1 +$ if e .eqs. "," then goto loop_exe_end +$ set noon +$ file = xexe_dir+ e+ ".exe" +$ if f$search( file) .nes. "" +$ then +$ copy /protection = w:re 'file' wrk_sslxexe: /log +$ endif +$ set on +$ goto loop_exe +$ loop_exe_end: +$! +$ i = 0 +$ loop_lib: +$ e = f$edit(f$element(i, ",", libs),"trim") +$ i = i + 1 +$ if e .eqs. "," then goto loop_lib_end +$ set noon +$! Object library. +$ file = xexe_dir+ e+ lib32+ ".olb" +$ if f$search( file) .nes. "" +$ then +$ copy /protection = w:re 'file' wrk_sslxlib: /log +$ endif +$! Shareable image. +$ file = xexe_dir+ e+ shr+ ".exe" +$ if f$search( file) .nes. "" +$ then +$ copy /protection = w:re 'file' wrk_sslxlib: /log +$ endif +$ set on +$ goto loop_lib +$ loop_lib_end: +$! +$ tidy: +$! +$ call deass wrk_sslroot +$ call deass wrk_sslinclude +$ call deass wrk_sslxexe +$ call deass wrk_sslxlib +$! +$ exit +$! +$ deass: subroutine +$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "") +$ then +$ deassign /process 'p1' +$ endif +$ endsubroutine +$! diff --git a/lib/libssl/src/test/bctest.com b/lib/libssl/src/test/bctest.com new file mode 100644 index 00000000000..d7e5ec139e0 --- /dev/null +++ b/lib/libssl/src/test/bctest.com @@ -0,0 +1,152 @@ +$! +$! Check operation of "bc". +$! +$! 2010-04-05 SMS. New. Based (loosely) on "bctest". +$! +$! +$ tmp_file_name = "tmp.bctest" +$ failure = "" +$! +$! Basic command test. +$! +$ on warning then goto bc_fail +$ bc +$ on error then exit +$! +$! Test for SunOS 5.[78] bc bug. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +obase=16 +ibase=16 +a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ +CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ +10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ +C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ +3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ +4FC3CADF855448B24A9D7640BCF473E +b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ +9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ +8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ +3ED0E2017D60A68775B75481449 +(a/b)*b + (a%b) - a +$ status = $status +$ output_expected = "0" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "SunOStest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$! Test for SCO bc bug. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +obase=16 +ibase=16 +-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ +9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ +11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ +1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ +AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ +F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ +B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ +02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ +85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ +A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ +E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ +8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ +04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ +89C8D71 +AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ +928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ +8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ +37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ +E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ +F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ +9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ +D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ +5296964 +$ status = $status +$ output_expected = "0\0" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "SCOtest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$! Test for working 'print' command. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +print "OK" +$ status = $status +$ output_expected = "OK" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "printtest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$ if (failure .nes. "") +$ then +$ write sys$output - + "No working bc found. Consider installing GNU bc." +$ exit %X00030000 ! %DCL-W-NORMAL +$ endif +$! +$ exit +$! +$! +$! Complete "bc" command failure. +$! +$ bc_fail: +$ write sys$output - + "No ""bc"" program/symbol found. Consider installing GNU bc." +$ exit %X00030000 ! %DCL-W-NORMAL +$! +$! +$! Output check subroutine. +$! +$ check_output: +$ eof = 0 +$ line_nr = 0 +$ open /read tmp_file 'tmp_file_name' +$ c_o_loop: +$ read /error = error_read tmp_file line +$ goto ok_read +$ error_read: +$ eof = 1 +$ ok_read: +$ line_expected = f$element( line_nr, "\", output_expected) +$ line_nr = line_nr+ 1 +$ if ((line_expected .nes. "\") .and. (.not. eof) .and. - + (line_expected .eqs. line)) then goto c_o_loop +$! +$ if ((line_expected .eqs. "\") .and. eof) +$ then +$ output = 1 +$ else +$ output = 0 +$ endif +$ close tmp_file +$ return +$! diff --git a/lib/libssl/src/test/bntest.com b/lib/libssl/src/test/bntest.com new file mode 100644 index 00000000000..6545d2e5a58 --- /dev/null +++ b/lib/libssl/src/test/bntest.com @@ -0,0 +1,76 @@ +$! +$! Analyze bntest output file. +$! +$! Exit status = 1 (success) if all tests passed, +$! 0 (warning) if any test failed. +$! +$! 2011-02-20 SMS. Added code to skip "#" comments in the input file. +$! +$! 2010-04-05 SMS. New. Based (loosely) on perl code in bntest-vms.sh. +$! +$! Expect data like: +$! test test_name1 +$! 0 +$! [...] +$! test test_name2 +$! 0 +$! [...] +$! [...] +$! +$! Some tests have no following "0" lines. +$! +$ result_file_name = f$edit( p1, "TRIM") +$ if (result_file_name .eqs. "") +$ then +$ result_file_name = "bntest-vms.out" +$ endif +$! +$ fail = 0 +$ passed = 0 +$ tests = 0 +$! +$ on control_c then goto tidy +$ on error then goto tidy +$! +$ open /read result_file 'result_file_name' +$! +$ read_loop: +$ read /end = read_loop_end /error = tidy result_file line +$ t1 = f$element( 0, " ", line) +$! +$! Skip "#" comment lines. +$ if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then - + goto read_loop +$! +$ if (t1 .eqs. "test") +$ then +$ passed = passed+ 1 +$ tests = tests+ 1 +$ fail = 1 +$ t2 = f$extract( 5, 1000, line) +$ write sys$output "verify ''t2'" +$ else +$ if (t1 .nes. "0") +$ then +$ write sys$output "Failed! bc: ''line'" +$ passed = passed- fail +$ fail = 0 +$ endif +$ endif +$ goto read_loop +$ read_loop_end: +$ write sys$output "''passed'/''tests' tests passed" +$! +$ tidy: +$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE") +$ then +$ close result_file +$ endif +$! +$ if ((tests .gt. 0) .and. (tests .eq. passed)) +$ then +$ exit 1 +$ else +$ exit 0 +$ endif +$! diff --git a/lib/libssl/src/test/clean_test.com b/lib/libssl/src/test/clean_test.com new file mode 100755 index 00000000000..7df633fbef1 --- /dev/null +++ b/lib/libssl/src/test/clean_test.com @@ -0,0 +1,35 @@ +$! +$! Delete various test results files. +$! +$ def_orig = f$environment( "default") +$ proc = f$environment( "procedure") +$ proc_dev_dir = f$parse( "A.;", proc) - "A.;" +$! +$ on control_c then goto tidy +$ on error then goto tidy +$! +$ set default 'proc_dev_dir' +$! +$ files := *.cms;*, *.srl;*, *.ss;*, - + cms.err;*, cms.out;*, newreq.pem;*, - + p.txt-zlib-cipher;*, - + smtst.txt;*, testkey.pem;*, testreq.pem;*, - + test_*.err;*, test_*.out;*, - + .rnd;* +$! +$ delim = "," +$ i = 0 +$ loop: +$ file = f$edit( f$element( i, delim, files), "trim") +$ if (file .eqs. delim) then goto loop_end +$ if (f$search( file) .nes. "") then - + delete 'p1' 'file' +$ i = i+ 1 +$ goto loop +$ loop_end: +$! +$ tidy: +$ +$ if (f$type( def_orig) .nes. "") then - + set default 'def_orig' +$! diff --git a/lib/libssl/src/test/cms-test.pl b/lib/libssl/src/test/cms-test.pl index 9c50dff3e9a..c938bcf00df 100644 --- a/lib/libssl/src/test/cms-test.pl +++ b/lib/libssl/src/test/cms-test.pl @@ -54,9 +54,13 @@ # OpenSSL PKCS#7 and CMS implementations. my $ossl_path; -my $redir = " 2>cms.err 1>cms.out"; +my $redir = " 2> cms.err > cms.out"; +# Make VMS work +if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { + $ossl_path = "pipe mcr OSSLX:openssl"; +} # Make MSYS work -if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { +elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { $ossl_path = "cmd /c ..\\apps\\openssl"; } elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { @@ -84,79 +88,79 @@ my @smime_pkcs7_tests = ( [ "signed content DER format, RSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -certfile $smdir/smroot.pem" . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed detached content DER format, RSA key", - "-sign -in smcont.txt -outform DER" + "-sign -in smcont.txt -outform \"DER\"" . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed content test streaming BER format, RSA", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -stream -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content DER format, DSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed detached content DER format, DSA key", - "-sign -in smcont.txt -outform DER" + "-sign -in smcont.txt -outform \"DER\"" . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed detached content DER format, add RSA signer", - "-resign -inform DER -in test.cms -outform DER" + "-resign -inform \"DER\" -in test.cms -outform \"DER\"" . " -signer $smdir/smrsa1.pem -out test2.cms", - "-verify -in test2.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test2.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed content test streaming BER format, DSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -stream -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", - "-sign -in smcont.txt -outform DER -noattr -nodetach" + "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -165,7 +169,7 @@ my @smime_pkcs7_tests = ( . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -174,7 +178,7 @@ my @smime_pkcs7_tests = ( . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -215,12 +219,12 @@ my @smime_cms_tests = ( [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", - "-sign -in smcont.txt -outform DER -nodetach -keyid" + "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -230,7 +234,7 @@ my @smime_cms_tests = ( . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", "-verify -in test.cms -inform PEM " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -239,7 +243,7 @@ my @smime_cms_tests = ( . " -receipt_request_to test\@openssl.org -receipt_request_all" . " -out test.cms", "-verify -in test.cms " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -248,7 +252,7 @@ my @smime_cms_tests = ( . " -signer $smdir/smrsa2.pem" . " -out test2.cms", "-verify_receipt test2.cms -in test.cms" - . " -CAfile $smdir/smroot.pem" + . " \"-CAfile\" $smdir/smroot.pem" ], [ @@ -289,38 +293,38 @@ my @smime_cms_tests = ( [ "encrypted content test streaming PEM format, 128 bit RC2 key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" ], [ "encrypted content test streaming PEM format, 40 bit RC2 key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -rc2 -secretkey 0001020304" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 0001020304 -out smtst.txt" ], [ "encrypted content test streaming PEM format, triple DES key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" . " -out smtst.txt" ], [ "encrypted content test streaming PEM format, 128 bit AES key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" ], diff --git a/lib/libssl/src/test/testtsa.com b/lib/libssl/src/test/testtsa.com index e3c586f14a2..29fb1d0e63e 100644 --- a/lib/libssl/src/test/testtsa.com +++ b/lib/libssl/src/test/testtsa.com @@ -2,14 +2,17 @@ $! $! A few very basic tests for the 'ts' time stamping authority command. $! $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p4 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ openssl := mcr 'f$parse(exe_dir+"openssl.exe")' -$ OPENSSL_CONF := [-]CAtsa.cnf +$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'" +$ OPENSSL_CONF = "[-]CAtsa.cnf" $ ! Because that's what ../apps/CA.sh really looks at $ SSLEAY_CONFIG = "-config " + OPENSSL_CONF $ @@ -114,8 +117,8 @@ $ $ time_stamp_response_token_test: $ subroutine $ -$ RESPONSE2:='p2'.copy_tsr -$ TOKEN_DER:='p2'.token_der +$ RESPONSE2 = p2+ "-copy_tsr" +$ TOKEN_DER = p2+ "-token_der" $ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out $ if $severity .ne. 1 then call error $ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' @@ -145,13 +148,13 @@ $ verify_time_stamp_token: $ subroutine $ $ ! create the token from the response first -$ openssl ts -reply -in 'p2' -out 'p2'.token -token_out +$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out $ if $severity .ne. 1 then call error -$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error -$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ openssl ts -verify -data "''p3'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ @@ -167,6 +170,8 @@ $ endsubroutine $ $ ! Main body ---------------------------------------------------------- $ +$ set noon +$ $ write sys$output "Setting up TSA test directory..." $ call setup_dir $ @@ -183,66 +188,68 @@ $ write sys$output "Creating req1.req time stamp request for file testtsa..." $ call create_time_stamp_request1 $ $ write sys$output "Printing req1.req..." -$ call print_request req1.tsq +$ call print_request "req1.tsq" $ $ write sys$output "Generating valid response for req1.req..." -$ call create_time_stamp_response req1.tsq resp1.tsr tsa_config1 +$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1" $ $ write sys$output "Printing response..." -$ call print_response resp1.tsr +$ call print_response "resp1.tsr" $ $ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com +$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com" $ $ write sys$output "Verifying valid token..." -$ call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com +$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com" $ $ ! The tests below are commented out, because invalid signer certificates $ ! can no longer be specified in the config file. $ $ ! write sys$output "Generating _invalid_ response for req1.req..." -$ ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 +$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2" $ $ ! write sys$output "Printing response..." -$ ! call print_response resp1_bad.tsr +$ ! call print_response "resp1_bad.tsr" $ $ ! write sys$output "Verifying invalid response, it should fail..." -$ ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr +$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr" $ $ write sys$output "Creating req2.req time stamp request for file testtsa..." $ call create_time_stamp_request2 $ $ write sys$output "Printing req2.req..." -$ call print_request req2.tsq +$ call print_request "req2.tsq" $ $ write sys$output "Generating valid response for req2.req..." -$ call create_time_stamp_response req2.tsq resp2.tsr tsa_config1 +$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1" $ $ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." -$ call time_stamp_response_token_test req2.tsq resp2.tsr +$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr" $ $ write sys$output "Printing response..." -$ call print_response resp2.tsr +$ call print_response "resp2.tsr" $ $ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com +$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com" $ $ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail req1.tsq resp2.tsr +$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr" $ $ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail req2.tsq resp1.tsr +$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr" $ $ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." $ call create_time_stamp_request3 $ $ write sys$output "Printing req3.req..." -$ call print_request req3.tsq +$ call print_request "req3.tsq" $ $ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail req3.tsq resp1.tsr +$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr" $ $ write sys$output "Cleaning up..." $ call clean_up_dir $ +$ set on +$ $ exit |