diff options
Diffstat (limited to 'lib/libssl')
30 files changed, 573 insertions, 298 deletions
diff --git a/lib/libssl/LICENSE b/lib/libssl/LICENSE index a2c4adcbe6a..e47d101f102 100644 --- a/lib/libssl/LICENSE +++ b/lib/libssl/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libssl/bio_ssl.c b/lib/libssl/bio_ssl.c index af319af302a..eedac8a3fcf 100644 --- a/lib/libssl/bio_ssl.c +++ b/lib/libssl/bio_ssl.c @@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_SET_SSL: if (ssl != NULL) + { ssl_free(b); + if (!ssl_new(b)) + return 0; + } b->shutdown=(int)num; ssl=(SSL *)ptr; ((BIO_SSL *)b->ptr)->ssl=ssl; diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 5bc9eb6603f..089fa4c7f82 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -407,7 +407,8 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_B: - dtls1_start_timer(s); + if (!s->hit) + dtls1_start_timer(s); ret=dtls1_send_change_cipher_spec(s, SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; @@ -442,7 +443,8 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: - dtls1_start_timer(s); + if (!s->hit) + dtls1_start_timer(s); ret=dtls1_send_finished(s, SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, s->method->ssl3_enc->client_finished_label, diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index a5439d544fb..39aac73e104 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -296,9 +296,6 @@ dtls1_process_buffered_records(SSL *s) item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { - DTLS1_RECORD_DATA *rdata; - rdata = (DTLS1_RECORD_DATA *)item->data; - /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) return(1); /* Nothing to do. */ @@ -412,11 +409,12 @@ dtls1_process_record(SSL *s) enc_err = s->method->ssl3_enc->enc(s,0); if (enc_err <= 0) { - if (enc_err == 0) - /* SSLerr() and ssl3_send_alert() have been called */ - goto err; - - /* otherwise enc_err == -1 */ + /* decryption failed, silently discard message */ + if (enc_err < 0) + { + rr->length = 0; + s->packet_length = 0; + } goto err; } @@ -528,14 +526,12 @@ int dtls1_get_record(SSL *s) int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; - SSL_SESSION *sess; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); - sess=s->session; /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ @@ -662,10 +658,12 @@ again: /* If this record is from the next epoch (either HM or ALERT), * and a handshake is currently in progress, buffer it since it - * cannot be processed at this time. */ + * cannot be processed at this time. However, do not buffer + * anything while listening. + */ if (is_next_epoch) { - if (SSL_in_init(s) || s->in_handshake) + if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); } diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 301ceda7a57..a6a4c87ea64 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -150,6 +150,7 @@ int dtls1_accept(SSL *s) unsigned long alg_k; int ret= -1; int new_state,state,skip=0; + int listen; RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); @@ -159,11 +160,15 @@ int dtls1_accept(SSL *s) cb=s->info_callback; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; + + listen = s->d1->listen; /* init things to blank */ s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->d1->listen = listen; + if (s->cert == NULL) { SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); @@ -273,11 +278,23 @@ int dtls1_accept(SSL *s) s->init_num=0; + /* Reflect ClientHello sequence to remain stateless while listening */ + if (listen) + { + memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); + } + /* If we're just listening, stop here */ - if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) + if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; s->d1->listen = 0; + /* Set expected sequence numbers + * to continue the handshake. + */ + s->d1->handshake_read_seq = 2; + s->d1->handshake_write_seq = 1; + s->d1->next_handshake_write_seq = 1; goto end; } @@ -286,7 +303,6 @@ int dtls1_accept(SSL *s) case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - dtls1_start_timer(s); ret = dtls1_send_hello_verify_request(s); if ( ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; @@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s) /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); } /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ @@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s) SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - if (!EC_KEY_up_ref(ecdhp)) + if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - ecdh = ecdhp; s->s3->tmp.ecdh=ecdh; if ((EC_KEY_get0_public_key(ecdh) == NULL) || diff --git a/lib/libssl/s23_lib.c b/lib/libssl/s23_lib.c index e3fce534304..3bf728318a4 100644 --- a/lib/libssl/s23_lib.c +++ b/lib/libssl/s23_lib.c @@ -92,15 +92,8 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u) * available */ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c; const SSL_CIPHER *cp; - unsigned long id; - int n; - n=ssl3_num_ciphers(); - id=0x03000000|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; cp=ssl3_get_cipher_by_char(p); #ifndef OPENSSL_NO_SSL2 if (cp == NULL) diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 8cc291b9228..50bd415b568 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1511,6 +1511,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); + bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; } @@ -2242,6 +2243,7 @@ int ssl3_send_client_key_exchange(SSL *s) if (!DH_generate_key(dh_clnt)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + DH_free(dh_clnt); goto err; } @@ -2253,6 +2255,7 @@ int ssl3_send_client_key_exchange(SSL *s) if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + DH_free(dh_clnt); goto err; } diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index d6b047c9955..62c791cb724 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s) } #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) + { DH_free(s->s3->tmp.dh); + s->s3->tmp.dh = NULL; + } #endif #ifndef OPENSSL_NO_ECDH if (s->s3->tmp.ecdh != NULL) + { EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } #endif rp = s->s3->rbuf.buf; diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index e3f6050a26a..f9b3629cf78 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -246,7 +246,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) if (i <= 0) { rb->left = left; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && + SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) if (len+left == 0) ssl3_release_read_buffer(s); return(i); @@ -846,7 +847,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, { wb->left=0; wb->offset+=i; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && + SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) ssl3_release_write_buffer(s); s->rwstate=SSL_NOTHING; return(s->s3->wpend_ret); diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 61ee0a3e422..c3b5ff33ff8 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -768,9 +768,7 @@ int ssl3_check_client_hello(SSL *s) if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) { /* Throw away what we have done so far in the current handshake, - * which will now be aborted. (A full SSL_clear would be too much.) - * I hope that tmp.dh is the only thing that may need to be cleared - * when a handshake is not completed ... */ + * which will now be aborted. (A full SSL_clear would be too much.) */ #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) { @@ -778,6 +776,13 @@ int ssl3_check_client_hello(SSL *s) s->s3->tmp.dh = NULL; } #endif +#ifndef OPENSSL_NO_ECDH + if (s->s3->tmp.ecdh != NULL) + { + EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } +#endif return 2; } return 1; @@ -1491,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s) if (s->s3->tmp.dh != NULL) { - DH_free(dh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1552,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s) if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1563,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - if (!EC_KEY_up_ref(ecdhp)) + if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - ecdh = ecdhp; s->s3->tmp.ecdh=ecdh; if ((EC_KEY_get0_public_key(ecdh) == NULL) || @@ -1731,6 +1733,7 @@ int ssl3_send_server_key_exchange(SSL *s) (unsigned char *)encodedPoint, encodedlen); OPENSSL_free(encodedPoint); + encodedPoint = NULL; p += encodedlen; } #endif @@ -2440,6 +2443,12 @@ int ssl3_get_client_key_exchange(SSL *s) /* Get encoded point length */ i = *p; p += 1; + if (n != 1 + i) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) { @@ -2584,12 +2593,19 @@ int ssl3_get_client_key_exchange(SSL *s) { int ret = 0; EVP_PKEY_CTX *pkey_ctx; - EVP_PKEY *client_pub_pkey = NULL; + EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; unsigned char premaster_secret[32], *start; - size_t outlen=32, inlen; + size_t outlen=32, inlen; + unsigned long alg_a; /* Get our certificate private key*/ - pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL); + alg_a = s->s3->tmp.new_cipher->algorithm_auth; + if (alg_a & SSL_aGOST94) + pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; + else if (alg_a & SSL_aGOST01) + pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; + + pkey_ctx = EVP_PKEY_CTX_new(pk,NULL); EVP_PKEY_decrypt_init(pkey_ctx); /* If client certificate is present and is of the same type, maybe * use it for key exchange. Don't mind errors from diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c index 28709978b53..d7f4c6087e3 100644 --- a/lib/libssl/ssl_asn1.c +++ b/lib/libssl/ssl_asn1.c @@ -357,7 +357,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { - int version,ssl_version=0,i; + int ssl_version=0,i; long id; ASN1_INTEGER ai,*aip; ASN1_OCTET_STRING os,*osp; @@ -371,7 +371,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ai.data=NULL; ai.length=0; M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - version=(int)ASN1_INTEGER_get(aip); if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } /* we don't care about the version right now :-) */ diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index bee3507ea18..a8ce186b783 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1027,7 +1027,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, const SSL_CIPHER **ca_list) { unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; - const char *l, *start, *buf; + const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; unsigned long cipher_id = 0; char ch; @@ -1064,7 +1064,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str, alg_ssl = 0; algo_strength = 0; - start=l; for (;;) { ch = *l; @@ -1456,7 +1455,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) int is_export,pkl,kl; const char *ver,*exp_str; const char *kx,*au,*enc,*mac; - unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s; + unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; #ifdef KSSL_DEBUG static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; #else @@ -1469,7 +1468,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) alg_mac = cipher->algorithm_mac; alg_ssl = cipher->algorithm_ssl; - alg_s=cipher->algo_strength; alg2=cipher->algorithm2; is_export=SSL_C_IS_EXPORT(cipher); diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 497515f9ec4..a3c9309488a 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1830,7 +1830,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #endif X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; - int signature_nid = 0; + int signature_nid = 0, pk_nid = 0, md_nid = 0; if (c == NULL) return; @@ -1960,18 +1960,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) EVP_PKEY_bits(ecc_pkey) : 0; EVP_PKEY_free(ecc_pkey); if ((x->sig_alg) && (x->sig_alg->algorithm)) + { signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); + OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); + } #ifndef OPENSSL_NO_ECDH if (ecdh_ok) { - const char *sig = OBJ_nid2ln(signature_nid); - if (sig == NULL) - { - ERR_clear_error(); - sig = "unknown"; - } - - if (strstr(sig, "WithRSA")) + + if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { mask_k|=SSL_kECDHr; mask_a|=SSL_aECDH; @@ -1982,7 +1979,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) } } - if (signature_nid == NID_ecdsa_with_SHA1) + if (pk_nid == NID_X9_62_id_ecPublicKey) { mask_k|=SSL_kECDHe; mask_a|=SSL_aECDH; @@ -2036,7 +2033,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) unsigned long alg_k, alg_a; EVP_PKEY *pkey = NULL; int keysize = 0; - int signature_nid = 0; + int signature_nid = 0, md_nid = 0, pk_nid = 0; alg_k = cs->algorithm_mkey; alg_a = cs->algorithm_auth; @@ -2054,7 +2051,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) /* This call populates the ex_flags field correctly */ X509_check_purpose(x, -1, 0); if ((x->sig_alg) && (x->sig_alg->algorithm)) + { signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); + OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); + } if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { /* key usage, if present, must allow key agreement */ @@ -2066,7 +2066,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) if (alg_k & SSL_kECDHe) { /* signature alg must be ECDSA */ - if (signature_nid != NID_ecdsa_with_SHA1) + if (pk_nid != NID_X9_62_id_ecPublicKey) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); return 0; @@ -2076,13 +2076,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) { /* signature alg must be RSA */ - const char *sig = OBJ_nid2ln(signature_nid); - if (sig == NULL) - { - ERR_clear_error(); - sig = "unknown"; - } - if (strstr(sig, "WithRSA") == NULL) + if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); return 0; @@ -2107,23 +2101,12 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) /* THIS NEEDS CLEANING UP */ X509 *ssl_get_server_send_cert(SSL *s) { - unsigned long alg_k,alg_a,mask_k,mask_a; + unsigned long alg_k,alg_a; CERT *c; - int i,is_export; + int i; c=s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); - is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); - if (is_export) - { - mask_k = c->export_mask_k; - mask_a = c->export_mask_a; - } - else - { - mask_k = c->mask_k; - mask_a = c->mask_a; - } alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 9719541f2b4..793ea43e902 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -157,7 +157,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, const void *seed5, int seed5_len, unsigned char *out, int olen) { - int chunk,n; + int chunk; unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; @@ -187,7 +187,6 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, if (!HMAC_Final(&ctx,A1,&A1_len)) goto err; - n=0; for (;;) { if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */ @@ -309,13 +308,13 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, int tls1_change_cipher_state(SSL *s, int which) { static const unsigned char empty[]=""; - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char *exp_label; unsigned char tmp1[EVP_MAX_KEY_LENGTH]; unsigned char tmp2[EVP_MAX_KEY_LENGTH]; unsigned char iv1[EVP_MAX_IV_LENGTH*2]; unsigned char iv2[EVP_MAX_IV_LENGTH*2]; - unsigned char *ms,*key,*iv,*er1,*er2; + unsigned char *ms,*key,*iv; int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; @@ -337,7 +336,6 @@ int tls1_change_cipher_state(SSL *s, int which) #ifndef OPENSSL_NO_COMP comp=s->s3->tmp.new_compression; #endif - key_block=s->s3->tmp.key_block; #ifdef KSSL_DEBUG printf("tls1_change_cipher_state(which= %d) w/\n", which); @@ -448,8 +446,6 @@ int tls1_change_cipher_state(SSL *s, int which) cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); - er1= &(s->s3->client_random[0]); - er2= &(s->s3->server_random[0]); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { @@ -880,7 +876,7 @@ int tls1_final_finish_mac(SSL *s, int tls1_mac(SSL *ssl, unsigned char *md, int send) { SSL3_RECORD *rec; - unsigned char *mac_sec,*seq; + unsigned char *seq; EVP_MD_CTX *hash; size_t md_size; int i; @@ -892,14 +888,12 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) if (send) { rec= &(ssl->s3->wrec); - mac_sec= &(ssl->s3->write_mac_secret[0]); seq= &(ssl->s3->write_sequence[0]); hash=ssl->write_hash; } else { rec= &(ssl->s3->rrec); - mac_sec= &(ssl->s3->read_mac_secret[0]); seq= &(ssl->s3->read_sequence[0]); hash=ssl->read_hash; } diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 0baa70663aa..85371c87b8e 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1013,9 +1013,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { + unsigned short length; unsigned short type; unsigned short size; - unsigned short len; unsigned char *data = *p; int tlsext_servername = 0; int renegotiate_seen = 0; @@ -1023,7 +1023,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (data >= (d+n-2)) goto ri_check; - n2s(data,len); + n2s(data,length); + if (data+length != d+n) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } while(data <= (d+n-4)) { @@ -1453,23 +1458,20 @@ int ssl_check_serverhello_tlsext(SSL *s) int al = SSL_AD_UNRECOGNIZED_NAME; #ifndef OPENSSL_NO_EC - /* If we are client and using an elliptic curve cryptography cipher suite, then server - * must return a an EC point formats lists containing uncompressed. + /* If we are client and using an elliptic curve cryptography cipher + * suite, then if server returns an EC point formats lists extension + * it must contain uncompressed. */ unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && + (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list; int found_uncompressed = 0; - if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0)) - { - SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - return -1; - } list = s->session->tlsext_ecpointformatlist; for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) { diff --git a/lib/libssl/test/maketests.com b/lib/libssl/test/maketests.com index ca072f1d11b..386e5cf3c16 100644 --- a/lib/libssl/test/maketests.com +++ b/lib/libssl/test/maketests.com @@ -25,7 +25,7 @@ $! VAXC For VAX C. $! DECC For DEC C. $! GNUC For GNU C. $! -$! If you don't speficy a compiler, it will try to determine which +$! If you don't specify a compiler, it will try to determine which $! "C" compiler to use. $! $! P3, if defined, sets a TCP/IP library to use, through one of the following @@ -37,46 +37,87 @@ $! $! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! +$! P5, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: +$! +$! "" Compile with default (/NOPOINTER_SIZE) +$! 32 Compile with /POINTER_SIZE=32 (SHORT) +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]) +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). +$! +$! P6, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! $! Define A TCP/IP Library That We Will Need To Link To. -$! (That is, If Wee Need To Link To One.) +$! (That is, If We Need To Link To One.) $! $ TCPIP_LIB = "" +$ ZLIB_LIB = "" $! $! Check Which Architecture We Are Using. $! -$ if (f$getsyi( "HW_MODEL") .lt. 1024) +$ if (f$getsyi( "cpu") .lt. 128) $ then -$ arch = "VAX" +$ ARCH = "VAX" $ else -$ arch = "" -$ arch = arch+ f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if (arch .eqs. "") then arch = "UNK" +$ ARCH = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (ARCH .eqs. "") then ARCH = "UNK" $ endif $! -$! Define The OBJ and EXE Directories (EXE before CHECK_OPTIONS). -$! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST] -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST] +$ ARCHD = ARCH +$ LIB32 = "32" +$ OPT_FILE = "" +$ POINTER_SIZE = "" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! $ GOSUB CHECK_OPTIONS $! +$! Define The OBJ and EXE Directories. +$! +$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.TEST] +$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.TEST] +$! +$! Specify the destination directory in any /MAP option. +$! +$ if (LINKMAP .eqs. "MAP") +$ then +$ LINKMAP = LINKMAP+ "=''EXE_DIR'" +$ endif +$! +$! Add the location prefix to the linker options file name. +$! +$ if (OPT_FILE .nes. "") +$ then +$ OPT_FILE = EXE_DIR+ OPT_FILE +$ endif +$! $! Initialise logical names and such $! $ GOSUB INITIALISE $! $! Tell The User What Kind of Machine We Run On. $! -$ WRITE SYS$OUTPUT "Compiling On ''ARCH'." +$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB $! $! Define The SSL We Are To Use. $! -$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB +$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB $! $! Create the OBJ and EXE Directories, if needed. $! @@ -105,7 +146,7 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "MDC2TEST,RMDTEST,"+ - "RANDTEST,DHTEST,ENGINETEST,"+ - "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - - "EVP_TEST,JPAKETEST" + "EVP_TEST,IGETEST,JPAKETEST,ASN1TEST" $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? $! $! Additional directory information. @@ -139,8 +180,9 @@ $ T_D_EXPTEST := [-.crypto.bn] $ T_D_DSATEST := [-.crypto.dsa] $ T_D_RSA_TEST := [-.crypto.rsa] $ T_D_EVP_TEST := [-.crypto.evp] -$ T_D_JPAKETEST := [-.crypto.jpake] $ T_D_IGETEST := [-.test] +$ T_D_JPAKETEST := [-.crypto.jpake] +$ T_D_ASN1TEST := [-.test] $! $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - @@ -223,33 +265,15 @@ $! $! Link The Program, Check To See If We Need To Link With RSAREF Or Not. $! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! $! Don't Link With The RSAREF Routines And TCP/IP Library. $! -$ LINK /'DEBUGGER' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' - - 'OBJECT_FILE', - - 'SSL_LIB' /LIBRARY, - - 'CRYPTO_LIB' /LIBRARY, - - 'TCPIP_LIB', - - 'OPT_FILE' /OPTIONS -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' - - 'OBJECT_FILE', - - 'SSL_LIB' /LIBRARY, - - 'CRYPTO_LIB' /LIBRARY, - - 'OPT_FILE' /OPTIONS -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF +$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' - + 'OBJECT_FILE', - + 'SSL_LIB' /LIBRARY, - + 'CRYPTO_LIB' /LIBRARY - + 'TCPIP_LIB' - + 'ZLIB_LIB' - + ,'OPT_FILE' /OPTIONS $! $! Go Back And Do It Again. $! @@ -313,7 +337,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable C Runtime Library. ! GNU_CC:[000000]GCCLIB.OLB /LIBRARY @@ -348,7 +372,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable DEC C Runtime Library. ! SYS$SHARE:DECC$SHR.EXE /SHAREABLE @@ -363,7 +387,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For non-VAX To Link Agianst +! Default System Options File For non-VAX To Link Against ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE @@ -442,19 +466,24 @@ $! Check The User's Options. $! $ CHECK_OPTIONS: $! +$! Set basic C compiler /INCLUDE directories. +$! +$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]" +$! $! Check To See If P1 Is Blank. $! $ IF (P1.EQS."NODEBUG") $ THEN $! -$! P1 Is NODEBUG, So Compile Without Debugger Information. +$! P1 Is NODEBUG, So Compile Without Debugger Information. $! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." +$ DEBUGGER = "NODEBUG" +$ LINKMAP = "NOMAP" +$ TRACEBACK = "NOTRACEBACK" +$ GCC_OPTIMIZE = "OPTIMIZE" +$ CC_OPTIMIZE = "OPTIMIZE" +$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." $! $! Else... $! @@ -468,6 +497,7 @@ $! $! Compile With Debugger Information. $! $ DEBUGGER = "DEBUG" +$ LINKMAP = "MAP" $ TRACEBACK = "TRACEBACK" $ GCC_OPTIMIZE = "NOOPTIMIZE" $ CC_OPTIMIZE = "NOOPTIMIZE" @@ -478,7 +508,7 @@ $! Else... $! $ ELSE $! -$! Tell The User Entered An Invalid Option.. +$! Tell The User Entered An Invalid Option. $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" @@ -491,11 +521,87 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. +$! +$ ENDIF +$! +$! End The P1 Check. +$! +$ ENDIF +$! +$! Check P5 (POINTER_SIZE). +$! +$ IF (P5 .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (P5 .EQS. "32") +$ THEN +$ POINTER_SIZE = " /POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = F$EDIT( P5, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=") +$ THEN +$! Explicit user choice: "64" or "64=ARGV". +$ IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64" +$ ELSE +$ SET NOON +$ DEFINE /USER_MODE SYS$OUTPUT NL: +$ DEFINE /USER_MODE SYS$ERROR NL: +$ CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL: +$ IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000 +$ THEN +$ ! If we got here, it means DCL complained like this: +$ ! %DCL-W-NOVALU, value not allowed - remove value specification +$ ! \64=\ +$ ! +$ ! If the compiler was run, logicals defined in /USER would +$ ! have been deassigned automatically. However, when DCL +$ ! complains, they aren't, so we do it here (it might be +$ ! unnecessary, but just in case there will be another error +$ ! message further on that we don't want to miss) +$ DEASSIGN /USER_MODE SYS$ERROR +$ DEASSIGN /USER_MODE SYS$OUTPUT +$ ELSE +$ POINTER_SIZE = POINTER_SIZE + "=ARGV" +$ ENDIF +$ SET ON +$ ENDIF +$ POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'" +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", P5, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$ ENDIF $! $ ENDIF $! -$! End The P2 Check. +$! End The P5 (POINTER_SIZE) Check. $! $ ENDIF $! @@ -599,11 +705,64 @@ $ CCDEFS = "TCPIP_TYPE_''P3'" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" +$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS $! -$! Check To See If The User Entered A Valid Paramter. +$! Check To See If We Have A ZLIB Option. +$! +$ ZLIB = P6 +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$ file1 = f$parse( "A.;", ZLIB)- "A.;" +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ GOTO EXIT +$ endif +$! +$ CCDEFS = """ZLIB=1"", "+ CCDEFS +$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 +$ ZLIB_LIB = ", ''file2' /library" +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The P8 Check. +$! +$ ENDIF +$! +$! Check To See If The User Entered A Valid Parameter. $! $ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC") $ THEN @@ -626,13 +785,13 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC /DECC" -$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + - - "/NOLIST /PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS +$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - + "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - + " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -661,7 +820,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC" $ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS $ CCDEFS = CCDEFS + ",""VAXC""" $! $! Define <sys> As SYS$COMMON:[SYSLIB] @@ -670,7 +829,7 @@ $ DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -692,11 +851,11 @@ $! $! Use GNU C... $! $ CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -715,20 +874,20 @@ $ THEN $ CC4DISABLEWARNINGS = "DOLLARID" $ ELSE $ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" +$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" $ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" +$ CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" $ ELSE $ CCDISABLEWARNINGS = "" $ CC4DISABLEWARNINGS = "" $ ENDIF -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS +$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $! $! Show user the result $! $ WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -760,7 +919,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Done with SOCKETSHR $! @@ -786,13 +945,13 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" + TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" $ ENDIF $! $! Done with UCX @@ -806,7 +965,7 @@ $ THEN $! $! Set the library to use TCPIP (post UCX). $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Done with TCPIP $! @@ -827,9 +986,9 @@ $ ENDIF $! $! Print info $! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB +$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/lib/libssl/test/tcrl.com b/lib/libssl/test/tcrl.com index 1f606eb8508..dd96a2b6dd7 100644 --- a/lib/libssl/test/tcrl.com +++ b/lib/libssl/test/tcrl.com @@ -1,14 +1,17 @@ $! TCRL.COM -- Tests crl keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl crl +$ cmd = "mcr ''exe_dir'openssl crl" $ -$ t := testcrl.pem +$ t = "testcrl.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing CRL conversions" diff --git a/lib/libssl/test/testca.com b/lib/libssl/test/testca.com index ec7e56dad65..78cda9ec5a8 100644 --- a/lib/libssl/test/testca.com +++ b/lib/libssl/test/testca.com @@ -1,11 +1,13 @@ $! TESTCA.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" $ -$ openssl := mcr 'exe_dir'openssl +$ openssl = "mcr ''exe_dir'openssl" $ $ SSLEAY_CONFIG="-config ""CAss.cnf""" $ diff --git a/lib/libssl/test/testenc.com b/lib/libssl/test/testenc.com index 621d9a21264..75acd6f07fa 100644 --- a/lib/libssl/test/testenc.com +++ b/lib/libssl/test/testenc.com @@ -1,13 +1,16 @@ $! TESTENC.COM -- Test encoding and decoding $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. 64) then __arch = __arch+ "_64" $ -$ testsrc := makefile. -$ test := p.txt -$ cmd := mcr 'exe_dir'openssl +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ testsrc = "makefile." +$ test = "p.txt" +$ cmd = "mcr ''exe_dir'openssl" $ $ if f$search(test) .nes. "" then delete 'test';* $ convert/fdl=sys$input: 'testsrc' 'test' diff --git a/lib/libssl/test/testgen.com b/lib/libssl/test/testgen.com index a4bc574bec5..e076da2f306 100644 --- a/lib/libssl/test/testgen.com +++ b/lib/libssl/test/testgen.com @@ -1,14 +1,15 @@ -$! TETSGEN.COM +$! TESTGEN.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$ if (p1 .eqs. 64) then __arch = __arch+ "_64" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ T := testcert +$ T = "testcert" $ KEY = 512 -$ CA := [-.certs]testca.pem +$ CA = "[-.certs]testca.pem" $ $ set noon $ if f$search(T+".1;*") .nes. "" then delete 'T'.1;* @@ -20,7 +21,8 @@ $ write sys$output "generating certificate request" $ $ append/new nl: .rnd $ open/append random_file .rnd -$ write random_file "string to make the random number generator think it has entropy" +$ write random_file - + "string to make the random number generator think it has entropy" $ close random_file $ $ set noon @@ -33,8 +35,10 @@ $ then $ req_new="-newkey dsa:[-.apps]dsa512.pem" $ else $ req_new="-new" -$ write sys$output "There should be a 2 sequences of .'s and some +'s." -$ write sys$output "There should not be more that at most 80 per line" +$ write sys$output - + "There should be a 2 sequences of .'s and some +'s." +$ write sys$output - + "There should not be more that at most 80 per line" $ endif $ $ write sys$output "This could take some time." diff --git a/lib/libssl/test/tests.com b/lib/libssl/test/tests.com index d151cd39553..373dd16eacb 100644 --- a/lib/libssl/test/tests.com +++ b/lib/libssl/test/tests.com @@ -1,22 +1,43 @@ $! TESTS.COM -- Performs the necessary tests $! $! P1 tests to be performed. Empty means all. -$ +$! P2 Pointer size: "", "32", or "64". +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! $ __proc = f$element(0,";",f$environment("procedure")) $ __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;" $ __save_default = f$environment("default") -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ texe_dir := sys$disk:[-.'__arch'.exe.test] -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] -$ -$ sslroot = f$parse("sys$disk:[-.apps];",,,,"syntax_only") - "].;"+ ".]" -$ define /translation_attributes = concealed sslroot 'sslroot' +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ __archd = __arch +$ pointer_size = "" +$ if (p2 .eq. "64") +$ then +$ pointer_size = "64" +$ __archd = __arch+ "_64" +$ endif +$! +$ texe_dir := sys$disk:[-.'__archd'.exe.test] +$ exe_dir := sys$disk:[-.'__archd'.exe.apps] $ $ set default '__here' $ +$ ROOT = F$PARSE("sys$disk:[-]A.;0",,,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" +$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") +$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - + - ".][000000" - "[000000." - "][" - "[" - "]" +$ ROOT = ROOT_DEV + "[" + ROOT_DIR +$ DEFINE/NOLOG SSLROOT 'ROOT'.APPS.] /TRANS=CONC +$ openssl_conf := sslroot:[000000]openssl-vms.cnf +$ $ on control_y then goto exit $ on error then goto exit $ @@ -70,17 +91,19 @@ $ ENGINETEST := enginetest $ EVPTEST := evp_test $ IGETEST := igetest $ JPAKETEST := jpaketest -$ +$ ASN1TEST := asn1test +$! $ tests_i = 0 $ loop_tests: $ tests_e = f$element(tests_i,",",tests) $ tests_i = tests_i + 1 $ if tests_e .eqs. "," then goto exit +$ write sys$output "---> ''tests_e'" $ gosub 'tests_e' $ goto loop_tests $ $ test_evp: -$ mcr 'texe_dir''evptest' evptests.txt +$ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt $ return $ test_des: $ mcr 'texe_dir''destest' @@ -132,68 +155,109 @@ $ test_rand: $ mcr 'texe_dir''randtest' $ return $ test_enc: -$ @testenc.com +$ @testenc.com 'pointer_size' $ return $ test_x509: -$ define sys$error nla0: +$ set noon +$ define sys$error test_x509.err $ write sys$output "test normal x509v1 certificate" -$ @tx509.com +$ @tx509.com "" 'pointer_size' $ write sys$output "test first x509v3 certificate" -$ @tx509.com v3-cert1.pem +$ @tx509.com v3-cert1.pem 'pointer_size' $ write sys$output "test second x509v3 certificate" -$ @tx509.com v3-cert2.pem +$ @tx509.com v3-cert2.pem 'pointer_size' $ deassign sys$error +$ set on $ return $ test_rsa: -$ define sys$error nla0: -$ @trsa.com +$ set noon +$ define sys$error test_rsa.err +$ @trsa.com "" 'pointer_size' $ deassign sys$error $ mcr 'texe_dir''rsatest' +$ set on $ return $ test_crl: -$ define sys$error nla0: -$ @tcrl.com +$ set noon +$ define sys$error test_crl.err +$ @tcrl.com "" 'pointer_size' $ deassign sys$error +$ set on $ return $ test_sid: -$ define sys$error nla0: -$ @tsid.com +$ set noon +$ define sys$error test_sid.err +$ @tsid.com "" 'pointer_size' $ deassign sys$error +$ set on $ return $ test_req: -$ define sys$error nla0: -$ @treq.com -$ @treq.com testreq2.pem +$ set noon +$ define sys$error test_req.err +$ @treq.com "" 'pointer_size' +$ @treq.com testreq2.pem 'pointer_size' $ deassign sys$error +$ set on $ return $ test_pkcs7: -$ define sys$error nla0: -$ @tpkcs7.com -$ @tpkcs7d.com +$ set noon +$ define sys$error test_pkcs7.err +$ @tpkcs7.com "" 'pointer_size' +$ @tpkcs7d.com "" 'pointer_size' $ deassign sys$error +$ set on $ return $ test_bn: -$ write sys$output "starting big number library test, could take a while..." -$ create bntest-vms.fdl +$ write sys$output - + "starting big number library test, could take a while..." +$ set noon +$ define sys$error test_bn.err +$ define sys$output test_bn.out +$ @ bctest.com +$ status = $status +$ deassign sys$error +$ deassign sys$output +$ set on +$ if (status) +$ then +$ create /fdl = sys$input bntest-vms.tmp +FILE + ORGANIZATION sequential +RECORD + FORMAT stream_lf +$ define /user_mode sys$output bntest-vms.tmp +$ mcr 'texe_dir''bntest' +$ define /user_mode sys$input bntest-vms.tmp +$ define /user_mode sys$output bntest-vms.out +$ bc +$ @ bntest.com bntest-vms.out +$ status = $status +$ if (status) +$ then +$ delete bntest-vms.out;* +$ delete bntest-vms.tmp;* +$ endif +$ else +$ create /fdl = sys$input bntest-vms.sh FILE ORGANIZATION sequential RECORD FORMAT stream_lf -$ create/fdl=bntest-vms.fdl bntest-vms.sh -$ open/append foo bntest-vms.sh -$ type/output=foo: sys$input: +$ open /append bntest_file bntest-vms.sh +$ type /output = bntest_file sys$input: << __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"' -$ define/user sys$output bntest-vms.tmp -$ mcr 'texe_dir''bntest' -$ copy bntest-vms.tmp foo: -$ delete bntest-vms.tmp;* -$ type/output=foo: sys$input: +$ define /user_mode sys$output bntest-vms.tmp +$ mcr 'texe_dir''bntest' +$ copy bntest-vms.tmp bntest_file +$ delete bntest-vms.tmp;* +$ type /output = bntest_file sys$input: __FOO__ -$ close foo -$ write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and" -$ write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations" -$ write sys$output "-- went well." -$ write sys$output "" +$ close bntest_file +$ write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and" +$ write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations" +$ write sys$output "-- went well." +$ write sys$output "" +$ endif $ write sys$output "test a^b%c implementations" $ mcr 'texe_dir''exptest' $ return @@ -212,7 +276,7 @@ $ return $ test_verify: $ write sys$output "The following command should have some OK's and some failures" $ write sys$output "There are definitly a few expired certificates" -$ @tverify.com +$ @tverify.com 'pointer_size' $ return $ test_dh: $ write sys$output "Generate a set of DH parameters" @@ -224,7 +288,7 @@ $ mcr 'texe_dir''dsatest' $ return $ test_gen: $ write sys$output "Generate and verify a certificate request" -$ @testgen.com +$ @testgen.com 'pointer_size' $ return $ maybe_test_ss: $ testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT")) @@ -237,7 +301,7 @@ $ if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then - $ return $ test_ss: $ write sys$output "Generate and certify a test certificate" -$ @testss.com +$ @testss.com 'pointer_size' $ return $ test_engine: $ write sys$output "Manipulate the ENGINE structures" @@ -246,11 +310,11 @@ $ return $ test_ssl: $ write sys$output "test SSL protocol" $ gosub maybe_test_ss -$ @testssl.com keyU.ss certU.ss certCA.ss +$ @testssl.com keyU.ss certU.ss certCA.ss 'pointer_size' $ return $ test_ca: $ set noon -$ define/user sys$output nla0: +$ define /user_mode sys$output test_ca.out $ mcr 'exe_dir'openssl no-rsa $ save_severity=$SEVERITY $ set on @@ -259,7 +323,7 @@ $ then $ write sys$output "skipping CA.com test -- requires RSA" $ else $ write sys$output "Generate and certify a test certificate via the 'ca' program" -$ @testca.com +$ @testca.com 'pointer_size' $ endif $ return $ test_aes: @@ -268,7 +332,7 @@ $! !mcr 'texe_dir''aestest' $ return $ test_tsa: $ set noon -$ define/user sys$output nla0: +$ define /user_mode sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ save_severity=$SEVERITY $ set on @@ -276,7 +340,7 @@ $ if save_severity $ then $ write sys$output "skipping testtsa.com test -- requires RSA" $ else -$ @testtsa.com +$ @testtsa.com "" "" "" 'pointer_size' $ endif $ return $ test_ige: @@ -289,11 +353,14 @@ $ mcr 'texe_dir''jpaketest' $ return $ test_cms: $ write sys$output "CMS consistency test" +$ ! Define the logical name used to find openssl.exe in the perl script. +$ define /user_mode osslx 'exe_dir' $ perl CMS-TEST.PL $ return $ $ $ exit: +$ mcr 'exe_dir'openssl version -a $ set default '__save_default' $ deassign sslroot $ exit diff --git a/lib/libssl/test/testss.com b/lib/libssl/test/testss.com index 6598106b09d..32a74d0fc21 100644 --- a/lib/libssl/test/testss.com +++ b/lib/libssl/test/testss.com @@ -1,16 +1,19 @@ $! TESTSS.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ $ digest="-md5" -$ reqcmd := mcr 'exe_dir'openssl req -$ x509cmd := mcr 'exe_dir'openssl x509 'digest' -$ verifycmd := mcr 'exe_dir'openssl verify -$ dummycnf := sys$disk:[-.apps]openssl-vms.cnf +$ reqcmd = "mcr ''exe_dir'openssl req" +$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'" +$ verifycmd = "mcr ''exe_dir'openssl verify" +$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf" $ $ CAkey="""keyCA.ss""" $ CAcert="""certCA.ss""" diff --git a/lib/libssl/test/testssl.com b/lib/libssl/test/testssl.com index 9c83afba047..f19edc4719f 100644 --- a/lib/libssl/test/testssl.com +++ b/lib/libssl/test/testssl.com @@ -1,11 +1,14 @@ $! TESTSSL.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ texe_dir := sys$disk:[-.'__arch'.exe.test] -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p4 .eqs. "64") then __arch = __arch+ "_64" +$! +$ texe_dir = "sys$disk:[-.''__arch'.exe.test]" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ $ if p1 .eqs. "" $ then @@ -19,21 +22,21 @@ $ cert="[-.apps]server.pem" $ else $ cert=p2 $ endif -$ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert' -$ +$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ - + " -cert ''cert' -c_key ''key' -c_cert ''cert'" +$! +$ set noon $ define/user sys$output testssl-x509-output. $ define/user sys$error nla0: $ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout -$ set noon $ define/user sys$error nla0: $ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact $ if $severity .eq. 1 $ then -$ dsa_cert := YES +$ dsa_cert = "YES" $ else -$ dsa_cert := NO +$ dsa_cert = "NO" $ endif -$ set on $ delete testssl-x509-output.;* $ $ if p3 .eqs. "" @@ -161,14 +164,12 @@ $ if $severity .ne. 1 then goto exit3 $ $!########################################################################### $ -$ set noon $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ no_rsa=$SEVERITY $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-dh $ no_dh=$SEVERITY -$ set on $ $ if no_dh $ then @@ -203,4 +204,5 @@ $ exit3: $ RET = 3 $ exit: $ if p3 .eqs. "" then delete certs.tmp;* +$ set on $ exit 'RET' diff --git a/lib/libssl/test/tpkcs7.com b/lib/libssl/test/tpkcs7.com index e107cc141a8..3fc4982bb00 100644 --- a/lib/libssl/test/tpkcs7.com +++ b/lib/libssl/test/tpkcs7.com @@ -1,14 +1,17 @@ $! TPKCS7.COM -- Tests pkcs7 keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl pkcs7 +$ cmd = "mcr ''exe_dir'openssl pkcs7" $ -$ t := testp7.pem +$ t = "testp7.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing PKCS7 conversions" diff --git a/lib/libssl/test/tpkcs7d.com b/lib/libssl/test/tpkcs7d.com index 5ff653ccee0..eea8c888ee6 100644 --- a/lib/libssl/test/tpkcs7d.com +++ b/lib/libssl/test/tpkcs7d.com @@ -1,14 +1,17 @@ $! TPKCS7.COM -- Tests pkcs7 keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl pkcs7 +$ cmd = "mcr ''exe_dir'openssl pkcs7" $ -$ t := pkcs7-1.pem +$ t = "pkcs7-1.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing PKCS7 conversions (2)" diff --git a/lib/libssl/test/treq.com b/lib/libssl/test/treq.com index d2594be6a7e..acf08b79efd 100644 --- a/lib/libssl/test/treq.com +++ b/lib/libssl/test/treq.com @@ -1,14 +1,17 @@ $! TREQ.COM -- Tests req keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl req -config [-.apps]openssl-vms.cnf +$ cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf" $ -$ t := testreq.pem +$ t = "testreq.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing req conversions" diff --git a/lib/libssl/test/trsa.com b/lib/libssl/test/trsa.com index d3a8a605b78..54180843ee0 100644 --- a/lib/libssl/test/trsa.com +++ b/lib/libssl/test/trsa.com @@ -1,10 +1,13 @@ $! TRSA.COM -- Tests rsa keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ $ set noon $ define/user sys$output nla0: @@ -17,9 +20,9 @@ $ write sys$output "skipping RSA conversion test" $ exit $ endif $ -$ cmd := mcr 'exe_dir'openssl rsa +$ cmd = "mcr ''exe_dir'openssl rsa" $ -$ t := testrsa.pem +$ t = "testrsa.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing RSA conversions" diff --git a/lib/libssl/test/tsid.com b/lib/libssl/test/tsid.com index 267ace11353..b6c4e49473e 100644 --- a/lib/libssl/test/tsid.com +++ b/lib/libssl/test/tsid.com @@ -1,14 +1,17 @@ $! TSID.COM -- Tests sid keys $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl sess_id +$ cmd = "mcr ''exe_dir'openssl sess_id" $ -$ t := testsid.pem +$ t = "testsid.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing session-id conversions" diff --git a/lib/libssl/test/tverify.com b/lib/libssl/test/tverify.com index 01431f4aac1..d888344637e 100644 --- a/lib/libssl/test/tverify.com +++ b/lib/libssl/test/tverify.com @@ -1,13 +1,15 @@ $! TVERIFY.COM $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" $! $ line_max = 255 ! Could be longer on modern non-VAX. $ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp" -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'" $ cmd_len = f$length( cmd) $ pems = "[-.certs...]*.pem" @@ -19,7 +21,7 @@ $! $! Loop through all the certificate files. $! $ args = "" -$ old_f := +$ old_f = "" $ loop_file: $ f = f$search( pems) $ if ((f .nes. "") .and. (f .nes. old_f)) diff --git a/lib/libssl/test/tx509.com b/lib/libssl/test/tx509.com index 399eb014901..93ce988b418 100644 --- a/lib/libssl/test/tx509.com +++ b/lib/libssl/test/tx509.com @@ -1,14 +1,17 @@ $! TX509.COM -- Tests x509 certificates $ -$ __arch := VAX +$ __arch = "VAX" $ if f$getsyi("cpu") .ge. 128 then - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ cmd := mcr 'exe_dir'openssl x509 +$ cmd = "mcr ''exe_dir'openssl x509" $ -$ t := testx509.pem +$ t = "testx509.pem" $ if p1 .nes. "" then t = p1 $ $ write sys$output "testing X509 conversions" |