diff options
Diffstat (limited to 'lib/libcrypto')
74 files changed, 819 insertions, 460 deletions
diff --git a/lib/libcrypto/asn1/a_int.c b/lib/libcrypto/asn1/a_int.c index c6fd204ae3b..3348b8762cc 100644 --- a/lib/libcrypto/asn1/a_int.c +++ b/lib/libcrypto/asn1/a_int.c @@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, { ASN1_INTEGER *ret=NULL; const unsigned char *p; - unsigned char *to,*s; + unsigned char *s; long len; int inf,tag,xclass; int i; @@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, i=ERR_R_MALLOC_FAILURE; goto err; } - to=s; ret->type=V_ASN1_INTEGER; if(len) { if ((*p == 0) && (len != 1)) diff --git a/lib/libcrypto/asn1/a_object.c b/lib/libcrypto/asn1/a_object.c index e5fbe7cbb10..3978c9150d8 100644 --- a/lib/libcrypto/asn1/a_object.c +++ b/lib/libcrypto/asn1/a_object.c @@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); goto err; } - if (!use_bn && l > (ULONG_MAX / 10L)) + if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { use_bn = 1; if (!bl) @@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, /* Sanity check OID encoding: can't have leading 0x80 in * subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp + 1; i < len - 1; i++, p++) + for (i = 0, p = *pp; i < len; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { diff --git a/lib/libcrypto/asn1/a_strex.c b/lib/libcrypto/asn1/a_strex.c index 7fc14d3296c..264ebf2393a 100644 --- a/lib/libcrypto/asn1/a_strex.c +++ b/lib/libcrypto/asn1/a_strex.c @@ -74,6 +74,11 @@ #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) +#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB) + /* Three IO functions for sending data to memory, a BIO and * and a FILE pointer. @@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch if(!io_ch(arg, tmphex, 3)) return -1; return 3; } + /* If we get this far and do any escaping at all must escape + * the escape character itself: backslash. + */ + if (chtmp == '\\' && flags & ESC_FLAGS) { + if(!io_ch(arg, "\\\\", 2)) return -1; + return 2; + } if(!io_ch(arg, &chtmp, 1)) return -1; return 1; } @@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = { 4, -1, 2 /* 28-30 */ }; -#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) - /* This is the main function, print out an * ASN1_STRING taking note of various escape * and display options. Returns number of diff --git a/lib/libcrypto/asn1/a_strnid.c b/lib/libcrypto/asn1/a_strnid.c index 753021a7a2a..2fc48c1551a 100644 --- a/lib/libcrypto/asn1/a_strnid.c +++ b/lib/libcrypto/asn1/a_strnid.c @@ -95,7 +95,7 @@ unsigned long ASN1_STRING_get_default_mask(void) * default: the default value, Printable, T61, BMP. */ -int ASN1_STRING_set_default_mask_asc(char *p) +int ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; diff --git a/lib/libcrypto/asn1/asn1.h b/lib/libcrypto/asn1/asn1.h index f7718b5a94b..59540e4e799 100644 --- a/lib/libcrypto/asn1/asn1.h +++ b/lib/libcrypto/asn1/asn1.h @@ -1067,7 +1067,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); void ASN1_STRING_set_default_mask(unsigned long mask); -int ASN1_STRING_set_default_mask_asc(char *p); +int ASN1_STRING_set_default_mask_asc(const char *p); unsigned long ASN1_STRING_get_default_mask(void); int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, int inform, unsigned long mask); diff --git a/lib/libcrypto/asn1/n_pkey.c b/lib/libcrypto/asn1/n_pkey.c index 60bc437938c..e7d04390625 100644 --- a/lib/libcrypto/asn1/n_pkey.c +++ b/lib/libcrypto/asn1/n_pkey.c @@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int sgckey) { RSA *ret=NULL; - const unsigned char *p, *kp; + const unsigned char *p; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; p = *pp; @@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); goto err; } - kp = enckey->enckey->digest->data; if (cb == NULL) cb=EVP_read_pw_string; if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; diff --git a/lib/libcrypto/asn1/t_crl.c b/lib/libcrypto/asn1/t_crl.c index bdb244c015b..ee5a687ce83 100644 --- a/lib/libcrypto/asn1/t_crl.c +++ b/lib/libcrypto/asn1/t_crl.c @@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; - int i, n; + int i; char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); @@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x) else BIO_printf(out,"NONE"); BIO_printf(out,"\n"); - n=X509_CRL_get_ext_count(x); X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c index 3bee439968e..87d7dfdf5c3 100644 --- a/lib/libcrypto/asn1/tasn_dec.c +++ b/lib/libcrypto/asn1/tasn_dec.c @@ -168,7 +168,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int i; int otag; int ret = 0; - ASN1_VALUE *pchval, **pchptr, *ptmpval; + ASN1_VALUE **pchptr, *ptmpval; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -319,7 +319,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } /* CHOICE type, try each possibility in turn */ - pchval = NULL; p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) { diff --git a/lib/libcrypto/asn1/x_name.c b/lib/libcrypto/asn1/x_name.c index caa4409feb2..49be08b4daa 100644 --- a/lib/libcrypto/asn1/x_name.c +++ b/lib/libcrypto/asn1/x_name.c @@ -214,7 +214,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, *val = nm.a; *in = p; return ret; - err: +err: + if (nm.x != NULL) + X509_NAME_free(nm.x); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -464,7 +466,8 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in) } else { - *to++ = tolower(*from++); + *to++ = tolower(*from); + from++; i++; } } diff --git a/lib/libcrypto/asn1/x_x509.c b/lib/libcrypto/asn1/x_x509.c index dafd3cc9211..de3df9eb51c 100644 --- a/lib/libcrypto/asn1/x_x509.c +++ b/lib/libcrypto/asn1/x_x509.c @@ -63,7 +63,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -ASN1_SEQUENCE(X509_CINF) = { +ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), @@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = { ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -} ASN1_SEQUENCE_END(X509_CINF) +} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) /* X509 top level structure needs a bit of customisation */ diff --git a/lib/libcrypto/bio/b_sock.c b/lib/libcrypto/bio/b_sock.c index 12b0a53a81c..d47310d650c 100644 --- a/lib/libcrypto/bio/b_sock.c +++ b/lib/libcrypto/bio/b_sock.c @@ -551,7 +551,30 @@ int BIO_socket_ioctl(int fd, long type, void *arg) #ifdef __DJGPP__ i=ioctlsocket(fd,type,(char *)arg); #else - i=ioctlsocket(fd,type,arg); +# if defined(OPENSSL_SYS_VMS) + /* 2011-02-18 SMS. + * VMS ioctl() can't tolerate a 64-bit "void *arg", but we + * observe that all the consumers pass in an "unsigned long *", + * so we arrange a local copy with a short pointer, and use + * that, instead. + */ +# if __INITIAL_POINTER_SIZE == 64 +# define ARG arg_32p +# pragma pointer_size save +# pragma pointer_size 32 + unsigned long arg_32; + unsigned long *arg_32p; +# pragma pointer_size restore + arg_32p = &arg_32; + arg_32 = *((unsigned long *) arg); +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define ARG arg +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +# else /* defined(OPENSSL_SYS_VMS) */ +# define ARG arg +# endif /* defined(OPENSSL_SYS_VMS) [else] */ + + i=ioctlsocket(fd,type,ARG); #endif /* __DJGPP__ */ if (i < 0) SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error()); @@ -660,6 +683,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) * note that commonly IPv6 wildchard socket can service * IPv4 connections just as well... */ memset(&hint,0,sizeof(hint)); + hint.ai_flags = AI_PASSIVE; if (h) { if (strchr(h,':')) @@ -672,7 +696,10 @@ int BIO_get_accept_socket(char *host, int bind_mode) #endif } else if (h[0]=='*' && h[1]=='\0') + { + hint.ai_family = AF_INET; h=NULL; + } } if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break; diff --git a/lib/libcrypto/bio/bf_nbio.c b/lib/libcrypto/bio/bf_nbio.c index c72a23c2e1b..028616c0648 100644 --- a/lib/libcrypto/bio/bf_nbio.c +++ b/lib/libcrypto/bio/bf_nbio.c @@ -125,7 +125,6 @@ static int nbiof_free(BIO *a) static int nbiof_read(BIO *b, char *out, int outl) { - NBIO_TEST *nt; int ret=0; #if 1 int num; @@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl) if (out == NULL) return(0); if (b->next_bio == NULL) return(0); - nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); #if 1 diff --git a/lib/libcrypto/bio/bio_lib.c b/lib/libcrypto/bio/bio_lib.c index 77f4de9c324..e12bc3a2ca4 100644 --- a/lib/libcrypto/bio/bio_lib.c +++ b/lib/libcrypto/bio/bio_lib.c @@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method) int BIO_free(BIO *a) { - int ret=0,i; + int i; if (a == NULL) return(0); @@ -133,7 +133,7 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - ret=a->method->destroy(a); + a->method->destroy(a); OPENSSL_free(a); return(1); } diff --git a/lib/libcrypto/bio/bss_acpt.c b/lib/libcrypto/bio/bss_acpt.c index 826f761143c..5d49e1a72bc 100644 --- a/lib/libcrypto/bio/bss_acpt.c +++ b/lib/libcrypto/bio/bss_acpt.c @@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl) static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) { - BIO *dbio; int *ip; long ret=1; BIO_ACCEPT *data; @@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret=(long)data->bind_mode; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; -/* if (data->param_port) EAY EAY +/* dbio=(BIO *)ptr; + if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) BIO_set_hostname(dbio,data->param_hostname); diff --git a/lib/libcrypto/bio/bss_dgram.c b/lib/libcrypto/bio/bss_dgram.c index eb7e3654677..71ebe987b63 100644 --- a/lib/libcrypto/bio/bss_dgram.c +++ b/lib/libcrypto/bio/bss_dgram.c @@ -57,7 +57,6 @@ * */ -#ifndef OPENSSL_NO_DGRAM #include <stdio.h> #include <errno.h> @@ -65,6 +64,7 @@ #include "cryptlib.h" #include <openssl/bio.h> +#ifndef OPENSSL_NO_DGRAM #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) #include <sys/timeb.h> @@ -308,7 +308,6 @@ static int dgram_read(BIO *b, char *out, int outl) OPENSSL_assert(sa.len.s<=sizeof(sa.peer)); sa.len.i = (int)sa.len.s; } - dgram_reset_rcv_timeout(b); if ( ! data->connected && ret >= 0) BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); @@ -322,6 +321,8 @@ static int dgram_read(BIO *b, char *out, int outl) data->_errno = get_last_socket_error(); } } + + dgram_reset_rcv_timeout(b); } return(ret); } @@ -340,7 +341,7 @@ static int dgram_write(BIO *b, const char *in, int inl) if (data->peer.sa.sa_family == AF_INET) peerlen = sizeof(data->peer.sa_in); -#if OPENSSL_USE_IVP6 +#if OPENSSL_USE_IPV6 else if (data->peer.sa.sa_family == AF_INET6) peerlen = sizeof(data->peer.sa_in6); #endif @@ -745,9 +746,13 @@ static int BIO_dgram_should_retry(int i) { err=get_last_socket_error(); -#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ - if ((i == -1) && (err == 0)) - return(1); +#if defined(OPENSSL_SYS_WINDOWS) + /* If the socket return value (i) is -1 + * and err is unexpectedly 0 at this point, + * the error code was overwritten by + * another system call before this error + * handling is called. + */ #endif return(BIO_dgram_non_fatal_error(err)); @@ -810,7 +815,6 @@ int BIO_dgram_non_fatal_error(int err) } return(0); } -#endif static void get_current_time(struct timeval *t) { @@ -828,3 +832,5 @@ static void get_current_time(struct timeval *t) gettimeofday(t, NULL); #endif } + +#endif diff --git a/lib/libcrypto/bio/bss_file.c b/lib/libcrypto/bio/bss_file.c index 8bfa0bcd97d..b954fe7ebc8 100644 --- a/lib/libcrypto/bio/bss_file.c +++ b/lib/libcrypto/bio/bss_file.c @@ -123,6 +123,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) #if defined(_WIN32) && defined(CP_UTF8) int sz, len_0 = (int)strlen(filename)+1; + DWORD flags; /* * Basically there are three cases to cover: a) filename is @@ -136,17 +137,22 @@ BIO *BIO_new_file(const char *filename, const char *mode) * ERROR_NO_UNICODE_TRANSLATION, in which case we fall * back to fopen... */ - if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + if ((sz=MultiByteToWideChar(CP_UTF8,(flags=MB_ERR_INVALID_CHARS), + filename,len_0,NULL,0))>0 || + (GetLastError()==ERROR_INVALID_FLAGS && + (sz=MultiByteToWideChar(CP_UTF8,(flags=0), filename,len_0,NULL,0))>0) + ) { WCHAR wmode[8]; WCHAR *wfilename = _alloca(sz*sizeof(WCHAR)); - if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + if (MultiByteToWideChar(CP_UTF8,flags, filename,len_0,wfilename,sz) && MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1, wmode,sizeof(wmode)/sizeof(wmode[0])) && - (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT + (file=_wfopen(wfilename,wmode))==NULL && + (errno==ENOENT || errno==EBADF) ) /* UTF-8 decode succeeded, but no file, filename * could still have been locale-ized... */ file = fopen(filename,mode); diff --git a/lib/libcrypto/bio/bss_log.c b/lib/libcrypto/bio/bss_log.c index 7ead044b376..b7dce5c1a27 100644 --- a/lib/libcrypto/bio/bss_log.c +++ b/lib/libcrypto/bio/bss_log.c @@ -75,6 +75,15 @@ # include <descrip.h> # include <lib$routines.h> # include <starlet.h> +/* Some compiler options may mask the declaration of "_malloc32". */ +# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 + void * _malloc32 (__size_t); +# pragma pointer_size restore +# endif /* __INITIAL_POINTER_SIZE == 64 */ +# endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */ #elif defined(__ultrix) # include <sys/syslog.h> #elif defined(OPENSSL_SYS_NETWARE) @@ -300,7 +309,24 @@ static void xopenlog(BIO* bp, char* name, int level) static void xsyslog(BIO *bp, int priority, const char *string) { struct dsc$descriptor_s opc_dsc; + +/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 +# define OPCDEF_TYPE __char_ptr32 +# define OPCDEF_MALLOC _malloc32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define OPCDEF_TYPE char * +# define OPCDEF_MALLOC OPENSSL_malloc +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + struct opcdef *opcdef_p; + +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ + char buf[10240]; unsigned int len; struct dsc$descriptor_s buf_dsc; @@ -326,8 +352,8 @@ static void xsyslog(BIO *bp, int priority, const char *string) lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); - /* we know there's an 8 byte header. That's documented */ - opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len); + /* We know there's an 8-byte header. That's documented. */ + opcdef_p = OPCDEF_MALLOC( 8+ len); opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); opcdef_p->opc$l_ms_rqstid = 0; @@ -335,7 +361,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; opc_dsc.dsc$b_class = DSC$K_CLASS_S; - opc_dsc.dsc$a_pointer = (char *)opcdef_p; + opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p; opc_dsc.dsc$w_length = len + 8; sys$sndopr(opc_dsc, 0); diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h index e484b7fc116..a0bc47837dc 100644 --- a/lib/libcrypto/bn/bn.h +++ b/lib/libcrypto/bn/bn.h @@ -253,6 +253,24 @@ extern "C" { #define BN_HEX_FMT2 "%08X" #endif +/* 2011-02-22 SMS. + * In various places, a size_t variable or a type cast to size_t was + * used to perform integer-only operations on pointers. This failed on + * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is + * still only 32 bits. What's needed in these cases is an integer type + * with the same size as a pointer, which size_t is not certain to be. + * The only fix here is VMS-specific. + */ +#if defined(OPENSSL_SYS_VMS) +# if __INITIAL_POINTER_SIZE == 64 +# define PTR_SIZE_INT long long +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_SIZE_INT int +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#else /* defined(OPENSSL_SYS_VMS) */ +# define PTR_SIZE_INT size_t +#endif /* defined(OPENSSL_SYS_VMS) [else] */ + #define BN_DEFAULT_BITS 1280 #define BN_FLG_MALLOCED 0x01 diff --git a/lib/libcrypto/bn/bn_exp2.c b/lib/libcrypto/bn/bn_exp2.c index b3f43cec8c1..bd0c34b91bc 100644 --- a/lib/libcrypto/bn/bn_exp2.c +++ b/lib/libcrypto/bn/bn_exp2.c @@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, r_is_one = 0; } } - BN_from_montgomery(rr,r,mont,ctx); + if (!BN_from_montgomery(rr,r,mont,ctx)) + goto err; ret=1; err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); diff --git a/lib/libcrypto/bn/bn_gf2m.c b/lib/libcrypto/bn/bn_gf2m.c index 527b0fa15be..432a3aa3383 100644 --- a/lib/libcrypto/bn/bn_gf2m.c +++ b/lib/libcrypto/bn/bn_gf2m.c @@ -545,6 +545,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { while (!BN_is_odd(u)) { + if (BN_is_zero(u)) goto err; if (!BN_rshift1(u, u)) goto err; if (BN_is_odd(b)) { diff --git a/lib/libcrypto/bn/bn_mont.c b/lib/libcrypto/bn/bn_mont.c index 7224637ab31..1a866880f53 100644 --- a/lib/libcrypto/bn/bn_mont.c +++ b/lib/libcrypto/bn/bn_mont.c @@ -277,7 +277,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) m1|=m2; /* (al!=ri) */ m1|=(0-(size_t)v); /* (al!=ri || v) */ m1&=~m2; /* (al!=ri || v) && !al>ri */ - nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); + nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m1)|((PTR_SIZE_INT)ap&m1)); } /* 'i<ri' is chosen to eliminate dependency on input data, even diff --git a/lib/libcrypto/bn/bn_mul.c b/lib/libcrypto/bn/bn_mul.c index a0e9ec3b469..12e5be80eb2 100644 --- a/lib/libcrypto/bn/bn_mul.c +++ b/lib/libcrypto/bn/bn_mul.c @@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; - int c1,c2,neg,zero; + int c1,c2,neg; BN_ULONG ln,lo,*p; # ifdef BN_COUNT @@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, /* r=(a[0]-a[1])*(b[1]-b[0]) */ c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); - zero=neg=0; + neg=0; switch (c1*3+c2) { case -4: @@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: - zero=1; /* break; */ case -2: bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ @@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, case -1: case 0: case 1: - zero=1; /* break; */ case 2: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ @@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, neg=1; break; case 3: - zero=1; /* break; */ case 4: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); @@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { if (i >= -1 && i <= 1) { - int sav_j =0; /* Find out the power of two lower or equal to the longest of the two numbers */ if (i >= 0) @@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { j = BN_num_bits_word((BN_ULONG)bl); } - sav_j = j; j = 1<<(j-1); assert(j <= al || j <= bl); k = j+j; diff --git a/lib/libcrypto/bn/bn_nist.c b/lib/libcrypto/bn/bn_nist.c index 2ca5b013911..c6de032696e 100644 --- a/lib/libcrypto/bn/bn_nist.c +++ b/lib/libcrypto/bn/bn_nist.c @@ -354,7 +354,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_192_TOP], c_d[BN_NIST_192_TOP], *res; - size_t mask; + PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_192_sqr = { (BN_ULONG *)_nist_p_192_sqr, sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), @@ -405,9 +405,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' * this is what happens below, but without explicit if:-) a. */ - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *) + (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); @@ -438,8 +439,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_224_TOP], c_d[BN_NIST_224_TOP], *res; - size_t mask; - union { bn_addsub_f f; size_t p; } u; + PTR_SIZE_INT mask; + union { bn_addsub_f f; PTR_SIZE_INT p; } u; static const BIGNUM _bignum_nist_p_224_sqr = { (BN_ULONG *)_nist_p_224_sqr, sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), @@ -510,16 +511,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, * to be compared to the modulus and conditionally * adjusted by *subtracting* the latter. */ carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP); - mask = 0-(size_t)carry; - u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + mask = 0-(PTR_SIZE_INT)carry; + u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | + ((PTR_SIZE_INT)bn_add_words&~mask); } else carry = 1; /* otherwise it's effectively same as in BN_nist_mod_192... */ - mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_224_TOP); r->top = BN_NIST_224_TOP; bn_correct_top(r); @@ -549,8 +552,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_256_TOP], c_d[BN_NIST_256_TOP], *res; - size_t mask; - union { bn_addsub_f f; size_t p; } u; + PTR_SIZE_INT mask; + union { bn_addsub_f f; PTR_SIZE_INT p; } u; static const BIGNUM _bignum_nist_p_256_sqr = { (BN_ULONG *)_nist_p_256_sqr, sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), @@ -629,15 +632,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (carry < 0) { carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP); - mask = 0-(size_t)carry; - u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + mask = 0-(PTR_SIZE_INT)carry; + u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | + ((PTR_SIZE_INT)bn_add_words&~mask); } else carry = 1; - mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_256_TOP); r->top = BN_NIST_256_TOP; bn_correct_top(r); @@ -671,8 +676,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_384_TOP], c_d[BN_NIST_384_TOP], *res; - size_t mask; - union { bn_addsub_f f; size_t p; } u; + PTR_SIZE_INT mask; + union { bn_addsub_f f; PTR_SIZE_INT p; } u; static const BIGNUM _bignum_nist_p_384_sqr = { (BN_ULONG *)_nist_p_384_sqr, sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), @@ -754,15 +759,17 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (carry < 0) { carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP); - mask = 0-(size_t)carry; - u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + mask = 0-(PTR_SIZE_INT)carry; + u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | + ((PTR_SIZE_INT)bn_add_words&~mask); } else carry = 1; - mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_384_TOP); r->top = BN_NIST_384_TOP; bn_correct_top(r); @@ -781,7 +788,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val,tmp,*res; - size_t mask; + PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_521_sqr = { (BN_ULONG *)_nist_p_521_sqr, sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), @@ -826,8 +833,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, r_d[i] &= BN_NIST_521_TOP_MASK; bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); - mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); - res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); + res = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d,res,BN_NIST_521_TOP); r->top = BN_NIST_521_TOP; bn_correct_top(r); diff --git a/lib/libcrypto/comp/c_rle.c b/lib/libcrypto/comp/c_rle.c index efd366fa223..18bceae51e7 100644 --- a/lib/libcrypto/comp/c_rle.c +++ b/lib/libcrypto/comp/c_rle.c @@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, { int i; - if (olen < (ilen-1)) + if (ilen == 0 || olen < (ilen-1)) { /* ZZZZZZZZZZZZZZZZZZZZZZ */ return(-1); @@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, } return(ilen-1); } - diff --git a/lib/libcrypto/conf/conf_api.c b/lib/libcrypto/conf/conf_api.c index 22617e5fa18..f5fcbb9f6b1 100644 --- a/lib/libcrypto/conf/conf_api.c +++ b/lib/libcrypto/conf/conf_api.c @@ -64,6 +64,7 @@ #endif #include <assert.h> +#include <stdlib.h> #include <string.h> #include <openssl/conf.h> #include <openssl/conf_api.h> @@ -285,7 +286,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) v->value=(char *)sk; vv=lh_CONF_VALUE_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) diff --git a/lib/libcrypto/conf/conf_def.c b/lib/libcrypto/conf/conf_def.c index 0b571b03942..cf951320af8 100644 --- a/lib/libcrypto/conf/conf_def.c +++ b/lib/libcrypto/conf/conf_def.c @@ -213,13 +213,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; - int again,n; + int again; long eline=0; char btmp[DECIMAL_SIZE(eline)+1]; CONF_VALUE *v=NULL,*tv; CONF_VALUE *sv=NULL; char *section=NULL,*buf; - STACK_OF(CONF_VALUE) *section_sk=NULL,*ts; char *start,*psection,*pname; void *h = (void *)(conf->data); @@ -250,7 +249,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; bufnum=0; again=0; @@ -309,7 +307,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) buf=buff->data; clear_comments(conf, buf); - n=strlen(buf); s=eat_ws(conf, buf); if (IS_EOF(conf,*s)) continue; /* blank line */ if (*s == '[') @@ -343,7 +340,6 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; continue; } else @@ -406,13 +402,9 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - ts=(STACK_OF(CONF_VALUE) *)tv->value; } else - { tv=sv; - ts=section_sk; - } #if 1 if (_CONF_add_string(conf, tv, v) == 0) { @@ -465,9 +457,6 @@ err: static void clear_comments(CONF *conf, char *p) { - char *to; - - to=p; for (;;) { if (IS_FCOMMENT(conf,*p)) diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c index b4449b86d68..24fe123e143 100644 --- a/lib/libcrypto/cryptlib.c +++ b/lib/libcrypto/cryptlib.c @@ -731,7 +731,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: - ERR_remove_state(0); break; case DLL_PROCESS_DETACH: break; @@ -743,6 +742,16 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, #if defined(_WIN32) && !defined(__CYGWIN__) #include <tchar.h> #include <signal.h> +#ifdef __WATCOMC__ +#if defined(_UNICODE) || defined(__UNICODE__) +#define _vsntprintf _vsnwprintf +#else +#define _vsntprintf _vsnprintf +#endif +#endif +#ifdef _MSC_VER +#define alloca _alloca +#endif #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 int OPENSSL_isservice(void) @@ -773,11 +782,7 @@ int OPENSSL_isservice(void) if (len>512) return -1; /* paranoia */ len++,len&=~1; /* paranoia */ -#ifdef _MSC_VER - name=(WCHAR *)_alloca(len+sizeof(WCHAR)); -#else name=(WCHAR *)alloca(len+sizeof(WCHAR)); -#endif if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len)) return -1; @@ -822,11 +827,7 @@ void OPENSSL_showfatal (const char *fmta,...) size_t len_0=strlen(fmta)+1,i; WCHAR *fmtw; -#ifdef _MSC_VER - fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); -#else - fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); -#endif + fmtw = (WCHAR *)alloca(len_0*sizeof(WCHAR)); if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } #ifndef OPENSSL_NO_MULTIBYTE diff --git a/lib/libcrypto/crypto-lib.com b/lib/libcrypto/crypto-lib.com index a4b66350911..a29c0afd93f 100644 --- a/lib/libcrypto/crypto-lib.com +++ b/lib/libcrypto/crypto-lib.com @@ -47,11 +47,33 @@ $! P6, if defined, sets a choice of crypto methods to compile. $! WARNING: this should only be done to recompile some part of an already $! fully compiled library. $! +$! P7, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: +$! +$! "" Compile with default (/NOPOINTER_SIZE) +$! 32 Compile with /POINTER_SIZE=32 (SHORT) +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]). +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). +$! +$! P8, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) $! $ TCPIP_LIB = "" +$ ZLIB_LIB = "" $! $! Check Which Architecture We Are Using. $! @@ -75,6 +97,11 @@ $! End The Architecture Check. $! $ ENDIF $! +$ ARCHD = ARCH +$ LIB32 = "32" +$ OPT_FILE = "" +$ POINTER_SIZE = "" +$! $! Define The Different Encryption Types. $! NOTE: Some might think this list ugly. However, it's made this way to $! reflect the SDIRS variable in [-]Makefile.org as closely as possible, @@ -91,17 +118,29 @@ $ ENCRYPT_TYPES = "Basic,"+ - "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - "STORE,CMS,PQUEUE,TS,JPAKE" -$! Define The OBJ Directory. $! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO] +$! Check To Make Sure We Have Valid Command Line Parameters. +$! +$ GOSUB CHECK_OPTIONS $! -$! Define The EXE Directory. +$! Define The OBJ and EXE Directories. $! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] +$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO] +$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO] $! -$! Check To Make Sure We Have Valid Command Line Parameters. +$! Specify the destination directory in any /MAP option. $! -$ GOSUB CHECK_OPTIONS +$ if (LINKMAP .eqs. "MAP") +$ then +$ LINKMAP = LINKMAP+ "=''EXE_DIR'" +$ endif +$! +$! Add the location prefix to the linker options file name. +$! +$ if (OPT_FILE .nes. "") +$ then +$ OPT_FILE = EXE_DIR+ OPT_FILE +$ endif $! $! Initialise logical names and such $! @@ -109,7 +148,7 @@ $ GOSUB INITIALISE $! $! Tell The User What Kind of Machine We Run On. $! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." +$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" $! $! $! Check To See If The Architecture Specific OBJ Directory Exists. @@ -140,11 +179,11 @@ $ ENDIF $! $! Define The Library Name. $! -$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB +$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB +$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB $! $! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library... $! @@ -193,7 +232,7 @@ $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ - "cmll_cfb,cmll_ctr" $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb" -$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128" +$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128" $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN - LIB_BN_ASM = "bn_asm" @@ -301,15 +340,23 @@ $ LIB_JPAKE = "jpake,jpake_err" $! $! Setup exceptional compilations $! -$ ! Add definitions for no threads on OpenVMS 7.1 and higher +$ CC3_SHOWN = 0 +$ CC4_SHOWN = 0 +$ CC5_SHOWN = 0 +$ CC6_SHOWN = 0 +$! +$! The following lists must have leading and trailing commas, and no +$! embedded spaces. (They are scanned for ",name,".) +$! +$ ! Add definitions for no threads on OpenVMS 7.1 and higher. $ COMPILEWITH_CC3 = ",bss_rtcp," -$ ! Disable the DOLLARID warning -$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir" -$ ! Disable disjoint optimization +$ ! Disable the DOLLARID warning. Not needed with /STANDARD=RELAXED. +$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir," +$ ! Disable disjoint optimization on VAX with DECC. $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc," -$ ! Disable the MIXLINKAGE warning -$ COMPILEWITH_CC6 = ",enc_read,set_key," +$ ! Disable the MIXLINKAGE warning. +$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key," $! $! Figure Out What Other Modules We Are To Build. $! @@ -515,31 +562,60 @@ $ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File. (",BUILDALL,",",STATE," $ ENDIF $ IF (MODULE_NAME.NES."") $ THEN -$ WRITE SYS$OUTPUT " ",FILE_NAME,"" +$ WRITE SYS$OUTPUT " ",FILE_NAME,"" $ ENDIF $! $! Compile The File. $! $ ON ERROR THEN GOTO NEXT_FILE -$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME) +$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ "," $ IF FILE_NAME - ".mar" .NES. FILE_NAME $ THEN $ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3 $ THEN +$ write sys$output " \Using special rule (3)" +$ if (.not. CC3_SHOWN) +$ then +$ CC3_SHOWN = 1 +$ x = " "+ CC3 +$ write /symbol sys$output x +$ endif $ CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4 $ THEN +$ write /symbol sys$output " \Using special rule (4)" +$ if (.not. CC4_SHOWN) +$ then +$ CC4_SHOWN = 1 +$ x = " "+ CC4 +$ write /symbol sys$output x +$ endif $ CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE -$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5 +$ IF CC5_DIFFERENT .AND. - + (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5) $ THEN +$ write sys$output " \Using special rule (5)" +$ if (.not. CC5_SHOWN) +$ then +$ CC5_SHOWN = 1 +$ x = " "+ CC5 +$ write /symbol sys$output x +$ endif $ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6 $ THEN +$ write sys$output " \Using special rule (6)" +$ if (.not. CC6_SHOWN) +$ then +$ CC6_SHOWN = 1 +$ x = " "+ CC6 +$ write /symbol sys$output x +$ endif $ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' @@ -586,38 +662,22 @@ $! SHOW SYMBOL APPLICATION* $! $! Tell the user what happens $! -$ WRITE SYS$OUTPUT " ",APPLICATION,".exe" +$ WRITE SYS$OUTPUT " ",APPLICATION,".exe" $! $! Link The Program. $! $ ON ERROR THEN GOTO NEXT_APPLICATION $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. +$! Link With A TCP/IP Library. $! -$ IF (TCPIP_LIB.NES."") -$ THEN +$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' - + /EXE='EXE_DIR''APPLICATION'.EXE - + 'OBJ_DIR''APPLICATION_OBJECTS', - + 'CRYPTO_LIB'/LIBRARY - + 'TCPIP_LIB' - + 'ZLIB_LIB' - + ,'OPT_FILE' /OPTIONS $! -$! Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS',- - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF $ GOTO NEXT_APPLICATION $ APPLICATION_DONE: $ ENDIF @@ -656,7 +716,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable VAX C Runtime Library. ! SYS$SHARE:VAXCRTL.EXE/SHARE @@ -685,7 +745,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable C Runtime Library. ! GNU_CC:[000000]GCCLIB/LIBRARY @@ -720,7 +780,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable DEC C Runtime Library. ! SYS$SHARE:DECC$SHR.EXE/SHARE @@ -735,7 +795,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For non-VAX To Link Agianst +! Default System Options File For non-VAX To Link Against ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE @@ -756,7 +816,7 @@ $ ENDIF $! $! Tell The User What Linker Option File We Are Using. $! -$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." +$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." $! $! Time To RETURN. $! @@ -803,8 +863,8 @@ $ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.E $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." -$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." +$ WRITE SYS$OUTPUT " ALPHA[64]: Alpha Architecture." +$ WRITE SYS$OUTPUT " IA64[64] : IA64 Architecture." $ WRITE SYS$OUTPUT " VAX : VAX Architecture." $ WRITE SYS$OUTPUT "" $! @@ -825,15 +885,16 @@ $! $ IF (P2.EQS."NODEBUG") $ THEN $! -$! P2 Is NODEBUG, So Compile Without The Debugger Information. +$! P2 Is NODEBUG, So Compile Without The Debugger Information. $! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ MACRO_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." +$ DEBUGGER = "NODEBUG" +$ LINKMAP = "NOMAP" +$ TRACEBACK = "NOTRACEBACK" +$ GCC_OPTIMIZE = "OPTIMIZE" +$ CC_OPTIMIZE = "OPTIMIZE" +$ MACRO_OPTIMIZE = "OPTIMIZE" +$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. @@ -844,6 +905,7 @@ $! $! Compile With Debugger Information. $! $ DEBUGGER = "DEBUG" +$ LINKMAP = "MAP" $ TRACEBACK = "TRACEBACK" $ GCC_OPTIMIZE = "NOOPTIMIZE" $ CC_OPTIMIZE = "NOOPTIMIZE" @@ -852,7 +914,7 @@ $ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." $ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." $ ELSE $! -$! They Entered An Invalid Option.. +$! They Entered An Invalid Option. $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" @@ -907,6 +969,60 @@ $! End The P5 Check. $! $ ENDIF $! +$! Check P7 (POINTER_SIZE). +$! +$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (P7 .EQS. "32") +$ THEN +$ POINTER_SIZE = " /POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ POINTER_SIZE = " /POINTER_SIZE=64" +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", P7, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$ ENDIF +$! +$ ENDIF +$! +$! End The P7 (POINTER_SIZE) Check. +$! +$ ENDIF +$! +$! Set basic C compiler /INCLUDE directories. +$! +$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ - + "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1]" +$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."") @@ -1007,11 +1123,64 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" +$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS $! -$! Check To See If The User Entered A Valid Paramter. +$! Check To See If We Have A ZLIB Option. +$! +$ ZLIB = P8 +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$ file1 = f$parse( "A.;", ZLIB)- "A.;" +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ EXIT +$ endif +$! +$ CCDEFS = """ZLIB=1"", "+ CCDEFS +$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 +$ ZLIB_LIB = ", ''file2' /library" +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The ZLIB Check. +$! +$ ENDIF +$! +$! Check To See If The User Entered A Valid Parameter. $! $ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") $ THEN @@ -1034,14 +1203,14 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - - CCEXTRAFLAGS +$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - + "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - + " /INCLUDE=(''CC_INCLUDES')"+ - + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -1070,7 +1239,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(''CC_INCLUDES')"+ - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! @@ -1080,7 +1249,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -1102,12 +1271,12 @@ $! $! Use GNU C... $! $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(''CC_INCLUDES')"+ - CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -1128,22 +1297,24 @@ $ CC6DISABLEWARNINGS = "MIXLINKAGE" $ ELSE $ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" $ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" +$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" $ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" -$ CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))" +$ CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" +$ CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))" $ ELSE $ CCDISABLEWARNINGS = "" $ CC4DISABLEWARNINGS = "" $ CC6DISABLEWARNINGS = "" $ ENDIF -$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS +$ CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS +$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG" $ THEN -$ CC5 = CC + "/OPTIMIZE=NODISJOINT" +$ CC5 = CC + " /OPTIMIZE=NODISJOINT" +$ CC5_DIFFERENT = 1 $ ELSE -$ CC5 = CC + "/NOOPTIMIZE" +$ CC5 = CC +$ CC5_DIFFERENT = 0 $ ENDIF $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS $ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS @@ -1196,7 +1367,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Done with SOCKETSHR $! @@ -1222,13 +1393,13 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" $ ENDIF $! $! Done with UCX @@ -1242,7 +1413,7 @@ $ THEN $! $! Set the library to use TCPIP (post UCX). $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Done with TCPIP $! @@ -1263,7 +1434,7 @@ $ ENDIF $! $! Print info $! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB +$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," $! $! Else The User Entered An Invalid Argument. $! diff --git a/lib/libcrypto/dsa/dsa_gen.c b/lib/libcrypto/dsa/dsa_gen.c index 0fcd25f8b0a..cb0b4538a49 100644 --- a/lib/libcrypto/dsa/dsa_gen.c +++ b/lib/libcrypto/dsa/dsa_gen.c @@ -120,7 +120,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, BIGNUM *r0,*W,*X,*c,*test; BIGNUM *g=NULL,*q=NULL,*p=NULL; BN_MONT_CTX *mont=NULL; - int i, k,n=0,b,m=0, qsize = qbits >> 3; + int i, k, n=0, m=0, qsize = qbits >> 3; int counter=0; int r=0; BN_CTX *ctx=NULL; @@ -232,7 +232,6 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* "offset = 2" */ n=(bits-1)/160; - b=(bits-1)-n*160; for (;;) { diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c index 4fead07e80f..a3ddd7d2816 100644 --- a/lib/libcrypto/dsa/dsa_ossl.c +++ b/lib/libcrypto/dsa/dsa_ossl.c @@ -148,15 +148,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) s=BN_new(); if (s == NULL) goto err; - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dlen > SHA256_DIGEST_LENGTH) - { - reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; - goto err; - } - ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -185,7 +176,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ if (BN_cmp(s,dsa->q) > 0) - BN_sub(s,s,dsa->q); + if (!BN_sub(s,s,dsa->q)) goto err; if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; ret=DSA_SIG_new(); @@ -325,15 +316,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); return -1; } - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dgst_len > SHA256_DIGEST_LENGTH) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return -1; - } - BN_init(&u1); BN_init(&u2); BN_init(&t1); diff --git a/lib/libcrypto/dso/dso_dlfcn.c b/lib/libcrypto/dso/dso_dlfcn.c index 578a20d91d9..e78004903c3 100644 --- a/lib/libcrypto/dso/dso_dlfcn.c +++ b/lib/libcrypto/dso/dso_dlfcn.c @@ -85,6 +85,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) # define HAVE_DLINFO 1 # if defined(_AIX) || defined(__CYGWIN__) || \ defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ + (defined(__osf__) && !defined(RTLD_NEXT)) || \ (defined(__OpenBSD__) && (!defined(__ELF__) || !defined(RTLD_SELF))) # undef HAVE_DLINFO # endif diff --git a/lib/libcrypto/dso/dso_vms.c b/lib/libcrypto/dso/dso_vms.c index 321512772aa..eee20d14f12 100644 --- a/lib/libcrypto/dso/dso_vms.c +++ b/lib/libcrypto/dso/dso_vms.c @@ -68,8 +68,20 @@ #include <stsdef.h> #include <descrip.h> #include <starlet.h> +#include "vms_rms.h" #endif +/* Some compiler options may mask the declaration of "_malloc32". */ +#if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 + void * _malloc32 (__size_t); +# pragma pointer_size restore +# endif /* __INITIAL_POINTER_SIZE == 64 */ +#endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */ + + #ifndef OPENSSL_SYS_VMS DSO_METHOD *DSO_METHOD_vms(void) { @@ -121,14 +133,13 @@ typedef struct dso_internal_st /* This should contain the name only, no directory, * no extension, nothing but a name. */ struct dsc$descriptor_s filename_dsc; - char filename[FILENAME_MAX+1]; + char filename[ NAMX_MAXRSS+ 1]; /* This contains whatever is not in filename, if needed. * Normally not defined. */ struct dsc$descriptor_s imagename_dsc; - char imagename[FILENAME_MAX+1]; + char imagename[ NAMX_MAXRSS+ 1]; } DSO_VMS_INTERNAL; - DSO_METHOD *DSO_METHOD_vms(void) { return(&dso_meth_vms); @@ -139,7 +150,22 @@ static int vms_load(DSO *dso) void *ptr = NULL; /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); - DSO_VMS_INTERNAL *p; + +/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */ +#if __INITIAL_POINTER_SIZE == 64 +# define DSO_MALLOC _malloc32 +# pragma pointer_size save +# pragma pointer_size 32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define DSO_MALLOC OPENSSL_malloc +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + + DSO_VMS_INTERNAL *p = NULL; + +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ + const char *sp1, *sp2; /* Search result */ if(filename == NULL) @@ -192,7 +218,7 @@ static int vms_load(DSO *dso) goto err; } - p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL)); + p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL)); if(p == NULL) { DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE); @@ -290,18 +316,38 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) int flags = 0; #endif struct dsc$descriptor_s symname_dsc; - *sym = NULL; - symname_dsc.dsc$w_length = strlen(symname); - symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - symname_dsc.dsc$b_class = DSC$K_CLASS_S; - symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ +/* Arrange 32-bit pointer to (copied) string storage, if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# define SYMNAME symname_32p +# pragma pointer_size save +# pragma pointer_size 32 + char *symname_32p; +# pragma pointer_size restore + char symname_32[ NAMX_MAXRSS+ 1]; +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define SYMNAME ((char *) symname) +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + + *sym = NULL; if((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER); return; } + +#if __INITIAL_POINTER_SIZE == 64 + /* Copy the symbol name to storage with a 32-bit pointer. */ + symname_32p = symname_32; + strcpy( symname_32p, symname); +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + + symname_dsc.dsc$w_length = strlen(SYMNAME); + symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; + symname_dsc.dsc$b_class = DSC$K_CLASS_S; + symname_dsc.dsc$a_pointer = SYMNAME; + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR); @@ -372,64 +418,60 @@ static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) return sym; } + static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) { int status; int filespec1len, filespec2len; struct FAB fab; -#ifdef NAML$C_MAXRSS - struct NAML nam; - char esa[NAML$C_MAXRSS]; -#else - struct NAM nam; - char esa[NAM$C_MAXRSS]; -#endif + struct NAMX_STRUCT nam; + char esa[ NAMX_MAXRSS+ 1]; char *merged; +/* Arrange 32-bit pointer to (copied) string storage, if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# define FILESPEC1 filespec1_32p; +# define FILESPEC2 filespec2_32p; +# pragma pointer_size save +# pragma pointer_size 32 + char *filespec1_32p; + char *filespec2_32p; +# pragma pointer_size restore + char filespec1_32[ NAMX_MAXRSS+ 1]; + char filespec2_32[ NAMX_MAXRSS+ 1]; +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define FILESPEC1 ((char *) filespec1) +# define FILESPEC2 ((char *) filespec2) +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + if (!filespec1) filespec1 = ""; if (!filespec2) filespec2 = ""; filespec1len = strlen(filespec1); filespec2len = strlen(filespec2); +#if __INITIAL_POINTER_SIZE == 64 + /* Copy the file names to storage with a 32-bit pointer. */ + filespec1_32p = filespec1_32; + filespec2_32p = filespec2_32; + strcpy( filespec1_32p, filespec1); + strcpy( filespec2_32p, filespec2); +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + fab = cc$rms_fab; -#ifdef NAML$C_MAXRSS - nam = cc$rms_naml; -#else - nam = cc$rms_nam; -#endif + nam = CC_RMS_NAMX; - fab.fab$l_fna = (char *)filespec1; - fab.fab$b_fns = filespec1len; - fab.fab$l_dna = (char *)filespec2; - fab.fab$b_dns = filespec2len; -#ifdef NAML$C_MAXRSS - if (filespec1len > NAM$C_MAXRSS) - { - fab.fab$l_fna = 0; - fab.fab$b_fns = 0; - nam.naml$l_long_filename = (char *)filespec1; - nam.naml$l_long_filename_size = filespec1len; - } - if (filespec2len > NAM$C_MAXRSS) - { - fab.fab$l_dna = 0; - fab.fab$b_dns = 0; - nam.naml$l_long_defname = (char *)filespec2; - nam.naml$l_long_defname_size = filespec2len; - } - nam.naml$l_esa = esa; - nam.naml$b_ess = NAM$C_MAXRSS; - nam.naml$l_long_expand = esa; - nam.naml$l_long_expand_alloc = sizeof(esa); - nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD; - nam.naml$v_no_short_upcase = 1; - fab.fab$l_naml = &nam; -#else - nam.nam$l_esa = esa; - nam.nam$b_ess = NAM$C_MAXRSS; - nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD; - fab.fab$l_nam = &nam; -#endif + FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNA = FILESPEC1; + FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNS = filespec1len; + FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNA = FILESPEC2; + FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNS = filespec2len; + NAMX_DNA_FNA_SET( fab) + + nam.NAMX_ESA = esa; + nam.NAMX_ESS = NAMX_MAXRSS; + nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD; + SET_NAMX_NO_SHORT_UPCASE( nam); + + fab.FAB_NAMX = &nam; status = sys$parse(&fab, 0, 0); @@ -460,33 +502,12 @@ static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) } return(NULL); } -#ifdef NAML$C_MAXRSS - if (nam.naml$l_long_expand_size) - { - merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1); - if(!merged) - goto malloc_err; - strncpy(merged, nam.naml$l_long_expand, - nam.naml$l_long_expand_size); - merged[nam.naml$l_long_expand_size] = '\0'; - } - else - { - merged = OPENSSL_malloc(nam.naml$b_esl + 1); - if(!merged) - goto malloc_err; - strncpy(merged, nam.naml$l_esa, - nam.naml$b_esl); - merged[nam.naml$b_esl] = '\0'; - } -#else - merged = OPENSSL_malloc(nam.nam$b_esl + 1); + + merged = OPENSSL_malloc( nam.NAMX_ESL+ 1); if(!merged) goto malloc_err; - strncpy(merged, nam.nam$l_esa, - nam.nam$b_esl); - merged[nam.nam$b_esl] = '\0'; -#endif + strncpy( merged, nam.NAMX_ESA, nam.NAMX_ESL); + merged[ nam.NAMX_ESL] = '\0'; return(merged); malloc_err: DSOerr(DSO_F_VMS_MERGER, diff --git a/lib/libcrypto/ec/ec2_smpl.c b/lib/libcrypto/ec/ec2_smpl.c index cf357b462a2..af94458ca7b 100644 --- a/lib/libcrypto/ec/ec2_smpl.c +++ b/lib/libcrypto/ec/ec2_smpl.c @@ -937,6 +937,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { diff --git a/lib/libcrypto/ec/ec_mult.c b/lib/libcrypto/ec/ec_mult.c index f05df5332e1..19f21675fbd 100644 --- a/lib/libcrypto/ec/ec_mult.c +++ b/lib/libcrypto/ec/ec_mult.c @@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_) EC_POINT **p; for (p = pre->points; *p != NULL; p++) + { EC_POINT_clear_free(*p); - OPENSSL_cleanse(pre->points, sizeof pre->points); + OPENSSL_cleanse(p, sizeof *p); + } OPENSSL_free(pre->points); } - OPENSSL_cleanse(pre, sizeof pre); + OPENSSL_cleanse(pre, sizeof *pre); OPENSSL_free(pre); } diff --git a/lib/libcrypto/ec/ecp_smpl.c b/lib/libcrypto/ec/ecp_smpl.c index 4d26f8bdf69..66a92e2a900 100644 --- a/lib/libcrypto/ec/ecp_smpl.c +++ b/lib/libcrypto/ec/ecp_smpl.c @@ -1406,6 +1406,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT * { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { diff --git a/lib/libcrypto/engine/engine.h b/lib/libcrypto/engine/engine.h index 8ad11b15d79..9d73abac8e1 100644 --- a/lib/libcrypto/engine/engine.h +++ b/lib/libcrypto/engine/engine.h @@ -678,6 +678,7 @@ typedef struct st_dynamic_fns { * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); #define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } @@ -701,6 +702,8 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ diff --git a/lib/libcrypto/evp/encode.c b/lib/libcrypto/evp/encode.c index b42c7472493..28546a84bc2 100644 --- a/lib/libcrypto/evp/encode.c +++ b/lib/libcrypto/evp/encode.c @@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; + int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; unsigned char *d; n=ctx->num; @@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, * lines. We process the line and then need to * accept the '\n' */ if ((v != B64_EOF) && (n >= 64)) exp_nl=1; - tmp2=v; if (n > 0) { v=EVP_DecodeBlock(out,d,n); diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c index bead6a2170a..c268d25cb4e 100644 --- a/lib/libcrypto/evp/evp_enc.c +++ b/lib/libcrypto/evp/evp_enc.c @@ -204,6 +204,7 @@ skip_to_init: case EVP_CIPH_OFB_MODE: ctx->num = 0; + /* fall-through */ case EVP_CIPH_CBC_MODE: diff --git a/lib/libcrypto/evp/evp_test.c b/lib/libcrypto/evp/evp_test.c index 902efac975a..55c7cdfdccf 100644 --- a/lib/libcrypto/evp/evp_test.c +++ b/lib/libcrypto/evp/evp_test.c @@ -435,6 +435,7 @@ int main(int argc,char **argv) EXIT(3); } } + fclose(f); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); diff --git a/lib/libcrypto/evp/p_lib.c b/lib/libcrypto/evp/p_lib.c index 1916c616991..e26ccd0d086 100644 --- a/lib/libcrypto/evp/p_lib.c +++ b/lib/libcrypto/evp/p_lib.c @@ -411,7 +411,10 @@ void EVP_PKEY_free(EVP_PKEY *x) static void EVP_PKEY_free_it(EVP_PKEY *x) { if (x->ameth && x->ameth->pkey_free) + { x->ameth->pkey_free(x); + x->pkey.ptr = NULL; + } #ifndef OPENSSL_NO_ENGINE if (x->engine) { diff --git a/lib/libcrypto/evp/p_sign.c b/lib/libcrypto/evp/p_sign.c index 8df6d48a7ec..bb893f5bde4 100644 --- a/lib/libcrypto/evp/p_sign.c +++ b/lib/libcrypto/evp/p_sign.c @@ -81,7 +81,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; *siglen=0; EVP_MD_CTX_init(&tmp_ctx); diff --git a/lib/libcrypto/evp/p_verify.c b/lib/libcrypto/evp/p_verify.c index 8db46412f37..41d4b671301 100644 --- a/lib/libcrypto/evp/p_verify.c +++ b/lib/libcrypto/evp/p_verify.c @@ -68,7 +68,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; EVP_MD_CTX_init(&tmp_ctx); EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); diff --git a/lib/libcrypto/hmac/hmac.c b/lib/libcrypto/hmac/hmac.c index 45015fe754d..6c98fc43a31 100644 --- a/lib/libcrypto/hmac/hmac.c +++ b/lib/libcrypto/hmac/hmac.c @@ -138,12 +138,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { - int j; unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; - j=EVP_MD_block_size(ctx->md); - if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) goto err; if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) diff --git a/lib/libcrypto/md32_common.h b/lib/libcrypto/md32_common.h index 1cb783944ea..bb7381952a2 100644 --- a/lib/libcrypto/md32_common.h +++ b/lib/libcrypto/md32_common.h @@ -165,7 +165,7 @@ asm ( \ "roll %1,%0" \ : "=r"(ret) \ - : "I"(n), "0"(a) \ + : "I"(n), "0"((unsigned int)(a)) \ : "cc"); \ ret; \ }) @@ -383,6 +383,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) } #ifndef MD32_REG_T +#if defined(__alpha) || defined(__sparcv9) || defined(__mips) #define MD32_REG_T long /* * This comment was originaly written for MD5, which is why it @@ -400,9 +401,15 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) * Well, to be honest it should say that this *prevents* * performance degradation. * <appro@fy.chalmers.se> - * Apparently there're LP64 compilers that generate better - * code if A-D are declared int. Most notably GCC-x86_64 - * generates better code. + */ +#else +/* + * Above is not absolute and there are LP64 compilers that + * generate better code if MD32_REG_T is defined int. The above + * pre-processor condition reflects the circumstances under which + * the conclusion was made and is subject to further extension. * <appro@fy.chalmers.se> */ +#define MD32_REG_T int +#endif #endif diff --git a/lib/libcrypto/o_time.c b/lib/libcrypto/o_time.c index eecbdd19f0c..9030fdef7ae 100644 --- a/lib/libcrypto/o_time.c +++ b/lib/libcrypto/o_time.c @@ -64,12 +64,18 @@ #include "o_time.h" #ifdef OPENSSL_SYS_VMS -# include <libdtdef.h> -# include <lib$routines.h> -# include <lnmdef.h> -# include <starlet.h> -# include <descrip.h> -# include <stdlib.h> +# if __CRTL_VER >= 70000000 && \ + (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE) +# define VMS_GMTIME_OK +# endif +# ifndef VMS_GMTIME_OK +# include <libdtdef.h> +# include <lib$routines.h> +# include <lnmdef.h> +# include <starlet.h> +# include <descrip.h> +# include <stdlib.h> +# endif /* ndef VMS_GMTIME_OK */ #endif struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) @@ -81,7 +87,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) so we don't even look at the return value */ gmtime_r(timer,result); ts = result; -#elif !defined(OPENSSL_SYS_VMS) +#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) ts = gmtime(timer); if (ts == NULL) return NULL; @@ -89,7 +95,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) memcpy(result, ts, sizeof(struct tm)); ts = result; #endif -#ifdef OPENSSL_SYS_VMS +#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK) if (ts == NULL) { static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL"); diff --git a/lib/libcrypto/ocsp/ocsp_ht.c b/lib/libcrypto/ocsp/ocsp_ht.c index 12bbfcffd13..af5fc16691d 100644 --- a/lib/libcrypto/ocsp/ocsp_ht.c +++ b/lib/libcrypto/ocsp/ocsp_ht.c @@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) case OHS_ASN1_HEADER: - /* Now reading ASN1 header: can read at least 6 bytes which - * is more than enough for any valid ASN1 SEQUENCE header + /* Now reading ASN1 header: can read at least 2 bytes which + * is enough for ASN1 SEQUENCE header and either length field + * or at least the length of the length field. */ n = BIO_get_mem_data(rctx->mem, &p); - if (n < 6) + if (n < 2) goto next_io; /* Check it is an ASN1 SEQUENCE */ @@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) /* Check out length field */ if (*p & 0x80) { + /* If MSB set on initial length octet we can now + * always read 6 octets: make sure we have them. + */ + if (n < 6) + goto next_io; n = *p & 0x7F; /* Not NDEF or excessive length */ if (!n || (n > 4)) diff --git a/lib/libcrypto/ocsp/ocsp_lib.c b/lib/libcrypto/ocsp/ocsp_lib.c index 36905d76cd4..e92b86c0609 100644 --- a/lib/libcrypto/ocsp/ocsp_lib.c +++ b/lib/libcrypto/ocsp/ocsp_lib.c @@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss char *host, *port; - /* dup the buffer since we are going to mess with it */ - buf = BUF_strdup(url); - if (!buf) goto mem_err; - *phost = NULL; *pport = NULL; *ppath = NULL; + /* dup the buffer since we are going to mess with it */ + buf = BUF_strdup(url); + if (!buf) goto mem_err; + /* Check for initial colon */ p = strchr(buf, ':'); diff --git a/lib/libcrypto/ocsp/ocsp_prn.c b/lib/libcrypto/ocsp/ocsp_prn.c index 1695c9c4ad5..87608ff399b 100644 --- a/lib/libcrypto/ocsp/ocsp_prn.c +++ b/lib/libcrypto/ocsp/ocsp_prn.c @@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { int i, ret = 0; long l; - unsigned char *p; OCSP_CERTID *cid = NULL; OCSP_BASICRESP *br = NULL; OCSP_RESPID *rid = NULL; @@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) return 1; } - p = ASN1_STRING_data(rb->response); i = ASN1_STRING_length(rb->response); if (!(br = OCSP_response_get1_basic(o))) goto err; rd = br->tbsResponseData; diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h index 2fb110fa0e2..310a3387be2 100644 --- a/lib/libcrypto/opensslv.h +++ b/lib/libcrypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000001fL +#define OPENSSL_VERSION_NUMBER 0x1000005fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e-fips 6 Sep 2011" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a 1 Jun 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e 6 Sep 2011" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index 42e4861bc14..cfc89a99215 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -482,7 +482,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) { - int o; const EVP_CIPHER *enc=NULL; char *p,c; char **header_pp = &header; @@ -522,7 +521,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) header++; } *header='\0'; - o=OBJ_sn2nid(p); cipher->cipher=enc=EVP_get_cipherbyname(p); *header=c; header++; diff --git a/lib/libcrypto/perlasm/cbc.pl b/lib/libcrypto/perlasm/cbc.pl index e43dc9ae15e..6fc2510905b 100644 --- a/lib/libcrypto/perlasm/cbc.pl +++ b/lib/libcrypto/perlasm/cbc.pl @@ -158,7 +158,6 @@ sub cbc &jmp_ptr($count); &set_label("ej7"); - &xor("edx", "edx") if $ppro; # ppro friendly &movb(&HB("edx"), &BP(6,$in,"",0)); &shl("edx",8); &set_label("ej6"); @@ -170,7 +169,6 @@ sub cbc &jmp(&label("ejend")); &set_label("ej3"); &movb(&HB("ecx"), &BP(2,$in,"",0)); - &xor("ecx", "ecx") if $ppro; # ppro friendly &shl("ecx",8); &set_label("ej2"); &movb(&HB("ecx"), &BP(1,$in,"",0)); diff --git a/lib/libcrypto/perlasm/x86_64-xlate.pl b/lib/libcrypto/perlasm/x86_64-xlate.pl index d66ad240959..68b4c1ca809 100755 --- a/lib/libcrypto/perlasm/x86_64-xlate.pl +++ b/lib/libcrypto/perlasm/x86_64-xlate.pl @@ -167,7 +167,7 @@ my %globals; } elsif ($self->{op} =~ /^(pop|push)f/) { $self->{op} .= $self->{sz}; } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") { - $self->{op} = "ALIGN\t8\n\tDQ"; + $self->{op} = "\tDQ"; } $self->{op}; } @@ -546,6 +546,8 @@ my %globals; if ($line=~/\.([px])data/) { $v.=" rdata align="; $v.=$1 eq "p"? 4 : 8; + } elsif ($line=~/\.CRT\$/i) { + $v.=" rdata align=8"; } } else { $v="$current_segment\tENDS\n" if ($current_segment); @@ -553,6 +555,8 @@ my %globals; if ($line=~/\.([px])data/) { $v.=" READONLY"; $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref); + } elsif ($line=~/\.CRT\$/i) { + $v.=" READONLY DWORD"; } } $current_segment = $line; diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c index a29794bbbc1..424203f648a 100644 --- a/lib/libcrypto/pkcs12/p12_key.c +++ b/lib/libcrypto/pkcs12/p12_key.c @@ -107,6 +107,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, unsigned char *B, *D, *I, *p, *Ai; int Slen, Plen, Ilen, Ijlen; int i, j, u, v; + int ret = 0; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ EVP_MD_CTX ctx; #ifdef DEBUG_KEYGEN @@ -144,10 +145,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, I = OPENSSL_malloc (Ilen); Ij = BN_new(); Bpl1 = BN_new(); - if (!D || !Ai || !B || !I || !Ij || !Bpl1) { - PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); - return 0; - } + if (!D || !Ai || !B || !I || !Ij || !Bpl1) + goto err; for (i = 0; i < v; i++) D[i] = id; p = I; for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; @@ -164,28 +163,22 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, } memcpy (out, Ai, min (n, u)); if (u >= n) { - OPENSSL_free (Ai); - OPENSSL_free (B); - OPENSSL_free (D); - OPENSSL_free (I); - BN_free (Ij); - BN_free (Bpl1); - EVP_MD_CTX_cleanup(&ctx); #ifdef DEBUG_KEYGEN fprintf(stderr, "Output KEY (length %d)\n", tmpn); h__dump(tmpout, tmpn); #endif - return 1; + ret = 1; + goto end; } n -= u; out += u; for (j = 0; j < v; j++) B[j] = Ai[j % u]; /* Work out B + 1 first then can use B as tmp space */ - BN_bin2bn (B, v, Bpl1); - BN_add_word (Bpl1, 1); + if (!BN_bin2bn (B, v, Bpl1)) goto err; + if (!BN_add_word (Bpl1, 1)) goto err; for (j = 0; j < Ilen ; j+=v) { - BN_bin2bn (I + j, v, Ij); - BN_add (Ij, Ij, Bpl1); + if (!BN_bin2bn (I + j, v, Ij)) goto err; + if (!BN_add (Ij, Ij, Bpl1)) goto err; BN_bn2bin (Ij, B); Ijlen = BN_num_bytes (Ij); /* If more than 2^(v*8) - 1 cut off MSB */ @@ -201,6 +194,19 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, } else BN_bn2bin (Ij, I + j); } } + +err: + PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); + +end: + OPENSSL_free (Ai); + OPENSSL_free (B); + OPENSSL_free (D); + OPENSSL_free (I); + BN_free (Ij); + BN_free (Bpl1); + EVP_MD_CTX_cleanup(&ctx); + return ret; } #ifdef DEBUG_KEYGEN void h__dump (unsigned char *p, int len) diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index 451de844894..3bf1a367bbd 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -422,7 +422,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) X509_ALGOR *enc_alg=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; i=OBJ_obj2nid(p7->type); @@ -445,7 +444,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; break; case NID_pkcs7_enveloped: rsk=p7->d.enveloped->recipientinfo; @@ -457,7 +455,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.enveloped->enc_data->algorithm; break; default: PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); diff --git a/lib/libcrypto/pkcs7/pk7_lib.c b/lib/libcrypto/pkcs7/pk7_lib.c index 3ca0952792a..d411269b50b 100644 --- a/lib/libcrypto/pkcs7/pk7_lib.c +++ b/lib/libcrypto/pkcs7/pk7_lib.c @@ -591,7 +591,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) { int i; - ASN1_OBJECT *objtmp; PKCS7_ENC_CONTENT *ec; i=OBJ_obj2nid(p7->type); @@ -614,7 +613,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); return(0); } - objtmp = OBJ_nid2obj(i); ec->cipher = cipher; return 1; diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c index 88088ce73c3..b2f04ff13ec 100644 --- a/lib/libcrypto/rand/md_rand.c +++ b/lib/libcrypto/rand/md_rand.c @@ -476,11 +476,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); #ifndef PURIFY /* purify complains */ - /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + /* The following line uses the supplied buffer as a small + * source of entropy: since this buffer is often uninitialised + * it may cause programs such as purify or valgrind to + * complain. So for those builds it is not used: the removal + * of such a small source of entropy has negligible impact on + * security. + */ MD_Update(&m,buf,j); - /* We know that line may cause programs such as - purify and valgrind to complain about use of - uninitialized data. */ #endif k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; diff --git a/lib/libcrypto/rand/rand_vms.c b/lib/libcrypto/rand/rand_vms.c index 1267a3acae7..0bfd8ff7e46 100644 --- a/lib/libcrypto/rand/rand_vms.c +++ b/lib/libcrypto/rand/rand_vms.c @@ -69,6 +69,17 @@ # pragma message disable DOLLARID #endif +/* Use 32-bit pointers almost everywhere. Define the type to which to + * cast a pointer passed to an external function. + */ +#if __INITIAL_POINTER_SIZE == 64 +# define PTR_T __void_ptr64 +# pragma pointer_size save +# pragma pointer_size 32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_T void * +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + static struct items_data_st { short length, code; /* length is amount of bytes */ @@ -125,11 +136,12 @@ int RAND_poll(void) { if (status == SS$_NORMAL) { - RAND_add(data_buffer, total_length, total_length/2); + RAND_add( (PTR_T)data_buffer, total_length, + total_length/2); } } sys$gettim(iosb); - RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2); + RAND_add( (PTR_T)iosb, sizeof(iosb), sizeof(iosb)/2); return 1; } diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c index 4ed40b7b70a..bc7d9c58049 100644 --- a/lib/libcrypto/rand/randfile.c +++ b/lib/libcrypto/rand/randfile.c @@ -144,7 +144,9 @@ int RAND_load_file(const char *file, long bytes) * I/O because we will waste system entropy. */ bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ +#ifndef OPENSSL_NO_SETVBUF_IONBF setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ } #endif for (;;) @@ -269,7 +271,6 @@ err: const char *RAND_file_name(char *buf, size_t size) { char *s=NULL; - int ok = 0; #ifdef __OpenBSD__ struct stat sb; #endif @@ -298,7 +299,6 @@ const char *RAND_file_name(char *buf, size_t size) BUF_strlcat(buf,"/",size); #endif BUF_strlcat(buf,RFILE,size); - ok = 1; } else buf[0] = '\0'; /* no file name */ @@ -312,7 +312,7 @@ const char *RAND_file_name(char *buf, size_t size) * to something hopefully decent if that isn't available. */ - if (!ok) + if (!buf[0]) if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { return(NULL); } diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c index c5eaeeae6bd..7c941885f07 100644 --- a/lib/libcrypto/rsa/rsa_eay.c +++ b/lib/libcrypto/rsa/rsa_eay.c @@ -675,7 +675,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, rsa->_method_mod_n)) goto err; if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) - BN_sub(ret, rsa->n, ret); + if (!BN_sub(ret, rsa->n, ret)) goto err; p=buf; i=BN_bn2bin(ret,p); diff --git a/lib/libcrypto/rsa/rsa_oaep.c b/lib/libcrypto/rsa/rsa_oaep.c index e238d10e5cc..18d307ea9e1 100644 --- a/lib/libcrypto/rsa/rsa_oaep.c +++ b/lib/libcrypto/rsa/rsa_oaep.c @@ -189,34 +189,40 @@ int PKCS1_MGF1(unsigned char *mask, long len, EVP_MD_CTX c; unsigned char md[EVP_MAX_MD_SIZE]; int mdlen; + int rv = -1; EVP_MD_CTX_init(&c); mdlen = EVP_MD_size(dgst); if (mdlen < 0) - return -1; + goto err; for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - EVP_DigestInit_ex(&c,dgst, NULL); - EVP_DigestUpdate(&c, seed, seedlen); - EVP_DigestUpdate(&c, cnt, 4); + if (!EVP_DigestInit_ex(&c,dgst, NULL) + || !EVP_DigestUpdate(&c, seed, seedlen) + || !EVP_DigestUpdate(&c, cnt, 4)) + goto err; if (outlen + mdlen <= len) { - EVP_DigestFinal_ex(&c, mask + outlen, NULL); + if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) + goto err; outlen += mdlen; } else { - EVP_DigestFinal_ex(&c, md, NULL); + if (!EVP_DigestFinal_ex(&c, md, NULL)) + goto err; memcpy(mask + outlen, md, len - outlen); outlen = len; } } + rv = 0; + err: EVP_MD_CTX_cleanup(&c); - return 0; + return rv; } static int MGF1(unsigned char *mask, long len, const unsigned char *seed, diff --git a/lib/libcrypto/stack/safestack.h b/lib/libcrypto/stack/safestack.h index 891cb84a514..3e76aa58f5f 100644 --- a/lib/libcrypto/stack/safestack.h +++ b/lib/libcrypto/stack/safestack.h @@ -179,7 +179,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) sk_is_sorted(CHECKED_STACK_OF(type, st)) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \ + (STACK_OF(type) *)d2i_ASN1_SET( \ + (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ pp, length, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ @@ -2030,79 +2031,79 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_void_sort(st) SKM_sk_sort(void, (st)) #define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) -#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) -#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) -#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i)) -#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) -#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i) -#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) -#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr)) -#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ - ((int (*)(const void * const *,const void * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp))) -#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st)) -#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) +#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) +#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) +#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) +#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) +#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) #define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) -#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i)) +#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) #define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) -#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) -#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) +#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) #define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) -#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) -#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) #define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) #define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) #define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st)) +#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) #define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) -#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) -#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i)) -#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) -#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i) -#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) -#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr)) -#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ - ((int (*)(const char * const *,const char * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp))) -#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st)) -#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) +#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) +#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) +#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) +#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) +#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) +#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) +#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ + ((int (*)(const void * const *,const void * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) +#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ diff --git a/lib/libcrypto/util/cygwin.sh b/lib/libcrypto/util/cygwin.sh index a4f2e740b42..d6228521e66 100644 --- a/lib/libcrypto/util/cygwin.sh +++ b/lib/libcrypto/util/cygwin.sh @@ -8,7 +8,7 @@ #set -x CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5" -INSTALL_PREFIX=/tmp/install +INSTALL_PREFIX=/tmp/install/INSTALL VERSION= SUBVERSION=$1 @@ -124,8 +124,12 @@ strip usr/bin/*.exe usr/bin/*.dll usr/lib/engines/*.so chmod u-w usr/lib/engines/*.so # Runtime package -find etc usr/bin usr/lib/engines usr/share/doc usr/ssl/certs \ - usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private \ +tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \ + usr/bin/cyg*dll +# Base package +find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \ + usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf \ + usr/ssl/private \ -empty -o \! -type d | tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 - # Development package @@ -135,6 +139,7 @@ tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 +ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 cleanup diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num index c68047e9557..1467ab62433 100644 --- a/lib/libcrypto/util/libeay.num +++ b/lib/libcrypto/util/libeay.num @@ -4178,4 +4178,20 @@ UI_method_get_prompt_constructr 4550 EXIST:VMS:FUNCTION: UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION: UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION: EVP_read_pw_string_min 4552 EXIST::FUNCTION: -ENGINE_load_aesni 4553 EXIST::FUNCTION:ENGINE +CRYPTO_cts128_encrypt 4553 EXIST::FUNCTION: +CRYPTO_cts128_decrypt_block 4554 EXIST::FUNCTION: +CRYPTO_cfb128_1_encrypt 4555 EXIST::FUNCTION: +CRYPTO_cbc128_encrypt 4556 EXIST::FUNCTION: +CRYPTO_ctr128_encrypt 4557 EXIST::FUNCTION: +CRYPTO_ofb128_encrypt 4558 EXIST::FUNCTION: +CRYPTO_cts128_decrypt 4559 EXIST::FUNCTION: +CRYPTO_cts128_encrypt_block 4560 EXIST::FUNCTION: +CRYPTO_cbc128_decrypt 4561 EXIST::FUNCTION: +CRYPTO_cfb128_encrypt 4562 EXIST::FUNCTION: +CRYPTO_cfb128_8_encrypt 4563 EXIST::FUNCTION: +OPENSSL_strcasecmp 4564 EXIST::FUNCTION: +OPENSSL_memcmp 4565 EXIST::FUNCTION: +OPENSSL_strncasecmp 4566 EXIST::FUNCTION: +OPENSSL_gmtime 4567 EXIST::FUNCTION: +OPENSSL_gmtime_adj 4568 EXIST::FUNCTION: +ENGINE_load_aesni 4569 EXIST::FUNCTION:ENGINE diff --git a/lib/libcrypto/util/mk1mf.pl b/lib/libcrypto/util/mk1mf.pl index 780029a03fd..1dcef2b8a24 100644 --- a/lib/libcrypto/util/mk1mf.pl +++ b/lib/libcrypto/util/mk1mf.pl @@ -13,6 +13,7 @@ $banner="\t\@echo Building OpenSSL"; my $no_static_engine = 1; my $engines = ""; +my $otherlibs = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; local $perl_asm = 0; # 1 to autobuild asm files from perl scripts @@ -266,6 +267,7 @@ $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; +$cflags.=" -DOPENSSL_NO_GOST" if $no_gost; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; @@ -356,6 +358,12 @@ for (;;) $lib=$val; $lib =~ s/^.*\/([^\/]+)$/$1/; } + if ($key eq "LIBNAME" && $no_static_engine) + { + $lib=$val; + $lib =~ s/^.*\/([^\/]+)$/$1/; + $otherlibs .= " $lib"; + } if ($key eq "EXHEADER") { $exheader.=&var_add($dir,$val, 1); } @@ -658,7 +666,7 @@ foreach (split(/\s+/,$test)) $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); } -$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); +$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp); foreach (split(/\s+/,$engines)) { @@ -671,6 +679,14 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); +foreach (split(" ",$otherlibs)) + { + my $uc = $_; + $uc =~ tr /a-z/A-Z/; + $rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, ""); + + } + $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); print $defs; @@ -708,6 +724,7 @@ sub var_add return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; + return("") if $no_gost && $dir =~ /\/ccgost/; return("") if $no_cms && $dir =~ /\/cms/; return("") if $no_jpake && $dir =~ /\/jpake/; if ($no_des && $dir =~ /\/des/) @@ -1047,6 +1064,7 @@ sub read_options "no-ec" => \$no_ec, "no-ecdsa" => \$no_ecdsa, "no-ecdh" => \$no_ecdh, + "no-gost" => \$no_gost, "no-engine" => \$no_engine, "no-hw" => \$no_hw, "just-ssl" => diff --git a/lib/libcrypto/util/mkdef.pl b/lib/libcrypto/util/mkdef.pl index a4a17e3ae9f..ab473290974 100644 --- a/lib/libcrypto/util/mkdef.pl +++ b/lib/libcrypto/util/mkdef.pl @@ -257,6 +257,8 @@ $ssl.=" ssl/tls1.h"; my $crypto ="crypto/crypto.h"; $crypto.=" crypto/o_dir.h"; +$crypto.=" crypto/o_str.h"; +$crypto.=" crypto/o_time.h"; $crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des; $crypto.=" crypto/idea/idea.h" ; # unless $no_idea; $crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4; @@ -316,6 +318,7 @@ $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; $crypto.=" crypto/jpake/jpake.h"; +$crypto.=" crypto/modes/modes.h"; my $symhacks="crypto/symhacks.h"; diff --git a/lib/libcrypto/util/mkerr.pl b/lib/libcrypto/util/mkerr.pl index 15b774f2772..2c99467d340 100644 --- a/lib/libcrypto/util/mkerr.pl +++ b/lib/libcrypto/util/mkerr.pl @@ -391,7 +391,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", @@ -576,7 +576,7 @@ EOF print OUT <<"EOF"; /* $cfile */ /* ==================================================================== - * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libcrypto/util/mkstack.pl b/lib/libcrypto/util/mkstack.pl index 6a43757c95b..f708610a788 100644 --- a/lib/libcrypto/util/mkstack.pl +++ b/lib/libcrypto/util/mkstack.pl @@ -104,25 +104,25 @@ EOF #define sk_${t1}_new(cmp) ((STACK_OF($t1) *)sk_new(CHECKED_SK_CMP_FUNC($t2, cmp))) #define sk_${t1}_new_null() ((STACK_OF($t1) *)sk_new_null()) -#define sk_${t1}_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) -#define sk_${t1}_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) -#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_PTR_OF(STACK_OF($t1), st), i)) +#define sk_${t1}_push(st, val) sk_push(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_find(st, val) sk_find(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_STACK_OF($t1, st), i)) #define sk_${t1}_num(st) SKM_sk_num($t1, st) -#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_FREE_FUNC2($t1, free_func)) -#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val), i) +#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF($t1, st), CHECKED_SK_FREE_FUNC2($t1, free_func)) +#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val), i) #define sk_${t1}_free(st) SKM_sk_free(${t1}, st) -#define sk_${t1}_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), i, CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_set(st, i, val) sk_set(CHECKED_STACK_OF($t1, st), i, CHECKED_PTR_OF($t2, val)) #define sk_${t1}_zero(st) SKM_sk_zero($t1, (st)) -#define sk_${t1}_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_unshift(st, val) sk_unshift(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) #define sk_${t1}_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF($t1), st), CHECKED_CONST_PTR_OF($t2, val)) #define sk_${t1}_delete(st, i) SKM_sk_delete($t1, (st), (i)) -#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, ptr)) +#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, ptr)) #define sk_${t1}_set_cmp_func(st, cmp) \\ ((int (*)(const $t2 * const *,const $t2 * const *)) \\ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_CMP_FUNC($t2, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF($t1, st), CHECKED_SK_CMP_FUNC($t2, cmp))) #define sk_${t1}_dup(st) SKM_sk_dup($t1, st) #define sk_${t1}_shift(st) SKM_sk_shift($t1, (st)) -#define sk_${t1}_pop(st) ($t2 *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st)) +#define sk_${t1}_pop(st) ($t2 *)sk_pop(CHECKED_STACK_OF($t1, st)) #define sk_${t1}_sort(st) SKM_sk_sort($t1, (st)) #define sk_${t1}_is_sorted(st) SKM_sk_is_sorted($t1, (st)) diff --git a/lib/libcrypto/util/pl/VC-32.pl b/lib/libcrypto/util/pl/VC-32.pl index c3e29fda965..5f25fc41bfa 100644 --- a/lib/libcrypto/util/pl/VC-32.pl +++ b/lib/libcrypto/util/pl/VC-32.pl @@ -138,8 +138,8 @@ else } # generate symbols.pdb unconditionally -$app_cflag.=" /Zi /Fd$tmp_def/app"; -$lib_cflag.=" /Zi /Fd$tmp_def/lib"; +$app_cflag.=" /Zi /Fd\$(TMP_D)/app"; +$lib_cflag.=" /Zi /Fd\$(TMP_D)/lib"; $lflags.=" /debug"; $obj='.obj'; @@ -195,7 +195,7 @@ if ($FLAVOR =~ /WIN64A/) { my $ver=`nasm -v 2>NUL`; my $vew=`nasmw -v 2>NUL`; # pick newest version - $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; + $asm=($ver ge $vew?"nasm":"nasmw")." -f win32"; $asmtype="win32n"; $afile='-o '; } else { diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index 604f4fb27fb..e6f8a40395b 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -258,6 +258,7 @@ typedef struct x509_cinf_st ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; } X509_CINF; /* This stuff is certificate "auxiliary info" diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index 87ebf62525c..5a0b0249b40 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -703,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx) x = sk_X509_value(ctx->chain, cnum); ctx->current_cert = x; ctx->current_issuer = NULL; + ctx->current_crl_score = 0; ctx->current_reasons = 0; while (ctx->current_reasons != CRLDP_ALL_REASONS) { @@ -2015,6 +2016,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->error_depth=0; ctx->current_cert=NULL; ctx->current_issuer=NULL; + ctx->current_crl=NULL; + ctx->current_crl_score=0; + ctx->current_reasons=0; ctx->tree = NULL; ctx->parent = NULL; @@ -2034,7 +2038,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, if (store) ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); else - ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; + ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; if (store) { diff --git a/lib/libcrypto/x509/x_all.c b/lib/libcrypto/x509/x_all.c index ebae30b7013..8ec88c215a4 100644 --- a/lib/libcrypto/x509/x_all.c +++ b/lib/libcrypto/x509/x_all.c @@ -90,6 +90,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { + x->cert_info->enc.modified = 1; return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, x->sig_alg, x->signature, x->cert_info,pkey,md)); } diff --git a/lib/libcrypto/x509v3/pcy_tree.c b/lib/libcrypto/x509v3/pcy_tree.c index 92f6b245567..bb9777348f8 100644 --- a/lib/libcrypto/x509v3/pcy_tree.c +++ b/lib/libcrypto/x509v3/pcy_tree.c @@ -341,9 +341,8 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache) { int i; - X509_POLICY_LEVEL *last; X509_POLICY_DATA *data; - last = curr - 1; + for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { data = sk_X509_POLICY_DATA_value(cache->data, i); diff --git a/lib/libcrypto/x509v3/v3_addr.c b/lib/libcrypto/x509v3/v3_addr.c index 9087d66e0ad..0d70e8696d9 100644 --- a/lib/libcrypto/x509v3/v3_addr.c +++ b/lib/libcrypto/x509v3/v3_addr.c @@ -177,12 +177,18 @@ static int i2r_address(BIO *out, unsigned char addr[ADDR_RAW_BUF_LEN]; int i, n; + if (bs->length < 0) + return 0; switch (afi) { case IANA_AFI_IPV4: + if (bs->length > 4) + return 0; addr_expand(addr, bs, 4, fill); BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; case IANA_AFI_IPV6: + if (bs->length > 16) + return 0; addr_expand(addr, bs, 16, fill); for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) ; diff --git a/lib/libcrypto/x509v3/v3_asid.c b/lib/libcrypto/x509v3/v3_asid.c index 56702f86b93..3f434c06038 100644 --- a/lib/libcrypto/x509v3/v3_asid.c +++ b/lib/libcrypto/x509v3/v3_asid.c @@ -61,7 +61,6 @@ #include <stdio.h> #include <string.h> -#include <assert.h> #include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> @@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_, { const ASIdOrRange *a = *a_, *b = *b_; - assert((a->type == ASIdOrRange_id && a->u.id != NULL) || + OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || (a->type == ASIdOrRange_range && a->u.range != NULL && a->u.range->min != NULL && a->u.range->max != NULL)); - assert((b->type == ASIdOrRange_id && b->u.id != NULL) || + OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || (b->type == ASIdOrRange_range && b->u.range != NULL && b->u.range->min != NULL && b->u.range->max != NULL)); @@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which) if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - assert((*choice)->u.inherit == NULL); + OPENSSL_assert((*choice)->u.inherit == NULL); if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) return 0; (*choice)->type = ASIdentifierChoice_inherit; @@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid, if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - assert((*choice)->u.asIdsOrRanges == NULL); + OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL); (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); if ((*choice)->u.asIdsOrRanges == NULL) return 0; @@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor, ASN1_INTEGER **min, ASN1_INTEGER **max) { - assert(aor != NULL && min != NULL && max != NULL); + OPENSSL_assert(aor != NULL && min != NULL && max != NULL); switch (aor->type) { case ASIdOrRange_id: *min = aor->u.id; @@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) int v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) || + (ASIdentifierChoice_is_canonical(asid->asnum) && ASIdentifierChoice_is_canonical(asid->rdi))); } @@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * We have a list. Sort it. */ - assert(choice->type == ASIdentifierChoice_asIdsOrRanges); + OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges); sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); /* @@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Make sure we're properly sorted (paranoia). */ - assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); + OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); /* * Check for overlaps. @@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) } } - assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ + OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ ret = 1; @@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, int i, ret = 1, inherit_as = 0, inherit_rdi = 0; X509 *x; - assert(chain != NULL && sk_X509_num(chain) > 0); - assert(ctx != NULL || ext != NULL); - assert(ctx == NULL || ctx->verify_cb != NULL); + OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); + OPENSSL_assert(ctx != NULL || ext != NULL); + OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); /* * Figure out where to start. If we don't have an extension to @@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, } else { i = 0; x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if ((ext = x->rfc3779_asid) == NULL) goto done; } @@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, */ for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if (x->rfc3779_asid == NULL) { if (child_as != NULL || child_rdi != NULL) validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, /* * Trust anchor can't inherit. */ - assert(x != NULL); + OPENSSL_assert(x != NULL); if (x->rfc3779_asid != NULL) { if (x->rfc3779_asid->asnum != NULL && x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) |