diff options
Diffstat (limited to 'lib')
149 files changed, 1405 insertions, 6581 deletions
diff --git a/lib/libcrypto/aes/asm/aes-x86_64.pl b/lib/libcrypto/aes/asm/aes-x86_64.pl index 48fa857d5b1..34cbb5d8442 100755 --- a/lib/libcrypto/aes/asm/aes-x86_64.pl +++ b/lib/libcrypto/aes/asm/aes-x86_64.pl @@ -36,7 +36,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $verticalspin=1; # unlike 32-bit version $verticalspin performs # ~15% better on both AMD and Intel cores diff --git a/lib/libcrypto/aes/asm/aesni-x86_64.pl b/lib/libcrypto/aes/asm/aesni-x86_64.pl index 499f3b3f42f..0dbb194b8d7 100644 --- a/lib/libcrypto/aes/asm/aesni-x86_64.pl +++ b/lib/libcrypto/aes/asm/aesni-x86_64.pl @@ -172,7 +172,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $movkey = $PREFIX eq "aesni" ? "movups" : "movups"; @_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order diff --git a/lib/libcrypto/asn1/a_int.c b/lib/libcrypto/asn1/a_int.c index ad0d2506f63..297c45a9ff1 100644 --- a/lib/libcrypto/asn1/a_int.c +++ b/lib/libcrypto/asn1/a_int.c @@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) int pad=0,ret,i,neg; unsigned char *p,*n,pb=0; - if ((a == NULL) || (a->data == NULL)) return(0); + if (a == NULL) return(0); neg=a->type & V_ASN1_NEG; if (a->length == 0) ret=1; diff --git a/lib/libcrypto/asn1/a_strex.c b/lib/libcrypto/asn1/a_strex.c index 264ebf2393a..ead37ac3258 100644 --- a/lib/libcrypto/asn1/a_strex.c +++ b/lib/libcrypto/asn1/a_strex.c @@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) if(mbflag == -1) return -1; mbflag |= MBSTRING_FLAG; stmp.data = NULL; + stmp.length = 0; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; *out = stmp.data; diff --git a/lib/libcrypto/asn1/asn1_err.c b/lib/libcrypto/asn1/asn1_err.c index 1a30bf119bd..aa60203ba80 100644 --- a/lib/libcrypto/asn1/asn1_err.c +++ b/lib/libcrypto/asn1/asn1_err.c @@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, -{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, +{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, diff --git a/lib/libcrypto/asn1/x_pubkey.c b/lib/libcrypto/asn1/x_pubkey.c index 627ec87f9f8..b649e1fcf96 100644 --- a/lib/libcrypto/asn1/x_pubkey.c +++ b/lib/libcrypto/asn1/x_pubkey.c @@ -175,12 +175,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); if (key->pkey) { + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); EVP_PKEY_free(ret); ret = key->pkey; } else + { key->pkey = ret; - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + } CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); return ret; diff --git a/lib/libcrypto/bio/bss_dgram.c b/lib/libcrypto/bio/bss_dgram.c index 1b1e4bec812..54c012c47d7 100644 --- a/lib/libcrypto/bio/bss_dgram.c +++ b/lib/libcrypto/bio/bss_dgram.c @@ -77,10 +77,20 @@ #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 #endif -#ifdef OPENSSL_SYS_LINUX +#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) #define IP_MTU 14 /* linux is lame */ #endif +#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) +/* Standard definition causes type-punning problems. */ +#undef IN6_IS_ADDR_V4MAPPED +#define s6_addr32 __u6_addr.__u6_addr32 +#define IN6_IS_ADDR_V4MAPPED(a) \ + (((a)->s6_addr32[0] == 0) && \ + ((a)->s6_addr32[1] == 0) && \ + ((a)->s6_addr32[2] == htonl(0x0000ffff))) +#endif + #ifdef WATT32 #define sock_write SockWrite /* Watt-32 uses same names */ #define sock_read SockRead @@ -255,7 +265,7 @@ static void dgram_adjust_rcv_timeout(BIO *b) { #if defined(SO_RCVTIMEO) bio_dgram_data *data = (bio_dgram_data *)b->ptr; - int sz = sizeof(int); + union { size_t s; int i; } sz = {0}; /* Is a timer active? */ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) @@ -265,8 +275,10 @@ static void dgram_adjust_rcv_timeout(BIO *b) /* Read current socket timeout */ #ifdef OPENSSL_SYS_WINDOWS int timeout; + + sz.i = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void*)&timeout, &sz) < 0) + (void*)&timeout, &sz.i) < 0) { perror("getsockopt"); } else { @@ -274,9 +286,12 @@ static void dgram_adjust_rcv_timeout(BIO *b) data->socket_timeout.tv_usec = (timeout % 1000) * 1000; } #else + sz.i = sizeof(data->socket_timeout); if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), (void *)&sz) < 0) { perror("getsockopt"); } + else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0) + OPENSSL_assert(sz.s<=sizeof(data->socket_timeout)); #endif /* Get current time */ @@ -445,11 +460,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) int *ip; struct sockaddr *to = NULL; bio_dgram_data *data = NULL; -#if defined(IP_MTU_DISCOVER) || defined(IP_MTU) - long sockopt_val = 0; - unsigned int sockopt_len = 0; -#endif -#ifdef OPENSSL_SYS_LINUX +#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) + int sockopt_val = 0; + socklen_t sockopt_len; /* assume that system supporting IP_MTU is + * modern enough to define socklen_t */ socklen_t addr_len; union { struct sockaddr sa; @@ -531,7 +545,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) break; /* (Linux)kernel sets DF bit on outgoing IP packets */ case BIO_CTRL_DGRAM_MTU_DISCOVER: -#ifdef OPENSSL_SYS_LINUX +#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) addr_len = (socklen_t)sizeof(addr); memset((void *)&addr, 0, sizeof(addr)); if (getsockname(b->num, &addr.sa, &addr_len) < 0) @@ -539,7 +553,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - sockopt_len = sizeof(sockopt_val); switch (addr.sa.sa_family) { case AF_INET: @@ -548,7 +561,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) &sockopt_val, sizeof(sockopt_val))) < 0) perror("setsockopt"); break; -#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) +#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) case AF_INET6: sockopt_val = IPV6_PMTUDISC_DO; if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, @@ -565,7 +578,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) break; #endif case BIO_CTRL_DGRAM_QUERY_MTU: -#ifdef OPENSSL_SYS_LINUX +#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) addr_len = (socklen_t)sizeof(addr); memset((void *)&addr, 0, sizeof(addr)); if (getsockname(b->num, &addr.sa, &addr_len) < 0) @@ -727,12 +740,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) #endif break; case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: -#ifdef OPENSSL_SYS_WINDOWS { - int timeout, sz = sizeof(timeout); + union { size_t s; int i; } sz = {0}; +#ifdef OPENSSL_SYS_WINDOWS + int timeout; struct timeval *tv = (struct timeval *)ptr; + + sz.i = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void*)&timeout, &sz) < 0) + (void*)&timeout, &sz.i) < 0) { perror("getsockopt"); ret = -1; } else { @@ -740,12 +756,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) tv->tv_usec = (timeout % 1000) * 1000; ret = sizeof(*tv); } - } #else + sz.i = sizeof(struct timeval); if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - ptr, (void *)&ret) < 0) + ptr, (void *)&sz) < 0) { perror("getsockopt"); ret = -1; } + else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0) + { + OPENSSL_assert(sz.s<=sizeof(struct timeval)); + ret = (int)sz.s; + } + else + ret = sz.i; #endif + } break; #endif #if defined(SO_SNDTIMEO) @@ -765,12 +789,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) #endif break; case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: -#ifdef OPENSSL_SYS_WINDOWS { - int timeout, sz = sizeof(timeout); + union { size_t s; int i; } sz = {0}; +#ifdef OPENSSL_SYS_WINDOWS + int timeout; struct timeval *tv = (struct timeval *)ptr; + + sz.i = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - (void*)&timeout, &sz) < 0) + (void*)&timeout, &sz.i) < 0) { perror("getsockopt"); ret = -1; } else { @@ -778,12 +805,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) tv->tv_usec = (timeout % 1000) * 1000; ret = sizeof(*tv); } - } #else + sz.i = sizeof(struct timeval); if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - ptr, (void *)&ret) < 0) + ptr, (void *)&sz) < 0) { perror("getsockopt"); ret = -1; } + else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0) + { + OPENSSL_assert(sz.s<=sizeof(struct timeval)); + ret = (int)sz.s; + } + else + ret = sz.i; #endif + } break; #endif case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: @@ -871,8 +906,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) memset(authchunks, 0, sizeof(sockopt_len)); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len); OPENSSL_assert(ret >= 0); - - for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t); + + for (p = (unsigned char*) authchunks->gauth_chunks; p < (unsigned char*) authchunks + sockopt_len; p += sizeof(uint8_t)) { @@ -955,7 +990,6 @@ static int dgram_sctp_free(BIO *a) #ifdef SCTP_AUTHENTICATION_EVENT void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp) { - unsigned int sockopt_len = 0; int ret; struct sctp_authkey_event* authkeyevent = &snp->sn_auth_event; @@ -965,9 +999,8 @@ void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp) /* delete key */ authkeyid.scact_keynumber = authkeyevent->auth_keynumber; - sockopt_len = sizeof(struct sctp_authkeyid); ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, - &authkeyid, sockopt_len); + &authkeyid, sizeof(struct sctp_authkeyid)); } } #endif @@ -1164,7 +1197,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); OPENSSL_assert(ii >= 0); - for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t); + for (p = (unsigned char*) authchunks->gauth_chunks; p < (unsigned char*) authchunks + optlen; p += sizeof(uint8_t)) { @@ -1298,7 +1331,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret=1; bio_dgram_sctp_data *data = NULL; - unsigned int sockopt_len = 0; + socklen_t sockopt_len = 0; struct sctp_authkeyid authkeyid; struct sctp_authkey *authkey; diff --git a/lib/libcrypto/bio/bss_log.c b/lib/libcrypto/bio/bss_log.c index b7dce5c1a27..2227b2b52d4 100644 --- a/lib/libcrypto/bio/bss_log.c +++ b/lib/libcrypto/bio/bss_log.c @@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str) static void xopenlog(BIO* bp, char* name, int level) { - if (GetVersion() < 0x80000000) + if (check_winnt()) bp->ptr = RegisterEventSourceA(NULL,name); else bp->ptr = NULL; diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h index f34248ec4f8..21a1a3fe35c 100644 --- a/lib/libcrypto/bn/bn.h +++ b/lib/libcrypto/bn/bn.h @@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif diff --git a/lib/libcrypto/bn/bn_div.c b/lib/libcrypto/bn/bn_div.c index 52b3304293a..7b2403185e6 100644 --- a/lib/libcrypto/bn/bn_div.c +++ b/lib/libcrypto/bn/bn_div.c @@ -141,6 +141,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, * * <appro@fy.chalmers.se> */ +#undef bn_div_words # define bn_div_words(n0,n1,d0) \ ({ asm volatile ( \ "divl %4" \ @@ -155,6 +156,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, * Same story here, but it's 128-bit by 64-bit division. Wow! * <appro@fy.chalmers.se> */ +# undef bn_div_words # define bn_div_words(n0,n1,d0) \ ({ asm volatile ( \ "divq %4" \ diff --git a/lib/libcrypto/bn/bn_gcd.c b/lib/libcrypto/bn/bn_gcd.c index 4a352119ba8..a808f53178f 100644 --- a/lib/libcrypto/bn/bn_gcd.c +++ b/lib/libcrypto/bn/bn_gcd.c @@ -205,6 +205,7 @@ err: /* solves ax == 1 (mod n) */ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + BIGNUM *BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { diff --git a/lib/libcrypto/bn/bn_lcl.h b/lib/libcrypto/bn/bn_lcl.h index eecfd8cc99e..817c773b659 100644 --- a/lib/libcrypto/bn/bn_lcl.h +++ b/lib/libcrypto/bn/bn_lcl.h @@ -282,16 +282,23 @@ extern "C" { # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ +# if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */ +# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) +# define BN_UMULT_LOHI(low,high,a,b) ({ \ + __uint128_t ret=(__uint128_t)(a)*(b); \ + (high)=ret>>64; (low)=ret; }) +# else +# define BN_UMULT_HIGH(a,b) ({ \ register BN_ULONG ret; \ asm ("dmultu %1,%2" \ : "=h"(ret) \ : "r"(a), "r"(b) : "l"); \ ret; }) -# define BN_UMULT_LOHI(low,high,a,b) \ +# define BN_UMULT_LOHI(low,high,a,b)\ asm ("dmultu %2,%3" \ : "=l"(low),"=h"(high) \ : "r"(a), "r"(b)); +# endif # endif # endif /* cpu */ #endif /* OPENSSL_NO_ASM */ diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c index 7a5676de692..5461e6ee7db 100644 --- a/lib/libcrypto/bn/bn_lib.c +++ b/lib/libcrypto/bn/bn_lib.c @@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} diff --git a/lib/libcrypto/bn/bn_nist.c b/lib/libcrypto/bn/bn_nist.c index 43caee47703..e22968d4a33 100644 --- a/lib/libcrypto/bn/bn_nist.c +++ b/lib/libcrypto/bn/bn_nist.c @@ -286,26 +286,25 @@ const BIGNUM *BN_get0_nist_prime_521(void) } -static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) +static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max) { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); #ifdef BN_DEBUG OPENSSL_assert(top <= max); #endif - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; - for (i = (max) - (top); i != 0; i--) - *_tmp1++ = (BN_ULONG) 0; + for (i = 0; i < top; i++) + dst[i] = src[i]; + for (; i < max; i++) + dst[i] = 0; } -static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) +static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top) { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; + + for (i = 0; i < top; i++) + dst[i] = src[i]; } #if BN_BITS2 == 64 @@ -451,8 +450,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, */ mask = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); mask &= 0-(PTR_SIZE_INT)carry; + res = c_d; res = (BN_ULONG *) - (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask)); + (((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); @@ -479,8 +479,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, int top = a->top, i; int carry; BN_ULONG *r_d, *a_d = a->d; - BN_ULONG buf[BN_NIST_224_TOP], - c_d[BN_NIST_224_TOP], + union { + BN_ULONG bn[BN_NIST_224_TOP]; + unsigned int ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)]; + } buf; + BN_ULONG c_d[BN_NIST_224_TOP], *res; PTR_SIZE_INT mask; union { bn_addsub_f f; PTR_SIZE_INT p; } u; @@ -519,18 +522,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /* copy upper 256 bits of 448 bit number ... */ nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP); /* ... and right shift by 32 to obtain upper 224 bits */ - nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8); + nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8); /* truncate lower part to 224 bits too */ r_d[BN_NIST_224_TOP-1] &= BN_MASK2l; #else - nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); + nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); #endif #if defined(NIST_INT64) && BN_BITS2!=64 { NIST_INT64 acc; /* accumulator */ unsigned int *rp=(unsigned int *)r_d; - const unsigned int *bp=(const unsigned int *)buf; + const unsigned int *bp=(const unsigned int *)buf.ui; acc = rp[0]; acc -= bp[7-7]; acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32; @@ -565,13 +568,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, { BN_ULONG t_d[BN_NIST_224_TOP]; - nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); + nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0); carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); + nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); + nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); + nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); #if BN_BITS2==64 @@ -606,7 +609,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /* otherwise it's effectively same as in BN_nist_mod_192... */ mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); mask &= 0-(PTR_SIZE_INT)carry; - res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + res = c_d; + res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_224_TOP); r->top = BN_NIST_224_TOP; @@ -805,7 +809,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); mask &= 0-(PTR_SIZE_INT)carry; - res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + res = c_d; + res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_256_TOP); r->top = BN_NIST_256_TOP; @@ -1026,7 +1031,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); mask &= 0-(PTR_SIZE_INT)carry; - res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + res = c_d; + res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_384_TOP); r->top = BN_NIST_384_TOP; @@ -1092,7 +1098,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); - res = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) | + res = t_d; + res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d,res,BN_NIST_521_TOP); r->top = BN_NIST_521_TOP; diff --git a/lib/libcrypto/buffer/buffer.c b/lib/libcrypto/buffer/buffer.c index d7aa79ad7f0..d4a4ce43b3f 100644 --- a/lib/libcrypto/buffer/buffer.c +++ b/lib/libcrypto/buffer/buffer.c @@ -179,14 +179,14 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len) return(len); } -void BUF_reverse(unsigned char *out, unsigned char *in, size_t size) +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size) { size_t i; if (in) { out += size - 1; for (i = 0; i < size; i++) - *in++ = *out--; + *out-- = *in++; } else { diff --git a/lib/libcrypto/buffer/buffer.h b/lib/libcrypto/buffer/buffer.h index 178e418282b..f8da32b4850 100644 --- a/lib/libcrypto/buffer/buffer.h +++ b/lib/libcrypto/buffer/buffer.h @@ -88,7 +88,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); char * BUF_strdup(const char *str); char * BUF_strndup(const char *str, size_t siz); void * BUF_memdup(const void *data, size_t siz); -void BUF_reverse(unsigned char *out, unsigned char *in, size_t siz); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); /* safe string functions */ size_t BUF_strlcpy(char *dst,const char *src,size_t siz); diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c index 766ea8cac73..0b77d8b7d0e 100644 --- a/lib/libcrypto/cryptlib.c +++ b/lib/libcrypto/cryptlib.c @@ -504,7 +504,7 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id) CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL)); #else /* For everything else, default to using the address of 'errno' */ - CRYPTO_THREADID_set_pointer(id, &errno); + CRYPTO_THREADID_set_pointer(id, (void*)&errno); #endif } @@ -704,6 +704,7 @@ void OPENSSL_cpuid_setup(void) } else vec = OPENSSL_ia32_cpuid(); + /* * |(1<<10) sets a reserved bit to signal that variable * was initialized already... This is to avoid interference @@ -888,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta,...) #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ - if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) + if (check_winnt() && OPENSSL_isservice() > 0) { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); const TCHAR *pmsg=buf; ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); @@ -924,3 +925,16 @@ void OpenSSLDie(const char *file,int line,const char *assertion) } void *OPENSSL_stderr(void) { return stderr; } + +int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) + { + size_t i; + const unsigned char *a = in_a; + const unsigned char *b = in_b; + unsigned char x = 0; + + for (i = 0; i < len; i++) + x |= a[i] ^ b[i]; + + return x; + } diff --git a/lib/libcrypto/cryptlib.h b/lib/libcrypto/cryptlib.h index 1761f6b6687..d26f9630ead 100644 --- a/lib/libcrypto/cryptlib.h +++ b/lib/libcrypto/cryptlib.h @@ -100,7 +100,7 @@ extern "C" { void OPENSSL_cpuid_setup(void); extern unsigned int OPENSSL_ia32cap_P[]; -void OPENSSL_showfatal(const char *,...); +void OPENSSL_showfatal(const char *fmta,...); void *OPENSSL_stderr(void); extern int OPENSSL_NONPIC_relocated; diff --git a/lib/libcrypto/crypto-lib.com b/lib/libcrypto/crypto-lib.com deleted file mode 100644 index c280aa03a80..00000000000 --- a/lib/libcrypto/crypto-lib.com +++ /dev/null @@ -1,1516 +0,0 @@ -$! -$! CRYPTO-LIB.COM -$! Written By: Robert Byer -$! Vice-President -$! A-Com Computing, Inc. -$! byer@mail.all-net.net -$! -$! Changes by Richard Levitte <richard@levitte.org> -$! Zoltan Arpadffy <arpadffy@polarhome.com> -$! -$! This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" -$! library for OpenSSL. The "xxx" denotes the machine architecture, ALPHA, -$! IA64 or VAX. -$! -$! It was re-written so it would try to determine what "C" compiler to use -$! or you can specify which "C" compiler to use. -$! -$! Specify the following as P1 to build just that part or ALL to just -$! build everything. -$! -$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. -$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE -$! ALL To do both LIBRARY and APPS -$! -$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger -$! information. -$! -$! Specify which compiler at P3 to try to compile under. -$! -$! VAXC For VAX C. -$! DECC For DEC C. -$! GNUC For GNU C. -$! -$! If you don't specify a compiler, it will try to determine which -$! "C" compiler to use. -$! -$! P4, if defined, sets a TCP/IP library to use, through one of the following -$! keywords: -$! -$! UCX For UCX -$! TCPIP For TCPIP (post UCX) -$! SOCKETSHR For SOCKETSHR+NETLIB -$! -$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) -$! -$! P6, if defined, sets a choice of crypto methods to compile. -$! WARNING: this should only be done to recompile some part of an already -$! fully compiled library. -$! -$! P7, if defined, specifies the C pointer size. Ignored on VAX. -$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) -$! Supported values are: -$! -$! "" Compile with default (/NOPOINTER_SIZE) -$! 32 Compile with /POINTER_SIZE=32 (SHORT) -$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]). -$! (Automatically select ARGV if compiler supports it.) -$! 64= Compile with /POINTER_SIZE=64 (LONG). -$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). -$! -$! P8, if defined, specifies a directory where ZLIB files (zlib.h, -$! libz.olb) may be found. Optionally, a non-default object library -$! name may be included ("dev:[dir]libz_64.olb", for example). -$! -$! -$! Announce/identify. -$! -$ proc = f$environment( "procedure") -$ write sys$output "@@@ "+ - - f$parse( proc, , , "name")+ f$parse( proc, , , "type") -$! -$! Define A TCP/IP Library That We Will Need To Link To. -$! (That Is, If We Need To Link To One.) -$! -$ TCPIP_LIB = "" -$ ZLIB_LIB = "" -$! -$! Check Which Architecture We Are Using. -$! -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$! -$! The Architecture Is VAX -$! -$ ARCH = "VAX" -$! -$! Else... -$! -$ ELSE -$! -$! The Architecture Is Alpha, IA64 or whatever comes in the future. -$! -$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") -$ IF (ARCH .EQS. "") THEN ARCH = "UNK" -$! -$! End The Architecture Check. -$! -$ ENDIF -$! -$ ARCHD = ARCH -$ LIB32 = "32" -$ OPT_FILE = "" -$ POINTER_SIZE = "" -$! -$! Define The Different Encryption Types. -$! NOTE: Some might think this list ugly. However, it's made this way to -$! reflect the SDIRS variable in [-]Makefile.org as closely as possible, -$! thereby making it fairly easy to verify that the lists are the same. -$! -$ ET_WHIRLPOOL = "WHRLPOOL" -$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = "" -$ ENCRYPT_TYPES = "Basic,"+ - - "OBJECTS,"+ - - "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ - - "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ - - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ - - "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - - "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ - - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - - "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC" -$! -$! Check To Make Sure We Have Valid Command Line Parameters. -$! -$ GOSUB CHECK_OPTIONS -$! -$! Define The OBJ and EXE Directories. -$! -$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO] -$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO] -$! -$! Specify the destination directory in any /MAP option. -$! -$ if (LINKMAP .eqs. "MAP") -$ then -$ LINKMAP = LINKMAP+ "=''EXE_DIR'" -$ endif -$! -$! Add the location prefix to the linker options file name. -$! -$ if (OPT_FILE .nes. "") -$ then -$ OPT_FILE = EXE_DIR+ OPT_FILE -$ endif -$! -$! Initialise logical names and such -$! -$ GOSUB INITIALISE -$! -$! Tell The User What Kind of Machine We Run On. -$! -$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" -$! -$! -$! Check To See If The Architecture Specific OBJ Directory Exists. -$! -$ IF (F$PARSE(OBJ_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIR 'OBJ_DIR' -$! -$! End The Architecture Specific OBJ Directory Check. -$! -$ ENDIF -$! -$! Check To See If The Architecture Specific Directory Exists. -$! -$ IF (F$PARSE(EXE_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIRECTORY 'EXE_DIR' -$! -$! End The Architecture Specific Directory Check. -$! -$ ENDIF -$! -$! Define The Library Name. -$! -$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB -$! -$! Define The CRYPTO-LIB We Are To Use. -$! -$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB -$! -$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library... -$! -$ IF (F$SEARCH(LIB_NAME).EQS."") -$ THEN -$! -$! Guess Not, Create The Library. -$! -$ LIBRARY/CREATE/OBJECT 'LIB_NAME' -$! -$! End The Library Check. -$! -$ ENDIF -$! -$! Build our options file for the application -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Define The Different Encryption "library" Strings. -$! -$ APPS_DES = "DES/DES,CBC3_ENC" -$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" -$ -$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ - - "ebcdic,uid,o_time,o_str,o_dir,o_fips.c,o_init,fips_ers" -$ LIB_MD2 = "md2_dgst,md2_one" -$ LIB_MD4 = "md4_dgst,md4_one" -$ LIB_MD5 = "md5_dgst,md5_one" -$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512" -$ LIB_MDC2 = "mdc2dgst,mdc2_one" -$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth" -$ LIB_RIPEMD = "rmd_dgst,rmd_one" -$ LIB_WHRLPOOL = "wp_dgst,wp_block" -$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - - "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - - "enc_read,enc_writ,ofb64enc,"+ - - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - - "des_enc,fcrypt_b,"+ - - "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ - - "ede_cbcm_enc,des_old,des_old2,read2pwd" -$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64" -$ LIB_RC4 = "rc4_skey,rc4_enc,rc4_utl" -$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64" -$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey" -$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64" -$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" -$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ - - "cmll_cfb,cmll_ctr,cmll_utl" -$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb" -$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ - - "ccm128,xts128" -$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" -$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN - - LIB_BN_ASM = "bn_asm" -$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - - "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - - "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - - "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - - "bn_depr,bn_const,bn_x931p" -$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - - "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - - "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn,"+ - - "ecp_nistp224,ecp_nistp256,ecp_nistp521,ecp_nistputil,"+ - - "ecp_oct,ec2_oct,ec_oct" -$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - - "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - - "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ - - "rsa_pmeth,rsa_crpt" -$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ - - "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn" -$ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err" -$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ - - "dh_ameth,dh_pmeth,dh_prn" -$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err" -$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - - "dso_openssl,dso_win32,dso_vms,dso_beos" -$ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - - "eng_table,eng_pkey,eng_fat,eng_all,"+ - - "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ - - "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ - - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,"+ - - "eng_rsax,eng_rdrand" -$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ - - "aes_ige,aes_wrap" -$ LIB_BUFFER = "buffer,buf_str,buf_err" -$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - - "bss_mem,bss_null,bss_fd,"+ - - "bss_file,bss_sock,bss_conn,"+ - - "bf_null,bf_buff,b_print,b_dump,"+ - - "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ - - "bss_dgram,"+ - - "bf_lbuf" -$ LIB_STACK = "stack" -$ LIB_LHASH = "lhash,lh_stats" -$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - - "rand_vms" -$ LIB_ERR = "err,err_all,err_prn" -$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref" -$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ - - "e_des,e_bf,e_idea,e_des3,e_camellia,"+ - - "e_rc4,e_aes,names,e_seed,"+ - - "e_xcbc_d,e_rc2,e_cast,e_rc5" -$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + - - "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ - - "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - - "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ - - "c_all,c_allc,c_alld,evp_lib,bio_ok,"+- - "evp_pkey,evp_pbe,p5_crpt,p5_crpt2" -$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,evp_fips,"+ - - "e_aes_cbc_hmac_sha1,e_rc4_hmac_md5" -$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - - "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ - - "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ - - "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ - - "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ - - "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr" -$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - - "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - - "tasn_prn,ameth_lib,"+ - - "f_int,f_string,n_pkey,"+ - - "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ - - "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ - - "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" -$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - - "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt" -$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ - - "x509_obj,x509_req,x509spki,x509_vfy,"+ - - "x509_set,x509cset,x509rset,x509_err,"+ - - "x509name,x509_v3,x509_ext,x509_att,"+ - - "x509type,x509_lu,x_all,x509_txt,"+ - - "x509_trs,by_file,by_dir,x509_vpm" -$ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - - "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - - "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - - "v3_ocsp,v3_akeya,v3_pmaps,v3_pcons,v3_ncons,v3_pcia,v3_pci,"+ - - "pcy_cache,pcy_node,pcy_data,pcy_map,pcy_tree,pcy_lib,"+ - - "v3_asid,v3_addr" -$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" -$ LIB_TXT_DB = "txt_db" -$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - - "pk7_mime,bio_pk7" -$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - - "p12_init,p12_key,p12_kiss,p12_mutl,"+ - - "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" -$ LIB_COMP = "comp_lib,comp_err,"+ - - "c_rle,c_zlib" -$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - - "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" -$ LIB_UI_COMPAT = ",ui_compat" -$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT -$ LIB_KRB5 = "krb5_asn" -$ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - - "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ - - "cms_pwri" -$ LIB_PQUEUE = "pqueue" -$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ - - "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ - - "ts_asn1" -$ LIB_JPAKE = "jpake,jpake_err" -$ LIB_SRP = "srp_lib,srp_vfy" -$ LIB_STORE = "str_err,str_lib,str_meth,str_mem" -$ LIB_CMAC = "cmac,cm_ameth.c,cm_pmeth" -$! -$! Setup exceptional compilations -$! -$ CC3_SHOWN = 0 -$ CC4_SHOWN = 0 -$ CC5_SHOWN = 0 -$ CC6_SHOWN = 0 -$! -$! The following lists must have leading and trailing commas, and no -$! embedded spaces. (They are scanned for ",name,".) -$! -$ ! Add definitions for no threads on OpenVMS 7.1 and higher. -$ COMPILEWITH_CC3 = ",bss_rtcp," -$ ! Disable the DOLLARID warning. Not needed with /STANDARD=RELAXED. -$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir," -$ ! Disable disjoint optimization on VAX with DECC. -$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - - "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc," -$ ! Disable the MIXLINKAGE warning. -$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key," -$! -$! Figure Out What Other Modules We Are To Build. -$! -$ BUILD_SET: -$! -$! Define A Module Counter. -$! -$ MODULE_COUNTER = 0 -$! -$! Top Of The Loop. -$! -$ MODULE_NEXT: -$! -$! Extract The Module Name From The Encryption List. -$! -$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES) -$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = "" -$ MODULE_NAME1 = MODULE_NAME -$! -$! Check To See If We Are At The End Of The Module List. -$! -$ IF (MODULE_NAME.EQS.",") -$ THEN -$! -$! We Are At The End Of The Module List, Go To MODULE_DONE. -$! -$ GOTO MODULE_DONE -$! -$! End The Module List Check. -$! -$ ENDIF -$! -$! Increment The Moudle Counter. -$! -$ MODULE_COUNTER = MODULE_COUNTER + 1 -$! -$! Create The Library and Apps Module Names. -$! -$ LIB_MODULE = "LIB_" + MODULE_NAME -$ APPS_MODULE = "APPS_" + MODULE_NAME -$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_") -$ THEN -$ MODULE_NAME = "ASN1" -$ ENDIF -$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_") -$ THEN -$ MODULE_NAME = "EVP" -$ ENDIF -$! -$! Set state (can be LIB and APPS) -$! -$ STATE = "LIB" -$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS" -$! -$! Check if the library module name actually is defined -$! -$ IF F$TYPE('LIB_MODULE') .EQS. "" -$ THEN -$ WRITE SYS$ERROR "" -$ WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist. Continuing..." -$ WRITE SYS$ERROR "" -$ GOTO MODULE_NEXT -$ ENDIF -$! -$! Top Of The Module Loop. -$! -$ MODULE_AGAIN: -$! -$! Tell The User What Module We Are Building. -$! -$ IF (MODULE_NAME1.NES."") -$ THEN -$ IF STATE .EQS. "LIB" -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")" -$ ELSE IF F$TYPE('APPS_MODULE') .NES. "" -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")" -$ ENDIF -$ ENDIF -$ ENDIF -$! -$! Define A File Counter And Set It To "0". -$! -$ FILE_COUNTER = 0 -$ APPLICATION = "" -$ APPLICATION_COUNTER = 0 -$! -$! Top Of The File Loop. -$! -$ NEXT_FILE: -$! -$! Look in the LIB_MODULE is we're in state LIB -$! -$ IF STATE .EQS. "LIB" -$ THEN -$! -$! O.K, Extract The File Name From The File List. -$! -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE') -$! -$! else -$! -$ ELSE -$ FILE_NAME = "," -$! -$ IF F$TYPE('APPS_MODULE') .NES. "" -$ THEN -$! -$! Extract The File Name From The File List. -$! This part is a bit more complicated. -$! -$ IF APPLICATION .EQS. "" -$ THEN -$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE') -$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1 -$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION) -$ APPLICATION = F$ELEMENT(0,"/",APPLICATION) -$ FILE_COUNTER = 0 -$ ENDIF -$ -$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*" -$! SHOW SYMBOL APPLICATION* -$! -$ IF APPLICATION .NES. ";" -$ THEN -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS) -$ IF FILE_NAME .EQS. "," -$ THEN -$ APPLICATION = "" -$ GOTO NEXT_FILE -$ ENDIF -$ ENDIF -$ ENDIF -$ ENDIF -$! -$! Check To See If We Are At The End Of The File List. -$! -$ IF (FILE_NAME.EQS.",") -$ THEN -$! -$! We Are At The End Of The File List, Change State Or Goto FILE_DONE. -$! -$ IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY" -$ THEN -$ STATE = "APPS" -$ GOTO MODULE_AGAIN -$ ELSE -$ GOTO FILE_DONE -$ ENDIF -$! -$! End The File List Check. -$! -$ ENDIF -$! -$! Increment The Counter. -$! -$ FILE_COUNTER = FILE_COUNTER + 1 -$! -$! Create The Source File Name. -$! -$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME) -$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME -$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN - - FILE_NAME = FILE_NAME + ".c" -$ IF (MODULE_NAME.NES."") -$ THEN -$ SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME -$ ELSE -$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME -$ ENDIF -$ SOURCE_FILE = SOURCE_FILE - "][" -$! -$! Create The Object File Name. -$! -$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ" -$ ON WARNING THEN GOTO NEXT_FILE -$! -$! Check To See If The File We Want To Compile Is Actually There. -$! -$ IF (F$SEARCH(SOURCE_FILE).EQS."") -$ THEN -$! -$! Tell The User That The File Doesn't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The File Exist Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The File. -$! -$ IF (MODULE_NAME.EQS."") -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File. (",BUILDALL,",",STATE,")" -$ ENDIF -$ IF (MODULE_NAME.NES."") -$ THEN -$ WRITE SYS$OUTPUT " ",FILE_NAME,"" -$ ENDIF -$! -$! Compile The File. -$! -$ ON ERROR THEN GOTO NEXT_FILE -$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ "," -$ IF FILE_NAME - ".mar" .NES. FILE_NAME -$ THEN -$ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3 -$ THEN -$ write sys$output " \Using special rule (3)" -$ if (.not. CC3_SHOWN) -$ then -$ CC3_SHOWN = 1 -$ x = " "+ CC3 -$ write /symbol sys$output x -$ endif -$ CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4 -$ THEN -$ write /symbol sys$output " \Using special rule (4)" -$ if (.not. CC4_SHOWN) -$ then -$ CC4_SHOWN = 1 -$ x = " "+ CC4 -$ write /symbol sys$output x -$ endif -$ CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ IF CC5_DIFFERENT .AND. - - (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5) -$ THEN -$ write sys$output " \Using special rule (5)" -$ if (.not. CC5_SHOWN) -$ then -$ CC5_SHOWN = 1 -$ x = " "+ CC5 -$ write /symbol sys$output x -$ endif -$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6 -$ THEN -$ write sys$output " \Using special rule (6)" -$ if (.not. CC6_SHOWN) -$ then -$ CC6_SHOWN = 1 -$ x = " "+ CC6 -$ write /symbol sys$output x -$ endif -$ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ENDIF -$ ENDIF -$ ENDIF -$ ENDIF -$ ENDIF -$ IF STATE .EQS. "LIB" -$ THEN -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE' -$! -$! Time To Clean Up The Object File. -$! -$ DELETE 'OBJECT_FILE';* -$ ENDIF -$! -$! Go Back And Do It Again. -$! -$ GOTO NEXT_FILE -$! -$! All Done With This Library Part. -$! -$ FILE_DONE: -$! -$! Time To Build Some Applications -$! -$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY" -$ THEN -$ APPLICATION_COUNTER = 0 -$ NEXT_APPLICATION: -$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE') -$ IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE -$ -$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1 -$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION) -$ APPLICATION = F$ELEMENT(0,"/",APPLICATION) -$ -$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*" -$! SHOW SYMBOL APPLICATION* -$! -$! Tell the user what happens -$! -$ WRITE SYS$OUTPUT " ",APPLICATION,".exe" -$! -$! Link The Program. -$! -$ ON ERROR THEN GOTO NEXT_APPLICATION -$! -$! Link With A TCP/IP Library. -$! -$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' - - /EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY - - 'TCPIP_LIB' - - 'ZLIB_LIB' - - ,'OPT_FILE' /OPTIONS -$! -$ GOTO NEXT_APPLICATION -$ APPLICATION_DONE: -$ ENDIF -$! -$! Go Back And Get The Next Module. -$! -$ GOTO MODULE_NEXT -$! -$! All Done With This Module. -$! -$ MODULE_DONE: -$! -$! Tell The User That We Are All Done. -$! -$ WRITE SYS$OUTPUT "All Done..." -$ EXIT: -$ GOSUB CLEANUP -$ EXIT -$! -$! Check For The Link Option FIle. -$! -$ CHECK_OPT_FILE: -$! -$! Check To See If We Need To Make A VAX C Option File. -$! -$ IF (COMPILER.EQS."VAXC") -$ THEN -$! -$! Check To See If We Already Have A VAX C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A VAX C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Against -! The Sharable VAX C Runtime Library. -! -SYS$SHARE:VAXCRTL.EXE/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The VAXC Check. -$! -$ ENDIF -$! -$! Check To See If We Need A GNU C Option File. -$! -$ IF (COMPILER.EQS."GNUC") -$ THEN -$! -$! Check To See If We Already Have A GNU C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A GNU C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Against -! The Sharable C Runtime Library. -! -GNU_CC:[000000]GCCLIB/LIBRARY -SYS$SHARE:VAXCRTL/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Check To See If We Need A DEC C Option File. -$! -$ IF (COMPILER.EQS."DECC") -$ THEN -$! -$! Check To See If We Already Have A DEC C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! Figure Out If We Need A non-VAX Or A VAX Linker Option File. -$! -$ IF ARCH .EQS. "VAX" -$ THEN -$! -$! We Need A DEC C Linker Option File For VAX. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Against -! The Sharable DEC C Runtime Library. -! -SYS$SHARE:DECC$SHR.EXE/SHARE -$EOD -$! -$! Else... -$! -$ ELSE -$! -$! Create The non-VAX Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File For non-VAX To Link Against -! The Sharable C Runtime Library. -! -SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE -SYS$SHARE:CMA$OPEN_RTL/SHARE -$EOD -$! -$! End The DEC C Option File Check. -$! -$ ENDIF -$! -$! End The Option File Search. -$! -$ ENDIF -$! -$! End The DEC C Check. -$! -$ ENDIF -$! -$! Tell The User What Linker Option File We Are Using. -$! -$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." -$! -$! Time To RETURN. -$! -$ RETURN -$! -$! Check The User's Options. -$! -$ CHECK_OPTIONS: -$! -$! Check To See If P1 Is Blank. -$! -$ IF (P1.EQS."ALL") -$ THEN -$! -$! P1 Is Blank, So Build Everything. -$! -$ BUILDALL = "TRUE" -$! -$! Else... -$! -$ ELSE -$! -$! Else, Check To See If P1 Has A Valid Argument. -$! -$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS") -$ THEN -$! -$! A Valid Argument. -$! -$ BUILDALL = P1 -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALL : Just Build Everything." -$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library." -$ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs." -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALPHA[64]: Alpha Architecture." -$ WRITE SYS$OUTPUT " IA64[64] : IA64 Architecture." -$ WRITE SYS$OUTPUT " VAX : VAX Architecture." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Argument Check. -$! -$ ENDIF -$! -$! End The P1 Check. -$! -$ ENDIF -$! -$! Check To See If P2 Is Blank. -$! -$ IF (P2.EQS."NODEBUG") -$ THEN -$! -$! P2 Is NODEBUG, So Compile Without The Debugger Information. -$! -$ DEBUGGER = "NODEBUG" -$ LINKMAP = "NOMAP" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ MACRO_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." -$ ELSE -$! -$! Check To See If We Are To Compile With Debugger Information. -$! -$ IF (P2.EQS."DEBUG") -$ THEN -$! -$! Compile With Debugger Information. -$! -$ DEBUGGER = "DEBUG" -$ LINKMAP = "MAP" -$ TRACEBACK = "TRACEBACK" -$ GCC_OPTIMIZE = "NOOPTIMIZE" -$ CC_OPTIMIZE = "NOOPTIMIZE" -$ MACRO_OPTIMIZE = "NOOPTIMIZE" -$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." -$ ELSE -$! -$! They Entered An Invalid Option. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." -$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Argument Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Special Threads For OpenVMS v7.1 Or Later -$! -$! Written By: Richard Levitte -$! richard@levitte.org -$! -$! -$! Check To See If We Have A Option For P5. -$! -$ IF (P5.EQS."") -$ THEN -$! -$! Get The Version Of VMS We Are Using. -$! -$ ISSEVEN := -$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION"))) -$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP)) -$! -$! Check To See If The VMS Version Is v7.1 Or Later. -$! -$ IF (TMP.GE.71) -$ THEN -$! -$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads. -$! -$ ISSEVEN := ,PTHREAD_USE_D4 -$! -$! End The VMS Version Check. -$! -$ ENDIF -$! -$! End The P5 Check. -$! -$ ENDIF -$! -$! Check P7 (POINTER_SIZE). -$! -$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX") -$ THEN -$! -$ IF (P7 .EQS. "32") -$ THEN -$ POINTER_SIZE = " /POINTER_SIZE=32" -$ ELSE -$ POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE") -$ IF ((POINTER_SIZE .EQS. "64") .OR. - - (POINTER_SIZE .EQS. "64=") .OR. - - (POINTER_SIZE .EQS. "64=ARGV")) -$ THEN -$ ARCHD = ARCH+ "_64" -$ LIB32 = "" -$ POINTER_SIZE = " /POINTER_SIZE=64" -$ ELSE -$! -$! Tell The User Entered An Invalid Option. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ", P7, - - " Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT - - " """" : Compile with default (short) pointers." -$ WRITE SYS$OUTPUT - - " 32 : Compile with 32-bit (short) pointers." -$ WRITE SYS$OUTPUT - - " 64 : Compile with 64-bit (long) pointers (auto ARGV)." -$ WRITE SYS$OUTPUT - - " 64= : Compile with 64-bit (long) pointers (no ARGV)." -$ WRITE SYS$OUTPUT - - " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$ ENDIF -$! -$ ENDIF -$! -$! End The P7 (POINTER_SIZE) Check. -$! -$ ENDIF -$! -$! Set basic C compiler /INCLUDE directories. -$! -$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ - - "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.MODES],SYS$DISK:[.ASN1],SYS$DISK:[.EVP]" -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."") -$ THEN -$! -$! O.K., The User Didn't Specify A Compiler, Let's Try To -$! Find Out Which One To Use. -$! -$! Check To See If We Have GNU C. -$! -$ IF (F$TRNLNM("GNU_CC").NES."") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ P3 = "GNUC" -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Have VAXC Or DECC. -$! -$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ P3 = "DECC" -$! -$! Else... -$! -$ ELSE -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ P3 = "VAXC" -$! -$! End The VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The DECC & VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The Compiler Check. -$! -$ ENDIF -$! -$! Check To See If We Have A Option For P4. -$! -$ IF (P4.EQS."") -$ THEN -$! -$! Find out what socket library we have available -$! -$ IF F$PARSE("SOCKETSHR:") .NES. "" -$ THEN -$! -$! We have SOCKETSHR, and it is my opinion that it's the best to use. -$! -$ P4 = "SOCKETSHR" -$! -$! Tell the user -$! -$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP" -$! -$! Else, let's look for something else -$! -$ ELSE -$! -$! Like UCX (the reason to do this before Multinet is that the UCX -$! emulation is easier to use...) -$! -$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" - - .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" - - .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. "" -$ THEN -$! -$! Last resort: a UCX or UCX-compatible library -$! -$ P4 = "UCX" -$! -$! Tell the user -$! -$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP" -$! -$! That was all... -$! -$ ENDIF -$ ENDIF -$ ENDIF -$! -$! Set Up Initial CC Definitions, Possibly With User Ones -$! -$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS" -$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS -$ CCEXTRAFLAGS = "" -$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" -$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS -$! -$! Check To See If We Have A ZLIB Option. -$! -$ ZLIB = P8 -$ IF (ZLIB .NES. "") -$ THEN -$! -$! Check for expected ZLIB files. -$! -$ err = 0 -$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") -$ if (f$search( file1) .eqs. "") -$ then -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." -$ WRITE SYS$OUTPUT " Can't find header: ''file1'" -$ err = 1 -$ endif -$ file1 = f$parse( "A.;", ZLIB)- "A.;" -$! -$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") -$ if (f$search( file2) .eqs. "") -$ then -$ if (err .eq. 0) -$ then -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." -$ endif -$ WRITE SYS$OUTPUT " Can't find library: ''file2'" -$ WRITE SYS$OUTPUT "" -$ err = err+ 2 -$ endif -$ if (err .eq. 1) -$ then -$ WRITE SYS$OUTPUT "" -$ endif -$! -$ if (err .ne. 0) -$ then -$ EXIT -$ endif -$! -$ CCDEFS = """ZLIB=1"", "+ CCDEFS -$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 -$ ZLIB_LIB = ", ''file2' /library" -$! -$! Print info -$! -$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 -$! -$! End The ZLIB Check. -$! -$ ENDIF -$! -$! Check To See If The User Entered A Valid Parameter. -$! -$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") -$ THEN -$! -$! Check To See If The User Wanted DECC. -$! -$ IF (P3.EQS."DECC") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ COMPILER = "DECC" -$! -$! Tell The User We Are Using DECC. -$! -$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler." -$! -$! Use DECC... -$! -$ CC = "CC" -$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - - THEN CC = "CC/DECC" -$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - - "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - - " /INCLUDE=(''CC_INCLUDES')"+ - - CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" -$! -$! End DECC Check. -$! -$ ENDIF -$! -$! Check To See If We Are To Use VAXC. -$! -$ IF (P3.EQS."VAXC") -$ THEN -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ COMPILER = "VAXC" -$! -$! Tell The User We Are Using VAX C. -$! -$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler." -$! -$! Compile Using VAXC. -$! -$ CC = "CC" -$ IF ARCH.NES."VAX" -$ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" -$ EXIT -$ ENDIF -$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(''CC_INCLUDES')"+ - - CCEXTRAFLAGS -$ CCDEFS = """VAXC""," + CCDEFS -$! -$! Define <sys> As SYS$COMMON:[SYSLIB] -$! -$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" -$! -$! End VAXC Check -$! -$ ENDIF -$! -$! Check To See If We Are To Use GNU C. -$! -$ IF (P3.EQS."GNUC") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ COMPILER = "GNUC" -$! -$! Tell The User We Are Using GNUC. -$! -$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." -$! -$! Use GNU C... -$! -$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(''CC_INCLUDES')"+ - - CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Set up default defines -$! -$ CCDEFS = """FLAT_INC=1""," + CCDEFS -$! -$! Finish up the definition of CC. -$! -$ IF COMPILER .EQS. "DECC" -$ THEN -$ IF CCDISABLEWARNINGS .EQS. "" -$ THEN -$ CC4DISABLEWARNINGS = "DOLLARID" -$ CC6DISABLEWARNINGS = "MIXLINKAGE" -$ ELSE -$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" -$ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE" -$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" -$ ENDIF -$ CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" -$ CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))" -$ ELSE -$ CCDISABLEWARNINGS = "" -$ CC4DISABLEWARNINGS = "" -$ CC6DISABLEWARNINGS = "" -$ ENDIF -$ CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS -$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS -$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG" -$ THEN -$ CC5 = CC + " /OPTIMIZE=NODISJOINT" -$ CC5_DIFFERENT = 1 -$ ELSE -$ CC5 = CC -$ CC5_DIFFERENT = 0 -$ ENDIF -$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS -$ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS -$! -$! Show user the result -$! -$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC -$! -$! Else The User Entered An Invalid Argument. -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." -$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." -$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Argument Check. -$! -$ ENDIF -$! -$! Build a MACRO command for the architecture at hand -$! -$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'" -$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" -$! -$! Show user the result -$! -$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO -$! -$! Time to check the contents, and to make sure we get the correct library. -$! -$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - - .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" -$ THEN -$! -$! Check to see if SOCKETSHR was chosen -$! -$ IF P4.EQS."SOCKETSHR" -$ THEN -$! -$! Set the library to use SOCKETSHR -$! -$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" -$! -$! Done with SOCKETSHR -$! -$ ENDIF -$! -$! Check to see if MULTINET was chosen -$! -$ IF P4.EQS."MULTINET" -$ THEN -$! -$! Set the library to use UCX emulation. -$! -$ P4 = "UCX" -$! -$! Done with MULTINET -$! -$ ENDIF -$! -$! Check to see if UCX was chosen -$! -$ IF P4.EQS."UCX" -$ THEN -$! -$! Set the library to use UCX. -$! -$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" -$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -$ THEN -$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" -$ ELSE -$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" -$ ENDIF -$! -$! Done with UCX -$! -$ ENDIF -$! -$! Check to see if TCPIP was chosen -$! -$ IF P4.EQS."TCPIP" -$ THEN -$! -$! Set the library to use TCPIP (post UCX). -$! -$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" -$! -$! Done with TCPIP -$! -$ ENDIF -$! -$! Check to see if NONE was chosen -$! -$ IF P4.EQS."NONE" -$ THEN -$! -$! Do not use a TCPIP library. -$! -$ TCPIP_LIB = "" -$! -$! Done with TCPIP -$! -$ ENDIF -$! -$! Print info -$! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," -$! -$! Else The User Entered An Invalid Argument. -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." -$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." -$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! Done with TCP/IP libraries -$! -$ ENDIF -$! -$! Check if the user wanted to compile just a subset of all the encryption -$! methods. -$! -$ IF P6 .NES. "" -$ THEN -$ ENCRYPT_TYPES = P6 -$ ENDIF -$! -$! Time To RETURN... -$! -$ RETURN -$! -$ INITIALISE: -$! -$! Save old value of the logical name OPENSSL -$! -$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE") -$! -$! Save directory information -$! -$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;" -$ __HERE = F$EDIT(__HERE,"UPCASE") -$ __TOP = __HERE - "CRYPTO]" -$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" -$! -$! Set up the logical name OPENSSL to point at the include directory -$! -$ DEFINE OPENSSL/NOLOG '__INCLUDE' -$! -$! Done -$! -$ RETURN -$! -$ CLEANUP: -$! -$! Restore the logical name OPENSSL if it had a value -$! -$ IF __SAVE_OPENSSL .EQS. "" -$ THEN -$ DEASSIGN OPENSSL -$ ELSE -$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL' -$ ENDIF -$! -$! Done -$! -$ RETURN diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h index 6aeda0a9ace..f92fc5182d9 100644 --- a/lib/libcrypto/crypto.h +++ b/lib/libcrypto/crypto.h @@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), long (**go)(void)); void *CRYPTO_malloc_locked(int num, const char *file, int line); -void CRYPTO_free_locked(void *); +void CRYPTO_free_locked(void *ptr); void *CRYPTO_malloc(int num, const char *file, int line); char *CRYPTO_strdup(const char *str, const char *file, int line); -void CRYPTO_free(void *); +void CRYPTO_free(void *ptr); void *CRYPTO_realloc(void *addr,int num, const char *file, int line); void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, int line); @@ -574,6 +574,13 @@ void OPENSSL_init(void); #define fips_cipher_abort(alg) while(0) #endif +/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It + * takes an amount of time dependent on |len|, but independent of the contents + * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a + * defined order as the return value when a != b is undefined, other than to be + * non-zero. */ +int CRYPTO_memcmp(const void *a, const void *b, size_t len); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/lib/libcrypto/des/des-lib.com b/lib/libcrypto/des/des-lib.com deleted file mode 100644 index 348f1c04709..00000000000 --- a/lib/libcrypto/des/des-lib.com +++ /dev/null @@ -1,1005 +0,0 @@ -$! -$! DES-LIB.COM -$! Written By: Robert Byer -$! Vice-President -$! A-Com Computing, Inc. -$! byer@mail.all-net.net -$! -$! Changes by Richard Levitte <richard@levitte.org> -$! -$! This command files compiles and creates the -$! "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library. The "xxx" denotes the machine -$! architecture of ALPHA, IA64 or VAX. -$! -$! It was re-written to try to determine which "C" compiler to try to use -$! or the user can specify a compiler in P3. -$! -$! Specify one of the following to build just that part, specify "ALL" to -$! just build everything. -$! -$! ALL To Just Build "Everything". -$! LIBRARY To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library. -$! DESTEST To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program. -$! SPEED To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program. -$! RPW To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program. -$! DES To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program. -$! DES_OPTS To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program. -$! -$! Specify either DEBUG or NODEBUG as P2 to compile with or without -$! debugging information. -$! -$! Specify which compiler at P3 to try to compile under. -$! -$! VAXC For VAX C. -$! DECC For DEC C. -$! GNUC For GNU C. -$! -$! If you don't speficy a compiler, it will try to determine which -$! "C" compiler to try to use. -$! -$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) -$! -$! -$! Make sure we know what architecture we run on. -$! -$! -$! Check Which Architecture We Are Using. -$! -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$! -$! The Architecture Is VAX -$! -$ ARCH := VAX -$! -$! Else... -$! -$ ELSE -$! -$! The Architecture Is Alpha, IA64 or whatever comes in the future. -$! -$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") -$ IF (ARCH .EQS. "") THEN ARCH = "UNK" -$! -$! End The Architecture Check. -$! -$ ENDIF -$! -$! Define The OBJ Directory Name. -$! -$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES] -$! -$! Define The EXE Directory Name. -$! -$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES] -$! -$! Check To Make Sure We Have Valid Command Line Parameters. -$! -$ GOSUB CHECK_OPTIONS -$! -$! Tell The User What Kind of Machine We Run On. -$! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." -$! -$! Check To See If The Architecture Specific OBJ Directory Exists. -$! -$ IF (F$PARSE(OBJ_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIR 'OBJ_DIR' -$! -$! End The Architecture Specific OBJ Directory Check. -$! -$ ENDIF -$! -$! Check To See If The Architecture Specific Directory Exists. -$! -$ IF (F$PARSE(EXE_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIR 'EXE_DIR' -$! -$! End The Architecture Specific Directory Check. -$! -$ ENDIF -$! -$! Define The Library Name. -$! -$ LIB_NAME := 'EXE_DIR'LIBDES.OLB -$! -$! Check To See What We Are To Do. -$! -$ IF (BUILDALL.EQS."TRUE") -$ THEN -$! -$! Since Nothing Special Was Specified, Do Everything. -$! -$ GOSUB LIBRARY -$ GOSUB DESTEST -$ GOSUB SPEED -$ GOSUB RPW -$ GOSUB DES -$ GOSUB DES_OPTS -$! -$! Else... -$! -$ ELSE -$! -$! Build Just What The User Wants Us To Build. -$! -$ GOSUB 'BUILDALL' -$! -$! End The BUILDALL Check. -$! -$ ENDIF -$! -$! Time To EXIT. -$! -$ EXIT -$ LIBRARY: -$! -$! Tell The User That We Are Compiling. -$! -$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files." -$! -$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library... -$! -$ IF (F$SEARCH(LIB_NAME).EQS."") -$ THEN -$! -$! Guess Not, Create The Library. -$! -$ LIBRARY/CREATE/OBJECT 'LIB_NAME' -$! -$! End The Library Exist Check. -$! -$ ENDIF -$! -$! Define The DES Library Files. -$! -$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - - "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - - "enc_read,enc_writ,ofb64enc,"+ - - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - - "des_enc,fcrypt_b,read2pwd,"+ - - "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp" -$! -$! Define A File Counter And Set It To "0". -$! -$ FILE_COUNTER = 0 -$! -$! Top Of The File Loop. -$! -$ NEXT_FILE: -$! -$! O.K, Extract The File Name From The File List. -$! -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES) -$! -$! Check To See If We Are At The End Of The File List. -$! -$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE -$! -$! Increment The Counter. -$! -$ FILE_COUNTER = FILE_COUNTER + 1 -$! -$! Create The Source File Name. -$! -$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C" -$! -$! Tell The User We Are Compiling The Source File. -$! -$ WRITE SYS$OUTPUT " ",FILE_NAME,".C" -$! -$! Create The Object File Name. -$! -$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ" -$ ON WARNING THEN GOTO NEXT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH(SOURCE_FILE).EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The File Exists Check. -$! -$ ENDIF -$! -$! Compile The File. -$! -$ ON ERROR THEN GOTO NEXT_FILE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE' -$! -$! Time To Clean Up The Object File. -$! -$ DELETE 'OBJECT_FILE';* -$! -$! Go Back And Do It Again. -$! -$ GOTO NEXT_FILE -$! -$! All Done With This Library Part. -$! -$ FILE_DONE: -$! -$! Tell The User That We Are All Done. -$! -$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built." -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The DESTEST Program. -$! -$ DESTEST: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The DESTEST.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE" -$! -$! Compile The DESTEST Program. -$! -$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C -$! -$! Link The DESTEST Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE - - 'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The SPEED Program. -$! -$ SPEED: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The SPEED.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE" -$! -$! Compile The SPEED Program. -$! -$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C -$! -$! Link The SPEED Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE - - 'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The RPW Program. -$! -$ RPW: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The RPW.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE" -$! -$! Compile The RPW Program. -$! -$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C -$! -$! Link The RPW Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE - - 'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The DES Program. -$! -$ DES: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File DES.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The DES.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE" -$! -$! Compile The DES Program. -$! -$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C -$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C -$! -$! Link The DES Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE - - 'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,- - 'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The DES_OPTS Program. -$! -$ DES_OPTS: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The DES_OPTS.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE" -$! -$! Compile The DES_OPTS Program. -$! -$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C -$! -$! Link The DES_OPTS Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE - - 'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$ EXIT -$! -$! Check For The Link Option FIle. -$! -$ CHECK_OPT_FILE: -$! -$! Check To See If We Need To Make A VAX C Option File. -$! -$ IF (COMPILER.EQS."VAXC") -$ THEN -$! -$! Check To See If We Already Have A VAX C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A VAX C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable VAX C Runtime Library. -! -SYS$SHARE:VAXCRTL.EXE/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The VAXC Check. -$! -$ ENDIF -$! -$! Check To See If We Need A GNU C Option File. -$! -$ IF (COMPILER.EQS."GNUC") -$ THEN -$! -$! Check To See If We Already Have A GNU C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A GNU C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable C Runtime Library. -! -GNU_CC:[000000]GCCLIB/LIBRARY -SYS$SHARE:VAXCRTL/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Check To See If We Need A DEC C Option File. -$! -$ IF (COMPILER.EQS."DECC") -$ THEN -$! -$! Check To See If We Already Have A DEC C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! Figure Out If We Need An non-VAX Or A VAX Linker Option File. -$! -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$! -$! We Need A DEC C Linker Option File For VAX. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable DEC C Runtime Library. -! -SYS$SHARE:DECC$SHR.EXE/SHARE -$EOD -$! -$! Else... -$! -$ ELSE -$! -$! Create The non-VAX Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File For non-VAX To Link Agianst -! The Sharable C Runtime Library. -! -SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE -SYS$SHARE:CMA$OPEN_RTL/SHARE -$EOD -$! -$! End The DEC C Option File Check. -$! -$ ENDIF -$! -$! End The Option File Search. -$! -$ ENDIF -$! -$! End The DEC C Check. -$! -$ ENDIF -$! -$! Tell The User What Linker Option File We Are Using. -$! -$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." -$! -$! Time To RETURN. -$! -$ RETURN -$! -$! Library Check. -$! -$ LIB_CHECK: -$! -$! Look For The Library LIBDES.OLB. -$! -$ IF (F$SEARCH(LIB_NAME).EQS."") -$ THEN -$! -$! Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"." -$ WRITE SYS$OUTPUT "We Can't Link Without It." -$ WRITE SYS$OUTPUT "" -$! -$! Since We Can't Link Without It, Exit. -$! -$ EXIT -$ ENDIF -$! -$! Time To Return. -$! -$ RETURN -$! -$! Check The User's Options. -$! -$ CHECK_OPTIONS: -$! -$! Check To See If We Are To "Just Build Everything". -$! -$ IF (P1.EQS."ALL") -$ THEN -$! -$! P1 Is "ALL", So Build Everything. -$! -$ BUILDALL = "TRUE" -$! -$! Else... -$! -$ ELSE -$! -$! Else, Check To See If P1 Has A Valid Argument. -$! -$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") - - .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS") -$ THEN -$! -$! A Valid Argument. -$! -$ BUILDALL = P1 -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALL : Just Build Everything." -$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library." -$ WRITE SYS$OUTPUT " DESTEST : To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program." -$ WRITE SYS$OUTPUT " SPEED : To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program." -$ WRITE SYS$OUTPUT " RPW : To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program." -$ WRITE SYS$OUTPUT " DES : To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program." -$ WRITE SYS$OUTPUT " DES_OPTS : To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program." -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " Where 'xxx' Stands For: " -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." -$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." -$ WRITE SYS$OUTPUT " VAX : VAX Architecture." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Argument Check. -$! -$ ENDIF -$! -$! End The P1 Check. -$! -$ ENDIF -$! -$! Check To See If We Are To Compile Without Debugger Information. -$! -$ IF (P2.EQS."NODEBUG") -$ THEN -$! -$! P2 Is Blank, So Compile Without Debugger Information. -$! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Are To Compile With Debugger Information. -$! -$ IF (P2.EQS."DEBUG") -$ THEN -$! -$! Compile With Debugger Information. -$! -$ DEBUGGER = "DEBUG" -$ TRACEBACK = "TRACEBACK" -$ GCC_OPTIMIZE = "NOOPTIMIZE" -$ CC_OPTIMIZE = "NOOPTIMIZE" -$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." -$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Argument Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Special Threads For OpenVMS v7.1 Or Later. -$! -$! Written By: Richard Levitte -$! richard@levitte.org -$! -$! -$! Check To See If We Have A Option For P4. -$! -$ IF (P4.EQS."") -$ THEN -$! -$! Get The Version Of VMS We Are Using. -$! -$ ISSEVEN := "" -$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION"))) -$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP)) -$! -$! Check To See If The VMS Version Is v7.1 Or Later. -$! -$ IF (TMP.GE.71) -$ THEN -$! -$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads. -$! -$ ISSEVEN := ,PTHREAD_USE_D4 -$! -$! End The VMS Version Check. -$! -$ ENDIF -$! -$! End The P4 Check. -$! -$ ENDIF -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."") -$ THEN -$! -$! O.K., The User Didn't Specify A Compiler, Let's Try To -$! Find Out Which One To Use. -$! -$! Check To See If We Have GNU C. -$! -$ IF (F$TRNLNM("GNU_CC").NES."") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ P3 = "GNUC" -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Have VAXC Or DECC. -$! -$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ P3 = "DECC" -$! -$! Else... -$! -$ ELSE -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ P3 = "VAXC" -$! -$! End The VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The DECC & VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The Compiler Check. -$! -$ ENDIF -$! -$! Set Up Initial CC Definitions, Possibly With User Ones -$! -$ CCDEFS = "" -$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS -$ CCEXTRAFLAGS = "" -$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "" -$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - - CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS -$! -$! Check To See If The User Entered A Valid Paramter. -$! -$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") -$ THEN -$! -$! Check To See If The User Wanted DECC. -$! -$ IF (P3.EQS."DECC") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ COMPILER = "DECC" -$! -$! Tell The User We Are Using DECC. -$! -$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler." -$! -$! Use DECC... -$! -$ CC = "CC" -$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" -$! -$! End DECC Check. -$! -$ ENDIF -$! -$! Check To See If We Are To Use VAXC. -$! -$ IF (P3.EQS."VAXC") -$ THEN -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ COMPILER = "VAXC" -$! -$! Tell The User We Are Using VAX C. -$! -$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler." -$! -$! Compile Using VAXC. -$! -$ CC = "CC" -$ IF ARCH.NES."VAX" -$ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" -$ EXIT -$ ENDIF -$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS -$ CCDEFS = """VAXC""," + CCDEFS -$! -$! Define <sys> As SYS$COMMON:[SYSLIB] -$! -$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" -$! -$! End VAXC Check -$! -$ ENDIF -$! -$! Check To See If We Are To Use GNU C. -$! -$ IF (P3.EQS."GNUC") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ COMPILER = "GNUC" -$! -$! Tell The User We Are Using GNUC. -$! -$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." -$! -$! Use GNU C... -$! -$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Set up default defines -$! -$ CCDEFS = """FLAT_INC=1""," + CCDEFS -$! -$! Finish up the definition of CC. -$! -$ IF COMPILER .EQS. "DECC" -$ THEN -$ IF CCDISABLEWARNINGS .EQS. "" -$ THEN -$ CC4DISABLEWARNINGS = "DOLLARID" -$ ELSE -$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" -$ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" -$ ELSE -$ CCDISABLEWARNINGS = "" -$ CC4DISABLEWARNINGS = "" -$ ENDIF -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS -$! -$! Show user the result -$! -$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC -$! -$! Else The User Entered An Invalid Argument. -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." -$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." -$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The P3 Check. -$! -$ ENDIF -$! -$! Time To RETURN... -$! -$ RETURN diff --git a/lib/libcrypto/des/des.h b/lib/libcrypto/des/des.h index 23c8cfc901c..1eaedcbd24b 100644 --- a/lib/libcrypto/des/des.h +++ b/lib/libcrypto/des/des.h @@ -56,8 +56,8 @@ * [including the GNU Public Licence.] */ -#ifndef HEADER_DES_H -#define HEADER_DES_H +#ifndef HEADER_NEW_DES_H +#define HEADER_NEW_DES_H #include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG (via openssl/opensslconf.h */ @@ -71,8 +71,6 @@ # define OPENSSL_EXTERN OPENSSL_EXPORT #endif -#define des_SPtrans DES_SPtrans - #ifdef __cplusplus extern "C" { #endif diff --git a/lib/libcrypto/des/des_old.h b/lib/libcrypto/des/des_old.h index 8665ba4e7e1..2b2c3723549 100644 --- a/lib/libcrypto/des/des_old.h +++ b/lib/libcrypto/des/des_old.h @@ -88,8 +88,8 @@ * */ -#ifndef HEADER_DES_OLD_H -#define HEADER_DES_OLD_H +#ifndef HEADER_DES_H +#define HEADER_DES_H #include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ @@ -97,7 +97,7 @@ #error DES is disabled. #endif -#ifndef HEADER_DES_H +#ifndef HEADER_NEW_DES_H #error You must include des.h, not des_old.h directly. #endif diff --git a/lib/libcrypto/des/set_key.c b/lib/libcrypto/des/set_key.c index d3e69ca8b58..da4d62e1128 100644 --- a/lib/libcrypto/des/set_key.c +++ b/lib/libcrypto/des/set_key.c @@ -63,9 +63,8 @@ * 1.1 added norm_expand_bits * 1.0 First working version */ -#include "des_locl.h" - #include <openssl/crypto.h> +#include "des_locl.h" OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0) /* defaults to false */ diff --git a/lib/libcrypto/des/str2key.c b/lib/libcrypto/des/str2key.c index 9c2054bda6b..1077f99d1b2 100644 --- a/lib/libcrypto/des/str2key.c +++ b/lib/libcrypto/des/str2key.c @@ -56,8 +56,8 @@ * [including the GNU Public Licence.] */ -#include "des_locl.h" #include <openssl/crypto.h> +#include "des_locl.h" void DES_string_to_key(const char *str, DES_cblock *key) { diff --git a/lib/libcrypto/doc/ERR_get_error.pod b/lib/libcrypto/doc/ERR_get_error.pod index 34443045fc0..828ecf529b2 100644 --- a/lib/libcrypto/doc/ERR_get_error.pod +++ b/lib/libcrypto/doc/ERR_get_error.pod @@ -52,8 +52,11 @@ ERR_get_error_line_data(), ERR_peek_error_line_data() and ERR_get_last_error_line_data() store additional data and flags associated with the error code in *B<data> and *B<flags>, unless these are B<NULL>. *B<data> contains a string -if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(), -*B<flags>&B<ERR_TXT_MALLOCED> is true. +if *B<flags>&B<ERR_TXT_STRING> is true. + +An application B<MUST NOT> free the *B<data> pointer (or any other pointers +returned by these functions) with OPENSSL_free() as freeing is handled +automatically by the error library. =head1 RETURN VALUES diff --git a/lib/libcrypto/doc/EVP_BytesToKey.pod b/lib/libcrypto/doc/EVP_BytesToKey.pod index d375c46e03d..0ea7d55c0f1 100644 --- a/lib/libcrypto/doc/EVP_BytesToKey.pod +++ b/lib/libcrypto/doc/EVP_BytesToKey.pod @@ -17,7 +17,7 @@ EVP_BytesToKey - password based encryption routine EVP_BytesToKey() derives a key and IV from various parameters. B<type> is the cipher to derive the key and IV for. B<md> is the message digest to use. -The B<salt> paramter is used as a salt in the derivation: it should point to +The B<salt> parameter is used as a salt in the derivation: it should point to an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing B<datal> bytes which is used to derive the keying data. B<count> is the iteration count to use. The derived key and IV will be written to B<key> diff --git a/lib/libcrypto/doc/EVP_DigestInit.pod b/lib/libcrypto/doc/EVP_DigestInit.pod index 1aa15acb61c..367691cc7ae 100644 --- a/lib/libcrypto/doc/EVP_DigestInit.pod +++ b/lib/libcrypto/doc/EVP_DigestInit.pod @@ -252,9 +252,9 @@ digest name passed on the command line. =head1 SEE ALSO -L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>, -L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>, -L<SHA1(3)|SHA1(3)> +L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, +L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, +L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> =head1 HISTORY diff --git a/lib/libcrypto/doc/EVP_EncryptInit.pod b/lib/libcrypto/doc/EVP_EncryptInit.pod index 8271d3dfc41..1c4bf184a1b 100644 --- a/lib/libcrypto/doc/EVP_EncryptInit.pod +++ b/lib/libcrypto/doc/EVP_EncryptInit.pod @@ -152,7 +152,7 @@ does not remain in memory. EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and -EVP_CipherInit_ex() except the B<ctx> paramter does not need to be +EVP_CipherInit_ex() except the B<ctx> parameter does not need to be initialized and they always use the default cipher implementation. EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a diff --git a/lib/libcrypto/doc/EVP_SignInit.pod b/lib/libcrypto/doc/EVP_SignInit.pod index 781d43e4013..620a623ab62 100644 --- a/lib/libcrypto/doc/EVP_SignInit.pod +++ b/lib/libcrypto/doc/EVP_SignInit.pod @@ -89,10 +89,10 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function. =head1 SEE ALSO L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, -L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>, -L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>, -L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)> +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, +L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, +L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, +L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> =head1 HISTORY diff --git a/lib/libcrypto/doc/dsa.pod b/lib/libcrypto/doc/dsa.pod index ae2e5d81f9a..da07d2b930c 100644 --- a/lib/libcrypto/doc/dsa.pod +++ b/lib/libcrypto/doc/dsa.pod @@ -101,7 +101,8 @@ Standard, DSS), ANSI X9.30 =head1 SEE ALSO L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, -L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>, +L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>, +L<DSA_new(3)|DSA_new(3)>, L<DSA_size(3)|DSA_size(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>, L<DSA_dup_DH(3)|DSA_dup_DH(3)>, diff --git a/lib/libcrypto/dso/dso_dlfcn.c b/lib/libcrypto/dso/dso_dlfcn.c index e21b9f6dbc2..5f351b318dd 100644 --- a/lib/libcrypto/dso/dso_dlfcn.c +++ b/lib/libcrypto/dso/dso_dlfcn.c @@ -86,7 +86,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) # if defined(_AIX) || defined(__CYGWIN__) || \ defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ (defined(__osf__) && !defined(RTLD_NEXT)) || \ - (defined(__OpenBSD__) && (!defined(__ELF__) || !defined(RTLD_SELF))) || \ + (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \ defined(__ANDROID__) # undef HAVE_DLINFO # endif diff --git a/lib/libcrypto/ec/ec.h b/lib/libcrypto/ec/ec.h index 9d01325af33..dfe8710d330 100644 --- a/lib/libcrypto/ec/ec.h +++ b/lib/libcrypto/ec/ec.h @@ -274,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group); void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); int EC_GROUP_get_asn1_flag(const EC_GROUP *group); -void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t); +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); -unsigned char *EC_GROUP_get0_seed(const EC_GROUP *); +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); size_t EC_GROUP_get_seed_len(const EC_GROUP *); size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); @@ -626,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c */ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); -int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); -int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); /** Computes r = generator * n sum_{i=0}^num p[i] * m[i] * \param group underlying EC_GROUP object @@ -800,16 +800,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); unsigned EC_KEY_get_enc_flags(const EC_KEY *key); -void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); -point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); -void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); /* functions to set/get method specific data */ -void *EC_KEY_get_key_method_data(EC_KEY *, +void *EC_KEY_get_key_method_data(EC_KEY *key, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); -void EC_KEY_insert_key_method_data(EC_KEY *, void *data, +/** Sets the key method data of an EC_KEY object, if none has yet been set. + * \param key EC_KEY object + * \param data opaque data to install. + * \param dup_func a function that duplicates |data|. + * \param free_func a function that frees |data|. + * \param clear_free_func a function that wipes and frees |data|. + * \return the previously set data pointer, or NULL if |data| was inserted. + */ +void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); /* wrapper functions for the underlying EC_GROUP object */ -void EC_KEY_set_asn1_flag(EC_KEY *, int); +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); /** Creates a table of pre-computed multiples of the generator to * accelerate further EC_KEY operations. diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c index 25247b58033..de9a0cc2b37 100644 --- a/lib/libcrypto/ec/ec_lib.c +++ b/lib/libcrypto/ec/ec_lib.c @@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != EC_METHOD_get_field_type(EC_GROUP_method_of(b))) return 1; - /* compare the curve name (if present) */ + /* compare the curve name (if present in both) */ if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && - EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) - return 0; + EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) + return 1; if (!ctx) ctx_new = ctx = BN_CTX_new(); @@ -993,12 +993,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN if (group->meth->point_cmp == 0) { ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; + return -1; } if ((group->meth != a->meth) || (a->meth != b->meth)) { ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); - return 0; + return -1; } return group->meth->point_cmp(group, a, b, ctx); } diff --git a/lib/libcrypto/ec/ecp_mont.c b/lib/libcrypto/ec/ecp_mont.c index 079e47431b4..f04f132c7ad 100644 --- a/lib/libcrypto/ec/ecp_mont.c +++ b/lib/libcrypto/ec/ecp_mont.c @@ -114,7 +114,6 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one }; - return &ret; #endif } diff --git a/lib/libcrypto/ec/ectest.c b/lib/libcrypto/ec/ectest.c index f107782de00..102eaa9b232 100644 --- a/lib/libcrypto/ec/ectest.c +++ b/lib/libcrypto/ec/ectest.c @@ -236,7 +236,7 @@ static void group_order_tests(EC_GROUP *group) } static void prime_field_tests(void) - { + { BN_CTX *ctx = NULL; BIGNUM *p, *a, *b; EC_GROUP *group; diff --git a/lib/libcrypto/ecdh/Makefile b/lib/libcrypto/ecdh/Makefile index 65d8904ee8a..ba05fea05ca 100644 --- a/lib/libcrypto/ecdh/Makefile +++ b/lib/libcrypto/ecdh/Makefile @@ -84,17 +84,12 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ech_err.o: ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h +ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_key.o: ech_key.c ech_locl.h ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/lib/libcrypto/engine/eng_all.c b/lib/libcrypto/engine/eng_all.c index 0ae5d672b1f..6093376df41 100644 --- a/lib/libcrypto/engine/eng_all.c +++ b/lib/libcrypto/engine/eng_all.c @@ -73,7 +73,6 @@ void ENGINE_load_builtin_engines(void) #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) ENGINE_load_cryptodev(); #endif - #ifndef OPENSSL_NO_RSAX ENGINE_load_rsax(); #endif diff --git a/lib/libcrypto/engine/eng_list.c b/lib/libcrypto/engine/eng_list.c index 27846edb1e9..95c858960b8 100644 --- a/lib/libcrypto/engine/eng_list.c +++ b/lib/libcrypto/engine/eng_list.c @@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id) !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", load_dir, 0) || + !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) goto notfound; return iterator; diff --git a/lib/libcrypto/err/err_all.c b/lib/libcrypto/err/err_all.c index bd8946d8ba0..8eb547d98d5 100644 --- a/lib/libcrypto/err/err_all.c +++ b/lib/libcrypto/err/err_all.c @@ -64,7 +64,9 @@ #endif #include <openssl/buffer.h> #include <openssl/bio.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> #endif @@ -95,6 +97,9 @@ #include <openssl/ui.h> #include <openssl/ocsp.h> #include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif #include <openssl/ts.h> #ifndef OPENSSL_NO_CMS #include <openssl/cms.h> @@ -102,11 +107,6 @@ #ifndef OPENSSL_NO_JPAKE #include <openssl/jpake.h> #endif -#include <openssl/comp.h> - -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif void ERR_load_crypto_strings(void) { @@ -130,7 +130,9 @@ void ERR_load_crypto_strings(void) ERR_load_ASN1_strings(); ERR_load_CONF_strings(); ERR_load_CRYPTO_strings(); +#ifndef OPENSSL_NO_COMP ERR_load_COMP_strings(); +#endif #ifndef OPENSSL_NO_EC ERR_load_EC_strings(); #endif @@ -153,15 +155,14 @@ void ERR_load_crypto_strings(void) #endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); +#ifdef OPENSSL_FIPS + ERR_load_FIPS_strings(); +#endif #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif #ifndef OPENSSL_NO_JPAKE ERR_load_JPAKE_strings(); #endif - ERR_load_COMP_strings(); -#endif -#ifdef OPENSSL_FIPS - ERR_load_FIPS_strings(); #endif } diff --git a/lib/libcrypto/evp/Makefile b/lib/libcrypto/evp/Makefile index 0fe1b96bff4..0447b442bcd 100644 --- a/lib/libcrypto/evp/Makefile +++ b/lib/libcrypto/evp/Makefile @@ -67,7 +67,7 @@ files: links: @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - cp $(TESTDATA) ../../test + @[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)" @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: @@ -356,6 +356,20 @@ evp_acnf.o: ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c +evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h +evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -437,28 +451,22 @@ evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h m_dss.o: ../cryptlib.h m_dss.c m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h m_dss1.o: ../cryptlib.h m_dss1.c m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h @@ -563,16 +571,13 @@ m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h m_sha.o: ../cryptlib.h evp_locl.h m_sha.c m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h m_sha1.o: ../cryptlib.h m_sha1.c m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h diff --git a/lib/libcrypto/evp/bio_b64.c b/lib/libcrypto/evp/bio_b64.c index 72a2a67277a..ac6d441aadb 100644 --- a/lib/libcrypto/evp/bio_b64.c +++ b/lib/libcrypto/evp/bio_b64.c @@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl) } /* we fell off the end without starting */ - if (j == i) + if ((j == i) && (num == 0)) { /* Is this is one long chunk?, if so, keep on * reading until a new line. */ diff --git a/lib/libcrypto/evp/digest.c b/lib/libcrypto/evp/digest.c index 467e6b5ae9c..d14e8e48d5a 100644 --- a/lib/libcrypto/evp/digest.c +++ b/lib/libcrypto/evp/digest.c @@ -267,6 +267,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) return FIPS_digestfinal(ctx, md, size); #else int ret; + OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); if (size != NULL) @@ -365,8 +366,11 @@ int EVP_Digest(const void *data, size_t count, void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) { - EVP_MD_CTX_cleanup(ctx); - OPENSSL_free(ctx); + if (ctx) + { + EVP_MD_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } } /* This call frees resources associated with the context */ diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c index 1e4af0cb751..c7869b69efe 100644 --- a/lib/libcrypto/evp/e_aes.c +++ b/lib/libcrypto/evp/e_aes.c @@ -842,7 +842,10 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, gctx->ctr = NULL; break; } + else #endif + (void)0; /* terminate potentially open 'else' */ + AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt); #ifdef AES_CTR_ASM @@ -969,8 +972,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!gctx->iv_set) return -1; - if (!ctx->encrypt && gctx->taglen < 0) - return -1; if (in) { if (out == NULL) @@ -1012,6 +1013,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { if (!ctx->encrypt) { + if (gctx->taglen < 0) + return -1; if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) return -1; @@ -1083,14 +1086,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, xctx->xts.block1 = (block128_f)vpaes_decrypt; } - vpaes_set_encrypt_key(key + ctx->key_len/2, + vpaes_set_encrypt_key(key + ctx->key_len/2, ctx->key_len * 4, &xctx->ks2); - xctx->xts.block2 = (block128_f)vpaes_encrypt; + xctx->xts.block2 = (block128_f)vpaes_encrypt; - xctx->xts.key1 = &xctx->ks1; - break; - } + xctx->xts.key1 = &xctx->ks1; + break; + } + else #endif + (void)0; /* terminate potentially open 'else' */ + if (enc) { AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); @@ -1217,6 +1223,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f)vpaes_encrypt); + cctx->str = NULL; cctx->key_set = 1; break; } diff --git a/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c index 483e04b605b..fb2c884a786 100644 --- a/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c +++ b/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c @@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (res!=SHA_CBLOCK) continue; - mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1)); + /* j is not incremented yet */ + mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1)); data->u[SHA_LBLOCK-1] |= bitlen&mask; sha1_block_data_order(&key->md,data,1); - mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1)); + mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1)); pmac->u[0] |= key->md.h0 & mask; pmac->u[1] |= key->md.h1 & mask; pmac->u[2] |= key->md.h2 & mask; diff --git a/lib/libcrypto/evp/e_des3.c b/lib/libcrypto/evp/e_des3.c index 1e699726627..8d7b7de292b 100644 --- a/lib/libcrypto/evp/e_des3.c +++ b/lib/libcrypto/evp/e_des3.c @@ -101,7 +101,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl>=EVP_MAXCHUNK) + while (inl>=EVP_MAXCHUNK) { DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, @@ -132,7 +132,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, printf("\n"); } #endif /* KSSL_DEBUG */ - if (inl>=EVP_MAXCHUNK) + while (inl>=EVP_MAXCHUNK) { DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, @@ -151,7 +151,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl>=EVP_MAXCHUNK) + while (inl>=EVP_MAXCHUNK) { DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index 3b1fa875765..faeb3c24e61 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -788,8 +788,8 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void); # define EVP_aes_128_cfb EVP_aes_128_cfb128 const EVP_CIPHER *EVP_aes_128_ofb(void); const EVP_CIPHER *EVP_aes_128_ctr(void); -const EVP_CIPHER *EVP_aes_128_gcm(void); const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); const EVP_CIPHER *EVP_aes_128_xts(void); const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_cbc(void); @@ -799,8 +799,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void); # define EVP_aes_192_cfb EVP_aes_192_cfb128 const EVP_CIPHER *EVP_aes_192_ofb(void); const EVP_CIPHER *EVP_aes_192_ctr(void); -const EVP_CIPHER *EVP_aes_192_gcm(void); const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); const EVP_CIPHER *EVP_aes_256_cfb1(void); @@ -809,8 +809,8 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void); # define EVP_aes_256_cfb EVP_aes_256_cfb128 const EVP_CIPHER *EVP_aes_256_ofb(void); const EVP_CIPHER *EVP_aes_256_ctr(void); -const EVP_CIPHER *EVP_aes_256_gcm(void); const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); const EVP_CIPHER *EVP_aes_256_xts(void); #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); @@ -1242,6 +1242,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)); +void EVP_add_alg_module(void); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -1256,6 +1258,7 @@ void ERR_load_EVP_strings(void); #define EVP_F_AES_INIT_KEY 133 #define EVP_F_AES_XTS 172 #define EVP_F_AES_XTS_CIPHER 175 +#define EVP_F_ALG_MODULE_INIT 177 #define EVP_F_CAMELLIA_INIT_KEY 159 #define EVP_F_CMAC_INIT 173 #define EVP_F_D2I_PKEY 100 @@ -1349,15 +1352,19 @@ void ERR_load_EVP_strings(void); #define EVP_R_DIFFERENT_PARAMETERS 153 #define EVP_R_DISABLED_FOR_FIPS 163 #define EVP_R_ENCODE_ERROR 115 +#define EVP_R_ERROR_LOADING_SECTION 165 +#define EVP_R_ERROR_SETTING_FIPS_MODE 166 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 #define EVP_R_EXPECTING_A_ECDSA_KEY 141 #define EVP_R_EXPECTING_A_EC_KEY 142 +#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 #define EVP_R_INVALID_DIGEST 152 +#define EVP_R_INVALID_FIPS_MODE 168 #define EVP_R_INVALID_KEY_LENGTH 130 #define EVP_R_INVALID_OPERATION 148 #define EVP_R_IV_TOO_LARGE 102 @@ -1382,6 +1389,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_TOO_LARGE 164 #define EVP_R_UNKNOWN_CIPHER 160 #define EVP_R_UNKNOWN_DIGEST 161 +#define EVP_R_UNKNOWN_OPTION 169 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 #define EVP_R_UNSUPPORTED_ALGORITHM 156 diff --git a/lib/libcrypto/evp/evp_err.c b/lib/libcrypto/evp/evp_err.c index db0f76d59bc..08eab9882f6 100644 --- a/lib/libcrypto/evp/evp_err.c +++ b/lib/libcrypto/evp/evp_err.c @@ -75,6 +75,7 @@ static ERR_STRING_DATA EVP_str_functs[]= {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"}, {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, +{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, @@ -171,15 +172,19 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"}, {ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, +{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"}, +{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, +{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, {ERR_REASON(EVP_R_INVALID_DIGEST) ,"invalid digest"}, +{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, {ERR_REASON(EVP_R_INVALID_OPERATION) ,"invalid operation"}, {ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, @@ -204,6 +209,7 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_TOO_LARGE) ,"too large"}, {ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"}, {ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"}, +{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"}, {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"}, diff --git a/lib/libcrypto/evp/m_dss.c b/lib/libcrypto/evp/m_dss.c index 4ad63ada6fe..6fb7e9a8610 100644 --- a/lib/libcrypto/evp/m_dss.c +++ b/lib/libcrypto/evp/m_dss.c @@ -60,7 +60,7 @@ #include "cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> -#include <openssl/x509.h> +#include <openssl/sha.h> #ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> #endif diff --git a/lib/libcrypto/evp/m_dss1.c b/lib/libcrypto/evp/m_dss1.c index f80170efeb9..2df362a6701 100644 --- a/lib/libcrypto/evp/m_dss1.c +++ b/lib/libcrypto/evp/m_dss1.c @@ -63,7 +63,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> -#include <openssl/x509.h> +#include <openssl/sha.h> #ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> #endif diff --git a/lib/libcrypto/evp/m_sha1.c b/lib/libcrypto/evp/m_sha1.c index 3cb11f1ebb1..bd0c01ad3c4 100644 --- a/lib/libcrypto/evp/m_sha1.c +++ b/lib/libcrypto/evp/m_sha1.c @@ -65,7 +65,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> -#include <openssl/x509.h> +#include <openssl/sha.h> #ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> #endif diff --git a/lib/libcrypto/evp/p5_crpt2.c b/lib/libcrypto/evp/p5_crpt2.c index 975d004df47..fe3c6c8813c 100644 --- a/lib/libcrypto/evp/p5_crpt2.c +++ b/lib/libcrypto/evp/p5_crpt2.c @@ -85,19 +85,24 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; int cplen, j, k, tkeylen, mdlen; unsigned long i = 1; - HMAC_CTX hctx; + HMAC_CTX hctx_tpl, hctx; mdlen = EVP_MD_size(digest); if (mdlen < 0) return 0; - HMAC_CTX_init(&hctx); + HMAC_CTX_init(&hctx_tpl); p = out; tkeylen = keylen; if(!pass) passlen = 0; else if(passlen == -1) passlen = strlen(pass); + if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) + { + HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } while(tkeylen) { if(tkeylen > mdlen) @@ -111,19 +116,36 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL) - || !HMAC_Update(&hctx, salt, saltlen) - || !HMAC_Update(&hctx, itmp, 4) - || !HMAC_Final(&hctx, digtmp, NULL)) + if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { + HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } + if (!HMAC_Update(&hctx, salt, saltlen) + || !HMAC_Update(&hctx, itmp, 4) + || !HMAC_Final(&hctx, digtmp, NULL)) + { + HMAC_CTX_cleanup(&hctx_tpl); HMAC_CTX_cleanup(&hctx); return 0; } + HMAC_CTX_cleanup(&hctx); memcpy(p, digtmp, cplen); for(j = 1; j < iter; j++) { - HMAC(digest, pass, passlen, - digtmp, mdlen, digtmp, NULL); + if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) + { + HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } + if (!HMAC_Update(&hctx, digtmp, mdlen) + || !HMAC_Final(&hctx, digtmp, NULL)) + { + HMAC_CTX_cleanup(&hctx_tpl); + HMAC_CTX_cleanup(&hctx); + return 0; + } + HMAC_CTX_cleanup(&hctx); for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; } @@ -131,7 +153,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, i++; p+= cplen; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_cleanup(&hctx_tpl); #ifdef DEBUG_PKCS5V2 fprintf(stderr, "Password:\n"); h__dump (pass, passlen); diff --git a/lib/libcrypto/evp/p_sign.c b/lib/libcrypto/evp/p_sign.c index dfa48c157cf..8afb664306e 100644 --- a/lib/libcrypto/evp/p_sign.c +++ b/lib/libcrypto/evp/p_sign.c @@ -80,7 +80,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i=0,ok=0,v; + int i = 0,ok = 0,v; EVP_MD_CTX tmp_ctx; EVP_PKEY_CTX *pkctx = NULL; diff --git a/lib/libcrypto/evp/p_verify.c b/lib/libcrypto/evp/p_verify.c index 5f5c409f45f..c66d63ccf85 100644 --- a/lib/libcrypto/evp/p_verify.c +++ b/lib/libcrypto/evp/p_verify.c @@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i=-1,ok=0,v; + int i = 0,ok = 0,v; EVP_MD_CTX tmp_ctx; EVP_PKEY_CTX *pkctx = NULL; diff --git a/lib/libcrypto/install-crypto.com b/lib/libcrypto/install-crypto.com deleted file mode 100755 index 85b3d583cf6..00000000000 --- a/lib/libcrypto/install-crypto.com +++ /dev/null @@ -1,196 +0,0 @@ -$! INSTALL.COM -- Installs the files in a given directory tree -$! -$! Author: Richard Levitte <richard@levitte.org> -$! Time of creation: 22-MAY-1998 10:13 -$! -$! Changes by Zoltan Arpadffy <zoli@polarhome.com> -$! -$! P1 root of the directory tree -$! P2 "64" for 64-bit pointers. -$! -$! -$! Announce/identify. -$! -$ proc = f$environment( "procedure") -$ write sys$output "@@@ "+ - - f$parse( proc, , , "name")+ f$parse( proc, , , "type") -$! -$ on error then goto tidy -$ on control_c then goto tidy -$! -$ if (p1 .eqs. "") -$ then -$ write sys$output "First argument missing." -$ write sys$output - - "It should be the directory where you want things installed." -$ exit -$ endif -$! -$ if (f$getsyi( "cpu") .lt. 128) -$ then -$ arch = "VAX" -$ else -$ arch = f$edit( f$getsyi( "arch_name"), "upcase") -$ if (arch .eqs. "") then arch = "UNK" -$ endif -$! -$ archd = arch -$ lib32 = "32" -$ shr = "_SHR32" -$! -$ if (p2 .nes. "") -$ then -$ if (p2 .eqs. "64") -$ then -$ archd = arch+ "_64" -$ lib32 = "" -$ shr = "_SHR" -$ else -$ if (p2 .nes. "32") -$ then -$ write sys$output "Second argument invalid." -$ write sys$output "It should be "32", "64", or nothing." -$ exit -$ endif -$ endif -$ endif -$! -$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0" -$ root_dev = f$parse( root, , , "device", "syntax_only") -$ root_dir = f$parse( root, , , "directory", "syntax_only") - - - "[000000." - "][" - "[" - "]" -$ root = root_dev + "[" + root_dir -$! -$ define /nolog wrk_sslroot 'root'.] /trans=conc -$ define /nolog wrk_sslinclude wrk_sslroot:[include] -$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib] -$! -$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then - - create /directory /log wrk_sslroot:[000000] -$ if f$parse("wrk_sslinclude:") .eqs. "" then - - create /directory /log wrk_sslinclude: -$ if f$parse("wrk_sslxlib:") .eqs. "" then - - create /directory /log wrk_sslxlib: -$! -$ sdirs := , - - 'archd', - - objects, - - md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, - - des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, - - bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, - - buffer, bio, stack, lhash, rand, err, - - evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, - - ui, krb5, - - store, cms, pqueue, ts, jpake -$! -$ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h -$ exheader_'archd' := opensslconf.h -$ exheader_objects := objects.h, obj_mac.h -$ exheader_md2 := md2.h -$ exheader_md4 := md4.h -$ exheader_md5 := md5.h -$ exheader_sha := sha.h -$ exheader_mdc2 := mdc2.h -$ exheader_hmac := hmac.h -$ exheader_ripemd := ripemd.h -$ exheader_whrlpool := whrlpool.h -$ exheader_des := des.h, des_old.h -$ exheader_aes := aes.h -$ exheader_rc2 := rc2.h -$ exheader_rc4 := rc4.h -$ exheader_rc5 := rc5.h -$ exheader_idea := idea.h -$ exheader_bf := blowfish.h -$ exheader_cast := cast.h -$ exheader_camellia := camellia.h -$ exheader_seed := seed.h -$ exheader_modes := modes.h -$ exheader_bn := bn.h -$ exheader_ec := ec.h -$ exheader_rsa := rsa.h -$ exheader_dsa := dsa.h -$ exheader_ecdsa := ecdsa.h -$ exheader_dh := dh.h -$ exheader_ecdh := ecdh.h -$ exheader_dso := dso.h -$ exheader_engine := engine.h -$ exheader_buffer := buffer.h -$ exheader_bio := bio.h -$ exheader_stack := stack.h, safestack.h -$ exheader_lhash := lhash.h -$ exheader_rand := rand.h -$ exheader_err := err.h -$ exheader_evp := evp.h -$ exheader_asn1 := asn1.h, asn1_mac.h, asn1t.h -$ exheader_pem := pem.h, pem2.h -$ exheader_x509 := x509.h, x509_vfy.h -$ exheader_x509v3 := x509v3.h -$ exheader_conf := conf.h, conf_api.h -$ exheader_txt_db := txt_db.h -$ exheader_pkcs7 := pkcs7.h -$ exheader_pkcs12 := pkcs12.h -$ exheader_comp := comp.h -$ exheader_ocsp := ocsp.h -$ exheader_ui := ui.h, ui_compat.h -$ exheader_krb5 := krb5_asn.h -$! exheader_store := store.h, str_compat.h -$ exheader_store := store.h -$ exheader_cms := cms.h -$ exheader_pqueue := pqueue.h -$ exheader_ts := ts.h -$ exheader_jpake := jpake.h -$ libs := ssl_libcrypto -$! -$ exe_dir := [-.'archd'.exe.crypto] -$! -$! Header files. -$! -$ i = 0 -$ loop_sdirs: -$ d = f$edit( f$element( i, ",", sdirs), "trim") -$ i = i + 1 -$ if d .eqs. "," then goto loop_sdirs_end -$ tmp = exheader_'d' -$ if (d .nes. "") then d = "."+ d -$ copy /protection = w:re ['d']'tmp' wrk_sslinclude: /log -$ goto loop_sdirs -$ loop_sdirs_end: -$! -$! Object libraries, shareable images. -$! -$ i = 0 -$ loop_lib: -$ e = f$edit( f$element( i, ",", libs), "trim") -$ i = i + 1 -$ if e .eqs. "," then goto loop_lib_end -$ set noon -$ file = exe_dir+ e+ lib32+ ".olb" -$ if f$search( file) .nes. "" -$ then -$ copy /protection = w:re 'file' wrk_sslxlib: /log -$ endif -$! -$ file = exe_dir+ e+ shr+ ".exe" -$ if f$search( file) .nes. "" -$ then -$ copy /protection = w:re 'file' wrk_sslxlib: /log -$ endif -$ set on -$ goto loop_lib -$ loop_lib_end: -$! -$ tidy: -$! -$ call deass wrk_sslroot -$ call deass wrk_sslinclude -$ call deass wrk_sslxlib -$! -$ exit -$! -$ deass: subroutine -$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "") -$ then -$ deassign /process 'p1' -$ endif -$ endsubroutine -$! diff --git a/lib/libcrypto/install.com b/lib/libcrypto/install.com deleted file mode 100644 index ad3e4d48c7b..00000000000 --- a/lib/libcrypto/install.com +++ /dev/null @@ -1,155 +0,0 @@ -$! INSTALL.COM -- Installs the files in a given directory tree -$! -$! Author: Richard Levitte <richard@levitte.org> -$! Time of creation: 22-MAY-1998 10:13 -$! -$! Changes by Zoltan Arpadffy <zoli@polarhome.com> -$! -$! P1 root of the directory tree -$! -$ IF P1 .EQS. "" -$ THEN -$ WRITE SYS$OUTPUT "First argument missing." -$ WRITE SYS$OUTPUT - - "It should be the directory where you want things installed." -$ EXIT -$ ENDIF -$ -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$ ARCH := VAX -$ ELSE -$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") -$ IF (ARCH .EQS. "") THEN ARCH = "UNK" -$ ENDIF -$ -$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" -$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") -$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - - - "[000000." - "][" - "[" - "]" -$ ROOT = ROOT_DEV + "[" + ROOT_DIR -$ -$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC -$ DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB] -$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE] -$ -$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLROOT:[000000] -$ IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLLIB: -$ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLINCLUDE: -$ -$ SDIRS := ,- - _'ARCH',- - OBJECTS,- - MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,- - DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- - BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,- - BUFFER,BIO,STACK,LHASH,RAND,ERR,- - EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,- - UI,KRB5,- - STORE,CMS,PQUEUE,TS,JPAKE -$ EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h -$ EXHEADER__'ARCH' := opensslconf.h -$ EXHEADER_OBJECTS := objects.h,obj_mac.h -$ EXHEADER_MD2 := md2.h -$ EXHEADER_MD4 := md4.h -$ EXHEADER_MD5 := md5.h -$ EXHEADER_SHA := sha.h -$ EXHEADER_MDC2 := mdc2.h -$ EXHEADER_HMAC := hmac.h -$ EXHEADER_RIPEMD := ripemd.h -$ EXHEADER_WHRLPOOL := whrlpool.h -$ EXHEADER_DES := des.h,des_old.h -$ EXHEADER_AES := aes.h -$ EXHEADER_RC2 := rc2.h -$ EXHEADER_RC4 := rc4.h -$ EXHEADER_RC5 := rc5.h -$ EXHEADER_IDEA := idea.h -$ EXHEADER_BF := blowfish.h -$ EXHEADER_CAST := cast.h -$ EXHEADER_CAMELLIA := camellia.h -$ EXHEADER_SEED := seed.h -$ EXHEADER_MODES := modes.h -$ EXHEADER_BN := bn.h -$ EXHEADER_EC := ec.h -$ EXHEADER_RSA := rsa.h -$ EXHEADER_DSA := dsa.h -$ EXHEADER_ECDSA := ecdsa.h -$ EXHEADER_DH := dh.h -$ EXHEADER_ECDH := ecdh.h -$ EXHEADER_DSO := dso.h -$ EXHEADER_ENGINE := engine.h -$ EXHEADER_BUFFER := buffer.h -$ EXHEADER_BIO := bio.h -$ EXHEADER_STACK := stack.h,safestack.h -$ EXHEADER_LHASH := lhash.h -$ EXHEADER_RAND := rand.h -$ EXHEADER_ERR := err.h -$ EXHEADER_EVP := evp.h -$ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h -$ EXHEADER_PEM := pem.h,pem2.h -$ EXHEADER_X509 := x509.h,x509_vfy.h -$ EXHEADER_X509V3 := x509v3.h -$ EXHEADER_CONF := conf.h,conf_api.h -$ EXHEADER_TXT_DB := txt_db.h -$ EXHEADER_PKCS7 := pkcs7.h -$ EXHEADER_PKCS12 := pkcs12.h -$ EXHEADER_COMP := comp.h -$ EXHEADER_OCSP := ocsp.h -$ EXHEADER_UI := ui.h,ui_compat.h -$ EXHEADER_KRB5 := krb5_asn.h -$! EXHEADER_STORE := store.h,str_compat.h -$ EXHEADER_STORE := store.h -$ EXHEADER_CMS := cms.h -$ EXHEADER_PQUEUE := pqueue.h -$ EXHEADER_TS := ts.h -$ EXHEADER_JPAKE := jpake.h -$ LIBS := LIBCRYPTO -$ -$ EXE_DIR := [-.'ARCH'.EXE.CRYPTO] -$ -$ I = 0 -$ LOOP_SDIRS: -$ D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM") -$ I = I + 1 -$ IF D .EQS. "," THEN GOTO LOOP_SDIRS_END -$ tmp = EXHEADER_'D' -$ IF D .EQS. "" -$ THEN -$ COPY 'tmp' WRK_SSLINCLUDE: /LOG -$ ELSE -$ IF D .EQS. "_''ARCH'" -$ THEN -$ COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG -$ ELSE -$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG -$ ENDIF -$ ENDIF -$ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp' -$ GOTO LOOP_SDIRS -$ LOOP_SDIRS_END: -$ -$ I = 0 -$ LOOP_LIB: -$ E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM") -$ I = I + 1 -$ IF E .EQS. "," THEN GOTO LOOP_LIB_END -$ SET NOON -$ IF F$SEARCH(EXE_DIR+E+".OLB") .NES. "" -$ THEN -$ COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log -$ SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB -$ ENDIF -$ ! Preparing for the time when we have shareable images -$ IF F$SEARCH(EXE_DIR+E+".EXE") .NES. "" -$ THEN -$ COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE -$ ENDIF -$ SET ON -$ GOTO LOOP_LIB -$ LOOP_LIB_END: -$ -$ EXIT diff --git a/lib/libcrypto/md4/md4_dgst.c b/lib/libcrypto/md4/md4_dgst.c index 82c2cb2d98a..b5b165b0526 100644 --- a/lib/libcrypto/md4/md4_dgst.c +++ b/lib/libcrypto/md4/md4_dgst.c @@ -106,22 +106,23 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num) for (;num--;) { - HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; + (void)HOST_c2l(data,l); X( 0)=l; + (void)HOST_c2l(data,l); X( 1)=l; /* Round 0 */ - R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l; - R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l; - R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l; - R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l; - R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l; - R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l; - R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l; - R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l; - R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l; - R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l; - R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l; - R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l; - R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l; - R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l; + R0(A,B,C,D,X( 0), 3,0); (void)HOST_c2l(data,l); X( 2)=l; + R0(D,A,B,C,X( 1), 7,0); (void)HOST_c2l(data,l); X( 3)=l; + R0(C,D,A,B,X( 2),11,0); (void)HOST_c2l(data,l); X( 4)=l; + R0(B,C,D,A,X( 3),19,0); (void)HOST_c2l(data,l); X( 5)=l; + R0(A,B,C,D,X( 4), 3,0); (void)HOST_c2l(data,l); X( 6)=l; + R0(D,A,B,C,X( 5), 7,0); (void)HOST_c2l(data,l); X( 7)=l; + R0(C,D,A,B,X( 6),11,0); (void)HOST_c2l(data,l); X( 8)=l; + R0(B,C,D,A,X( 7),19,0); (void)HOST_c2l(data,l); X( 9)=l; + R0(A,B,C,D,X( 8), 3,0); (void)HOST_c2l(data,l); X(10)=l; + R0(D,A,B,C,X( 9), 7,0); (void)HOST_c2l(data,l); X(11)=l; + R0(C,D,A,B,X(10),11,0); (void)HOST_c2l(data,l); X(12)=l; + R0(B,C,D,A,X(11),19,0); (void)HOST_c2l(data,l); X(13)=l; + R0(A,B,C,D,X(12), 3,0); (void)HOST_c2l(data,l); X(14)=l; + R0(D,A,B,C,X(13), 7,0); (void)HOST_c2l(data,l); X(15)=l; R0(C,D,A,B,X(14),11,0); R0(B,C,D,A,X(15),19,0); /* Round 1 */ diff --git a/lib/libcrypto/md4/md4_locl.h b/lib/libcrypto/md4/md4_locl.h index c8085b0eadf..99c3e5004c9 100644 --- a/lib/libcrypto/md4/md4_locl.h +++ b/lib/libcrypto/md4/md4_locl.h @@ -77,10 +77,10 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); #define HASH_FINAL MD4_Final #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ - ll=(c)->A; HOST_l2c(ll,(s)); \ - ll=(c)->B; HOST_l2c(ll,(s)); \ - ll=(c)->C; HOST_l2c(ll,(s)); \ - ll=(c)->D; HOST_l2c(ll,(s)); \ + ll=(c)->A; (void)HOST_l2c(ll,(s)); \ + ll=(c)->B; (void)HOST_l2c(ll,(s)); \ + ll=(c)->C; (void)HOST_l2c(ll,(s)); \ + ll=(c)->D; (void)HOST_l2c(ll,(s)); \ } while (0) #define HASH_BLOCK_DATA_ORDER md4_block_data_order diff --git a/lib/libcrypto/md5/md5_locl.h b/lib/libcrypto/md5/md5_locl.h index 968d577995a..74d63d1f9cf 100644 --- a/lib/libcrypto/md5/md5_locl.h +++ b/lib/libcrypto/md5/md5_locl.h @@ -86,10 +86,10 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); #define HASH_FINAL MD5_Final #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ - ll=(c)->A; HOST_l2c(ll,(s)); \ - ll=(c)->B; HOST_l2c(ll,(s)); \ - ll=(c)->C; HOST_l2c(ll,(s)); \ - ll=(c)->D; HOST_l2c(ll,(s)); \ + ll=(c)->A; (void)HOST_l2c(ll,(s)); \ + ll=(c)->B; (void)HOST_l2c(ll,(s)); \ + ll=(c)->C; (void)HOST_l2c(ll,(s)); \ + ll=(c)->D; (void)HOST_l2c(ll,(s)); \ } while (0) #define HASH_BLOCK_DATA_ORDER md5_block_data_order diff --git a/lib/libcrypto/mdc2/mdc2dgst.c b/lib/libcrypto/mdc2/mdc2dgst.c index b74bb1a7594..d66ed6a1c6a 100644 --- a/lib/libcrypto/mdc2/mdc2dgst.c +++ b/lib/libcrypto/mdc2/mdc2dgst.c @@ -59,9 +59,9 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <openssl/crypto.h> #include <openssl/des.h> #include <openssl/mdc2.h> -#include <openssl/crypto.h> #undef c2l #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ diff --git a/lib/libcrypto/mem.c b/lib/libcrypto/mem.c index 24ccf729ca7..55e829dc92c 100644 --- a/lib/libcrypto/mem.c +++ b/lib/libcrypto/mem.c @@ -121,10 +121,10 @@ static void (*set_debug_options_func)(long) = NULL; static long (*get_debug_options_func)(void) = NULL; #endif - int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), void (*f)(void *)) { + /* Dummy call just to ensure OPENSSL_init() gets linked in */ OPENSSL_init(); if (!allow_customize) return 0; diff --git a/lib/libcrypto/modes/Makefile b/lib/libcrypto/modes/Makefile index 6c85861b6c5..c825b12f258 100644 --- a/lib/libcrypto/modes/Makefile +++ b/lib/libcrypto/modes/Makefile @@ -10,21 +10,27 @@ CFLAG=-g MAKEFILE= Makefile AR= ar r +MODES_ASM_OBJ= + CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c -LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o +LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c \ + ccm128.c xts128.c +LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o gcm128.o \ + ccm128.o xts128.o $(MODES_ASM_OBJ) SRC= $(LIBSRC) #EXHEADER= store.h str_compat.h EXHEADER= modes.h -HEADER= $(EXHEADER) +HEADER= modes_lcl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -38,6 +44,24 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib +ghash-ia64.s: asm/ghash-ia64.pl + $(PERL) asm/ghash-ia64.pl $@ $(CFLAGS) +ghash-x86.s: asm/ghash-x86.pl + $(PERL) asm/ghash-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +ghash-x86_64.s: asm/ghash-x86_64.pl + $(PERL) asm/ghash-x86_64.pl $(PERLASM_SCHEME) > $@ +ghash-sparcv9.s: asm/ghash-sparcv9.pl + $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS) +ghash-alpha.s: asm/ghash-alpha.pl + $(PERL) $< | $(CC) -E - | tee $@ > /dev/null +ghash-parisc.s: asm/ghash-parisc.pl + $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +ghash-%.S: asm/ghash-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ + +ghash-armv4.o: ghash-armv4.S + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -71,12 +95,47 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -cbc128.o: cbc128.c modes.h -cfb128.o: cfb128.c modes.h -ctr128.o: ctr128.c modes.h -cts128.o: cts128.c modes.h -ofb128.o: modes.h ofb128.c +cbc128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cbc128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +cbc128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cbc128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +cbc128.o: ../../include/openssl/symhacks.h cbc128.c modes_lcl.h +ccm128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ccm128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +ccm128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ccm128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ccm128.o: ../../include/openssl/symhacks.h ccm128.c modes_lcl.h +cfb128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cfb128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +cfb128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cfb128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +cfb128.o: ../../include/openssl/symhacks.h cfb128.c modes_lcl.h +ctr128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ctr128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +ctr128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ctr128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ctr128.o: ../../include/openssl/symhacks.h ctr128.c modes_lcl.h +cts128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cts128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +cts128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cts128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +cts128.o: ../../include/openssl/symhacks.h cts128.c modes_lcl.h +gcm128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +gcm128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +gcm128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +gcm128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +gcm128.o: ../../include/openssl/symhacks.h gcm128.c modes_lcl.h +ofb128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ofb128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +ofb128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ofb128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ofb128.o: ../../include/openssl/symhacks.h modes_lcl.h ofb128.c +xts128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +xts128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +xts128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +xts128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +xts128.o: ../../include/openssl/symhacks.h modes_lcl.h xts128.c diff --git a/lib/libcrypto/objects/o_names.c b/lib/libcrypto/objects/o_names.c index 84380a96a98..4a548c2ed49 100644 --- a/lib/libcrypto/objects/o_names.c +++ b/lib/libcrypto/objects/o_names.c @@ -73,7 +73,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), name_funcs_stack=sk_NAME_FUNCS_new_null(); MemCheck_on(); } - if ((name_funcs_stack == NULL)) + if (name_funcs_stack == NULL) { /* ERROR */ return(0); diff --git a/lib/libcrypto/ocsp/ocsp_vfy.c b/lib/libcrypto/ocsp/ocsp_vfy.c index 91a45c91330..276718304dd 100644 --- a/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/lib/libcrypto/ocsp/ocsp_vfy.c @@ -111,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); if(!init_res) { + ret = -1; OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); goto end; } diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h index 71be3590af4..ebe71807233 100644 --- a/lib/libcrypto/opensslv.h +++ b/lib/libcrypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000103fL +#define OPENSSL_VERSION_NUMBER 0x1000107fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libcrypto/pem/pem_all.c b/lib/libcrypto/pem/pem_all.c index 3e7a6093ad8..eac0460e3eb 100644 --- a/lib/libcrypto/pem/pem_all.c +++ b/lib/libcrypto/pem/pem_all.c @@ -193,7 +193,61 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, #endif +#ifdef OPENSSL_FIPS + +int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + if (FIPS_mode()) + { + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_RSA(k, x); + + ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; + } + else + return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey, + PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u); +} + +#ifndef OPENSSL_NO_FP_API +int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + if (FIPS_mode()) + { + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + + EVP_PKEY_set1_RSA(k, x); + + ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; + } + else + return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey, + PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u); +} +#endif + +#else + IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) + +#endif + IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) @@ -223,7 +277,59 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ } +#ifdef OPENSSL_FIPS + +int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + if (FIPS_mode()) + { + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_DSA(k, x); + + ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; + } + else + return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey, + PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u); +} + +#ifndef OPENSSL_NO_FP_API +int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + if (FIPS_mode()) + { + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_DSA(k, x); + ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; + } + else + return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey, + PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u); +} +#endif + +#else + IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) + +#endif + IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) #ifndef OPENSSL_NO_FP_API @@ -269,8 +375,63 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) + + +#ifdef OPENSSL_FIPS + +int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + if (FIPS_mode()) + { + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_EC_KEY(k, x); + + ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; + } + else + return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey, + PEM_STRING_ECPRIVATEKEY, + bp,x,enc,kstr,klen,cb,u); +} + +#ifndef OPENSSL_NO_FP_API +int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + if (FIPS_mode()) + { + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_EC_KEY(k, x); + ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; + } + else + return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey, + PEM_STRING_ECPRIVATEKEY, + fp,x,enc,kstr,klen,cb,u); +} +#endif + +#else + IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) +#endif + IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) #ifndef OPENSSL_NO_FP_API diff --git a/lib/libcrypto/pem/pem_info.c b/lib/libcrypto/pem/pem_info.c index 1b2be527edd..cc7f24a9c1c 100644 --- a/lib/libcrypto/pem/pem_info.c +++ b/lib/libcrypto/pem/pem_info.c @@ -167,6 +167,7 @@ start: #ifndef OPENSSL_NO_RSA if (strcmp(name,PEM_STRING_RSA) == 0) { + d2i=(D2I_OF(void))d2i_RSAPrivateKey; if (xi->x_pkey != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index cfc89a99215..5a421fc4b6a 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -394,7 +394,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, goto err; /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ - EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); + if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL)) + goto err; if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); @@ -406,12 +407,15 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, /* k=strlen(buf); */ EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv); - EVP_EncryptUpdate(&ctx,data,&j,data,i); - EVP_EncryptFinal_ex(&ctx,&(data[j]),&i); + ret = 1; + if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv) + || !EVP_EncryptUpdate(&ctx,data,&j,data,i) + || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i)) + ret = 0; EVP_CIPHER_CTX_cleanup(&ctx); + if (ret == 0) + goto err; i+=j; - ret=1; } else { @@ -459,14 +463,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, ebcdic2ascii(buf, buf, klen); #endif - EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), - (unsigned char *)buf,klen,1,key,NULL); + if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), + (unsigned char *)buf,klen,1,key,NULL)) + return 0; j=(int)len; EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); - EVP_DecryptUpdate(&ctx,data,&i,data,j); - o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); + o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); + if (o) + o = EVP_DecryptUpdate(&ctx,data,&i,data,j); + if (o) + o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); EVP_CIPHER_CTX_cleanup(&ctx); OPENSSL_cleanse((char *)buf,sizeof(buf)); OPENSSL_cleanse((char *)key,sizeof(key)); diff --git a/lib/libcrypto/pem/pem_seal.c b/lib/libcrypto/pem/pem_seal.c index 59690b56aee..b6b4e13498e 100644 --- a/lib/libcrypto/pem/pem_seal.c +++ b/lib/libcrypto/pem/pem_seal.c @@ -96,7 +96,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, EVP_EncodeInit(&ctx->encode); EVP_MD_CTX_init(&ctx->md); - EVP_SignInit(&ctx->md,md_type); + if (!EVP_SignInit(&ctx->md,md_type)) + goto err; EVP_CIPHER_CTX_init(&ctx->cipher); ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); @@ -163,7 +164,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, goto err; } - EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i); + if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i)) + goto err; EVP_EncodeUpdate(&ctx->encode,out,&j,s,i); *outl=j; out+=j; diff --git a/lib/libcrypto/perlasm/cbc.pl b/lib/libcrypto/perlasm/cbc.pl index 6fc2510905b..24561e759ab 100644 --- a/lib/libcrypto/perlasm/cbc.pl +++ b/lib/libcrypto/perlasm/cbc.pl @@ -150,7 +150,7 @@ sub cbc &set_label("PIC_point"); &blindpop("edx"); &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx")); - &mov($count,&DWP(0,"ecx",$count,4)) + &mov($count,&DWP(0,"ecx",$count,4)); &add($count,"edx"); &xor("ecx","ecx"); &xor("edx","edx"); diff --git a/lib/libcrypto/pkcs12/p12_crt.c b/lib/libcrypto/pkcs12/p12_crt.c index 96b131defa0..a34915d02d1 100644 --- a/lib/libcrypto/pkcs12/p12_crt.c +++ b/lib/libcrypto/pkcs12/p12_crt.c @@ -90,7 +90,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, /* Set defaults */ if (!nid_cert) + { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +#endif nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + } if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c index c55c7b60b34..61d58502fd1 100644 --- a/lib/libcrypto/pkcs12/p12_key.c +++ b/lib/libcrypto/pkcs12/p12_key.c @@ -176,24 +176,32 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, out += u; for (j = 0; j < v; j++) B[j] = Ai[j % u]; /* Work out B + 1 first then can use B as tmp space */ - if (!BN_bin2bn (B, v, Bpl1)) goto err; - if (!BN_add_word (Bpl1, 1)) goto err; + if (!BN_bin2bn (B, v, Bpl1)) + goto err; + if (!BN_add_word (Bpl1, 1)) + goto err; for (j = 0; j < Ilen ; j+=v) { - if (!BN_bin2bn (I + j, v, Ij)) goto err; - if (!BN_add (Ij, Ij, Bpl1)) goto err; - BN_bn2bin (Ij, B); + if (!BN_bin2bn(I + j, v, Ij)) + goto err; + if (!BN_add(Ij, Ij, Bpl1)) + goto err; + if (!BN_bn2bin(Ij, B)) + goto err; Ijlen = BN_num_bytes (Ij); /* If more than 2^(v*8) - 1 cut off MSB */ if (Ijlen > v) { - BN_bn2bin (Ij, B); + if (!BN_bn2bin (Ij, B)) + goto err; memcpy (I + j, B + 1, v); #ifndef PKCS12_BROKEN_KEYGEN /* If less than v bytes pad with zeroes */ } else if (Ijlen < v) { memset(I + j, 0, v - Ijlen); - BN_bn2bin(Ij, I + j + v - Ijlen); + if (!BN_bn2bin(Ij, I + j + v - Ijlen)) + goto err; #endif - } else BN_bn2bin (Ij, I + j); + } else if (!BN_bn2bin (Ij, I + j)) + goto err; } } diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c index fcdd3f2a845..aee1c30b0a9 100644 --- a/lib/libcrypto/rand/md_rand.c +++ b/lib/libcrypto/rand/md_rand.c @@ -123,10 +123,10 @@ #include "e_os.h" +#include <openssl/crypto.h> #include <openssl/rand.h> #include "rand_lcl.h" -#include <openssl/crypto.h> #include <openssl/err.h> #ifdef BN_DEBUG @@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add) EVP_MD_CTX m; int do_not_lock; + if (!num) + return; + /* * (Based on the rand(3) manpage) * @@ -380,8 +383,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) * are fed into the hash function and the results are kept in the * global 'md'. */ - - CRYPTO_w_lock(CRYPTO_LOCK_RAND); +#ifdef OPENSSL_FIPS + /* NB: in FIPS mode we are already under a lock */ + if (!FIPS_mode()) +#endif + CRYPTO_w_lock(CRYPTO_LOCK_RAND); /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); @@ -460,7 +466,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) /* before unlocking, we must clear 'crypto_lock_rand' */ crypto_lock_rand = 0; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); +#ifdef OPENSSL_FIPS + if (!FIPS_mode()) +#endif + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); while (num > 0) { @@ -512,10 +521,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) MD_Init(&m); MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); MD_Update(&m,local_md,MD_DIGEST_LENGTH); - CRYPTO_w_lock(CRYPTO_LOCK_RAND); +#ifdef OPENSSL_FIPS + if (!FIPS_mode()) +#endif + CRYPTO_w_lock(CRYPTO_LOCK_RAND); MD_Update(&m,md,MD_DIGEST_LENGTH); MD_Final(&m,md); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); +#ifdef OPENSSL_FIPS + if (!FIPS_mode()) +#endif + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); EVP_MD_CTX_cleanup(&m); if (ok) diff --git a/lib/libcrypto/rand/rand.h b/lib/libcrypto/rand/rand.h index dc8fcf94c5a..bb5520e80ac 100644 --- a/lib/libcrypto/rand/rand.h +++ b/lib/libcrypto/rand/rand.h @@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void); #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ +#define RAND_R_DUAL_EC_DRBG_DISABLED 104 #define RAND_R_ERROR_INITIALISING_DRBG 102 #define RAND_R_ERROR_INSTANTIATING_DRBG 103 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 diff --git a/lib/libcrypto/rand/rand_err.c b/lib/libcrypto/rand/rand_err.c index b8586c8f4a9..c4c80fc8cca 100644 --- a/lib/libcrypto/rand/rand_err.c +++ b/lib/libcrypto/rand/rand_err.c @@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { +{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"}, {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"}, {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"}, {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"}, diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c index daf1dab9739..5ac0e14caf0 100644 --- a/lib/libcrypto/rand/rand_lib.c +++ b/lib/libcrypto/rand/rand_lib.c @@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) { - OPENSSL_cleanse(out, olen); - OPENSSL_free(out); + if (out) + { + OPENSSL_cleanse(out, olen); + OPENSSL_free(out); + } } /* Set "additional input" when generating random data. This uses the @@ -266,6 +269,14 @@ int RAND_init_fips(void) DRBG_CTX *dctx; size_t plen; unsigned char pers[32], *p; +#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG + if (fips_drbg_type >> 16) + { + RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED); + return 0; + } +#endif + dctx = FIPS_get_default_drbg(); if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { diff --git a/lib/libcrypto/rand/rand_win.c b/lib/libcrypto/rand/rand_win.c index 5d134e186bb..34ffcd23f9a 100644 --- a/lib/libcrypto/rand/rand_win.c +++ b/lib/libcrypto/rand/rand_win.c @@ -750,7 +750,7 @@ static void readscreen(void) int y; /* y-coordinate of screen lines to grab */ int n = 16; /* number of screen lines to grab at a time */ - if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0) + if (check_winnt() && OPENSSL_isservice()>0) return; /* Create a screen DC and a memory DC compatible to screen DC */ diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c index 030e07f4182..7f1428072d2 100644 --- a/lib/libcrypto/rand/randfile.c +++ b/lib/libcrypto/rand/randfile.c @@ -57,7 +57,9 @@ */ /* We need to define this to get macros like S_IFBLK and S_IFCHR */ +#if !defined(OPENSSL_SYS_VXWORKS) #define _XOPEN_SOURCE 500 +#endif #include <errno.h> #include <stdio.h> diff --git a/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/lib/libcrypto/rc4/asm/rc4-x86_64.pl index d6eac205e98..75750dbf334 100755 --- a/lib/libcrypto/rc4/asm/rc4-x86_64.pl +++ b/lib/libcrypto/rc4/asm/rc4-x86_64.pl @@ -112,7 +112,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $dat="%rdi"; # arg1 $len="%rsi"; # arg2 diff --git a/lib/libcrypto/rc4/rc4test.c b/lib/libcrypto/rc4/rc4test.c index 633a79e7589..4312605ccbc 100644 --- a/lib/libcrypto/rc4/rc4test.c +++ b/lib/libcrypto/rc4/rc4test.c @@ -120,6 +120,12 @@ int main(int argc, char *argv[]) RC4_KEY key; unsigned char obuf[512]; +#if !defined(OPENSSL_PIC) + void OPENSSL_cpuid_setup(void); + + OPENSSL_cpuid_setup(); +#endif + for (i=0; i<6; i++) { RC4_set_key(&key,keys[i][0],&(keys[i][1])); diff --git a/lib/libcrypto/ripemd/rmd_dgst.c b/lib/libcrypto/ripemd/rmd_dgst.c index 9ff1a0705e4..d8e72da51bf 100644 --- a/lib/libcrypto/ripemd/rmd_dgst.c +++ b/lib/libcrypto/ripemd/rmd_dgst.c @@ -88,7 +88,7 @@ fips_md_init(RIPEMD160) void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num) { const unsigned char *data=p; - register volatile unsigned MD32_REG_T A,B,C,D,E; + register unsigned MD32_REG_T A,B,C,D,E; unsigned MD32_REG_T a,b,c,d,e,l; #ifndef MD32_XARRAY /* See comment in crypto/sha/sha_locl.h for details. */ @@ -105,21 +105,21 @@ void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num) A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; - HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; - RIP1(A,B,C,D,E,WL00,SL00); HOST_c2l(data,l); X( 2)=l; - RIP1(E,A,B,C,D,WL01,SL01); HOST_c2l(data,l); X( 3)=l; - RIP1(D,E,A,B,C,WL02,SL02); HOST_c2l(data,l); X( 4)=l; - RIP1(C,D,E,A,B,WL03,SL03); HOST_c2l(data,l); X( 5)=l; - RIP1(B,C,D,E,A,WL04,SL04); HOST_c2l(data,l); X( 6)=l; - RIP1(A,B,C,D,E,WL05,SL05); HOST_c2l(data,l); X( 7)=l; - RIP1(E,A,B,C,D,WL06,SL06); HOST_c2l(data,l); X( 8)=l; - RIP1(D,E,A,B,C,WL07,SL07); HOST_c2l(data,l); X( 9)=l; - RIP1(C,D,E,A,B,WL08,SL08); HOST_c2l(data,l); X(10)=l; - RIP1(B,C,D,E,A,WL09,SL09); HOST_c2l(data,l); X(11)=l; - RIP1(A,B,C,D,E,WL10,SL10); HOST_c2l(data,l); X(12)=l; - RIP1(E,A,B,C,D,WL11,SL11); HOST_c2l(data,l); X(13)=l; - RIP1(D,E,A,B,C,WL12,SL12); HOST_c2l(data,l); X(14)=l; - RIP1(C,D,E,A,B,WL13,SL13); HOST_c2l(data,l); X(15)=l; + (void)HOST_c2l(data,l); X( 0)=l;(void)HOST_c2l(data,l); X( 1)=l; + RIP1(A,B,C,D,E,WL00,SL00); (void)HOST_c2l(data,l); X( 2)=l; + RIP1(E,A,B,C,D,WL01,SL01); (void)HOST_c2l(data,l); X( 3)=l; + RIP1(D,E,A,B,C,WL02,SL02); (void)HOST_c2l(data,l); X( 4)=l; + RIP1(C,D,E,A,B,WL03,SL03); (void)HOST_c2l(data,l); X( 5)=l; + RIP1(B,C,D,E,A,WL04,SL04); (void)HOST_c2l(data,l); X( 6)=l; + RIP1(A,B,C,D,E,WL05,SL05); (void)HOST_c2l(data,l); X( 7)=l; + RIP1(E,A,B,C,D,WL06,SL06); (void)HOST_c2l(data,l); X( 8)=l; + RIP1(D,E,A,B,C,WL07,SL07); (void)HOST_c2l(data,l); X( 9)=l; + RIP1(C,D,E,A,B,WL08,SL08); (void)HOST_c2l(data,l); X(10)=l; + RIP1(B,C,D,E,A,WL09,SL09); (void)HOST_c2l(data,l); X(11)=l; + RIP1(A,B,C,D,E,WL10,SL10); (void)HOST_c2l(data,l); X(12)=l; + RIP1(E,A,B,C,D,WL11,SL11); (void)HOST_c2l(data,l); X(13)=l; + RIP1(D,E,A,B,C,WL12,SL12); (void)HOST_c2l(data,l); X(14)=l; + RIP1(C,D,E,A,B,WL13,SL13); (void)HOST_c2l(data,l); X(15)=l; RIP1(B,C,D,E,A,WL14,SL14); RIP1(A,B,C,D,E,WL15,SL15); diff --git a/lib/libcrypto/ripemd/rmd_locl.h b/lib/libcrypto/ripemd/rmd_locl.h index f14b346e662..2bd8957d143 100644 --- a/lib/libcrypto/ripemd/rmd_locl.h +++ b/lib/libcrypto/ripemd/rmd_locl.h @@ -88,11 +88,11 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); #define HASH_FINAL RIPEMD160_Final #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ - ll=(c)->A; HOST_l2c(ll,(s)); \ - ll=(c)->B; HOST_l2c(ll,(s)); \ - ll=(c)->C; HOST_l2c(ll,(s)); \ - ll=(c)->D; HOST_l2c(ll,(s)); \ - ll=(c)->E; HOST_l2c(ll,(s)); \ + ll=(c)->A; (void)HOST_l2c(ll,(s)); \ + ll=(c)->B; (void)HOST_l2c(ll,(s)); \ + ll=(c)->C; (void)HOST_l2c(ll,(s)); \ + ll=(c)->D; (void)HOST_l2c(ll,(s)); \ + ll=(c)->E; (void)HOST_l2c(ll,(s)); \ } while (0) #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order diff --git a/lib/libcrypto/rsa/rsa.h b/lib/libcrypto/rsa/rsa.h index 4814a2fc15e..5f269e577af 100644 --- a/lib/libcrypto/rsa/rsa.h +++ b/lib/libcrypto/rsa/rsa.h @@ -280,7 +280,7 @@ struct rsa_st RSA * RSA_new(void); RSA * RSA_new_method(ENGINE *engine); -int RSA_size(const RSA *); +int RSA_size(const RSA *rsa); /* Deprecated version */ #ifndef OPENSSL_NO_DEPRECATED diff --git a/lib/libcrypto/rsa/rsa_chk.c b/lib/libcrypto/rsa/rsa_chk.c index 9d848db8c6c..cc30e77132f 100644 --- a/lib/libcrypto/rsa/rsa_chk.c +++ b/lib/libcrypto/rsa/rsa_chk.c @@ -59,6 +59,12 @@ int RSA_check_key(const RSA *key) BN_CTX *ctx; int r; int ret=1; + + if (!key->p || !key->q || !key->n || !key->e || !key->d) + { + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING); + return 0; + } i = BN_new(); j = BN_new(); diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c index 2e1ddd48d35..88ee2cb557f 100644 --- a/lib/libcrypto/rsa/rsa_eay.c +++ b/lib/libcrypto/rsa/rsa_eay.c @@ -847,12 +847,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; /* If p < q it is occasionally possible for the correction of - * adding 'p' if r0 is negative above to leave the result still + * adding 'p' if r0 is negative above to leave the result still * negative. This can break the private key operations: the following * second correction should *always* correct this rare occurrence. * This will *never* happen with OpenSSL generated keys because - * they ensure p > q [steve] - */ + * they ensure p > q [steve] + */ if (BN_is_negative(r0)) if (!BN_add(r0,r0,rsa->p)) goto err; if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; diff --git a/lib/libcrypto/rsa/rsa_oaep.c b/lib/libcrypto/rsa/rsa_oaep.c index e08ac151ffe..af4d24a56ef 100644 --- a/lib/libcrypto/rsa/rsa_oaep.c +++ b/lib/libcrypto/rsa/rsa_oaep.c @@ -149,7 +149,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL)) return -1; - if (timingsafe_bcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) goto decoding_err; else { diff --git a/lib/libcrypto/sha/Makefile b/lib/libcrypto/sha/Makefile index 0426786aa0e..6d191d3936e 100644 --- a/lib/libcrypto/sha/Makefile +++ b/lib/libcrypto/sha/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/sha/Makefile +# OpenSSL/crypto/sha/Makefile # DIR= sha @@ -8,11 +8,6 @@ CC= cc CPP= $(CC) -E INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -20,14 +15,15 @@ SHA1_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile -TEST=shatest.c sha1test.c +TEST=shatest.c sha1test.c sha256t.c sha512t.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c -LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ) +LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c +LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ) SRC= $(LIBSRC) @@ -46,23 +42,54 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# elf -asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s) - -# a.out -asm/sx86-out.o: asm/sx86unix.cpp - $(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o - -# bsdi -asm/sx86bsdi.o: asm/sx86unix.cpp - $(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o - -asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp) - -asm/sha1-ia64.s: asm/sha1-ia64.pl - (cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ) > $@ +sha1-586.s: asm/sha1-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha256-586.s: asm/sha256-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha512-586.s: asm/sha512-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ + +sha1-ia64.s: asm/sha1-ia64.pl + (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS)) +sha256-ia64.s: asm/sha512-ia64.pl + (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS)) +sha512-ia64.s: asm/sha512-ia64.pl + (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS)) + +sha256-armv4.S: asm/sha256-armv4.pl + $(PERL) $< $(PERLASM_SCHEME) $@ + +sha1-alpha.s: asm/sha1-alpha.pl + $(PERL) $< | $(CC) -E - | tee $@ > /dev/null + +# Solaris make has to be explicitly told +sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@ +sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha1-sparcv9.s: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS) +sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) +sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) + +sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@ +sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ +sha512-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ + +sha1-parisc.s: asm/sha1-parisc.pl; $(PERL) asm/sha1-parisc.pl $(PERLASM_SCHEME) $@ +sha256-parisc.s:asm/sha512-parisc.pl; $(PERL) asm/sha512-parisc.pl $(PERLASM_SCHEME) $@ +sha512-parisc.s:asm/sha512-parisc.pl; $(PERL) asm/sha512-parisc.pl $(PERLASM_SCHEME) $@ + +sha1-mips.S: asm/sha1-mips.pl; $(PERL) asm/sha1-mips.pl $(PERLASM_SCHEME) $@ +sha256-mips.S: asm/sha512-mips.pl; $(PERL) asm/sha512-mips.pl $(PERLASM_SCHEME) $@ +sha512-mips.S: asm/sha512-mips.pl; $(PERL) asm/sha512-mips.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +sha1-%.S: asm/sha1-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ +sha256-%.S: asm/sha512-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ +sha512-%.S: asm/sha512-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ + +sha1-armv4-large.o: sha1-armv4-large.S +sha256-armv4.o: sha256-armv4.S +sha512-armv4.o: sha512-armv4.S files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -73,6 +100,7 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ @@ -88,6 +116,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -95,33 +124,43 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha1_one.o: ../../include/openssl/opensslconf.h -sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c -sha1dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha1dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha1_one.o: sha1_one.c +sha1dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha1dgst.o: ../../include/openssl/opensslconf.h -sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -sha1dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha1dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha1dgst.c -sha1dgst.o: sha_locl.h -sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha1dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h +sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c +sha512.o: ../../e_os.h ../../include/openssl/bio.h +sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../cryptlib.h sha512.c +sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha_dgst.o: ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -sha_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha_dgst.c -sha_dgst.o: sha_locl.h +sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha_one.o: sha_one.c +sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha_one.o: ../../include/openssl/symhacks.h sha_one.c diff --git a/lib/libcrypto/sha/sha1_one.c b/lib/libcrypto/sha/sha1_one.c index 7c65b60276c..c56ec94020e 100644 --- a/lib/libcrypto/sha/sha1_one.c +++ b/lib/libcrypto/sha/sha1_one.c @@ -58,8 +58,8 @@ #include <stdio.h> #include <string.h> -#include <openssl/sha.h> #include <openssl/crypto.h> +#include <openssl/sha.h> #ifndef OPENSSL_NO_SHA1 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) diff --git a/lib/libcrypto/sha/sha1dgst.c b/lib/libcrypto/sha/sha1dgst.c index 81219af0883..a98690225fd 100644 --- a/lib/libcrypto/sha/sha1dgst.c +++ b/lib/libcrypto/sha/sha1dgst.c @@ -56,8 +56,8 @@ * [including the GNU Public Licence.] */ -#include <openssl/opensslconf.h> #include <openssl/crypto.h> +#include <openssl/opensslconf.h> #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) #undef SHA_0 diff --git a/lib/libcrypto/sha/sha_dgst.c b/lib/libcrypto/sha/sha_dgst.c index c946ad827d5..fb63b17ff2c 100644 --- a/lib/libcrypto/sha/sha_dgst.c +++ b/lib/libcrypto/sha/sha_dgst.c @@ -56,8 +56,8 @@ * [including the GNU Public Licence.] */ -#include <openssl/opensslconf.h> #include <openssl/crypto.h> +#include <openssl/opensslconf.h> #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 diff --git a/lib/libcrypto/sha/sha_locl.h b/lib/libcrypto/sha/sha_locl.h index 7a0c3ca8d8c..d673255f78b 100644 --- a/lib/libcrypto/sha/sha_locl.h +++ b/lib/libcrypto/sha/sha_locl.h @@ -69,11 +69,11 @@ #define HASH_CBLOCK SHA_CBLOCK #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ - ll=(c)->h0; HOST_l2c(ll,(s)); \ - ll=(c)->h1; HOST_l2c(ll,(s)); \ - ll=(c)->h2; HOST_l2c(ll,(s)); \ - ll=(c)->h3; HOST_l2c(ll,(s)); \ - ll=(c)->h4; HOST_l2c(ll,(s)); \ + ll=(c)->h0; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h1; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h2; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h3; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ } while (0) #if defined(SHA_0) @@ -256,21 +256,21 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) } else { - HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; - BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; - BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; - BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; - BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; - BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; - BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; - BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; - BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; - BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; - BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; - BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; - BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; - BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; - BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; + (void)HOST_c2l(data,l); X( 0)=l; (void)HOST_c2l(data,l); X( 1)=l; + BODY_00_15( 0,A,B,C,D,E,T,X( 0)); (void)HOST_c2l(data,l); X( 2)=l; + BODY_00_15( 1,T,A,B,C,D,E,X( 1)); (void)HOST_c2l(data,l); X( 3)=l; + BODY_00_15( 2,E,T,A,B,C,D,X( 2)); (void)HOST_c2l(data,l); X( 4)=l; + BODY_00_15( 3,D,E,T,A,B,C,X( 3)); (void)HOST_c2l(data,l); X( 5)=l; + BODY_00_15( 4,C,D,E,T,A,B,X( 4)); (void)HOST_c2l(data,l); X( 6)=l; + BODY_00_15( 5,B,C,D,E,T,A,X( 5)); (void)HOST_c2l(data,l); X( 7)=l; + BODY_00_15( 6,A,B,C,D,E,T,X( 6)); (void)HOST_c2l(data,l); X( 8)=l; + BODY_00_15( 7,T,A,B,C,D,E,X( 7)); (void)HOST_c2l(data,l); X( 9)=l; + BODY_00_15( 8,E,T,A,B,C,D,X( 8)); (void)HOST_c2l(data,l); X(10)=l; + BODY_00_15( 9,D,E,T,A,B,C,X( 9)); (void)HOST_c2l(data,l); X(11)=l; + BODY_00_15(10,C,D,E,T,A,B,X(10)); (void)HOST_c2l(data,l); X(12)=l; + BODY_00_15(11,B,C,D,E,T,A,X(11)); (void)HOST_c2l(data,l); X(13)=l; + BODY_00_15(12,A,B,C,D,E,T,X(12)); (void)HOST_c2l(data,l); X(14)=l; + BODY_00_15(13,T,A,B,C,D,E,X(13)); (void)HOST_c2l(data,l); X(15)=l; BODY_00_15(14,E,T,A,B,C,D,X(14)); BODY_00_15(15,D,E,T,A,B,C,X(15)); } diff --git a/lib/libcrypto/symhacks.h b/lib/libcrypto/symhacks.h index 403f592dcd6..bd2f000d597 100644 --- a/lib/libcrypto/symhacks.h +++ b/lib/libcrypto/symhacks.h @@ -193,17 +193,23 @@ #undef SSL_CTX_set_srp_username_callback #define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb #undef ssl_add_clienthello_use_srtp_ext -#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext +#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext #undef ssl_add_serverhello_use_srtp_ext -#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext +#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext #undef ssl_parse_clienthello_use_srtp_ext -#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext +#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext #undef ssl_parse_serverhello_use_srtp_ext -#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext +#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext #undef SSL_CTX_set_next_protos_advertised_cb -#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb +#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb #undef SSL_CTX_set_next_proto_select_cb -#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb +#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb +#undef ssl3_cbc_record_digest_supported +#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support +#undef ssl_check_clienthello_tlsext_late +#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late +#undef ssl_check_clienthello_tlsext_early +#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt @@ -316,8 +322,6 @@ #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf #undef ec_GFp_simple_points_make_affine #define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine -#undef ec_GFp_simple_group_get_curve_GFp -#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp #undef ec_GFp_simple_set_Jprojective_coordinates_GFp #define ec_GFp_simple_set_Jprojective_coordinates_GFp \ ec_GFp_smp_set_Jproj_coords_GFp diff --git a/lib/libcrypto/threads/pthreads-vms.com b/lib/libcrypto/threads/pthreads-vms.com deleted file mode 100644 index 1cf92bdf576..00000000000 --- a/lib/libcrypto/threads/pthreads-vms.com +++ /dev/null @@ -1,14 +0,0 @@ -$! To compile mttest on VMS. -$! -$! WARNING: only tested with DEC C so far. -$ -$ if (f$getsyi("cpu").lt.128) -$ then -$ arch := VAX -$ else -$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if (arch .eqs. "") then arch = "UNK" -$ endif -$ define/user openssl [--.include.openssl] -$ cc/def=PTHREADS mttest.c -$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib diff --git a/lib/libcrypto/ui/ui_openssl.c b/lib/libcrypto/ui/ui_openssl.c index e319faa47b8..a38c7581e6a 100644 --- a/lib/libcrypto/ui/ui_openssl.c +++ b/lib/libcrypto/ui/ui_openssl.c @@ -122,9 +122,15 @@ * sigaction and fileno included. -pedantic would be more appropriate for * the intended purposes, but we can't prevent users from adding -ansi. */ +#if defined(OPENSSL_SYSNAME_VXWORKS) +#include <sys/types.h> +#endif + #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) +#ifndef _POSIX_C_SOURCE #define _POSIX_C_SOURCE 2 #endif +#endif #include <signal.h> #include <stdio.h> #include <string.h> @@ -398,8 +404,8 @@ static int read_till_nl(FILE *in) char buf[SIZE+1]; do { - if (fgets(buf,sizeof(buf),in) == NULL) - break; + if (!fgets(buf,SIZE,in)) + return 0; } while (strchr(buf,'\n') == NULL); return 1; } diff --git a/lib/libcrypto/util/deltree.com b/lib/libcrypto/util/deltree.com deleted file mode 100644 index 9f36b1a5e9d..00000000000 --- a/lib/libcrypto/util/deltree.com +++ /dev/null @@ -1,34 +0,0 @@ -$! DELTREE.COM -$ -$ call deltree 'p1' -$ exit $status -$ -$ deltree: subroutine ! P1 is a name of a directory -$ on control_y then goto dt_STOP -$ on warning then goto dt_exit -$ _dt_def = f$trnlnm("SYS$DISK")+f$directory() -$ if f$parse(p1) .eqs. "" then exit -$ set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")' -$ p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE") -$ _fp = f$parse(".DIR",p1) -$ dt_loop: -$ _f = f$search(_fp) -$ if _f .eqs. "" then goto dt_loopend -$ call deltree [.'f$parse(_f,,,"NAME")']*.* -$ goto dt_loop -$ dt_loopend: -$ _fp = f$parse(p1,".;*") -$ if f$search(_fp) .eqs. "" then goto dt_exit -$ set noon -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp' -$ set on -$ delete/nolog '_fp' -$ dt_exit: -$ set default '_dt_def' -$ goto dt_end -$ dt_STOP: -$ set default '_dt_def' -$ stop/id="" -$ exit -$ dt_end: -$ endsubroutine diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num index 93f80ba0c64..aa86b2b8b1b 100644 --- a/lib/libcrypto/util/libeay.num +++ b/lib/libcrypto/util/libeay.num @@ -3510,6 +3510,8 @@ BIO_get_callback_arg 3902 EXIST::FUNCTION: BIO_set_callback 3903 EXIST::FUNCTION: d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 +CRYPTO_memcmp 3906 EXIST::FUNCTION: +BN_consttime_swap 3907 EXIST::FUNCTION: SEED_decrypt 3908 EXIST::FUNCTION:SEED SEED_encrypt 3909 EXIST::FUNCTION:SEED SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED @@ -3687,7 +3689,7 @@ FIPS_dh_new 4073 NOEXIST::FUNCTION: FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION: FIPS_dh_free 4075 NOEXIST::FUNCTION: fips_pkey_signature_test 4076 NOEXIST::FUNCTION: -EVP_add_alg_module 4077 NOEXIST::FUNCTION: +EVP_add_alg_module 4077 EXIST::FUNCTION: int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION: int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION: int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION: diff --git a/lib/libcrypto/util/mk1mf.pl b/lib/libcrypto/util/mk1mf.pl index 458f830401e..72fa089f6b9 100644 --- a/lib/libcrypto/util/mk1mf.pl +++ b/lib/libcrypto/util/mk1mf.pl @@ -1222,7 +1222,7 @@ sub read_options } } } - elsif (/^([^=]*)=(.*)$/ && !/^-D/){ $VARS{$1}=$2; } + elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } elsif (/^-[lL].*$/) { $l_flags.="$_ "; } elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) { $c_flags.="$_ "; } diff --git a/lib/libcrypto/util/pl/BC-32.pl b/lib/libcrypto/util/pl/BC-32.pl index 1f1e13fb406..b41bb45e820 100644 --- a/lib/libcrypto/util/pl/BC-32.pl +++ b/lib/libcrypto/util/pl/BC-32.pl @@ -18,7 +18,7 @@ $out_def="out32"; $tmp_def="tmp32"; $inc_def="inc32"; #enable max error messages, disable most common warnings -$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp "; +$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -D_timeb=timeb -D_ftime=ftime "; if ($debug) { $cflags.="-Od -y -v -vi- -D_DEBUG"; @@ -38,7 +38,7 @@ $efile=""; $exep='.exe'; if ($no_sock) { $ex_libs=""; } -else { $ex_libs="cw32mt.lib import32.lib"; } +else { $ex_libs="cw32mt.lib import32.lib crypt32.lib ws2_32.lib"; } # static library stuff $mklib='tlib /P64'; @@ -51,8 +51,8 @@ $lfile=''; $shlib_ex_obj=""; $app_ex_obj="c0x32.obj"; -$asm='nasmw -f obj -d__omf__'; -$asm.=" /Zi" if $debug; +$asm=(`nasm -v 2>NUL` ge `nasmw -v 2>NUL`?"nasm":"nasmw")." -f obj -d__omf__"; +$asm.=" -g" if $debug; $afile='-o'; $bn_mulw_obj=''; diff --git a/lib/libcrypto/util/pl/VC-32.pl b/lib/libcrypto/util/pl/VC-32.pl index c503bd52b9f..3705fc73b70 100644 --- a/lib/libcrypto/util/pl/VC-32.pl +++ b/lib/libcrypto/util/pl/VC-32.pl @@ -27,6 +27,8 @@ $zlib_lib="zlib1.lib"; $l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g; $l_flags =~ s/-L(\S+)/\/libpath:$1/g; +my $ff = ""; + # C compiler stuff $cc='cl'; if ($FLAVOR =~ /WIN64/) @@ -118,7 +120,7 @@ elsif ($FLAVOR =~ /CE/) $base_cflags.=' -I$(WCECOMPAT)/include' if (defined($ENV{'WCECOMPAT'})); $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'})); $opt_cflags=' /MC /O1i'; # optimize for space, but with intrinsics... - $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG'; + $dbg_cflags=' /MC /Od -DDEBUG -D_DEBUG'; $lflags="/nologo /opt:ref $wcelflag"; } else # Win32 @@ -126,6 +128,7 @@ else # Win32 $base_cflags= " $mf_cflag"; my $f = $shlib || $fips ?' /MD':' /MT'; $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib + $ff = "/fixed"; $opt_cflags=$f.' /Ox /O2 /Ob2'; $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; $lflags="/nologo /subsystem:console /opt:ref"; @@ -318,7 +321,7 @@ sub do_lib_rule $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; $ret.="\tSET FIPS_TARGET=$target\n"; $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; - $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target "; + $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $ff /map $base_arg $efile$target "; $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) "; $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n"; } @@ -355,7 +358,7 @@ sub do_link_rule $ret.="\tSET FIPS_TARGET=$target\n"; $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; - $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n"; + $ret.="\t\$(FIPSLINK) \$(LFLAGS) $ff /map $efile$target @<<\n"; $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n"; } else diff --git a/lib/libcrypto/x509/by_dir.c b/lib/libcrypto/x509/by_dir.c index 27ca5150c19..c6602dae4f5 100644 --- a/lib/libcrypto/x509/by_dir.c +++ b/lib/libcrypto/x509/by_dir.c @@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) s=dir; p=s; - for (;;p++) + do { if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { @@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) return 0; } } - if (*p == '\0') - break; - } + } while (*p++ != '\0'); return 1; } diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c index 7c2aaee2e9a..352aa374343 100644 --- a/lib/libcrypto/x509/x509_cmp.c +++ b/lib/libcrypto/x509/x509_cmp.c @@ -86,10 +86,9 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) EVP_MD_CTX_init(&ctx); f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); - ret=strlen(f); if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) goto err; - if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret)) + if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f))) goto err; OPENSSL_free(f); if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, @@ -249,14 +248,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x) i2d_X509_NAME(x,NULL); EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); - EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); - EVP_DigestFinal_ex(&md_ctx,md,NULL); + if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) + && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) + && EVP_DigestFinal_ex(&md_ctx,md,NULL)) + ret=(((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| + ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) + )&0xffffffffL; EVP_MD_CTX_cleanup(&md_ctx); - ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| - ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) - )&0xffffffffL; return(ret); } #endif diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index b0779db0231..920066aeba3 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -694,6 +694,7 @@ static int check_cert(X509_STORE_CTX *ctx) X509_CRL *crl = NULL, *dcrl = NULL; X509 *x; int ok, cnum; + unsigned int last_reasons; cnum = ctx->error_depth; x = sk_X509_value(ctx->chain, cnum); ctx->current_cert = x; @@ -702,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx) ctx->current_reasons = 0; while (ctx->current_reasons != CRLDP_ALL_REASONS) { + last_reasons = ctx->current_reasons; /* Try to retrieve relevant CRL */ if (ctx->get_crl) ok = ctx->get_crl(ctx, &crl, x); @@ -745,6 +747,15 @@ static int check_cert(X509_STORE_CTX *ctx) X509_CRL_free(dcrl); crl = NULL; dcrl = NULL; + /* If reasons not updated we wont get anywhere by + * another iteration, so exit loop. + */ + if (last_reasons == ctx->current_reasons) + { + ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; + ok = ctx->verify_cb(0, ctx); + goto err; + } } err: X509_CRL_free(crl); @@ -872,7 +883,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) { ASN1_OCTET_STRING *exta, *extb; int i; - i = X509_CRL_get_ext_by_NID(a, nid, 0); + i = X509_CRL_get_ext_by_NID(a, nid, -1); if (i >= 0) { /* Can't have multiple occurrences */ @@ -883,7 +894,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) else exta = NULL; - i = X509_CRL_get_ext_by_NID(b, nid, 0); + i = X509_CRL_get_ext_by_NID(b, nid, -1); if (i >= 0) { @@ -1451,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) * a certificate was revoked. This has since been changed since * critical extension can change the meaning of CRL entries. */ - if (crl->flags & EXFLAG_CRITICAL) + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) + && (crl->flags & EXFLAG_CRITICAL)) { - if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) - return 1; ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; ok = ctx->verify_cb(0, ctx); if(!ok) diff --git a/lib/libcrypto/x509/x_all.c b/lib/libcrypto/x509/x_all.c index b94aeeb873f..e06602d65ab 100644 --- a/lib/libcrypto/x509/x_all.c +++ b/lib/libcrypto/x509/x_all.c @@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) { + x->cert_info->enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, x->sig_alg, x->signature, x->cert_info, ctx); @@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) { + x->crl->enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx); } diff --git a/lib/libcrypto/x509v3/v3_purp.c b/lib/libcrypto/x509v3/v3_purp.c index 181bd34979b..ad688657e01 100644 --- a/lib/libcrypto/x509v3/v3_purp.c +++ b/lib/libcrypto/x509v3/v3_purp.c @@ -474,11 +474,11 @@ static void x509v3_cache_extensions(X509 *x) for (i = 0; i < X509_get_ext_count(x); i++) { ex = X509_get_ext(x, i); - if (!X509_EXTENSION_get_critical(ex)) - continue; if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_freshest_crl) x->ex_flags |= EXFLAG_FRESHEST; + if (!X509_EXTENSION_get_critical(ex)) + continue; if (!X509_supported_extension(ex)) { x->ex_flags |= EXFLAG_CRITICAL; diff --git a/lib/libcrypto/x86_64cpuid.pl b/lib/libcrypto/x86_64cpuid.pl index 7b7b93b2232..6ebfd017ea5 100644 --- a/lib/libcrypto/x86_64cpuid.pl +++ b/lib/libcrypto/x86_64cpuid.pl @@ -11,7 +11,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; ($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order ("%rdi","%rsi","%rdx","%rcx"); # Unix order diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index e4b718efa76..2e8cf681ed0 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -220,7 +220,6 @@ dtls1_hm_fragment_free(hm_fragment *frag) EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); } - if (frag->fragment) OPENSSL_free(frag->fragment); if (frag->reassembly) OPENSSL_free(frag->reassembly); OPENSSL_free(frag); @@ -320,9 +319,10 @@ int dtls1_do_write(SSL *s, int type) s->init_off -= DTLS1_HM_HEADER_LENGTH; s->init_num += DTLS1_HM_HEADER_LENGTH; - /* write atleast DTLS1_HM_HEADER_LENGTH bytes */ - if ( len <= DTLS1_HM_HEADER_LENGTH) - len += DTLS1_HM_HEADER_LENGTH; + if ( s->init_num > curr_mtu) + len = curr_mtu; + else + len = s->init_num; } dtls1_fix_message_header(s, frag_off, diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index a6ed09c51dd..48e5e06bdeb 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -538,13 +538,6 @@ int dtls1_connect(SSL *s) SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_SCTP - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); -#endif - s->state=SSL3_ST_CW_FINISHED_A; s->init_num=0; @@ -571,6 +564,16 @@ int dtls1_connect(SSL *s) goto end; } +#ifndef OPENSSL_NO_SCTP + if (s->hit) + { + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); + } +#endif + dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); break; @@ -613,6 +616,13 @@ int dtls1_connect(SSL *s) } else { +#ifndef OPENSSL_NO_SCTP + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); +#endif + #ifndef OPENSSL_NO_TLSEXT /* Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) @@ -773,7 +783,7 @@ int dtls1_client_hello(SSL *s) unsigned char *buf; unsigned char *p,*d; unsigned int i,j; - unsigned long Time,l; + unsigned long l; SSL_COMP *comp; buf=(unsigned char *)s->init_buf->data; @@ -798,13 +808,11 @@ int dtls1_client_hello(SSL *s) /* if client_random is initialized, reuse it, we are * required to use same upon reply to HelloVerify */ - for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ; + for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) + ; if (i==sizeof(s->s3->client_random)) - { - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4); - } + ssl_fill_hello_random(s, 0, p, + sizeof(s->s3->client_random)); /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index cfe45245534..8186462d4a6 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -455,7 +455,7 @@ printf("\n"); orig_len < mac_size+1)) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); + SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; } @@ -480,7 +480,7 @@ printf("\n"); } i=s->method->ssl3_enc->mac(s,md,0 /* not send */); - if (i < 0 || mac == NULL || timingsafe_bcmp(md, mac, (size_t)mac_size) != 0) + if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) enc_err = -1; @@ -847,6 +847,12 @@ start: } } + if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) + { + rr->length = 0; + goto start; + } + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1051,6 +1057,7 @@ start: !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !s->s3->renegotiate) { + s->d1->handshake_read_seq++; s->new_session = 1; ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 29421da9aac..9975e20873c 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -276,10 +276,11 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; + dtls1_clear_record_buffer(s); dtls1_start_timer(s); ret=dtls1_send_hello_request(s); if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; + s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; s->state=SSL3_ST_SW_FLUSH; s->init_num=0; @@ -721,10 +722,13 @@ int dtls1_accept(SSL *s) if (ret <= 0) goto end; #ifndef OPENSSL_NO_SCTP - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); + if (!s->hit) + { + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); + } #endif s->state=SSL3_ST_SW_FINISHED_A; @@ -749,7 +753,16 @@ int dtls1_accept(SSL *s) if (ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; if (s->hit) + { s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + +#ifndef OPENSSL_NO_SCTP + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); +#endif + } else { s->s3->tmp.next_state=SSL_ST_OK; @@ -912,15 +925,13 @@ int dtls1_send_server_hello(SSL *s) unsigned char *p,*d; int i; unsigned int sl; - unsigned long l,Time; + unsigned long l; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf=(unsigned char *)s->init_buf->data; p=s->s3->server_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); + ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE); /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); diff --git a/lib/libssl/dtls1.h b/lib/libssl/dtls1.h index 5008bf60817..e65d5011915 100644 --- a/lib/libssl/dtls1.h +++ b/lib/libssl/dtls1.h @@ -57,8 +57,8 @@ * */ -#ifndef HEADER_DTLS1_H -#define HEADER_DTLS1_H +#ifndef HEADER_DTLS1_H +#define HEADER_DTLS1_H #include <openssl/buffer.h> #include <openssl/pqueue.h> @@ -72,8 +72,12 @@ #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) #include <sys/timeval.h> #else +#if defined(OPENSSL_SYS_VXWORKS) +#include <sys/times.h> +#else #include <sys/time.h> #endif +#endif #ifdef __cplusplus extern "C" { diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c index 47673e740ab..2b93c639dd2 100644 --- a/lib/libssl/s23_clnt.c +++ b/lib/libssl/s23_clnt.c @@ -269,12 +269,35 @@ static int ssl23_no_ssl2_ciphers(SSL *s) return 1; } +/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 + * on failure, 1 on success. */ +int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) + { + int send_time = 0; + + if (len < 4) + return 0; + if (server) + send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; + else + send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; + if (send_time) + { + unsigned long Time = (unsigned long)time(NULL); + unsigned char *p = result; + l2n(Time, p); + return RAND_pseudo_bytes(p, len-4); + } + else + return RAND_pseudo_bytes(result, len); + } + static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; int i,ch_len; - unsigned long Time,l; + unsigned long l; int ssl2_compat; int version = 0, version_major, version_minor; #ifndef OPENSSL_NO_COMP @@ -355,9 +378,7 @@ static int ssl23_client_hello(SSL *s) #endif p=s->s3->client_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) + if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) return -1; if (version == TLS1_2_VERSION) diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index ed0fcfc5326..53b9390fdd3 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -206,10 +206,10 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) #ifndef OPENSSL_NO_NEXTPROTONEG /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ -static void ssl3_take_mac(SSL *s) { +static void ssl3_take_mac(SSL *s) + { const char *sender; int slen; - /* If no new cipher setup return immediately: other functions will * set the appropriate error. */ @@ -228,7 +228,7 @@ static void ssl3_take_mac(SSL *s) { s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender,slen,s->s3->tmp.peer_finish_md); -} + } #endif int ssl3_get_finished(SSL *s, int a, int b) @@ -238,8 +238,9 @@ int ssl3_get_finished(SSL *s, int a, int b) unsigned char *p; #ifdef OPENSSL_NO_NEXTPROTONEG - /* the mac has already been generated when we received the change - * cipher spec message and is in s->s3->tmp.peer_finish_md. */ + /* the mac has already been generated when we received the + * change cipher spec message and is in s->s3->tmp.peer_finish_md. + */ #endif n=s->method->ssl_get_message(s, @@ -270,7 +271,7 @@ int ssl3_get_finished(SSL *s, int a, int b) goto f_err; } - if (timingsafe_bcmp(p, s->s3->tmp.peer_finish_md, i) != 0) + if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); @@ -544,12 +545,14 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) s->init_num += i; n -= i; } + #ifndef OPENSSL_NO_NEXTPROTONEG /* If receiving Finished, record MAC of prior handshake messages for * Finished verification. */ if (*s->init_buf->data == SSL3_MT_FINISHED) ssl3_take_mac(s); #endif + /* Feed this message into MAC computation. */ ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); if (s->msg_callback) diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index b80d052e1f5..a6b3c01afa1 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -459,7 +459,6 @@ int ssl3_connect(SSL *s) SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; - #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) s->state=SSL3_ST_CW_FINISHED_A; #else @@ -656,7 +655,7 @@ int ssl3_client_hello(SSL *s) unsigned char *buf; unsigned char *p,*d; int i; - unsigned long Time,l; + unsigned long l; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; @@ -681,9 +680,8 @@ int ssl3_client_hello(SSL *s) /* else use the pre-loaded session */ p=s->s3->client_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) + + if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) goto err; /* Do the message type and length last */ @@ -987,7 +985,10 @@ int ssl3_get_server_hello(SSL *s) * client authentication. */ if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) + { + al = SSL_AD_INTERNAL_ERROR; goto f_err; + } /* lets get the compression algorithm */ /* COMPRESSION */ #ifdef OPENSSL_NO_COMP diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index b73b5ac87fc..c4ef2738d7b 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1125,7 +1125,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 0, /* not implemented (non-ephemeral DH) */ TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, TLS1_CK_DH_DSS_WITH_AES_128_SHA256, - SSL_kDHr, + SSL_kDHd, SSL_aDH, SSL_AES128, SSL_SHA256, @@ -1407,7 +1407,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 0, /* not implemented (non-ephemeral DH) */ TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, TLS1_CK_DH_DSS_WITH_AES_256_SHA256, - SSL_kDHr, + SSL_kDHd, SSL_aDH, SSL_AES256, SSL_SHA256, @@ -1683,7 +1683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AES128, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, @@ -1715,7 +1715,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AES256, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, @@ -1958,7 +1958,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 0, TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, - SSL_kDHr, + SSL_kDHd, SSL_aDH, SSL_AES128GCM, SSL_AEAD, @@ -1974,7 +1974,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 0, TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, - SSL_kDHr, + SSL_kDHd, SSL_aDH, SSL_AES256GCM, SSL_AEAD, @@ -2669,7 +2669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, - SSL_kECDHe, + SSL_kECDHr, SSL_aECDH, SSL_AES128, SSL_SHA256, @@ -2685,7 +2685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, - SSL_kECDHe, + SSL_kECDHr, SSL_aECDH, SSL_AES256, SSL_SHA384, @@ -2799,7 +2799,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHe, + SSL_kECDHr, SSL_aECDH, SSL_AES128GCM, SSL_AEAD, @@ -2815,7 +2815,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHe, + SSL_kECDHr, SSL_aECDH, SSL_AES256GCM, SSL_AEAD, @@ -3037,6 +3037,11 @@ void ssl3_clear(SSL *s) s->s3->tmp.ecdh = NULL; } #endif +#ifndef OPENSSL_NO_TLSEXT +#ifndef OPENSSL_NO_EC + s->s3->is_probably_safari = 0; +#endif /* !OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_TLSEXT */ rp = s->s3->rbuf.buf; wp = s->s3->wbuf.buf; @@ -4016,6 +4021,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ii=sk_SSL_CIPHER_find(allow,c); if (ii >= 0) { +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) + if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) + { + if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); + continue; + } +#endif ret=sk_SSL_CIPHER_value(allow,ii); break; } diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index 722ed9a858f..96ba63262e4 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - if ((s->version & 0xFF00) == (version & 0xFF00)) + if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) /* Send back error using their minor version number :-) */ s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; @@ -407,7 +407,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); if (enc_err == 0) { al=SSL_AD_DECRYPTION_FAILED; - SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); goto f_err; } @@ -467,7 +467,7 @@ printf("\n"); } i=s->method->ssl3_enc->mac(s,md,0 /* not send */); - if (i < 0 || mac == NULL || timingsafe_bcmp(md, mac, (size_t)mac_size) != 0) + if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) enc_err = -1; @@ -748,6 +748,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * bytes and record version number > TLS 1.0 */ if (s->state == SSL3_ST_CW_CLNT_HELLO_B + && !s->renegotiate && TLS1_get_version(s) > TLS1_VERSION) *(p++) = 0x1; else @@ -1054,7 +1055,7 @@ start: { s->rstate=SSL_ST_READ_HEADER; rr->off=0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) + if (s->mode & SSL_MODE_RELEASE_BUFFERS) ssl3_release_read_buffer(s); } } @@ -1242,7 +1243,7 @@ start: goto f_err; } #ifdef SSL_AD_MISSING_SRP_USERNAME - if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) + else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) return(0); #endif } diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 118939fabb1..9ac19c05f22 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -191,7 +191,8 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) { if(s->srp_ctx.login == NULL) { - /* There isn't any srp login extension !!! */ + /* RFC 5054 says SHOULD reject, + we do so if There is no srp login name */ ret = SSL3_AL_FATAL; *al = SSL_AD_UNKNOWN_PSK_IDENTITY; } @@ -378,6 +379,7 @@ int ssl3_accept(SSL *s) } } #endif + s->renegotiate = 2; s->state=SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; @@ -956,7 +958,8 @@ int ssl3_get_client_hello(SSL *s) (s->version != DTLS1_VERSION && s->client_version < s->version)) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version>>8) == SSL3_VERSION_MAJOR) + if ((s->client_version>>8) == SSL3_VERSION_MAJOR && + !s->enc_write_ctx && !s->write_hash) { /* similar to ssl3_get_record, send alert using remote version number */ s->version = s->client_version; @@ -1181,7 +1184,7 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } } - if (ssl_check_clienthello_tlsext(s) <= 0) { + if (ssl_check_clienthello_tlsext_early(s) <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); goto err; } @@ -1191,12 +1194,9 @@ int ssl3_get_client_hello(SSL *s) * server_random before calling tls_session_secret_cb in order to allow * SessionTicket processing to use it in key derivation. */ { - unsigned long Time; unsigned char *pos; - Time=(unsigned long)time(NULL); /* Time */ pos=s->s3->server_random; - l2n(Time,pos); - if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0) + if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) { al=SSL_AD_INTERNAL_ERROR; goto f_err; @@ -1389,7 +1389,10 @@ int ssl3_get_client_hello(SSL *s) if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER)) { if (!ssl3_digest_cached_records(s)) + { + al = SSL_AD_INTERNAL_ERROR; goto f_err; + } } /* we now have the following setup. @@ -1403,6 +1406,16 @@ int ssl3_get_client_hello(SSL *s) * s->tmp.new_cipher - the new cipher to use. */ + /* Handles TLS extensions that we couldn't check earlier */ + if (s->version >= SSL3_VERSION) + { + if (ssl_check_clienthello_tlsext_late(s) <= 0) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); + goto err; + } + } + if (ret < 0) ret=1; if (0) { @@ -1420,19 +1433,13 @@ int ssl3_send_server_hello(SSL *s) unsigned char *p,*d; int i,sl; unsigned long l; -#ifdef OPENSSL_NO_TLSEXT - unsigned long Time; -#endif if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf=(unsigned char *)s->init_buf->data; #ifdef OPENSSL_NO_TLSEXT p=s->s3->server_random; - /* Generate server_random if it was not needed previously */ - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) + if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) return -1; #endif /* Do the message type and length last */ @@ -1823,7 +1830,7 @@ int ssl3_send_server_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto f_err; } - for (i=0; r[i] != NULL && i<4; i++) + for (i=0; i < 4 && r[i] != NULL; i++) { nr[i]=BN_num_bytes(r[i]); #ifndef OPENSSL_NO_SRP @@ -1859,7 +1866,7 @@ int ssl3_send_server_key_exchange(SSL *s) d=(unsigned char *)s->init_buf->data; p= &(d[4]); - for (i=0; r[i] != NULL && i<4; i++) + for (i=0; i < 4 && r[i] != NULL; i++) { #ifndef OPENSSL_NO_SRP if ((i == 2) && (type & SSL_kSRP)) diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 8b0c2a2dac4..7219a0e64bc 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -493,6 +493,9 @@ struct ssl_session_st char *psk_identity_hint; char *psk_identity; #endif + /* Used to indicate that session resumption is not allowed. + * Applications can also set this bit for a new session via + * not_resumable_session_cb to disable session caching and tickets. */ int not_resumable; /* The cert is the certificate used to establish this connection */ @@ -535,7 +538,7 @@ struct ssl_session_st #endif /* OPENSSL_NO_EC */ /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ + size_t tlsext_ticklen; /* Session ticket length */ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ #endif #ifndef OPENSSL_NO_SRP @@ -552,11 +555,14 @@ struct ssl_session_st #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L -#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ +#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L #define SSL_OP_TLS_D5_BUG 0x00000100L #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L +/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 + /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) * the workaround is not needed. Unfortunately some broken SSL/TLS @@ -638,6 +644,12 @@ struct ssl_session_st * TLS only.) "Released" buffers are put onto a free-list in the context * or just freed (depending on the context's setting for freelist_max_len). */ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L +/* Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L +#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ @@ -903,7 +915,7 @@ struct ssl_ctx_st */ unsigned int max_send_fragment; -#ifndef OPENSSL_ENGINE +#ifndef OPENSSL_NO_ENGINE /* Engine to pass requests for client certs to */ ENGINE *client_cert_engine; @@ -927,6 +939,7 @@ struct ssl_ctx_st /* Callback for status request */ int (*tlsext_status_cb)(SSL *ssl, void *arg); void *tlsext_status_arg; + /* draft-rescorla-tls-opaque-prf-input-00.txt information */ int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); void *tlsext_opaque_prf_input_callback_arg; @@ -952,6 +965,7 @@ struct ssl_ctx_st #endif #ifndef OPENSSL_NO_TLSEXT + # ifndef OPENSSL_NO_NEXTPROTONEG /* Next protocol negotiation information */ /* (for experimental NPN extension). */ @@ -2206,6 +2220,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_GET_NEW_SESSION 181 #define SSL_F_SSL_GET_PREV_SESSION 217 #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 +#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 #define SSL_F_SSL_GET_SIGN_PKEY 183 #define SSL_F_SSL_INIT_WBIO_BUFFER 184 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 112e627de08..cb8b2492ec9 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -539,6 +539,15 @@ typedef struct ssl3_state_st /* Set if we saw the Next Protocol Negotiation extension from our peer. */ int next_proto_neg_seen; #endif + +#ifndef OPENSSL_NO_TLSEXT +#ifndef OPENSSL_NO_EC + /* This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari + * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ + char is_probably_safari; +#endif /* !OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_TLSEXT */ } SSL3_STATE; #endif @@ -578,8 +587,10 @@ typedef struct ssl3_state_st #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +#ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) +#endif #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) /* read from server */ @@ -629,8 +640,10 @@ typedef struct ssl3_state_st #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +#ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) +#endif #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) /* write to client */ @@ -655,7 +668,9 @@ typedef struct ssl3_state_st #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 #define SSL3_MT_FINISHED 20 #define SSL3_MT_CERTIFICATE_STATUS 22 +#ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_MT_NEXT_PROTO 67 +#endif #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 diff --git a/lib/libssl/ssl_algs.c b/lib/libssl/ssl_algs.c index d443143c593..9c34d19725b 100644 --- a/lib/libssl/ssl_algs.c +++ b/lib/libssl/ssl_algs.c @@ -94,6 +94,7 @@ int SSL_library_init(void) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); #endif + #endif #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_cbc()); diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 917be318760..5123a89182e 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT *cert) { /* Set digest values to defaults */ #ifndef OPENSSL_NO_DSA - cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); + cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); #endif #ifndef OPENSSL_NO_RSA cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); #endif #ifndef OPENSSL_NO_ECDSA - cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); + cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif } diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 92d1e94d6a9..0aba8e048c5 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -312,6 +312,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, + {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, /* export flag */ {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, @@ -1150,9 +1151,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, while ( ((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) || ((ch >= 'a') && (ch <= 'z')) || - (ch == '-')) + (ch == '-') || (ch == '.')) #else - while ( isalnum(ch) || (ch == '-')) + while ( isalnum(ch) || (ch == '-') || (ch == '.')) #endif { ch = *(++l); diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c index 2577c6895ab..370fb57e3b8 100644 --- a/lib/libssl/ssl_err.c +++ b/lib/libssl/ssl_err.c @@ -228,6 +228,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, +{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index c91f0018e4f..f052deeb973 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -597,8 +597,10 @@ void SSL_free(SSL *s) OPENSSL_free(s->next_proto_negotiated); #endif +#ifndef OPENSSL_NO_SRTP if (s->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); +#endif OPENSSL_free(s); } @@ -1792,7 +1794,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); ret->extra_certs=NULL; - ret->comp_methods=SSL_COMP_get_compression_methods(); + /* No compression for DTLS */ + if (meth->version != DTLS1_VERSION) + ret->comp_methods=SSL_COMP_get_compression_methods(); ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; @@ -1949,8 +1953,10 @@ void SSL_CTX_free(SSL_CTX *a) a->comp_methods = NULL; #endif +#ifndef OPENSSL_NO_SRTP if (a->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); +#endif #ifndef OPENSSL_NO_PSK if (a->psk_identity_hint) @@ -2284,7 +2290,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) #endif /* THIS NEEDS CLEANING UP */ -X509 *ssl_get_server_send_cert(SSL *s) +CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) { unsigned long alg_k,alg_a; CERT *c; @@ -2339,12 +2345,20 @@ X509 *ssl_get_server_send_cert(SSL *s) i=SSL_PKEY_GOST01; else /* if (alg_a & SSL_aNULL) */ { - SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); return(NULL); } - if (c->pkeys[i].x509 == NULL) return(NULL); - return(c->pkeys[i].x509); + return c->pkeys + i; + } + +X509 *ssl_get_server_send_cert(const SSL *s) + { + CERT_PKEY *cpk; + cpk = ssl_get_server_send_pkey(s); + if (!cpk) + return NULL; + return cpk->x509; } EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) @@ -2605,7 +2619,7 @@ const char *SSL_get_version(const SSL *s) return("TLSv1.2"); else if (s->version == TLS1_1_VERSION) return("TLSv1.1"); - if (s->version == TLS1_VERSION) + else if (s->version == TLS1_VERSION) return("TLSv1"); else if (s->version == SSL3_VERSION) return("SSLv3"); diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index c3c4c21d388..e4859077481 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -841,13 +841,15 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); -X509 *ssl_get_server_send_cert(SSL *); +CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); +X509 *ssl_get_server_send_cert(const SSL *); EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); +int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s); @@ -1099,7 +1101,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); int ssl_prepare_clienthello_tlsext(SSL *s); int ssl_prepare_serverhello_tlsext(SSL *s); -int ssl_check_clienthello_tlsext(SSL *s); +int ssl_check_clienthello_tlsext_early(SSL *s); +int ssl_check_clienthello_tlsext_late(SSL *s); int ssl_check_serverhello_tlsext(SSL *s); #ifndef OPENSSL_NO_HEARTBEATS diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c index c0960b5712b..60e7b66859d 100644 --- a/lib/libssl/ssl_rsa.c +++ b/lib/libssl/ssl_rsa.c @@ -710,7 +710,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ - in=BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); @@ -723,14 +723,16 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) goto end; } - x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); + x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); if (x == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); goto end; } - ret=SSL_CTX_use_certificate(ctx,x); + ret = SSL_CTX_use_certificate(ctx, x); + if (ERR_peek_error() != 0) ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ if (ret) @@ -742,13 +744,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) int r; unsigned long err; - if (ctx->extra_certs != NULL) + if (ctx->extra_certs != NULL) { sk_X509_pop_free(ctx->extra_certs, X509_free); ctx->extra_certs = NULL; } - while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata)) + while ((ca = PEM_read_bio_X509(in, NULL, + ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata)) != NULL) { r = SSL_CTX_add_extra_chain_cert(ctx, ca); diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 638405ec396..0c4cddedf85 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -361,7 +361,7 @@ int tls1_change_cipher_state(SSL *s, int which) { int i; for (i=0; i<s->s3->tmp.key_block_length; i++) - printf("%02x", key_block[i]); printf("\n"); + printf("%02x", s->s3->tmp.key_block[i]); printf("\n"); } #endif /* KSSL_DEBUG */ @@ -427,7 +427,7 @@ int tls1_change_cipher_state(SSL *s, int which) s->write_hash = mac_ctx; } else - mac_ctx = ssl_replace_hash(&s->write_hash,NULL); + mac_ctx = ssl_replace_hash(&s->write_hash,NULL); #ifndef OPENSSL_NO_COMP if (s->compress != NULL) { @@ -929,8 +929,8 @@ int tls1_final_finish_mac(SSL *s, else { if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || - !EVP_DigestFinal_ex(&ctx,q,&i) || - (i != (unsigned int)hashsize)) + !EVP_DigestFinal_ex(&ctx,q,&i) || + (i != (unsigned int)hashsize)) err = 1; q+=hashsize; } @@ -986,7 +986,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) } else { - EVP_MD_CTX_copy(&hmac,hash); + if (!EVP_MD_CTX_copy(&hmac,hash)) + return -1; mac_ctx = &hmac; } diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index a649dafba9d..bddffd92cc0 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = { #ifndef OPENSSL_NO_SHA tlsext_sigalg(TLSEXT_hash_sha1) #endif -#ifndef OPENSSL_NO_MD5 - tlsext_sigalg_rsa(TLSEXT_hash_md5) -#endif }; int tls12_get_req_sig_algs(SSL *s, unsigned char *p) { size_t slen = sizeof(tls12_sigalgs); -#ifdef OPENSSL_FIPS - /* If FIPS mode don't include MD5 which is last */ - if (FIPS_mode()) - slen -= 2; -#endif if (p) memcpy(p, tls12_sigalgs, slen); return (int)slen; @@ -649,6 +641,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } #endif +#ifndef OPENSSL_NO_SRTP if(SSL_get_srtp_profiles(s)) { int el; @@ -667,6 +660,37 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } ret += el; } +#endif + +#ifdef TLSEXT_TYPE_padding + /* Add padding to workaround bugs in F5 terminators. + * See https://tools.ietf.org/html/draft-agl-tls-padding-03 + * + * NB: because this code works out the length of all existing + * extensions it MUST always appear last. + */ + { + int hlen = ret - (unsigned char *)s->init_buf->data; + /* The code in s23_clnt.c to build ClientHello messages includes the + * 5-byte record header in the buffer, while the code in s3_clnt.c does + * not. */ + if (s->state == SSL23_ST_CW_CLNT_HELLO_A) + hlen -= 5; + if (hlen > 0xff && hlen < 0x200) + { + hlen = 0x200 - hlen; + if (hlen >= 4) + hlen -= 4; + else + hlen = 0; + + s2n(TLSEXT_TYPE_padding, ret); + s2n(hlen, ret); + memset(ret, 0, hlen); + ret += hlen; + } + } +#endif if ((extdatalen = ret-p-2)== 0) return p; @@ -781,6 +805,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha } #endif +#ifndef OPENSSL_NO_SRTP if(s->srtp_profile) { int el; @@ -799,6 +824,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha } ret+=el; } +#endif if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) @@ -862,6 +888,89 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha return ret; } +#ifndef OPENSSL_NO_EC +/* ssl_check_for_safari attempts to fingerprint Safari using OS X + * SecureTransport using the TLS extension block in |d|, of length |n|. + * Safari, since 10.6, sends exactly these extensions, in this order: + * SNI, + * elliptic_curves + * ec_point_formats + * + * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, + * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. + * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from + * 10.8..10.8.3 (which don't work). + */ +static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) { + unsigned short type, size; + static const unsigned char kSafariExtensionsBlock[] = { + 0x00, 0x0a, /* elliptic_curves extension */ + 0x00, 0x08, /* 8 bytes */ + 0x00, 0x06, /* 6 bytes of curve ids */ + 0x00, 0x17, /* P-256 */ + 0x00, 0x18, /* P-384 */ + 0x00, 0x19, /* P-521 */ + + 0x00, 0x0b, /* ec_point_formats */ + 0x00, 0x02, /* 2 bytes */ + 0x01, /* 1 point format */ + 0x00, /* uncompressed */ + }; + + /* The following is only present in TLS 1.2 */ + static const unsigned char kSafariTLS12ExtensionsBlock[] = { + 0x00, 0x0d, /* signature_algorithms */ + 0x00, 0x0c, /* 12 bytes */ + 0x00, 0x0a, /* 10 bytes */ + 0x05, 0x01, /* SHA-384/RSA */ + 0x04, 0x01, /* SHA-256/RSA */ + 0x02, 0x01, /* SHA-1/RSA */ + 0x04, 0x03, /* SHA-256/ECDSA */ + 0x02, 0x03, /* SHA-1/ECDSA */ + }; + + if (data >= (d+n-2)) + return; + data += 2; + + if (data > (d+n-4)) + return; + n2s(data,type); + n2s(data,size); + + if (type != TLSEXT_TYPE_server_name) + return; + + if (data+size > d+n) + return; + data += size; + + if (TLS1_get_client_version(s) >= TLS1_2_VERSION) + { + const size_t len1 = sizeof(kSafariExtensionsBlock); + const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); + + if (data + len1 + len2 != d+n) + return; + if (memcmp(data, kSafariExtensionsBlock, len1) != 0) + return; + if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) + return; + } + else + { + const size_t len = sizeof(kSafariExtensionsBlock); + + if (data + len != d+n) + return; + if (memcmp(data, kSafariExtensionsBlock, len) != 0) + return; + } + + s->s3->is_probably_safari = 1; +} +#endif /* !OPENSSL_NO_EC */ + int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { unsigned short type; @@ -882,6 +991,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in SSL_TLSEXT_HB_DONT_SEND_REQUESTS); #endif +#ifndef OPENSSL_NO_EC + if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + ssl_check_for_safari(s, data, d, n); +#endif /* !OPENSSL_NO_EC */ + if (data >= (d+n-2)) goto ri_check; n2s(data,len); @@ -1077,7 +1191,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in int ellipticcurvelist_length = (*(sdata++) << 8); ellipticcurvelist_length += (*(sdata++)); - if (ellipticcurvelist_length != size - 2) + if (ellipticcurvelist_length != size - 2 || + ellipticcurvelist_length < 1) { *al = TLS1_AD_DECODE_ERROR; return 0; @@ -1176,7 +1291,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } } else if (type == TLSEXT_TYPE_status_request && - s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) + s->version != DTLS1_VERSION) { if (size < 5) @@ -1328,12 +1443,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in #endif /* session ticket processed earlier */ +#ifndef OPENSSL_NO_SRTP else if (type == TLSEXT_TYPE_use_srtp) - { + { if(ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) return 0; - } + } +#endif data+=size; } @@ -1433,7 +1550,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); - if (ecpointformatlist_length != size - 1) + if (ecpointformatlist_length != size - 1 || + ecpointformatlist_length < 1) { *al = TLS1_AD_DECODE_ERROR; return 0; @@ -1527,7 +1645,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in unsigned char selected_len; /* We must have requested it. */ - if ((s->ctx->next_proto_select_cb == NULL)) + if (s->ctx->next_proto_select_cb == NULL) { *al = TLS1_AD_UNSUPPORTED_EXTENSION; return 0; @@ -1577,12 +1695,14 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } } #endif +#ifndef OPENSSL_NO_SRTP else if (type == TLSEXT_TYPE_use_srtp) - { + { if(ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) return 0; - } + } +#endif data+=size; } @@ -1763,7 +1883,7 @@ int ssl_prepare_serverhello_tlsext(SSL *s) return 1; } -int ssl_check_clienthello_tlsext(SSL *s) +int ssl_check_clienthello_tlsext_early(SSL *s) { int ret=SSL_TLSEXT_ERR_NOACK; int al = SSL_AD_UNRECOGNIZED_NAME; @@ -1782,42 +1902,12 @@ int ssl_check_clienthello_tlsext(SSL *s) else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); - /* If status request then ask callback what to do. - * Note: this must be called after servername callbacks in case - * the certificate has changed. - */ - if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) - { - int r; - r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); - switch (r) - { - /* We don't want to send a status request response */ - case SSL_TLSEXT_ERR_NOACK: - s->tlsext_status_expected = 0; - break; - /* status request response should be sent */ - case SSL_TLSEXT_ERR_OK: - if (s->tlsext_ocsp_resp) - s->tlsext_status_expected = 1; - else - s->tlsext_status_expected = 0; - break; - /* something bad happened */ - case SSL_TLSEXT_ERR_ALERT_FATAL: - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - } - else - s->tlsext_status_expected = 0; - #ifdef TLSEXT_TYPE_opaque_prf_input { /* This sort of belongs into ssl_prepare_serverhello_tlsext(), * but we might be sending an alert in response to the client hello, - * so this has to happen here in ssl_check_clienthello_tlsext(). */ + * so this has to happen here in + * ssl_check_clienthello_tlsext_early(). */ int r = 1; @@ -1869,8 +1959,8 @@ int ssl_check_clienthello_tlsext(SSL *s) } } -#endif err: +#endif switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: @@ -1888,6 +1978,71 @@ int ssl_check_clienthello_tlsext(SSL *s) } } +int ssl_check_clienthello_tlsext_late(SSL *s) + { + int ret = SSL_TLSEXT_ERR_OK; + int al; + + /* If status request then ask callback what to do. + * Note: this must be called after servername callbacks in case + * the certificate has changed, and must be called after the cipher + * has been chosen because this may influence which certificate is sent + */ + if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) + { + int r; + CERT_PKEY *certpkey; + certpkey = ssl_get_server_send_pkey(s); + /* If no certificate can't return certificate status */ + if (certpkey == NULL) + { + s->tlsext_status_expected = 0; + return 1; + } + /* Set current certificate to one we will use so + * SSL_get_certificate et al can pick it up. + */ + s->cert->key = certpkey; + r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + switch (r) + { + /* We don't want to send a status request response */ + case SSL_TLSEXT_ERR_NOACK: + s->tlsext_status_expected = 0; + break; + /* status request response should be sent */ + case SSL_TLSEXT_ERR_OK: + if (s->tlsext_ocsp_resp) + s->tlsext_status_expected = 1; + else + s->tlsext_status_expected = 0; + break; + /* something bad happened */ + case SSL_TLSEXT_ERR_ALERT_FATAL: + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + al = SSL_AD_INTERNAL_ERROR; + goto err; + } + } + else + s->tlsext_status_expected = 0; + + err: + switch (ret) + { + case SSL_TLSEXT_ERR_ALERT_FATAL: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return -1; + + case SSL_TLSEXT_ERR_ALERT_WARNING: + ssl3_send_alert(s,SSL3_AL_WARNING,al); + return 1; + + default: + return 1; + } + } + int ssl_check_serverhello_tlsext(SSL *s) { int ret=SSL_TLSEXT_ERR_NOACK; @@ -2189,7 +2344,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, HMAC_Update(&hctx, etick, eticklen); HMAC_Final(&hctx, tick_hmac, NULL); HMAC_CTX_cleanup(&hctx); - if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen)) + if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) return 2; /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ @@ -2319,14 +2474,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg) { switch(hash_alg) { -#ifndef OPENSSL_NO_MD5 - case TLSEXT_hash_md5: -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - return NULL; -#endif - return EVP_md5(); -#endif #ifndef OPENSSL_NO_SHA case TLSEXT_hash_sha1: return EVP_sha1(); @@ -2414,7 +2561,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) */ #ifndef OPENSSL_NO_DSA if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) - c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); + c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); #endif #ifndef OPENSSL_NO_RSA if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) @@ -2425,7 +2572,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) #endif #ifndef OPENSSL_NO_ECDSA if (!c->pkeys[SSL_PKEY_ECC].digest) - c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); + c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif return 1; } diff --git a/lib/libssl/test/Makefile b/lib/libssl/test/Makefile index 09e68487644..4c9eabcc21e 100644 --- a/lib/libssl/test/Makefile +++ b/lib/libssl/test/Makefile @@ -246,7 +246,7 @@ test_ecdh: test_verify: @echo "The following command should have some OK's and some failures" @echo "There are definitly a few expired certificates" - ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem + ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem test_dh: @echo "Generate a set of DH parameters" diff --git a/lib/libssl/test/bctest.com b/lib/libssl/test/bctest.com deleted file mode 100644 index d7e5ec139e0..00000000000 --- a/lib/libssl/test/bctest.com +++ /dev/null @@ -1,152 +0,0 @@ -$! -$! Check operation of "bc". -$! -$! 2010-04-05 SMS. New. Based (loosely) on "bctest". -$! -$! -$ tmp_file_name = "tmp.bctest" -$ failure = "" -$! -$! Basic command test. -$! -$ on warning then goto bc_fail -$ bc -$ on error then exit -$! -$! Test for SunOS 5.[78] bc bug. -$! -$ if (failure .eqs. "") -$ then -$! -$ define /user_mode sys$output 'tmp_file_name' -$ bc -obase=16 -ibase=16 -a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ -CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ -10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ -C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ -3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ -4FC3CADF855448B24A9D7640BCF473E -b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ -9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ -8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ -3ED0E2017D60A68775B75481449 -(a/b)*b + (a%b) - a -$ status = $status -$ output_expected = "0" -$ gosub check_output -$ if (output .ne. 1) -$ then -$ failure = "SunOStest" -$ else -$ delete 'f$parse( tmp_file_name)' -$ endif -$ endif -$! -$! Test for SCO bc bug. -$! -$ if (failure .eqs. "") -$ then -$! -$ define /user_mode sys$output 'tmp_file_name' -$ bc -obase=16 -ibase=16 --FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ -9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ -11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ -1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ -AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ -F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ -B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ -02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ -85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ -A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ -E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ -8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ -04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ -89C8D71 -AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ -928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ -8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ -37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ -E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ -F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ -9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ -D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ -5296964 -$ status = $status -$ output_expected = "0\0" -$ gosub check_output -$ if (output .ne. 1) -$ then -$ failure = "SCOtest" -$ else -$ delete 'f$parse( tmp_file_name)' -$ endif -$ endif -$! -$! Test for working 'print' command. -$! -$ if (failure .eqs. "") -$ then -$! -$ define /user_mode sys$output 'tmp_file_name' -$ bc -print "OK" -$ status = $status -$ output_expected = "OK" -$ gosub check_output -$ if (output .ne. 1) -$ then -$ failure = "printtest" -$ else -$ delete 'f$parse( tmp_file_name)' -$ endif -$ endif -$! -$ if (failure .nes. "") -$ then -$ write sys$output - - "No working bc found. Consider installing GNU bc." -$ exit %X00030000 ! %DCL-W-NORMAL -$ endif -$! -$ exit -$! -$! -$! Complete "bc" command failure. -$! -$ bc_fail: -$ write sys$output - - "No ""bc"" program/symbol found. Consider installing GNU bc." -$ exit %X00030000 ! %DCL-W-NORMAL -$! -$! -$! Output check subroutine. -$! -$ check_output: -$ eof = 0 -$ line_nr = 0 -$ open /read tmp_file 'tmp_file_name' -$ c_o_loop: -$ read /error = error_read tmp_file line -$ goto ok_read -$ error_read: -$ eof = 1 -$ ok_read: -$ line_expected = f$element( line_nr, "\", output_expected) -$ line_nr = line_nr+ 1 -$ if ((line_expected .nes. "\") .and. (.not. eof) .and. - - (line_expected .eqs. line)) then goto c_o_loop -$! -$ if ((line_expected .eqs. "\") .and. eof) -$ then -$ output = 1 -$ else -$ output = 0 -$ endif -$ close tmp_file -$ return -$! diff --git a/lib/libssl/test/bntest.com b/lib/libssl/test/bntest.com deleted file mode 100644 index 6545d2e5a58..00000000000 --- a/lib/libssl/test/bntest.com +++ /dev/null @@ -1,76 +0,0 @@ -$! -$! Analyze bntest output file. -$! -$! Exit status = 1 (success) if all tests passed, -$! 0 (warning) if any test failed. -$! -$! 2011-02-20 SMS. Added code to skip "#" comments in the input file. -$! -$! 2010-04-05 SMS. New. Based (loosely) on perl code in bntest-vms.sh. -$! -$! Expect data like: -$! test test_name1 -$! 0 -$! [...] -$! test test_name2 -$! 0 -$! [...] -$! [...] -$! -$! Some tests have no following "0" lines. -$! -$ result_file_name = f$edit( p1, "TRIM") -$ if (result_file_name .eqs. "") -$ then -$ result_file_name = "bntest-vms.out" -$ endif -$! -$ fail = 0 -$ passed = 0 -$ tests = 0 -$! -$ on control_c then goto tidy -$ on error then goto tidy -$! -$ open /read result_file 'result_file_name' -$! -$ read_loop: -$ read /end = read_loop_end /error = tidy result_file line -$ t1 = f$element( 0, " ", line) -$! -$! Skip "#" comment lines. -$ if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then - - goto read_loop -$! -$ if (t1 .eqs. "test") -$ then -$ passed = passed+ 1 -$ tests = tests+ 1 -$ fail = 1 -$ t2 = f$extract( 5, 1000, line) -$ write sys$output "verify ''t2'" -$ else -$ if (t1 .nes. "0") -$ then -$ write sys$output "Failed! bc: ''line'" -$ passed = passed- fail -$ fail = 0 -$ endif -$ endif -$ goto read_loop -$ read_loop_end: -$ write sys$output "''passed'/''tests' tests passed" -$! -$ tidy: -$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE") -$ then -$ close result_file -$ endif -$! -$ if ((tests .gt. 0) .and. (tests .eq. passed)) -$ then -$ exit 1 -$ else -$ exit 0 -$ endif -$! diff --git a/lib/libssl/test/clean_test.com b/lib/libssl/test/clean_test.com deleted file mode 100755 index 7df633fbef1..00000000000 --- a/lib/libssl/test/clean_test.com +++ /dev/null @@ -1,35 +0,0 @@ -$! -$! Delete various test results files. -$! -$ def_orig = f$environment( "default") -$ proc = f$environment( "procedure") -$ proc_dev_dir = f$parse( "A.;", proc) - "A.;" -$! -$ on control_c then goto tidy -$ on error then goto tidy -$! -$ set default 'proc_dev_dir' -$! -$ files := *.cms;*, *.srl;*, *.ss;*, - - cms.err;*, cms.out;*, newreq.pem;*, - - p.txt-zlib-cipher;*, - - smtst.txt;*, testkey.pem;*, testreq.pem;*, - - test_*.err;*, test_*.out;*, - - .rnd;* -$! -$ delim = "," -$ i = 0 -$ loop: -$ file = f$edit( f$element( i, delim, files), "trim") -$ if (file .eqs. delim) then goto loop_end -$ if (f$search( file) .nes. "") then - - delete 'p1' 'file' -$ i = i+ 1 -$ goto loop -$ loop_end: -$! -$ tidy: -$ -$ if (f$type( def_orig) .nes. "") then - - set default 'def_orig' -$! diff --git a/lib/libssl/test/maketests.com b/lib/libssl/test/maketests.com deleted file mode 100644 index 9b64cba2347..00000000000 --- a/lib/libssl/test/maketests.com +++ /dev/null @@ -1,1087 +0,0 @@ -$! -$! MAKETESTS.COM -$! Written By: Robert Byer -$! Vice-President -$! A-Com Computing, Inc. -$! byer@mail.all-net.net -$! -$! Changes by Richard Levitte <richard@levitte.org> -$! -$! This command files compiles and creates all the various different -$! "test" programs for the different types of encryption for OpenSSL. -$! It was written so it would try to determine what "C" compiler to -$! use or you can specify which "C" compiler to use. -$! -$! The test "executables" will be placed in a directory called -$! [.xxx.EXE.TEST] where "xxx" denotes ALPHA, IA64, or VAX, depending -$! on your machine architecture. -$! -$! Specify DEBUG or NODEBUG P1 to compile with or without debugger -$! information. -$! -$! Specify which compiler at P2 to try to compile under. -$! -$! VAXC For VAX C. -$! DECC For DEC C. -$! GNUC For GNU C. -$! -$! If you don't specify a compiler, it will try to determine which -$! "C" compiler to use. -$! -$! P3, if defined, sets a TCP/IP library to use, through one of the following -$! keywords: -$! -$! UCX for UCX -$! SOCKETSHR for SOCKETSHR+NETLIB -$! -$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) -$! -$! -$! P5, if defined, specifies the C pointer size. Ignored on VAX. -$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) -$! Supported values are: -$! -$! "" Compile with default (/NOPOINTER_SIZE) -$! 32 Compile with /POINTER_SIZE=32 (SHORT) -$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]) -$! (Automatically select ARGV if compiler supports it.) -$! 64= Compile with /POINTER_SIZE=64 (LONG). -$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). -$! -$! P6, if defined, specifies a directory where ZLIB files (zlib.h, -$! libz.olb) may be found. Optionally, a non-default object library -$! name may be included ("dev:[dir]libz_64.olb", for example). -$! -$! -$! Announce/identify. -$! -$ proc = f$environment( "procedure") -$ write sys$output "@@@ "+ - - f$parse( proc, , , "name")+ f$parse( proc, , , "type") -$! -$! Define A TCP/IP Library That We Will Need To Link To. -$! (That is, If We Need To Link To One.) -$! -$ TCPIP_LIB = "" -$ ZLIB_LIB = "" -$! -$! Check Which Architecture We Are Using. -$! -$ if (f$getsyi( "cpu") .lt. 128) -$ then -$ ARCH = "VAX" -$ else -$ ARCH = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if (ARCH .eqs. "") then ARCH = "UNK" -$ endif -$! -$ ARCHD = ARCH -$ LIB32 = "32" -$ OPT_FILE = "" -$ POINTER_SIZE = "" -$! -$! Check To Make Sure We Have Valid Command Line Parameters. -$! -$ GOSUB CHECK_OPTIONS -$! -$! Define The OBJ and EXE Directories. -$! -$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.TEST] -$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.TEST] -$! -$! Specify the destination directory in any /MAP option. -$! -$ if (LINKMAP .eqs. "MAP") -$ then -$ LINKMAP = LINKMAP+ "=''EXE_DIR'" -$ endif -$! -$! Add the location prefix to the linker options file name. -$! -$ if (OPT_FILE .nes. "") -$ then -$ OPT_FILE = EXE_DIR+ OPT_FILE -$ endif -$! -$! Initialise logical names and such -$! -$ GOSUB INITIALISE -$! -$! Tell The User What Kind of Machine We Run On. -$! -$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" -$! -$! Define The CRYPTO-LIB We Are To Use. -$! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB -$! -$! Define The SSL We Are To Use. -$! -$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB -$! -$! Create the OBJ and EXE Directories, if needed. -$! -$ IF (F$PARSE(OBJ_DIR).EQS."") THEN - - CREATE /DIRECTORY 'OBJ_DIR' -$ IF (F$PARSE(EXE_DIR).EQS."") THEN - - CREATE /DIRECTORY 'EXE_DIR' -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Define The TEST Files. -$! NOTE: Some might think this list ugly. However, it's made this way to -$! reflect the EXE variable in Makefile as closely as possible, -$! thereby making it fairly easy to verify that the lists are the same. -$! -$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - - "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ - - "RC2TEST,RC4TEST,RC5TEST,"+ - - "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ - - "MDC2TEST,RMDTEST,"+ - - "RANDTEST,DHTEST,ENGINETEST,"+ - - "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - - "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ - - "ASN1TEST" -$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? -$! -$! Additional directory information. -$ T_D_BNTEST := [-.crypto.bn] -$ T_D_ECTEST := [-.crypto.ec] -$ T_D_ECDSATEST := [-.crypto.ecdsa] -$ T_D_ECDHTEST := [-.crypto.ecdh] -$ T_D_IDEATEST := [-.crypto.idea] -$ T_D_MD2TEST := [-.crypto.md2] -$ T_D_MD4TEST := [-.crypto.md4] -$ T_D_MD5TEST := [-.crypto.md5] -$ T_D_HMACTEST := [-.crypto.hmac] -$ T_D_WP_TEST := [-.crypto.whrlpool] -$ T_D_RC2TEST := [-.crypto.rc2] -$ T_D_RC4TEST := [-.crypto.rc4] -$ T_D_RC5TEST := [-.crypto.rc5] -$ T_D_DESTEST := [-.crypto.des] -$ T_D_SHATEST := [-.crypto.sha] -$ T_D_SHA1TEST := [-.crypto.sha] -$ T_D_SHA256T := [-.crypto.sha] -$ T_D_SHA512T := [-.crypto.sha] -$ T_D_MDC2TEST := [-.crypto.mdc2] -$ T_D_RMDTEST := [-.crypto.ripemd] -$ T_D_RANDTEST := [-.crypto.rand] -$ T_D_DHTEST := [-.crypto.dh] -$ T_D_ENGINETEST := [-.crypto.engine] -$ T_D_BFTEST := [-.crypto.bf] -$ T_D_CASTTEST := [-.crypto.cast] -$ T_D_SSLTEST := [-.ssl] -$ T_D_EXPTEST := [-.crypto.bn] -$ T_D_DSATEST := [-.crypto.dsa] -$ T_D_RSA_TEST := [-.crypto.rsa] -$ T_D_EVP_TEST := [-.crypto.evp] -$ T_D_IGETEST := [-.test] -$ T_D_JPAKETEST := [-.crypto.jpake] -$ T_D_SRPTEST := [-.crypto.srp] -$ T_D_ASN1TEST := [-.test] -$! -$ TCPIP_PROGRAMS = ",," -$ IF COMPILER .EQS. "VAXC" THEN - - TCPIP_PROGRAMS = ",SSLTEST," -$! -$! Define A File Counter And Set It To "0". -$! -$ FILE_COUNTER = 0 -$! -$! Top Of The File Loop. -$! -$ NEXT_FILE: -$! -$! O.K, Extract The File Name From The File List. -$! -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",TEST_FILES) -$! -$! Check To See If We Are At The End Of The File List. -$! -$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE -$! -$! Increment The Counter. -$! -$ FILE_COUNTER = FILE_COUNTER + 1 -$! -$! Create The Source File Name. -$! -$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C" -$! -$! Create The Object File Name. -$! -$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ" -$! -$! Create The Executable File Name. -$! -$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE" -$ ON WARNING THEN GOTO NEXT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH(SOURCE_FILE).EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Test Program." -$! -$! Compile The File. -$! -$ ON ERROR THEN GOTO NEXT_FILE -$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ON WARNING THEN GOTO NEXT_FILE -$! -$! Check If What We Are About To Compile Works Without A TCP/IP Library. -$! -$ IF ((TCPIP_LIB.EQS."").AND.((TCPIP_PROGRAMS-FILE_NAME).NES.TCPIP_PROGRAMS)) -$ THEN -$! -$! Inform The User That A TCP/IP Library Is Needed To Compile This Program. -$! -$ WRITE SYS$OUTPUT - - FILE_NAME," Needs A TCP/IP Library. Can't Link. Skipping..." -$ GOTO NEXT_FILE -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF -$! -$! Link The Program, Check To See If We Need To Link With RSAREF Or Not. -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$! Don't Link With The RSAREF Routines And TCP/IP Library. -$! -$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' - - 'OBJECT_FILE', - - 'SSL_LIB' /LIBRARY, - - 'CRYPTO_LIB' /LIBRARY - - 'TCPIP_LIB' - - 'ZLIB_LIB' - - ,'OPT_FILE' /OPTIONS -$! -$! Go Back And Do It Again. -$! -$ GOTO NEXT_FILE -$! -$! All Done With This Library Part. -$! -$ FILE_DONE: -$! -$! All Done, Time To Exit. -$! -$ EXIT: -$ GOSUB CLEANUP -$ EXIT -$! -$! Check For The Link Option FIle. -$! -$ CHECK_OPT_FILE: -$! -$! Check To See If We Need To Make A VAX C Option File. -$! -$ IF (COMPILER.EQS."VAXC") -$ THEN -$! -$! Check To See If We Already Have A VAX C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A VAX C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Against -! The Sharable VAX C Runtime Library. -! -SYS$SHARE:VAXCRTL.EXE /SHAREABLE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The VAXC Check. -$! -$ ENDIF -$! -$! Check To See If We Need A GNU C Option File. -$! -$ IF (COMPILER.EQS."GNUC") -$ THEN -$! -$! Check To See If We Already Have A GNU C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A GNU C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Against -! The Sharable C Runtime Library. -! -GNU_CC:[000000]GCCLIB.OLB /LIBRARY -SYS$SHARE:VAXCRTL.EXE /SHAREABLE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Check To See If We Need A DEC C Option File. -$! -$ IF (COMPILER.EQS."DECC") -$ THEN -$! -$! Check To See If We Already Have A DEC C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! Figure Out If We Need A non-VAX Or A VAX Linker Option File. -$! -$ IF (ARCH.EQS."VAX") -$ THEN -$! -$! We Need A DEC C Linker Option File For VAX. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Against -! The Sharable DEC C Runtime Library. -! -SYS$SHARE:DECC$SHR.EXE /SHAREABLE -$EOD -$! -$! Else... -$! -$ ELSE -$! -$! Create The non-VAX Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File For non-VAX To Link Against -! The Sharable C Runtime Library. -! -SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE -SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE -$EOD -$! -$! End The DEC C Option File Check. -$! -$ ENDIF -$! -$! End The Option File Search. -$! -$ ENDIF -$! -$! End The DEC C Check. -$! -$ ENDIF -$! -$! Tell The User What Linker Option File We Are Using. -$! -$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." -$! -$! Time To RETURN. -$! -$ RETURN -$! -$! Check To See If We Have The Appropiate Libraries. -$! -$ LIB_CHECK: -$! -$! Look For The Library LIBCRYPTO.OLB. -$! -$ IF (F$SEARCH(CRYPTO_LIB).EQS."") -$ THEN -$! -$! Tell The User We Can't Find The LIBCRYPTO.OLB Library. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"." -$ WRITE SYS$OUTPUT "We Can't Link Without It." -$ WRITE SYS$OUTPUT "" -$! -$! Since We Can't Link Without It, Exit. -$! -$ EXIT -$! -$! End The Crypto Library Check. -$! -$ ENDIF -$! -$! Look For The Library LIBSSL.OLB. -$! -$ IF (F$SEARCH(SSL_LIB).EQS."") -$ THEN -$! -$! Tell The User We Can't Find The LIBSSL.OLB Library. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"." -$ WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It." -$ WRITE SYS$OUTPUT "" -$! -$! Since We Can't Link Without It, Exit. -$! -$ EXIT -$! -$! End The SSL Library Check. -$! -$ ENDIF -$! -$! Time To Return. -$! -$ RETURN -$! -$! Check The User's Options. -$! -$ CHECK_OPTIONS: -$! -$! Set basic C compiler /INCLUDE directories. -$! -$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]" -$! -$! Check To See If P1 Is Blank. -$! -$ IF (P1.EQS."NODEBUG") -$ THEN -$! -$! P1 Is NODEBUG, So Compile Without Debugger Information. -$! -$ DEBUGGER = "NODEBUG" -$ LINKMAP = "NOMAP" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Are To Compile With Debugger Information. -$! -$ IF (P1.EQS."DEBUG") -$ THEN -$! -$! Compile With Debugger Information. -$! -$ DEBUGGER = "DEBUG" -$ LINKMAP = "MAP" -$ TRACEBACK = "TRACEBACK" -$ GCC_OPTIMIZE = "NOOPTIMIZE" -$ CC_OPTIMIZE = "NOOPTIMIZE" -$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User Entered An Invalid Option. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." -$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Argument Check. -$! -$ ENDIF -$! -$! End The P1 Check. -$! -$ ENDIF -$! -$! Check P5 (POINTER_SIZE). -$! -$ IF (P5 .NES. "") .AND. (ARCH .NES. "VAX") -$ THEN -$! -$ IF (P5 .EQS. "32") -$ THEN -$ POINTER_SIZE = " /POINTER_SIZE=32" -$ ELSE -$ POINTER_SIZE = F$EDIT( P5, "COLLAPSE, UPCASE") -$ IF ((POINTER_SIZE .EQS. "64") .OR. - - (POINTER_SIZE .EQS. "64=") .OR. - - (POINTER_SIZE .EQS. "64=ARGV")) -$ THEN -$ ARCHD = ARCH+ "_64" -$ LIB32 = "" -$ IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=") -$ THEN -$! Explicit user choice: "64" or "64=ARGV". -$ IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64" -$ ELSE -$ SET NOON -$ DEFINE /USER_MODE SYS$OUTPUT NL: -$ DEFINE /USER_MODE SYS$ERROR NL: -$ CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL: -$ IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000 -$ THEN -$ ! If we got here, it means DCL complained like this: -$ ! %DCL-W-NOVALU, value not allowed - remove value specification -$ ! \64=\ -$ ! -$ ! If the compiler was run, logicals defined in /USER would -$ ! have been deassigned automatically. However, when DCL -$ ! complains, they aren't, so we do it here (it might be -$ ! unnecessary, but just in case there will be another error -$ ! message further on that we don't want to miss) -$ DEASSIGN /USER_MODE SYS$ERROR -$ DEASSIGN /USER_MODE SYS$OUTPUT -$ ELSE -$ POINTER_SIZE = POINTER_SIZE + "=ARGV" -$ ENDIF -$ SET ON -$ ENDIF -$ POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'" -$ ELSE -$! -$! Tell The User Entered An Invalid Option. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ", P5, - - " Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT - - " """" : Compile with default (short) pointers." -$ WRITE SYS$OUTPUT - - " 32 : Compile with 32-bit (short) pointers." -$ WRITE SYS$OUTPUT - - " 64 : Compile with 64-bit (long) pointers (auto ARGV)." -$ WRITE SYS$OUTPUT - - " 64= : Compile with 64-bit (long) pointers (no ARGV)." -$ WRITE SYS$OUTPUT - - " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$ ENDIF -$! -$ ENDIF -$! -$! End The P5 (POINTER_SIZE) Check. -$! -$ ENDIF -$! -$! Check To See If P2 Is Blank. -$! -$ IF (P2.EQS."") -$ THEN -$! -$! O.K., The User Didn't Specify A Compiler, Let's Try To -$! Find Out Which One To Use. -$! -$! Check To See If We Have GNU C. -$! -$ IF (F$TRNLNM("GNU_CC").NES."") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ P2 = "GNUC" -$! -$! End The GNU C Compiler Check. -$! -$ ELSE -$! -$! Check To See If We Have VAXC Or DECC. -$! -$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ P2 = "DECC" -$! -$! Else... -$! -$ ELSE -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ P2 = "VAXC" -$! -$! End The VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The DECC & VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The Compiler Check. -$! -$ ENDIF -$! -$! Check To See If We Have A Option For P3. -$! -$ IF (P3.EQS."") -$ THEN -$! -$! Find out what socket library we have available -$! -$ IF F$PARSE("SOCKETSHR:") .NES. "" -$ THEN -$! -$! We have SOCKETSHR, and it is my opinion that it's the best to use. -$! -$ P3 = "SOCKETSHR" -$! -$! Tell the user -$! -$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP" -$! -$! Else, let's look for something else -$! -$ ELSE -$! -$! Like UCX (the reason to do this before Multinet is that the UCX -$! emulation is easier to use...) -$! -$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" - - .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" - - .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. "" -$ THEN -$! -$! Last resort: a UCX or UCX-compatible library -$! -$ P3 = "UCX" -$! -$! Tell the user -$! -$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP" -$! -$! That was all... -$! -$ ENDIF -$ ENDIF -$ ENDIF -$! -$! Set Up Initial CC Definitions, Possibly With User Ones -$! -$ CCDEFS = "TCPIP_TYPE_''P3'" -$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS -$ CCEXTRAFLAGS = "" -$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" -$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS -$! -$! Check To See If We Have A ZLIB Option. -$! -$ ZLIB = P6 -$ IF (ZLIB .NES. "") -$ THEN -$! -$! Check for expected ZLIB files. -$! -$ err = 0 -$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") -$ if (f$search( file1) .eqs. "") -$ then -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." -$ WRITE SYS$OUTPUT " Can't find header: ''file1'" -$ err = 1 -$ endif -$ file1 = f$parse( "A.;", ZLIB)- "A.;" -$! -$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") -$ if (f$search( file2) .eqs. "") -$ then -$ if (err .eq. 0) -$ then -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." -$ endif -$ WRITE SYS$OUTPUT " Can't find library: ''file2'" -$ WRITE SYS$OUTPUT "" -$ err = err+ 2 -$ endif -$ if (err .eq. 1) -$ then -$ WRITE SYS$OUTPUT "" -$ endif -$! -$ if (err .ne. 0) -$ then -$ GOTO EXIT -$ endif -$! -$ CCDEFS = """ZLIB=1"", "+ CCDEFS -$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 -$ ZLIB_LIB = ", ''file2' /library" -$! -$! Print info -$! -$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 -$! -$! End The P8 Check. -$! -$ ENDIF -$! -$! Check To See If The User Entered A Valid Parameter. -$! -$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC") -$ THEN -$! -$! Check To See If The User Wanted DECC. -$! -$ IF (P2.EQS."DECC") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ COMPILER = "DECC" -$! -$! Tell The User We Are Using DECC. -$! -$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler." -$! -$! Use DECC... -$! -$ CC = "CC" -$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - - THEN CC = "CC /DECC" -$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - - "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - - " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" -$! -$! End DECC Check. -$! -$ ENDIF -$! -$! Check To See If We Are To Use VAXC. -$! -$ IF (P2.EQS."VAXC") -$ THEN -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ COMPILER = "VAXC" -$! -$! Tell The User We Are Using VAX C. -$! -$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler." -$! -$! Compile Using VAXC. -$! -$ CC = "CC" -$ IF ARCH.NES."VAX" -$ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" -$ EXIT -$ ENDIF -$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC" -$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - - "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS -$ CCDEFS = CCDEFS + ",""VAXC""" -$! -$! Define <sys> As SYS$COMMON:[SYSLIB] -$! -$ DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB] -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" -$! -$! End VAXC Check -$! -$ ENDIF -$! -$! Check To See If We Are To Use GNU C. -$! -$ IF (P2.EQS."GNUC") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ COMPILER = "GNUC" -$! -$! Tell The User We Are Using GNUC. -$! -$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." -$! -$! Use GNU C... -$! -$ CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - - "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Set up default defines -$! -$ CCDEFS = """FLAT_INC=1""," + CCDEFS -$! -$! Finish up the definition of CC. -$! -$ IF COMPILER .EQS. "DECC" -$ THEN -$ IF CCDISABLEWARNINGS .EQS. "" -$ THEN -$ CC4DISABLEWARNINGS = "DOLLARID" -$ ELSE -$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" -$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" -$ ENDIF -$ CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" -$ ELSE -$ CCDISABLEWARNINGS = "" -$ CC4DISABLEWARNINGS = "" -$ ENDIF -$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS -$! -$! Show user the result -$! -$ WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC -$! -$! Else The User Entered An Invalid Argument. -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." -$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." -$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$ ENDIF -$! -$! Time to check the contents, and to make sure we get the correct library. -$! -$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" - - .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE" -$ THEN -$! -$! Check to see if SOCKETSHR was chosen -$! -$ IF P3.EQS."SOCKETSHR" -$ THEN -$! -$! Set the library to use SOCKETSHR -$! -$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" -$! -$! Done with SOCKETSHR -$! -$ ENDIF -$! -$! Check to see if MULTINET was chosen -$! -$ IF P3.EQS."MULTINET" -$ THEN -$! -$! Set the library to use UCX emulation. -$! -$ P3 = "UCX" -$! -$! Done with MULTINET -$! -$ ENDIF -$! -$! Check to see if UCX was chosen -$! -$ IF P3.EQS."UCX" -$ THEN -$! -$! Set the library to use UCX. -$! -$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" -$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -$ THEN -$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" -$ ELSE -$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" -$ ENDIF -$! -$! Done with UCX -$! -$ ENDIF -$! -$! Check to see if TCPIP was chosen -$! -$ IF P3.EQS."TCPIP" -$ THEN -$! -$! Set the library to use TCPIP (post UCX). -$! -$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" -$! -$! Done with TCPIP -$! -$ ENDIF -$! -$! Check to see if NONE was chosen -$! -$ IF P3.EQS."NONE" -$ THEN -$! -$! Do not use a TCPIP library. -$! -$ TCPIP_LIB = "" -$! -$! Done with NONE -$! -$ ENDIF -$! -$! Print info -$! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," -$! -$! Else The User Entered An Invalid Argument. -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." -$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." -$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! Done with TCP/IP libraries -$! -$ ENDIF -$! -$! Special Threads For OpenVMS v7.1 Or Later -$! -$! Written By: Richard Levitte -$! richard@levitte.org -$! -$! -$! Check To See If We Have A Option For P4. -$! -$ IF (P4.EQS."") -$ THEN -$! -$! Get The Version Of VMS We Are Using. -$! -$ ISSEVEN := -$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION"))) -$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP)) -$! -$! Check To See If The VMS Version Is v7.1 Or Later. -$! -$ IF (TMP.GE.71) -$ THEN -$! -$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads. -$! -$ ISSEVEN := ,PTHREAD_USE_D4 -$! -$! End The VMS Version Check. -$! -$ ENDIF -$! -$! End The P4 Check. -$! -$ ENDIF -$! -$! Time To RETURN... -$! -$ RETURN -$! -$ INITIALISE: -$! -$! Save old value of the logical name OPENSSL -$! -$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE") -$! -$! Save directory information -$! -$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;" -$ __HERE = F$EDIT(__HERE,"UPCASE") -$ __TOP = __HERE - "TEST]" -$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" -$! -$! Set up the logical name OPENSSL to point at the include directory -$! -$ DEFINE OPENSSL /NOLOG '__INCLUDE' -$! -$! Done -$! -$ RETURN -$! -$ CLEANUP: -$! -$! Restore the logical name OPENSSL if it had a value -$! -$ IF __SAVE_OPENSSL .EQS. "" -$ THEN -$ DEASSIGN OPENSSL -$ ELSE -$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL' -$ ENDIF -$! -$! Done -$! -$ RETURN diff --git a/lib/libssl/test/tcrl.com b/lib/libssl/test/tcrl.com deleted file mode 100644 index dd96a2b6dd7..00000000000 --- a/lib/libssl/test/tcrl.com +++ /dev/null @@ -1,88 +0,0 @@ -$! TCRL.COM -- Tests crl keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl crl" -$ -$ t = "testcrl.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing CRL conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in fff.p -inform p -outform t -out f.t -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> d" -$! 'cmd' -in f.t -inform t -outform d -out ff.d2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$! write sys$output "d -> t" -$! 'cmd' -in f.d -inform d -outform t -out ff.t1 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "t -> t" -$! 'cmd' -in f.t -inform t -outform t -out ff.t2 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in f.p -inform p -outform t -out ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> p" -$! 'cmd' -in f.t -inform t -outform p -out ff.p2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare fff.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$! backup/compare f.t ff.t1 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t2 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare f.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/lib/libssl/test/testca.com b/lib/libssl/test/testca.com deleted file mode 100644 index 78cda9ec5a8..00000000000 --- a/lib/libssl/test/testca.com +++ /dev/null @@ -1,52 +0,0 @@ -$! TESTCA.COM -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p1 .eqs. "64") then __arch = __arch+ "_64" -$ -$ openssl = "mcr ''exe_dir'openssl" -$ -$ SSLEAY_CONFIG="-config ""CAss.cnf""" -$ -$ set noon -$ if f$search("demoCA.dir") .nes. "" -$ then -$ @[-.util]deltree [.demoCA]*.* -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;* -$ delete demoCA.dir;* -$ endif -$ set on -$ open/read sys$ca_input VMSca-response.1 -$ @[-.apps]CA.com -input sys$ca_input -newca -$ close sys$ca_input -$ if $severity .ne. 1 then exit 3 -$ -$ -$ SSLEAY_CONFIG="-config ""Uss.cnf""" -$ @[-.apps]CA.com -newreq -$ if $severity .ne. 1 then exit 3 -$ -$ -$ SSLEAY_CONFIG="-config [-.apps]openssl-vms.cnf" -$ open/read sys$ca_input VMSca-response.2 -$ @[-.apps]CA.com -input sys$ca_input -sign -$ close sys$ca_input -$ if $severity .ne. 1 then exit 3 -$ -$ -$ @[-.apps]CA.com -verify newcert.pem -$ if $severity .ne. 1 then exit 3 -$ -$ set noon -$ @[-.util]deltree [.demoCA]*.* -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;* -$ delete demoCA.dir;* -$ if f$search("newcert.pem") .nes. "" then delete newcert.pem;* -$ if f$search("newcert.pem") .nes. "" then delete newreq.pem;* -$ set on -$! #usage: CA -newcert|-newreq|-newca|-sign|-verify -$ -$ exit diff --git a/lib/libssl/test/testenc.com b/lib/libssl/test/testenc.com deleted file mode 100644 index 75acd6f07fa..00000000000 --- a/lib/libssl/test/testenc.com +++ /dev/null @@ -1,66 +0,0 @@ -$! TESTENC.COM -- Test encoding and decoding -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p1 .eqs. 64) then __arch = __arch+ "_64" -$ -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ testsrc = "makefile." -$ test = "p.txt" -$ cmd = "mcr ''exe_dir'openssl" -$ -$ if f$search(test) .nes. "" then delete 'test';* -$ convert/fdl=sys$input: 'testsrc' 'test' -RECORD - FORMAT STREAM_LF -$ -$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* -$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* -$ -$ write sys$output "cat" -$ 'cmd' enc -in 'test' -out 'test'-cipher -$ 'cmd' enc -in 'test'-cipher -out 'test'-clear -$ backup/compare 'test' 'test'-clear -$ if $severity .ne. 1 then exit 3 -$ delete 'test'-cipher;*,'test'-clear;* -$ -$ write sys$output "base64" -$ 'cmd' enc -a -e -in 'test' -out 'test'-cipher -$ 'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear -$ backup/compare 'test' 'test'-clear -$ if $severity .ne. 1 then exit 3 -$ delete 'test'-cipher;*,'test'-clear;* -$ -$ define/user sys$output 'test'-cipher-commands -$ 'cmd' list-cipher-commands -$ open/read f 'test'-cipher-commands -$ loop_cipher_commands: -$ read/end=loop_cipher_commands_end f i -$ write sys$output i -$ -$ if f$search(test+"-"+i+"-cipher") .nes. "" then - - delete 'test'-'i'-cipher;* -$ if f$search(test+"-"+i+"-clear") .nes. "" then - - delete 'test'-'i'-clear;* -$ -$ 'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher -$ 'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear -$ backup/compare 'test' 'test'-'i'-clear -$ if $severity .ne. 1 then exit 3 -$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;* -$ -$ write sys$output i," base64" -$ 'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher -$ 'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear -$ backup/compare 'test' 'test'-'i'-clear -$ if $severity .ne. 1 then exit 3 -$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;* -$ -$ goto loop_cipher_commands -$ loop_cipher_commands_end: -$ close f -$ delete 'test'-cipher-commands;* -$ delete 'test';* diff --git a/lib/libssl/test/testgen.com b/lib/libssl/test/testgen.com deleted file mode 100644 index e076da2f306..00000000000 --- a/lib/libssl/test/testgen.com +++ /dev/null @@ -1,58 +0,0 @@ -$! TESTGEN.COM -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$ if (p1 .eqs. 64) then __arch = __arch+ "_64" -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ T = "testcert" -$ KEY = 512 -$ CA = "[-.certs]testca.pem" -$ -$ set noon -$ if f$search(T+".1;*") .nes. "" then delete 'T'.1;* -$ if f$search(T+".2;*") .nes. "" then delete 'T'.2;* -$ if f$search(T+".key;*") .nes. "" then delete 'T'.key;* -$ set on -$ -$ write sys$output "generating certificate request" -$ -$ append/new nl: .rnd -$ open/append random_file .rnd -$ write random_file - - "string to make the random number generator think it has entropy" -$ close random_file -$ -$ set noon -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-rsa -$ save_severity=$SEVERITY -$ set on -$ if save_severity -$ then -$ req_new="-newkey dsa:[-.apps]dsa512.pem" -$ else -$ req_new="-new" -$ write sys$output - - "There should be a 2 sequences of .'s and some +'s." -$ write sys$output - - "There should not be more that at most 80 per line" -$ endif -$ -$ write sys$output "This could take some time." -$ -$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem -$ if $severity .ne. 1 -$ then -$ write sys$output "problems creating request" -$ exit 3 -$ endif -$ -$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout -$ if $severity .ne. 1 -$ then -$ write sys$output "signature on req is wrong" -$ exit 3 -$ endif diff --git a/lib/libssl/test/tests.com b/lib/libssl/test/tests.com deleted file mode 100644 index a840d5078f0..00000000000 --- a/lib/libssl/test/tests.com +++ /dev/null @@ -1,375 +0,0 @@ -$! TESTS.COM -- Performs the necessary tests -$! -$! P1 tests to be performed. Empty means all. -$! P2 Pointer size: "", "32", or "64". -$! -$! Announce/identify. -$! -$ proc = f$environment( "procedure") -$ write sys$output "@@@ "+ - - f$parse( proc, , , "name")+ f$parse( proc, , , "type") -$! -$ __proc = f$element(0,";",f$environment("procedure")) -$ __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;" -$ __save_default = f$environment("default") -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ __archd = __arch -$ pointer_size = "" -$ if (p2 .eq. "64") -$ then -$ pointer_size = "64" -$ __archd = __arch+ "_64" -$ endif -$! -$ texe_dir := sys$disk:[-.'__archd'.exe.test] -$ exe_dir := sys$disk:[-.'__archd'.exe.apps] -$ -$ set default '__here' -$ -$ ROOT = F$PARSE("sys$disk:[-]A.;0",,,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" -$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") -$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - - - ".][000000" - "[000000." - "][" - "[" - "]" -$ ROOT = ROOT_DEV + "[" + ROOT_DIR -$ DEFINE/NOLOG SSLROOT 'ROOT'.APPS.] /TRANS=CONC -$ openssl_conf := sslroot:[000000]openssl-vms.cnf -$ -$ on control_y then goto exit -$ on error then goto exit -$ -$ if p1 .nes. "" -$ then -$ tests = p1 -$ else -$! NOTE: This list reflects the list of dependencies following the -$! "alltests" target in Makefile. This should make it easy to see -$! if there's a difference that needs to be taken care of. -$ tests := - - test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- - test_md2,test_mdc2,test_wp,- - test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,- - test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- - test_enc,test_x509,test_rsa,test_crl,test_sid,- - test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- - test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,- - test_jpake,test_srp,test_cms -$ endif -$ tests = f$edit(tests,"COLLAPSE") -$ -$ BNTEST := bntest -$ ECTEST := ectest -$ ECDSATEST := ecdsatest -$ ECDHTEST := ecdhtest -$ EXPTEST := exptest -$ IDEATEST := ideatest -$ SHATEST := shatest -$ SHA1TEST := sha1test -$ SHA256TEST := sha256t -$ SHA512TEST := sha512t -$ MDC2TEST := mdc2test -$ RMDTEST := rmdtest -$ MD2TEST := md2test -$ MD4TEST := md4test -$ MD5TEST := md5test -$ HMACTEST := hmactest -$ WPTEST := wp_test -$ RC2TEST := rc2test -$ RC4TEST := rc4test -$ RC5TEST := rc5test -$ BFTEST := bftest -$ CASTTEST := casttest -$ DESTEST := destest -$ RANDTEST := randtest -$ DHTEST := dhtest -$ DSATEST := dsatest -$ METHTEST := methtest -$ SSLTEST := ssltest -$ RSATEST := rsa_test -$ ENGINETEST := enginetest -$ EVPTEST := evp_test -$ IGETEST := igetest -$ JPAKETEST := jpaketest -$ SRPTEST := srptest -$ ASN1TEST := asn1test -$! -$ tests_i = 0 -$ loop_tests: -$ tests_e = f$element(tests_i,",",tests) -$ tests_i = tests_i + 1 -$ if tests_e .eqs. "," then goto exit -$ write sys$output "---> ''tests_e'" -$ gosub 'tests_e' -$ goto loop_tests -$ -$ test_evp: -$ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt -$ return -$ test_des: -$ mcr 'texe_dir''destest' -$ return -$ test_idea: -$ mcr 'texe_dir''ideatest' -$ return -$ test_sha: -$ mcr 'texe_dir''shatest' -$ mcr 'texe_dir''sha1test' -$ mcr 'texe_dir''sha256test' -$ mcr 'texe_dir''sha512test' -$ return -$ test_mdc2: -$ mcr 'texe_dir''mdc2test' -$ return -$ test_md5: -$ mcr 'texe_dir''md5test' -$ return -$ test_md4: -$ mcr 'texe_dir''md4test' -$ return -$ test_hmac: -$ mcr 'texe_dir''hmactest' -$ return -$ test_wp: -$ mcr 'texe_dir''wptest' -$ return -$ test_md2: -$ mcr 'texe_dir''md2test' -$ return -$ test_rmd: -$ mcr 'texe_dir''rmdtest' -$ return -$ test_bf: -$ mcr 'texe_dir''bftest' -$ return -$ test_cast: -$ mcr 'texe_dir''casttest' -$ return -$ test_rc2: -$ mcr 'texe_dir''rc2test' -$ return -$ test_rc4: -$ mcr 'texe_dir''rc4test' -$ return -$ test_rc5: -$ mcr 'texe_dir''rc5test' -$ return -$ test_rand: -$ mcr 'texe_dir''randtest' -$ return -$ test_enc: -$ @testenc.com 'pointer_size' -$ return -$ test_x509: -$ set noon -$ define sys$error test_x509.err -$ write sys$output "test normal x509v1 certificate" -$ @tx509.com "" 'pointer_size' -$ write sys$output "test first x509v3 certificate" -$ @tx509.com v3-cert1.pem 'pointer_size' -$ write sys$output "test second x509v3 certificate" -$ @tx509.com v3-cert2.pem 'pointer_size' -$ deassign sys$error -$ set on -$ return -$ test_rsa: -$ set noon -$ define sys$error test_rsa.err -$ @trsa.com "" 'pointer_size' -$ deassign sys$error -$ mcr 'texe_dir''rsatest' -$ set on -$ return -$ test_crl: -$ set noon -$ define sys$error test_crl.err -$ @tcrl.com "" 'pointer_size' -$ deassign sys$error -$ set on -$ return -$ test_sid: -$ set noon -$ define sys$error test_sid.err -$ @tsid.com "" 'pointer_size' -$ deassign sys$error -$ set on -$ return -$ test_req: -$ set noon -$ define sys$error test_req.err -$ @treq.com "" 'pointer_size' -$ @treq.com testreq2.pem 'pointer_size' -$ deassign sys$error -$ set on -$ return -$ test_pkcs7: -$ set noon -$ define sys$error test_pkcs7.err -$ @tpkcs7.com "" 'pointer_size' -$ @tpkcs7d.com "" 'pointer_size' -$ deassign sys$error -$ set on -$ return -$ test_bn: -$ write sys$output - - "starting big number library test, could take a while..." -$ set noon -$ define sys$error test_bn.err -$ define sys$output test_bn.out -$ @ bctest.com -$ status = $status -$ deassign sys$error -$ deassign sys$output -$ set on -$ if (status) -$ then -$ create /fdl = sys$input bntest-vms.tmp -FILE - ORGANIZATION sequential -RECORD - FORMAT stream_lf -$ define /user_mode sys$output bntest-vms.tmp -$ mcr 'texe_dir''bntest' -$ define /user_mode sys$input bntest-vms.tmp -$ define /user_mode sys$output bntest-vms.out -$ bc -$ @ bntest.com bntest-vms.out -$ status = $status -$ if (status) -$ then -$ delete bntest-vms.out;* -$ delete bntest-vms.tmp;* -$ endif -$ else -$ create /fdl = sys$input bntest-vms.sh -FILE - ORGANIZATION sequential -RECORD - FORMAT stream_lf -$ open /append bntest_file bntest-vms.sh -$ type /output = bntest_file sys$input: -<< __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"' -$ define /user_mode sys$output bntest-vms.tmp -$ mcr 'texe_dir''bntest' -$ copy bntest-vms.tmp bntest_file -$ delete bntest-vms.tmp;* -$ type /output = bntest_file sys$input: -__FOO__ -$ close bntest_file -$ write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and" -$ write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations" -$ write sys$output "-- went well." -$ write sys$output "" -$ endif -$ write sys$output "test a^b%c implementations" -$ mcr 'texe_dir''exptest' -$ return -$ test_ec: -$ write sys$output "test elliptic curves" -$ mcr 'texe_dir''ectest' -$ return -$ test_ecdsa: -$ write sys$output "test ecdsa" -$ mcr 'texe_dir''ecdsatest' -$ return -$ test_ecdh: -$ write sys$output "test ecdh" -$ mcr 'texe_dir''ecdhtest' -$ return -$ test_verify: -$ write sys$output "The following command should have some OK's and some failures" -$ write sys$output "There are definitly a few expired certificates" -$ @tverify.com 'pointer_size' -$ return -$ test_dh: -$ write sys$output "Generate a set of DH parameters" -$ mcr 'texe_dir''dhtest' -$ return -$ test_dsa: -$ write sys$output "Generate a set of DSA parameters" -$ mcr 'texe_dir''dsatest' -$ return -$ test_gen: -$ write sys$output "Generate and verify a certificate request" -$ @testgen.com 'pointer_size' -$ return -$ maybe_test_ss: -$ testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT")) -$ if f$cvtime(f$file_attributes("keyU.ss","RDT")) .les. testss_RDT then - - goto test_ss -$ if f$cvtime(f$file_attributes("certU.ss","RDT")) .les. testss_RDT then - - goto test_ss -$ if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then - - goto test_ss -$ return -$ test_ss: -$ write sys$output "Generate and certify a test certificate" -$ @testss.com 'pointer_size' -$ return -$ test_engine: -$ write sys$output "Manipulate the ENGINE structures" -$ mcr 'texe_dir''enginetest' -$ return -$ test_ssl: -$ write sys$output "test SSL protocol" -$ gosub maybe_test_ss -$ @testssl.com keyU.ss certU.ss certCA.ss 'pointer_size' -$ return -$ test_ca: -$ set noon -$ define /user_mode sys$output test_ca.out -$ mcr 'exe_dir'openssl no-rsa -$ save_severity=$SEVERITY -$ set on -$ if save_severity -$ then -$ write sys$output "skipping CA.com test -- requires RSA" -$ else -$ write sys$output "Generate and certify a test certificate via the 'ca' program" -$ @testca.com 'pointer_size' -$ endif -$ return -$ test_aes: -$! write sys$output "test AES" -$! !mcr 'texe_dir''aestest' -$ return -$ test_tsa: -$ set noon -$ define /user_mode sys$output nla0: -$ mcr 'exe_dir'openssl no-rsa -$ save_severity=$SEVERITY -$ set on -$ if save_severity -$ then -$ write sys$output "skipping testtsa.com test -- requires RSA" -$ else -$ @testtsa.com "" "" "" 'pointer_size' -$ endif -$ return -$ test_ige: -$ write sys$output "Test IGE mode" -$ mcr 'texe_dir''igetest' -$ return -$ test_jpake: -$ write sys$output "Test JPAKE" -$ mcr 'texe_dir''jpaketest' -$ return -$ test_cms: -$ write sys$output "CMS consistency test" -$ ! Define the logical name used to find openssl.exe in the perl script. -$ define /user_mode osslx 'exe_dir' -$ perl CMS-TEST.PL -$ return -$ test_srp: -$ write sys$output "Test SRP" -$ mcr 'texe_dir''srptest' -$ return -$ -$ -$ exit: -$ mcr 'exe_dir'openssl version -a -$ set default '__save_default' -$ deassign sslroot -$ exit diff --git a/lib/libssl/test/testss.com b/lib/libssl/test/testss.com deleted file mode 100644 index 32a74d0fc21..00000000000 --- a/lib/libssl/test/testss.com +++ /dev/null @@ -1,123 +0,0 @@ -$! TESTSS.COM -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p1 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ digest="-md5" -$ reqcmd = "mcr ''exe_dir'openssl req" -$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'" -$ verifycmd = "mcr ''exe_dir'openssl verify" -$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf" -$ -$ CAkey="""keyCA.ss""" -$ CAcert="""certCA.ss""" -$ CAreq="""reqCA.ss""" -$ CAconf="""CAss.cnf""" -$ CAreq2="""req2CA.ss""" ! temp -$ -$ Uconf="""Uss.cnf""" -$ Ukey="""keyU.ss""" -$ Ureq="""reqU.ss""" -$ Ucert="""certU.ss""" -$ -$ write sys$output "" -$ write sys$output "make a certificate request using 'req'" -$ -$ set noon -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-rsa -$ save_severity=$SEVERITY -$ set on -$ if save_severity -$ then -$ req_new="-newkey dsa:[-.apps]dsa512.pem" -$ else -$ req_new="-new" -$ endif -$ -$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'req' to generate a certificate request" -$ exit 3 -$ endif -$ write sys$output "" -$ write sys$output "convert the certificate request into a self signed certificate using 'x509'" -$ define /user sys$output err.ss -$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'x509' to self sign a certificate request" -$ exit 3 -$ endif -$ -$ write sys$output "" -$ write sys$output "convert a certificate into a certificate request using 'x509'" -$ define /user sys$output err.ss -$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'x509' convert a certificate to a certificate request" -$ exit 3 -$ endif -$ -$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout -$ if $severity .ne. 1 -$ then -$ write sys$output "first generated request is invalid" -$ exit 3 -$ endif -$ -$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout -$ if $severity .ne. 1 -$ then -$ write sys$output "second generated request is invalid" -$ exit 3 -$ endif -$ -$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert' -$ if $severity .ne. 1 -$ then -$ write sys$output "first generated cert is invalid" -$ exit 3 -$ endif -$ -$ write sys$output "" -$ write sys$output "make another certificate request using 'req'" -$ define /user sys$output err.ss -$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'req' to generate a certificate request" -$ exit 3 -$ endif -$ -$ write sys$output "" -$ write sys$output "sign certificate request with the just created CA via 'x509'" -$ define /user sys$output err.ss -$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'x509' to sign a certificate request" -$ exit 3 -$ endif -$ -$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert' -$ write sys$output "" -$ write sys$output "Certificate details" -$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' -$ -$ write sys$output "" -$ write sys$output "The generated CA certificate is ",CAcert -$ write sys$output "The generated CA private key is ",CAkey -$ -$ write sys$output "The generated user certificate is ",Ucert -$ write sys$output "The generated user private key is ",Ukey -$ -$ if f$search("err.ss;*") .nes. "" then delete err.ss;* diff --git a/lib/libssl/test/testssl b/lib/libssl/test/testssl index 5ae4dc8720a..4e8542b5568 100644 --- a/lib/libssl/test/testssl +++ b/lib/libssl/test/testssl @@ -119,6 +119,23 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 +echo "Testing ciphersuites" +for protocol in TLSv1.2 SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + echo "Testing $cipher" + prot="" + if [ $protocol = "SSLv3" ] ; then + prot="-ssl3" + fi + $ssltest -cipher $cipher $prot + if [ $? -ne 0 ] ; then + echo "Failed $cipher" + exit 1 + fi + done +done + ############################################################################# if ../util/shlib_wrap.sh ../apps/openssl no-dh; then diff --git a/lib/libssl/test/testssl.com b/lib/libssl/test/testssl.com deleted file mode 100644 index f19edc4719f..00000000000 --- a/lib/libssl/test/testssl.com +++ /dev/null @@ -1,208 +0,0 @@ -$! TESTSSL.COM -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p4 .eqs. "64") then __arch = __arch+ "_64" -$! -$ texe_dir = "sys$disk:[-.''__arch'.exe.test]" -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ if p1 .eqs. "" -$ then -$ key="[-.apps]server.pem" -$ else -$ key=p1 -$ endif -$ if p2 .eqs. "" -$ then -$ cert="[-.apps]server.pem" -$ else -$ cert=p2 -$ endif -$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ - - " -cert ''cert' -c_key ''key' -c_cert ''cert'" -$! -$ set noon -$ define/user sys$output testssl-x509-output. -$ define/user sys$error nla0: -$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout -$ define/user sys$error nla0: -$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact -$ if $severity .eq. 1 -$ then -$ dsa_cert = "YES" -$ else -$ dsa_cert = "NO" -$ endif -$ delete testssl-x509-output.;* -$ -$ if p3 .eqs. "" -$ then -$ copy/concatenate [-.certs]*.pem certs.tmp -$ CA = """-CAfile"" certs.tmp" -$ else -$ CA = """-CAfile"" "+p3 -$ endif -$ -$!########################################################################### -$ -$ write sys$output "test sslv2" -$ 'ssltest' -ssl2 -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2 with server authentication" -$ 'ssltest' -ssl2 -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ if .not. dsa_cert -$ then -$ write sys$output "test sslv2 with client authentication" -$ 'ssltest' -ssl2 -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2 with both client and server authentication" -$ 'ssltest' -ssl2 -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ endif -$ -$ write sys$output "test sslv3" -$ 'ssltest' -ssl3 -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with server authentication" -$ 'ssltest' -ssl3 -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with client authentication" -$ 'ssltest' -ssl3 -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with both client and server authentication" -$ 'ssltest' -ssl3 -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3" -$ 'ssltest' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with server authentication" -$ 'ssltest' -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with client authentication" -$ 'ssltest' -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with both client and server authentication" -$ 'ssltest' -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2 via BIO pair" -$ 'ssltest' -bio_pair -ssl2 -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2 with server authentication via BIO pair" -$ 'ssltest' -bio_pair -ssl2 -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ if .not. dsa_cert -$ then -$ write sys$output "test sslv2 with client authentication via BIO pair" -$ 'ssltest' -bio_pair -ssl2 -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2 with both client and server authentication via BIO pair" -$ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ endif -$ -$ write sys$output "test sslv3 via BIO pair" -$ 'ssltest' -bio_pair -ssl3 -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with server authentication via BIO pair" -$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with client authentication via BIO pair" -$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 - -$ write sys$output "test sslv3 with both client and server authentication via BIO pair" -$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 via BIO pair" -$ 'ssltest' -$ if $severity .ne. 1 then goto exit3 -$ -$ if .not. dsa_cert -$ then -$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" -$ 'ssltest' -bio_pair -no_dhe -$ if $severity .ne. 1 then goto exit3 -$ endif -$ -$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" -$ 'ssltest' -bio_pair -dhe1024dsa -v -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with server authentication" -$ 'ssltest' -bio_pair -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair" -$ 'ssltest' -bio_pair -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair" -$ 'ssltest' -bio_pair -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$!########################################################################### -$ -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-rsa -$ no_rsa=$SEVERITY -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-dh -$ no_dh=$SEVERITY -$ -$ if no_dh -$ then -$ write sys$output "skipping anonymous DH tests" -$ else -$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes" -$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time -$ if $severity .ne. 1 then goto exit3 -$ endif -$ -$ if no_rsa -$ then -$ write sys$output "skipping RSA tests" -$ else -$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes" -$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time -$ if $severity .ne. 1 then goto exit3 -$ -$ if no_dh -$ then -$ write sys$output "skipping RSA+DHE tests" -$ else -$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" -$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time -$ if $severity .ne. 1 then goto exit3 -$ endif -$ endif -$ -$ RET = 1 -$ goto exit -$ exit3: -$ RET = 3 -$ exit: -$ if p3 .eqs. "" then delete certs.tmp;* -$ set on -$ exit 'RET' diff --git a/lib/libssl/test/testtsa.com b/lib/libssl/test/testtsa.com deleted file mode 100644 index e3c586f14a2..00000000000 --- a/lib/libssl/test/testtsa.com +++ /dev/null @@ -1,248 +0,0 @@ -$! -$! A few very basic tests for the 'ts' time stamping authority command. -$! -$ -$ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch := UNK -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] -$ -$ openssl := mcr 'f$parse(exe_dir+"openssl.exe")' -$ OPENSSL_CONF := [-]CAtsa.cnf -$ ! Because that's what ../apps/CA.sh really looks at -$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF -$ -$ error: -$ subroutine -$ write sys$error "TSA test failed!" -$ exit 3 -$ endsubroutine -$ -$ setup_dir: -$ subroutine -$ -$ if f$search("tsa.dir") .nes "" -$ then -$ @[-.util]deltree [.tsa]*.* -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* -$ delete tsa.dir;* -$ endif -$ -$ create/dir [.tsa] -$ set default [.tsa] -$ endsubroutine -$ -$ clean_up_dir: -$ subroutine -$ -$ set default [-] -$ @[-.util]deltree [.tsa]*.* -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* -$ delete tsa.dir;* -$ endsubroutine -$ -$ create_ca: -$ subroutine -$ -$ write sys$output "Creating a new CA for the TSA tests..." -$ TSDNSECT = "ts_ca_dn" -$ openssl req -new -x509 -nodes - - -out tsaca.pem -keyout tsacakey.pem -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_tsa_cert: -$ subroutine -$ -$ INDEX=p1 -$ EXT=p2 -$ TSDNSECT = "ts_cert_dn" -$ -$ openssl req -new - - -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem -$ if $severity .ne. 1 then call error -$ -$ write sys$output "Using extension ''EXT'" -$ openssl x509 -req - - -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - - "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - - -extfile 'OPENSSL_CONF' -extensions "''EXT'" -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ print_request: -$ subroutine -$ -$ openssl ts -query -in 'p1' -text -$ endsubroutine -$ -$ create_time_stamp_request1: subroutine -$ -$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - - -cert -out req1.tsq -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_time_stamp_request2: subroutine -$ -$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - - -no_nonce -out req2.tsq -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_time_stamp_request3: subroutine -$ -$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ print_response: -$ subroutine -$ -$ openssl ts -reply -in 'p1' -text -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_time_stamp_response: -$ subroutine -$ -$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ time_stamp_response_token_test: -$ subroutine -$ -$ RESPONSE2:='p2'.copy_tsr -$ TOKEN_DER:='p2'.token_der -$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' -$ if $severity .ne. 1 then call error -$ backup/compare 'RESPONSE2' 'p2' -$ if $severity .ne. 1 then call error -$ openssl ts -reply -in 'p2' -text -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -reply -queryfile 'p1' -text -token_out -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ verify_time_stamp_response: -$ subroutine -$ -$ openssl ts -verify -queryfile 'p1' -in 'p2' - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ openssl ts -verify -data 'p3' -in 'p2' - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ verify_time_stamp_token: -$ subroutine -$ -$ ! create the token from the response first -$ openssl ts -reply -in 'p2' -out 'p2'.token -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ verify_time_stamp_response_fail: -$ subroutine -$ -$ openssl ts -verify -queryfile 'p1' -in 'p2' - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ ! Checks if the verification failed, as it should have. -$ if $severity .eq. 1 then call error -$ write sys$output "Ok" -$ endsubroutine -$ -$ ! Main body ---------------------------------------------------------- -$ -$ write sys$output "Setting up TSA test directory..." -$ call setup_dir -$ -$ write sys$output "Creating CA for TSA tests..." -$ call create_ca -$ -$ write sys$output "Creating tsa_cert1.pem TSA server cert..." -$ call create_tsa_cert 1 "tsa_cert" -$ -$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." -$ call create_tsa_cert 2 "non_tsa_cert" -$ -$ write sys$output "Creating req1.req time stamp request for file testtsa..." -$ call create_time_stamp_request1 -$ -$ write sys$output "Printing req1.req..." -$ call print_request req1.tsq -$ -$ write sys$output "Generating valid response for req1.req..." -$ call create_time_stamp_response req1.tsq resp1.tsr tsa_config1 -$ -$ write sys$output "Printing response..." -$ call print_response resp1.tsr -$ -$ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com -$ -$ write sys$output "Verifying valid token..." -$ call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com -$ -$ ! The tests below are commented out, because invalid signer certificates -$ ! can no longer be specified in the config file. -$ -$ ! write sys$output "Generating _invalid_ response for req1.req..." -$ ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 -$ -$ ! write sys$output "Printing response..." -$ ! call print_response resp1_bad.tsr -$ -$ ! write sys$output "Verifying invalid response, it should fail..." -$ ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr -$ -$ write sys$output "Creating req2.req time stamp request for file testtsa..." -$ call create_time_stamp_request2 -$ -$ write sys$output "Printing req2.req..." -$ call print_request req2.tsq -$ -$ write sys$output "Generating valid response for req2.req..." -$ call create_time_stamp_response req2.tsq resp2.tsr tsa_config1 -$ -$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." -$ call time_stamp_response_token_test req2.tsq resp2.tsr -$ -$ write sys$output "Printing response..." -$ call print_response resp2.tsr -$ -$ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com -$ -$ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail req1.tsq resp2.tsr -$ -$ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail req2.tsq resp1.tsr -$ -$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." -$ call create_time_stamp_request3 -$ -$ write sys$output "Printing req3.req..." -$ call print_request req3.tsq -$ -$ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail req3.tsq resp1.tsr -$ -$ write sys$output "Cleaning up..." -$ call clean_up_dir -$ -$ exit diff --git a/lib/libssl/test/tpkcs7.com b/lib/libssl/test/tpkcs7.com deleted file mode 100644 index 3fc4982bb00..00000000000 --- a/lib/libssl/test/tpkcs7.com +++ /dev/null @@ -1,59 +0,0 @@ -$! TPKCS7.COM -- Tests pkcs7 keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl pkcs7" -$ -$ t = "testp7.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing PKCS7 conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/lib/libssl/test/tpkcs7d.com b/lib/libssl/test/tpkcs7d.com deleted file mode 100644 index eea8c888ee6..00000000000 --- a/lib/libssl/test/tpkcs7d.com +++ /dev/null @@ -1,52 +0,0 @@ -$! TPKCS7.COM -- Tests pkcs7 keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl pkcs7" -$ -$ t = "pkcs7-1.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing PKCS7 conversions (2)" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/lib/libssl/test/treq.com b/lib/libssl/test/treq.com deleted file mode 100644 index acf08b79efd..00000000000 --- a/lib/libssl/test/treq.com +++ /dev/null @@ -1,88 +0,0 @@ -$! TREQ.COM -- Tests req keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf" -$ -$ t = "testreq.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing req conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in fff.p -inform p -outform t -out f.t -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -verify -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> d" -$! 'cmd' -verify -in f.t -inform t -outform d -out ff.d2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -verify -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$! write sys$output "d -> t" -$! 'cmd' -in f.d -inform d -outform t -out ff.t1 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "t -> t" -$! 'cmd' -in f.t -inform t -outform t -out ff.t2 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in f.p -inform p -outform t -out ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> p" -$! 'cmd' -in f.t -inform t -outform p -out ff.p2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare fff.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$! backup/compare f.t ff.t1 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t2 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare f.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/lib/libssl/test/trsa.com b/lib/libssl/test/trsa.com deleted file mode 100644 index 54180843ee0..00000000000 --- a/lib/libssl/test/trsa.com +++ /dev/null @@ -1,99 +0,0 @@ -$! TRSA.COM -- Tests rsa keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ set noon -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-rsa -$ save_severity=$SEVERITY -$ set on -$ if save_severity -$ then -$ write sys$output "skipping RSA conversion test" -$ exit -$ endif -$ -$ cmd = "mcr ''exe_dir'openssl rsa" -$ -$ t = "testrsa.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing RSA conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in fff.p -inform p -outform t -out f.t -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> d" -$! 'cmd' -in f.t -inform t -outform d -out ff.d2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$! write sys$output "d -> t" -$! 'cmd' -in f.d -inform d -outform t -out ff.t1 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "t -> t" -$! 'cmd' -in f.t -inform t -outform t -out ff.t2 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in f.p -inform p -outform t -out ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> p" -$! 'cmd' -in f.t -inform t -outform p -out ff.p2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare fff.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$! backup/compare f.t ff.t1 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t2 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare f.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/lib/libssl/test/tsid.com b/lib/libssl/test/tsid.com deleted file mode 100644 index b6c4e49473e..00000000000 --- a/lib/libssl/test/tsid.com +++ /dev/null @@ -1,88 +0,0 @@ -$! TSID.COM -- Tests sid keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl sess_id" -$ -$ t = "testsid.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing session-id conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in fff.p -inform p -outform t -out f.t -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> d" -$! 'cmd' -in f.t -inform t -outform d -out ff.d2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$! write sys$output "d -> t" -$! 'cmd' -in f.d -inform d -outform t -out ff.t1 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "t -> t" -$! 'cmd' -in f.t -inform t -outform t -out ff.t2 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in f.p -inform p -outform t -out ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> p" -$! 'cmd' -in f.t -inform t -outform p -out ff.p2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare fff.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$! backup/compare f.t ff.t1 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t2 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare f.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/lib/libssl/test/tverify.com b/lib/libssl/test/tverify.com deleted file mode 100644 index d888344637e..00000000000 --- a/lib/libssl/test/tverify.com +++ /dev/null @@ -1,65 +0,0 @@ -$! TVERIFY.COM -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p1 .eqs. "64") then __arch = __arch+ "_64" -$! -$ line_max = 255 ! Could be longer on modern non-VAX. -$ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp" -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'" -$ cmd_len = f$length( cmd) -$ pems = "[-.certs...]*.pem" -$! -$! Concatenate all the certificate files. -$! -$ copy /concatenate 'pems' 'temp_file_name' -$! -$! Loop through all the certificate files. -$! -$ args = "" -$ old_f = "" -$ loop_file: -$ f = f$search( pems) -$ if ((f .nes. "") .and. (f .nes. old_f)) -$ then -$ old_f = f -$! -$! If this file name would over-extend the command line, then -$! run the command now. -$! -$ if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max) -$ then -$ if (args .eqs. "") then goto disaster -$ 'cmd''args' -$ args = "" -$ endif -$! Add the next file to the argument list. -$ args = args+ " "+ f -$ else -$! No more files in the list -$ goto loop_file_end -$ endif -$ goto loop_file -$ loop_file_end: -$! -$! Run the command for any left-over arguments. -$! -$ if (args .nes. "") -$ then -$ 'cmd''args' -$ endif -$! -$! Delete the temporary file. -$! -$ if (f$search( "''temp_file_name';*") .nes. "") then - - delete 'temp_file_name';* -$! -$ exit -$! -$ disaster: -$ write sys$output " Command line too long. Doomed." -$! diff --git a/lib/libssl/test/tx509.com b/lib/libssl/test/tx509.com deleted file mode 100644 index 93ce988b418..00000000000 --- a/lib/libssl/test/tx509.com +++ /dev/null @@ -1,88 +0,0 @@ -$! TX509.COM -- Tests x509 certificates -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl x509" -$ -$ t = "testx509.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing X509 conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> n" -$ 'cmd' -in fff.p -inform p -outform n -out f.n -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "n -> d" -$ 'cmd' -in f.n -inform n -outform d -out ff.d2 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> n" -$ 'cmd' -in f.d -inform d -outform n -out ff.n1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "n -> n" -$ 'cmd' -in f.n -inform n -outform n -out ff.n2 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> n" -$ 'cmd' -in f.p -inform p -outform n -out ff.n3 -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "n -> p" -$ 'cmd' -in f.n -inform n -outform p -out ff.p2 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p2 -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.n ff.n1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.n ff.n2 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.n ff.n3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p2 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h index c39c267f0b6..c992091e305 100644 --- a/lib/libssl/tls1.h +++ b/lib/libssl/tls1.h @@ -230,6 +230,12 @@ extern "C" { /* ExtensionType value from RFC5620 */ #define TLSEXT_TYPE_heartbeat 15 +/* ExtensionType value for TLS padding extension. + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + * http://tools.ietf.org/html/draft-agl-tls-padding-03 + */ +#define TLSEXT_TYPE_padding 21 + /* ExtensionType value from RFC4507 */ #define TLSEXT_TYPE_session_ticket 35 |