From fc7396568e61a510b9336d6c220aaa889c03060f Mon Sep 17 00:00:00 2001 From: djm <> Date: Thu, 3 Nov 2011 02:34:33 +0000 Subject: openssl-1.0.0e: resolve conflicts --- src/lib/libcrypto/Attic/Makefile | 4 +- src/lib/libcrypto/asn1/a_int.c | 3 +- src/lib/libcrypto/asn1/a_object.c | 4 +- src/lib/libcrypto/asn1/a_strex.c | 17 +- src/lib/libcrypto/asn1/a_strnid.c | 2 +- src/lib/libcrypto/asn1/asn1.h | 2 +- src/lib/libcrypto/asn1/n_pkey.c | 3 +- src/lib/libcrypto/asn1/t_crl.c | 3 +- src/lib/libcrypto/asn1/tasn_dec.c | 3 +- src/lib/libcrypto/asn1/x_name.c | 7 +- src/lib/libcrypto/asn1/x_x509.c | 4 +- src/lib/libcrypto/bio/b_sock.c | 29 +- src/lib/libcrypto/bio/bf_nbio.c | 2 - src/lib/libcrypto/bio/bio_lib.c | 4 +- src/lib/libcrypto/bio/bss_acpt.c | 5 +- src/lib/libcrypto/bio/bss_dgram.c | 20 +- src/lib/libcrypto/bio/bss_file.c | 12 +- src/lib/libcrypto/bio/bss_log.c | 32 +- src/lib/libcrypto/bn/bn.h | 18 + src/lib/libcrypto/bn/bn_exp2.c | 3 +- src/lib/libcrypto/bn/bn_gf2m.c | 1 + src/lib/libcrypto/bn/bn_mont.c | 2 +- src/lib/libcrypto/bn/bn_mul.c | 9 +- src/lib/libcrypto/bn/bn_nist.c | 64 ++-- src/lib/libcrypto/comp/c_rle.c | 3 +- src/lib/libcrypto/conf/conf_api.c | 3 +- src/lib/libcrypto/conf/conf_def.c | 13 +- src/lib/libcrypto/cryptlib.c | 21 +- src/lib/libcrypto/crypto-lib.com | 339 ++++++++++++----- src/lib/libcrypto/dsa/dsa_gen.c | 3 +- src/lib/libcrypto/dsa/dsa_ossl.c | 20 +- src/lib/libcrypto/dso/dso_dlfcn.c | 1 + src/lib/libcrypto/dso/dso_vms.c | 179 +++++---- src/lib/libcrypto/ec/ec2_smpl.c | 3 + src/lib/libcrypto/ec/ec_mult.c | 6 +- src/lib/libcrypto/ec/ecp_smpl.c | 3 + src/lib/libcrypto/engine/engine.h | 3 + src/lib/libcrypto/evp/encode.c | 3 +- src/lib/libcrypto/evp/evp_enc.c | 1 + src/lib/libcrypto/evp/evp_test.c | 1 + src/lib/libcrypto/evp/p_lib.c | 3 + src/lib/libcrypto/evp/p_sign.c | 2 +- src/lib/libcrypto/evp/p_verify.c | 2 +- src/lib/libcrypto/hmac/hmac.c | 3 - src/lib/libcrypto/md32_common.h | 15 +- src/lib/libcrypto/o_time.c | 22 +- src/lib/libcrypto/ocsp/ocsp_ht.c | 12 +- src/lib/libcrypto/ocsp/ocsp_lib.c | 8 +- src/lib/libcrypto/ocsp/ocsp_prn.c | 2 - src/lib/libcrypto/opensslv.h | 6 +- src/lib/libcrypto/pem/pem_lib.c | 2 - src/lib/libcrypto/perlasm/cbc.pl | 2 - src/lib/libcrypto/perlasm/x86_64-xlate.pl | 6 +- src/lib/libcrypto/pkcs12/p12_key.c | 38 +- src/lib/libcrypto/pkcs7/pk7_doit.c | 3 - src/lib/libcrypto/pkcs7/pk7_lib.c | 2 - src/lib/libcrypto/rand/md_rand.c | 11 +- src/lib/libcrypto/rand/rand_vms.c | 16 +- src/lib/libcrypto/rand/randfile.c | 6 +- src/lib/libcrypto/rsa/rsa_eay.c | 2 +- src/lib/libcrypto/rsa/rsa_oaep.c | 20 +- src/lib/libcrypto/stack/safestack.h | 115 +++--- src/lib/libcrypto/util/cygwin.sh | 11 +- src/lib/libcrypto/util/libeay.num | 18 +- src/lib/libcrypto/util/mk1mf.pl | 20 +- src/lib/libcrypto/util/mkdef.pl | 3 + src/lib/libcrypto/util/mkerr.pl | 4 +- src/lib/libcrypto/util/mkstack.pl | 20 +- src/lib/libcrypto/util/pl/VC-32.pl | 6 +- src/lib/libcrypto/x509/x509.h | 1 + src/lib/libcrypto/x509/x509_vfy.c | 6 +- src/lib/libcrypto/x509/x_all.c | 1 + src/lib/libcrypto/x509v3/pcy_tree.c | 3 +- src/lib/libcrypto/x509v3/v3_addr.c | 6 + src/lib/libcrypto/x509v3/v3_asid.c | 31 +- src/lib/libssl/LICENSE | 2 +- src/lib/libssl/bio_ssl.c | 4 + src/lib/libssl/d1_clnt.c | 6 +- src/lib/libssl/d1_pkt.c | 22 +- src/lib/libssl/d1_srvr.c | 26 +- src/lib/libssl/s23_lib.c | 7 - src/lib/libssl/s3_clnt.c | 3 + src/lib/libssl/s3_lib.c | 6 + src/lib/libssl/s3_pkt.c | 6 +- src/lib/libssl/s3_srvr.c | 36 +- src/lib/libssl/src/CHANGES | 136 ++++++- src/lib/libssl/src/Configure | 15 + src/lib/libssl/src/FAQ | 53 ++- src/lib/libssl/src/INSTALL.VMS | 52 ++- src/lib/libssl/src/INSTALL.W32 | 22 +- src/lib/libssl/src/LICENSE | 2 +- src/lib/libssl/src/Makefile | 2 +- src/lib/libssl/src/Makefile.shared | 26 +- src/lib/libssl/src/NEWS | 41 ++- src/lib/libssl/src/PROBLEMS | 4 +- src/lib/libssl/src/README | 4 +- src/lib/libssl/src/VMS/mkshared.com | 227 ++++++++---- src/lib/libssl/src/apps/CA.com | 98 ++--- src/lib/libssl/src/apps/apps.c | 11 +- src/lib/libssl/src/apps/asn1pars.c | 1 + src/lib/libssl/src/apps/dh.c | 5 +- src/lib/libssl/src/apps/dhparam.c | 5 +- src/lib/libssl/src/apps/dsaparam.c | 9 +- src/lib/libssl/src/apps/enc.c | 9 +- src/lib/libssl/src/apps/gendh.c | 5 +- src/lib/libssl/src/apps/gendsa.c | 5 +- src/lib/libssl/src/apps/makeapps.com | 316 ++++++++++++---- src/lib/libssl/src/apps/openssl.c | 64 +++- src/lib/libssl/src/apps/pkcs12.c | 2 +- src/lib/libssl/src/apps/pkcs7.c | 5 +- src/lib/libssl/src/apps/rand.c | 5 +- src/lib/libssl/src/apps/s_server.c | 5 +- src/lib/libssl/src/apps/s_socket.c | 7 +- src/lib/libssl/src/apps/speed.c | 14 +- src/lib/libssl/src/apps/x509.c | 2 - src/lib/libssl/src/config | 4 + src/lib/libssl/src/crypto/Makefile | 4 +- src/lib/libssl/src/crypto/asn1/a_int.c | 3 +- src/lib/libssl/src/crypto/asn1/a_object.c | 4 +- src/lib/libssl/src/crypto/asn1/a_strex.c | 17 +- src/lib/libssl/src/crypto/asn1/a_strnid.c | 2 +- src/lib/libssl/src/crypto/asn1/asn1.h | 2 +- src/lib/libssl/src/crypto/asn1/n_pkey.c | 3 +- src/lib/libssl/src/crypto/asn1/t_crl.c | 3 +- src/lib/libssl/src/crypto/asn1/tasn_dec.c | 3 +- src/lib/libssl/src/crypto/asn1/x_name.c | 7 +- src/lib/libssl/src/crypto/asn1/x_x509.c | 4 +- src/lib/libssl/src/crypto/bio/b_sock.c | 29 +- src/lib/libssl/src/crypto/bio/bf_nbio.c | 2 - src/lib/libssl/src/crypto/bio/bio_lib.c | 4 +- src/lib/libssl/src/crypto/bio/bss_acpt.c | 5 +- src/lib/libssl/src/crypto/bio/bss_dgram.c | 20 +- src/lib/libssl/src/crypto/bio/bss_file.c | 12 +- src/lib/libssl/src/crypto/bio/bss_log.c | 32 +- src/lib/libssl/src/crypto/bn/bn.h | 18 + src/lib/libssl/src/crypto/bn/bn_exp2.c | 3 +- src/lib/libssl/src/crypto/bn/bn_gf2m.c | 1 + src/lib/libssl/src/crypto/bn/bn_mont.c | 2 +- src/lib/libssl/src/crypto/bn/bn_mul.c | 9 +- src/lib/libssl/src/crypto/bn/bn_nist.c | 64 ++-- src/lib/libssl/src/crypto/comp/c_rle.c | 3 +- src/lib/libssl/src/crypto/conf/conf_api.c | 3 +- src/lib/libssl/src/crypto/conf/conf_def.c | 13 +- src/lib/libssl/src/crypto/cryptlib.c | 21 +- src/lib/libssl/src/crypto/crypto-lib.com | 339 ++++++++++++----- src/lib/libssl/src/crypto/dsa/dsa_gen.c | 3 +- src/lib/libssl/src/crypto/dsa/dsa_ossl.c | 20 +- src/lib/libssl/src/crypto/dso/dso_dlfcn.c | 1 + src/lib/libssl/src/crypto/dso/dso_vms.c | 179 +++++---- src/lib/libssl/src/crypto/ec/ec2_smpl.c | 3 + src/lib/libssl/src/crypto/ec/ec_mult.c | 6 +- src/lib/libssl/src/crypto/ec/ecp_smpl.c | 3 + src/lib/libssl/src/crypto/engine/engine.h | 3 + src/lib/libssl/src/crypto/evp/encode.c | 3 +- src/lib/libssl/src/crypto/evp/evp_enc.c | 1 + src/lib/libssl/src/crypto/evp/evp_test.c | 1 + src/lib/libssl/src/crypto/evp/p_lib.c | 3 + src/lib/libssl/src/crypto/evp/p_sign.c | 2 +- src/lib/libssl/src/crypto/evp/p_verify.c | 2 +- src/lib/libssl/src/crypto/hmac/hmac.c | 3 - src/lib/libssl/src/crypto/md32_common.h | 15 +- src/lib/libssl/src/crypto/o_time.c | 22 +- src/lib/libssl/src/crypto/ocsp/ocsp_ht.c | 12 +- src/lib/libssl/src/crypto/ocsp/ocsp_lib.c | 8 +- src/lib/libssl/src/crypto/ocsp/ocsp_prn.c | 2 - src/lib/libssl/src/crypto/opensslv.h | 6 +- src/lib/libssl/src/crypto/pem/pem_lib.c | 2 - src/lib/libssl/src/crypto/perlasm/cbc.pl | 2 - src/lib/libssl/src/crypto/perlasm/x86_64-xlate.pl | 6 +- src/lib/libssl/src/crypto/pkcs12/p12_key.c | 38 +- src/lib/libssl/src/crypto/pkcs7/pk7_doit.c | 3 - src/lib/libssl/src/crypto/pkcs7/pk7_lib.c | 2 - src/lib/libssl/src/crypto/rand/md_rand.c | 11 +- src/lib/libssl/src/crypto/rand/rand_vms.c | 16 +- src/lib/libssl/src/crypto/rand/randfile.c | 6 +- src/lib/libssl/src/crypto/rsa/rsa_eay.c | 2 +- src/lib/libssl/src/crypto/rsa/rsa_oaep.c | 20 +- src/lib/libssl/src/crypto/stack/safestack.h | 115 +++--- src/lib/libssl/src/crypto/x509/x509.h | 1 + src/lib/libssl/src/crypto/x509/x509_vfy.c | 6 +- src/lib/libssl/src/crypto/x509/x_all.c | 1 + src/lib/libssl/src/crypto/x509v3/pcy_tree.c | 3 +- src/lib/libssl/src/crypto/x509v3/v3_addr.c | 6 + src/lib/libssl/src/crypto/x509v3/v3_asid.c | 31 +- src/lib/libssl/src/doc/apps/smime.pod | 8 +- src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod | 13 +- src/lib/libssl/src/doc/ssl/ssl.pod | 2 +- src/lib/libssl/src/engines/Makefile | 2 +- src/lib/libssl/src/engines/e_capi.c | 14 +- src/lib/libssl/src/engines/e_capi_err.h | 4 + src/lib/libssl/src/engines/e_gmp.c | 2 + src/lib/libssl/src/engines/e_ubsec.c | 2 - src/lib/libssl/src/install.com | 219 ++++++----- src/lib/libssl/src/makevms.com | 404 +++++++++++++++------ src/lib/libssl/src/openssl.spec | 6 +- src/lib/libssl/src/ssl/bio_ssl.c | 4 + src/lib/libssl/src/ssl/d1_clnt.c | 6 +- src/lib/libssl/src/ssl/d1_pkt.c | 22 +- src/lib/libssl/src/ssl/d1_srvr.c | 26 +- src/lib/libssl/src/ssl/s23_lib.c | 7 - src/lib/libssl/src/ssl/s2_srvr.c | 7 +- src/lib/libssl/src/ssl/s3_clnt.c | 3 + src/lib/libssl/src/ssl/s3_enc.c | 3 +- src/lib/libssl/src/ssl/s3_lib.c | 6 + src/lib/libssl/src/ssl/s3_pkt.c | 6 +- src/lib/libssl/src/ssl/s3_srvr.c | 36 +- src/lib/libssl/src/ssl/ssl-lib.com | 295 +++++++++++---- src/lib/libssl/src/ssl/ssl_asn1.c | 3 +- src/lib/libssl/src/ssl/ssl_ciph.c | 6 +- src/lib/libssl/src/ssl/ssl_lib.c | 47 +-- src/lib/libssl/src/ssl/ssltest.c | 3 - src/lib/libssl/src/ssl/t1_enc.c | 14 +- src/lib/libssl/src/ssl/t1_lib.c | 20 +- src/lib/libssl/src/test/maketests.com | 309 ++++++++++++---- src/lib/libssl/src/test/tcrl.com | 13 +- src/lib/libssl/src/test/testca.com | 8 +- src/lib/libssl/src/test/testenc.com | 13 +- src/lib/libssl/src/test/testgen.com | 22 +- src/lib/libssl/src/test/tests.com | 167 ++++++--- src/lib/libssl/src/test/testss.com | 17 +- src/lib/libssl/src/test/testssl.com | 26 +- src/lib/libssl/src/test/tpkcs7.com | 13 +- src/lib/libssl/src/test/tpkcs7d.com | 13 +- src/lib/libssl/src/test/treq.com | 13 +- src/lib/libssl/src/test/trsa.com | 13 +- src/lib/libssl/src/test/tsid.com | 13 +- src/lib/libssl/src/test/tverify.com | 10 +- src/lib/libssl/src/test/tx509.com | 13 +- src/lib/libssl/src/util/cygwin.sh | 11 +- src/lib/libssl/src/util/libeay.num | 18 +- src/lib/libssl/src/util/mk1mf.pl | 20 +- src/lib/libssl/src/util/mkdef.pl | 3 + src/lib/libssl/src/util/mkerr.pl | 4 +- src/lib/libssl/src/util/mkstack.pl | 20 +- src/lib/libssl/src/util/pl/VC-32.pl | 6 +- src/lib/libssl/ssl_asn1.c | 3 +- src/lib/libssl/ssl_ciph.c | 6 +- src/lib/libssl/ssl_lib.c | 47 +-- src/lib/libssl/t1_enc.c | 14 +- src/lib/libssl/t1_lib.c | 20 +- src/lib/libssl/test/maketests.com | 309 ++++++++++++---- src/lib/libssl/test/tcrl.com | 13 +- src/lib/libssl/test/testca.com | 8 +- src/lib/libssl/test/testenc.com | 13 +- src/lib/libssl/test/testgen.com | 22 +- src/lib/libssl/test/tests.com | 167 ++++++--- src/lib/libssl/test/testss.com | 17 +- src/lib/libssl/test/testssl.com | 26 +- src/lib/libssl/test/tpkcs7.com | 13 +- src/lib/libssl/test/tpkcs7d.com | 13 +- src/lib/libssl/test/treq.com | 13 +- src/lib/libssl/test/trsa.com | 13 +- src/lib/libssl/test/tsid.com | 13 +- src/lib/libssl/test/tverify.com | 10 +- src/lib/libssl/test/tx509.com | 13 +- 255 files changed, 4328 insertions(+), 2118 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Attic/Makefile index c1033f6d77..85d9f249c5 100644 --- a/src/lib/libcrypto/Attic/Makefile +++ b/src/lib/libcrypto/Attic/Makefile @@ -74,7 +74,9 @@ x86_64cpuid.s: x86_64cpuid.pl $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@ ia64cpuid.s: ia64cpuid.S $(CC) $(CFLAGS) -E ia64cpuid.S > $@ -ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ +ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ +alphacpuid.s: alphacpuid.pl + $(PERL) $< | $(CC) -E - | tee $@ > /dev/null testapps: [ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \ diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c index c6fd204ae3..3348b8762c 100644 --- a/src/lib/libcrypto/asn1/a_int.c +++ b/src/lib/libcrypto/asn1/a_int.c @@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, { ASN1_INTEGER *ret=NULL; const unsigned char *p; - unsigned char *to,*s; + unsigned char *s; long len; int inf,tag,xclass; int i; @@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, i=ERR_R_MALLOC_FAILURE; goto err; } - to=s; ret->type=V_ASN1_INTEGER; if(len) { if ((*p == 0) && (len != 1)) diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c index e5fbe7cbb1..3978c9150d 100644 --- a/src/lib/libcrypto/asn1/a_object.c +++ b/src/lib/libcrypto/asn1/a_object.c @@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); goto err; } - if (!use_bn && l > (ULONG_MAX / 10L)) + if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { use_bn = 1; if (!bl) @@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, /* Sanity check OID encoding: can't have leading 0x80 in * subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp + 1; i < len - 1; i++, p++) + for (i = 0, p = *pp; i < len; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c index 7fc14d3296..264ebf2393 100644 --- a/src/lib/libcrypto/asn1/a_strex.c +++ b/src/lib/libcrypto/asn1/a_strex.c @@ -74,6 +74,11 @@ #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) +#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB) + /* Three IO functions for sending data to memory, a BIO and * and a FILE pointer. @@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch if(!io_ch(arg, tmphex, 3)) return -1; return 3; } + /* If we get this far and do any escaping at all must escape + * the escape character itself: backslash. + */ + if (chtmp == '\\' && flags & ESC_FLAGS) { + if(!io_ch(arg, "\\\\", 2)) return -1; + return 2; + } if(!io_ch(arg, &chtmp, 1)) return -1; return 1; } @@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = { 4, -1, 2 /* 28-30 */ }; -#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) - /* This is the main function, print out an * ASN1_STRING taking note of various escape * and display options. Returns number of diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c index 753021a7a2..2fc48c1551 100644 --- a/src/lib/libcrypto/asn1/a_strnid.c +++ b/src/lib/libcrypto/asn1/a_strnid.c @@ -95,7 +95,7 @@ unsigned long ASN1_STRING_get_default_mask(void) * default: the default value, Printable, T61, BMP. */ -int ASN1_STRING_set_default_mask_asc(char *p) +int ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index f7718b5a94..59540e4e79 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h @@ -1067,7 +1067,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); void ASN1_STRING_set_default_mask(unsigned long mask); -int ASN1_STRING_set_default_mask_asc(char *p); +int ASN1_STRING_set_default_mask_asc(const char *p); unsigned long ASN1_STRING_get_default_mask(void); int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, int inform, unsigned long mask); diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c index 60bc437938..e7d0439062 100644 --- a/src/lib/libcrypto/asn1/n_pkey.c +++ b/src/lib/libcrypto/asn1/n_pkey.c @@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int sgckey) { RSA *ret=NULL; - const unsigned char *p, *kp; + const unsigned char *p; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; p = *pp; @@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); goto err; } - kp = enckey->enckey->digest->data; if (cb == NULL) cb=EVP_read_pw_string; if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c index bdb244c015..ee5a687ce8 100644 --- a/src/lib/libcrypto/asn1/t_crl.c +++ b/src/lib/libcrypto/asn1/t_crl.c @@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; - int i, n; + int i; char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); @@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x) else BIO_printf(out,"NONE"); BIO_printf(out,"\n"); - n=X509_CRL_get_ext_count(x); X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index 3bee439968..87d7dfdf5c 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c @@ -168,7 +168,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int i; int otag; int ret = 0; - ASN1_VALUE *pchval, **pchptr, *ptmpval; + ASN1_VALUE **pchptr, *ptmpval; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -319,7 +319,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } /* CHOICE type, try each possibility in turn */ - pchval = NULL; p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) { diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c index caa4409feb..49be08b4da 100644 --- a/src/lib/libcrypto/asn1/x_name.c +++ b/src/lib/libcrypto/asn1/x_name.c @@ -214,7 +214,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, *val = nm.a; *in = p; return ret; - err: +err: + if (nm.x != NULL) + X509_NAME_free(nm.x); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -464,7 +466,8 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in) } else { - *to++ = tolower(*from++); + *to++ = tolower(*from); + from++; i++; } } diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c index dafd3cc921..de3df9eb51 100644 --- a/src/lib/libcrypto/asn1/x_x509.c +++ b/src/lib/libcrypto/asn1/x_x509.c @@ -63,7 +63,7 @@ #include #include -ASN1_SEQUENCE(X509_CINF) = { +ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), @@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = { ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -} ASN1_SEQUENCE_END(X509_CINF) +} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) /* X509 top level structure needs a bit of customisation */ diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c index 12b0a53a81..d47310d650 100644 --- a/src/lib/libcrypto/bio/b_sock.c +++ b/src/lib/libcrypto/bio/b_sock.c @@ -551,7 +551,30 @@ int BIO_socket_ioctl(int fd, long type, void *arg) #ifdef __DJGPP__ i=ioctlsocket(fd,type,(char *)arg); #else - i=ioctlsocket(fd,type,arg); +# if defined(OPENSSL_SYS_VMS) + /* 2011-02-18 SMS. + * VMS ioctl() can't tolerate a 64-bit "void *arg", but we + * observe that all the consumers pass in an "unsigned long *", + * so we arrange a local copy with a short pointer, and use + * that, instead. + */ +# if __INITIAL_POINTER_SIZE == 64 +# define ARG arg_32p +# pragma pointer_size save +# pragma pointer_size 32 + unsigned long arg_32; + unsigned long *arg_32p; +# pragma pointer_size restore + arg_32p = &arg_32; + arg_32 = *((unsigned long *) arg); +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define ARG arg +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +# else /* defined(OPENSSL_SYS_VMS) */ +# define ARG arg +# endif /* defined(OPENSSL_SYS_VMS) [else] */ + + i=ioctlsocket(fd,type,ARG); #endif /* __DJGPP__ */ if (i < 0) SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error()); @@ -660,6 +683,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) * note that commonly IPv6 wildchard socket can service * IPv4 connections just as well... */ memset(&hint,0,sizeof(hint)); + hint.ai_flags = AI_PASSIVE; if (h) { if (strchr(h,':')) @@ -672,7 +696,10 @@ int BIO_get_accept_socket(char *host, int bind_mode) #endif } else if (h[0]=='*' && h[1]=='\0') + { + hint.ai_family = AF_INET; h=NULL; + } } if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break; diff --git a/src/lib/libcrypto/bio/bf_nbio.c b/src/lib/libcrypto/bio/bf_nbio.c index c72a23c2e1..028616c064 100644 --- a/src/lib/libcrypto/bio/bf_nbio.c +++ b/src/lib/libcrypto/bio/bf_nbio.c @@ -125,7 +125,6 @@ static int nbiof_free(BIO *a) static int nbiof_read(BIO *b, char *out, int outl) { - NBIO_TEST *nt; int ret=0; #if 1 int num; @@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl) if (out == NULL) return(0); if (b->next_bio == NULL) return(0); - nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); #if 1 diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c index 77f4de9c32..e12bc3a2ca 100644 --- a/src/lib/libcrypto/bio/bio_lib.c +++ b/src/lib/libcrypto/bio/bio_lib.c @@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method) int BIO_free(BIO *a) { - int ret=0,i; + int i; if (a == NULL) return(0); @@ -133,7 +133,7 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - ret=a->method->destroy(a); + a->method->destroy(a); OPENSSL_free(a); return(1); } diff --git a/src/lib/libcrypto/bio/bss_acpt.c b/src/lib/libcrypto/bio/bss_acpt.c index 826f761143..5d49e1a72b 100644 --- a/src/lib/libcrypto/bio/bss_acpt.c +++ b/src/lib/libcrypto/bio/bss_acpt.c @@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl) static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) { - BIO *dbio; int *ip; long ret=1; BIO_ACCEPT *data; @@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret=(long)data->bind_mode; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; -/* if (data->param_port) EAY EAY +/* dbio=(BIO *)ptr; + if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) BIO_set_hostname(dbio,data->param_hostname); diff --git a/src/lib/libcrypto/bio/bss_dgram.c b/src/lib/libcrypto/bio/bss_dgram.c index eb7e365467..71ebe987b6 100644 --- a/src/lib/libcrypto/bio/bss_dgram.c +++ b/src/lib/libcrypto/bio/bss_dgram.c @@ -57,7 +57,6 @@ * */ -#ifndef OPENSSL_NO_DGRAM #include #include @@ -65,6 +64,7 @@ #include "cryptlib.h" #include +#ifndef OPENSSL_NO_DGRAM #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) #include @@ -308,7 +308,6 @@ static int dgram_read(BIO *b, char *out, int outl) OPENSSL_assert(sa.len.s<=sizeof(sa.peer)); sa.len.i = (int)sa.len.s; } - dgram_reset_rcv_timeout(b); if ( ! data->connected && ret >= 0) BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); @@ -322,6 +321,8 @@ static int dgram_read(BIO *b, char *out, int outl) data->_errno = get_last_socket_error(); } } + + dgram_reset_rcv_timeout(b); } return(ret); } @@ -340,7 +341,7 @@ static int dgram_write(BIO *b, const char *in, int inl) if (data->peer.sa.sa_family == AF_INET) peerlen = sizeof(data->peer.sa_in); -#if OPENSSL_USE_IVP6 +#if OPENSSL_USE_IPV6 else if (data->peer.sa.sa_family == AF_INET6) peerlen = sizeof(data->peer.sa_in6); #endif @@ -745,9 +746,13 @@ static int BIO_dgram_should_retry(int i) { err=get_last_socket_error(); -#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ - if ((i == -1) && (err == 0)) - return(1); +#if defined(OPENSSL_SYS_WINDOWS) + /* If the socket return value (i) is -1 + * and err is unexpectedly 0 at this point, + * the error code was overwritten by + * another system call before this error + * handling is called. + */ #endif return(BIO_dgram_non_fatal_error(err)); @@ -810,7 +815,6 @@ int BIO_dgram_non_fatal_error(int err) } return(0); } -#endif static void get_current_time(struct timeval *t) { @@ -828,3 +832,5 @@ static void get_current_time(struct timeval *t) gettimeofday(t, NULL); #endif } + +#endif diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c index 8bfa0bcd97..b954fe7ebc 100644 --- a/src/lib/libcrypto/bio/bss_file.c +++ b/src/lib/libcrypto/bio/bss_file.c @@ -123,6 +123,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) #if defined(_WIN32) && defined(CP_UTF8) int sz, len_0 = (int)strlen(filename)+1; + DWORD flags; /* * Basically there are three cases to cover: a) filename is @@ -136,17 +137,22 @@ BIO *BIO_new_file(const char *filename, const char *mode) * ERROR_NO_UNICODE_TRANSLATION, in which case we fall * back to fopen... */ - if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + if ((sz=MultiByteToWideChar(CP_UTF8,(flags=MB_ERR_INVALID_CHARS), + filename,len_0,NULL,0))>0 || + (GetLastError()==ERROR_INVALID_FLAGS && + (sz=MultiByteToWideChar(CP_UTF8,(flags=0), filename,len_0,NULL,0))>0) + ) { WCHAR wmode[8]; WCHAR *wfilename = _alloca(sz*sizeof(WCHAR)); - if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + if (MultiByteToWideChar(CP_UTF8,flags, filename,len_0,wfilename,sz) && MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1, wmode,sizeof(wmode)/sizeof(wmode[0])) && - (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT + (file=_wfopen(wfilename,wmode))==NULL && + (errno==ENOENT || errno==EBADF) ) /* UTF-8 decode succeeded, but no file, filename * could still have been locale-ized... */ file = fopen(filename,mode); diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c index 7ead044b37..b7dce5c1a2 100644 --- a/src/lib/libcrypto/bio/bss_log.c +++ b/src/lib/libcrypto/bio/bss_log.c @@ -75,6 +75,15 @@ # include # include # include +/* Some compiler options may mask the declaration of "_malloc32". */ +# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 + void * _malloc32 (__size_t); +# pragma pointer_size restore +# endif /* __INITIAL_POINTER_SIZE == 64 */ +# endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */ #elif defined(__ultrix) # include #elif defined(OPENSSL_SYS_NETWARE) @@ -300,7 +309,24 @@ static void xopenlog(BIO* bp, char* name, int level) static void xsyslog(BIO *bp, int priority, const char *string) { struct dsc$descriptor_s opc_dsc; + +/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 +# define OPCDEF_TYPE __char_ptr32 +# define OPCDEF_MALLOC _malloc32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define OPCDEF_TYPE char * +# define OPCDEF_MALLOC OPENSSL_malloc +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + struct opcdef *opcdef_p; + +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ + char buf[10240]; unsigned int len; struct dsc$descriptor_s buf_dsc; @@ -326,8 +352,8 @@ static void xsyslog(BIO *bp, int priority, const char *string) lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); - /* we know there's an 8 byte header. That's documented */ - opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len); + /* We know there's an 8-byte header. That's documented. */ + opcdef_p = OPCDEF_MALLOC( 8+ len); opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); opcdef_p->opc$l_ms_rqstid = 0; @@ -335,7 +361,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; opc_dsc.dsc$b_class = DSC$K_CLASS_S; - opc_dsc.dsc$a_pointer = (char *)opcdef_p; + opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p; opc_dsc.dsc$w_length = len + 8; sys$sndopr(opc_dsc, 0); diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h index e484b7fc11..a0bc47837d 100644 --- a/src/lib/libcrypto/bn/bn.h +++ b/src/lib/libcrypto/bn/bn.h @@ -253,6 +253,24 @@ extern "C" { #define BN_HEX_FMT2 "%08X" #endif +/* 2011-02-22 SMS. + * In various places, a size_t variable or a type cast to size_t was + * used to perform integer-only operations on pointers. This failed on + * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is + * still only 32 bits. What's needed in these cases is an integer type + * with the same size as a pointer, which size_t is not certain to be. + * The only fix here is VMS-specific. + */ +#if defined(OPENSSL_SYS_VMS) +# if __INITIAL_POINTER_SIZE == 64 +# define PTR_SIZE_INT long long +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_SIZE_INT int +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#else /* defined(OPENSSL_SYS_VMS) */ +# define PTR_SIZE_INT size_t +#endif /* defined(OPENSSL_SYS_VMS) [else] */ + #define BN_DEFAULT_BITS 1280 #define BN_FLG_MALLOCED 0x01 diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c index b3f43cec8c..bd0c34b91b 100644 --- a/src/lib/libcrypto/bn/bn_exp2.c +++ b/src/lib/libcrypto/bn/bn_exp2.c @@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, r_is_one = 0; } } - BN_from_montgomery(rr,r,mont,ctx); + if (!BN_from_montgomery(rr,r,mont,ctx)) + goto err; ret=1; err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c index 527b0fa15b..432a3aa338 100644 --- a/src/lib/libcrypto/bn/bn_gf2m.c +++ b/src/lib/libcrypto/bn/bn_gf2m.c @@ -545,6 +545,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { while (!BN_is_odd(u)) { + if (BN_is_zero(u)) goto err; if (!BN_rshift1(u, u)) goto err; if (BN_is_odd(b)) { diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c index 7224637ab3..1a866880f5 100644 --- a/src/lib/libcrypto/bn/bn_mont.c +++ b/src/lib/libcrypto/bn/bn_mont.c @@ -277,7 +277,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) m1|=m2; /* (al!=ri) */ m1|=(0-(size_t)v); /* (al!=ri || v) */ m1&=~m2; /* (al!=ri || v) && !al>ri */ - nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); + nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m1)|((PTR_SIZE_INT)ap&m1)); } /* 'i= -1 && i <= 1) { - int sav_j =0; /* Find out the power of two lower or equal to the longest of the two numbers */ if (i >= 0) @@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { j = BN_num_bits_word((BN_ULONG)bl); } - sav_j = j; j = 1<<(j-1); assert(j <= al || j <= bl); k = j+j; diff --git a/src/lib/libcrypto/bn/bn_nist.c b/src/lib/libcrypto/bn/bn_nist.c index 2ca5b01391..c6de032696 100644 --- a/src/lib/libcrypto/bn/bn_nist.c +++ b/src/lib/libcrypto/bn/bn_nist.c @@ -354,7 +354,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_192_TOP], c_d[BN_NIST_192_TOP], *res; - size_t mask; + PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_192_sqr = { (BN_ULONG *)_nist_p_192_sqr, sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), @@ -405,9 +405,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' * this is what happens below, but without explicit if:-) a. */ - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *) + (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); @@ -438,8 +439,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_224_TOP], c_d[BN_NIST_224_TOP], *res; - size_t mask; - union { bn_addsub_f f; size_t p; } u; + PTR_SIZE_INT mask; + union { bn_addsub_f f; PTR_SIZE_INT p; } u; static const BIGNUM _bignum_nist_p_224_sqr = { (BN_ULONG *)_nist_p_224_sqr, sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), @@ -510,16 +511,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, * to be compared to the modulus and conditionally * adjusted by *subtracting* the latter. */ carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP); - mask = 0-(size_t)carry; - u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + mask = 0-(PTR_SIZE_INT)carry; + u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | + ((PTR_SIZE_INT)bn_add_words&~mask); } else carry = 1; /* otherwise it's effectively same as in BN_nist_mod_192... */ - mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_224_TOP); r->top = BN_NIST_224_TOP; bn_correct_top(r); @@ -549,8 +552,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_256_TOP], c_d[BN_NIST_256_TOP], *res; - size_t mask; - union { bn_addsub_f f; size_t p; } u; + PTR_SIZE_INT mask; + union { bn_addsub_f f; PTR_SIZE_INT p; } u; static const BIGNUM _bignum_nist_p_256_sqr = { (BN_ULONG *)_nist_p_256_sqr, sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), @@ -629,15 +632,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (carry < 0) { carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP); - mask = 0-(size_t)carry; - u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + mask = 0-(PTR_SIZE_INT)carry; + u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | + ((PTR_SIZE_INT)bn_add_words&~mask); } else carry = 1; - mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_256_TOP); r->top = BN_NIST_256_TOP; bn_correct_top(r); @@ -671,8 +676,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, buf[BN_NIST_384_TOP], c_d[BN_NIST_384_TOP], *res; - size_t mask; - union { bn_addsub_f f; size_t p; } u; + PTR_SIZE_INT mask; + union { bn_addsub_f f; PTR_SIZE_INT p; } u; static const BIGNUM _bignum_nist_p_384_sqr = { (BN_ULONG *)_nist_p_384_sqr, sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), @@ -754,15 +759,17 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (carry < 0) { carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP); - mask = 0-(size_t)carry; - u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + mask = 0-(PTR_SIZE_INT)carry; + u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | + ((PTR_SIZE_INT)bn_add_words&~mask); } else carry = 1; - mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); - mask &= 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); + mask &= 0-(PTR_SIZE_INT)carry; + res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_384_TOP); r->top = BN_NIST_384_TOP; bn_correct_top(r); @@ -781,7 +788,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val,tmp,*res; - size_t mask; + PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_521_sqr = { (BN_ULONG *)_nist_p_521_sqr, sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), @@ -826,8 +833,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, r_d[i] &= BN_NIST_521_TOP_MASK; bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); - mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); - res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); + mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); + res = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) | + ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d,res,BN_NIST_521_TOP); r->top = BN_NIST_521_TOP; bn_correct_top(r); diff --git a/src/lib/libcrypto/comp/c_rle.c b/src/lib/libcrypto/comp/c_rle.c index efd366fa22..18bceae51e 100644 --- a/src/lib/libcrypto/comp/c_rle.c +++ b/src/lib/libcrypto/comp/c_rle.c @@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, { int i; - if (olen < (ilen-1)) + if (ilen == 0 || olen < (ilen-1)) { /* ZZZZZZZZZZZZZZZZZZZZZZ */ return(-1); @@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, } return(ilen-1); } - diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c index 22617e5fa1..f5fcbb9f6b 100644 --- a/src/lib/libcrypto/conf/conf_api.c +++ b/src/lib/libcrypto/conf/conf_api.c @@ -64,6 +64,7 @@ #endif #include +#include #include #include #include @@ -285,7 +286,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) v->value=(char *)sk; vv=lh_CONF_VALUE_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c index 0b571b0394..cf951320af 100644 --- a/src/lib/libcrypto/conf/conf_def.c +++ b/src/lib/libcrypto/conf/conf_def.c @@ -213,13 +213,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; - int again,n; + int again; long eline=0; char btmp[DECIMAL_SIZE(eline)+1]; CONF_VALUE *v=NULL,*tv; CONF_VALUE *sv=NULL; char *section=NULL,*buf; - STACK_OF(CONF_VALUE) *section_sk=NULL,*ts; char *start,*psection,*pname; void *h = (void *)(conf->data); @@ -250,7 +249,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; bufnum=0; again=0; @@ -309,7 +307,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) buf=buff->data; clear_comments(conf, buf); - n=strlen(buf); s=eat_ws(conf, buf); if (IS_EOF(conf,*s)) continue; /* blank line */ if (*s == '[') @@ -343,7 +340,6 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; continue; } else @@ -406,13 +402,9 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - ts=(STACK_OF(CONF_VALUE) *)tv->value; } else - { tv=sv; - ts=section_sk; - } #if 1 if (_CONF_add_string(conf, tv, v) == 0) { @@ -465,9 +457,6 @@ err: static void clear_comments(CONF *conf, char *p) { - char *to; - - to=p; for (;;) { if (IS_FCOMMENT(conf,*p)) diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c index b4449b86d6..24fe123e14 100644 --- a/src/lib/libcrypto/cryptlib.c +++ b/src/lib/libcrypto/cryptlib.c @@ -731,7 +731,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: - ERR_remove_state(0); break; case DLL_PROCESS_DETACH: break; @@ -743,6 +742,16 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, #if defined(_WIN32) && !defined(__CYGWIN__) #include #include +#ifdef __WATCOMC__ +#if defined(_UNICODE) || defined(__UNICODE__) +#define _vsntprintf _vsnwprintf +#else +#define _vsntprintf _vsnprintf +#endif +#endif +#ifdef _MSC_VER +#define alloca _alloca +#endif #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 int OPENSSL_isservice(void) @@ -773,11 +782,7 @@ int OPENSSL_isservice(void) if (len>512) return -1; /* paranoia */ len++,len&=~1; /* paranoia */ -#ifdef _MSC_VER - name=(WCHAR *)_alloca(len+sizeof(WCHAR)); -#else name=(WCHAR *)alloca(len+sizeof(WCHAR)); -#endif if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len)) return -1; @@ -822,11 +827,7 @@ void OPENSSL_showfatal (const char *fmta,...) size_t len_0=strlen(fmta)+1,i; WCHAR *fmtw; -#ifdef _MSC_VER - fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); -#else - fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); -#endif + fmtw = (WCHAR *)alloca(len_0*sizeof(WCHAR)); if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } #ifndef OPENSSL_NO_MULTIBYTE diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com index a4b6635091..a29c0afd93 100644 --- a/src/lib/libcrypto/crypto-lib.com +++ b/src/lib/libcrypto/crypto-lib.com @@ -47,11 +47,33 @@ $! P6, if defined, sets a choice of crypto methods to compile. $! WARNING: this should only be done to recompile some part of an already $! fully compiled library. $! +$! P7, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: +$! +$! "" Compile with default (/NOPOINTER_SIZE) +$! 32 Compile with /POINTER_SIZE=32 (SHORT) +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]). +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). +$! +$! P8, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) $! $ TCPIP_LIB = "" +$ ZLIB_LIB = "" $! $! Check Which Architecture We Are Using. $! @@ -75,6 +97,11 @@ $! End The Architecture Check. $! $ ENDIF $! +$ ARCHD = ARCH +$ LIB32 = "32" +$ OPT_FILE = "" +$ POINTER_SIZE = "" +$! $! Define The Different Encryption Types. $! NOTE: Some might think this list ugly. However, it's made this way to $! reflect the SDIRS variable in [-]Makefile.org as closely as possible, @@ -91,17 +118,29 @@ $ ENCRYPT_TYPES = "Basic,"+ - "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - "STORE,CMS,PQUEUE,TS,JPAKE" -$! Define The OBJ Directory. $! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO] +$! Check To Make Sure We Have Valid Command Line Parameters. +$! +$ GOSUB CHECK_OPTIONS $! -$! Define The EXE Directory. +$! Define The OBJ and EXE Directories. $! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] +$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO] +$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO] $! -$! Check To Make Sure We Have Valid Command Line Parameters. +$! Specify the destination directory in any /MAP option. $! -$ GOSUB CHECK_OPTIONS +$ if (LINKMAP .eqs. "MAP") +$ then +$ LINKMAP = LINKMAP+ "=''EXE_DIR'" +$ endif +$! +$! Add the location prefix to the linker options file name. +$! +$ if (OPT_FILE .nes. "") +$ then +$ OPT_FILE = EXE_DIR+ OPT_FILE +$ endif $! $! Initialise logical names and such $! @@ -109,7 +148,7 @@ $ GOSUB INITIALISE $! $! Tell The User What Kind of Machine We Run On. $! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." +$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" $! $! $! Check To See If The Architecture Specific OBJ Directory Exists. @@ -140,11 +179,11 @@ $ ENDIF $! $! Define The Library Name. $! -$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB +$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB +$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB $! $! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library... $! @@ -193,7 +232,7 @@ $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ - "cmll_cfb,cmll_ctr" $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb" -$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128" +$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128" $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN - LIB_BN_ASM = "bn_asm" @@ -301,15 +340,23 @@ $ LIB_JPAKE = "jpake,jpake_err" $! $! Setup exceptional compilations $! -$ ! Add definitions for no threads on OpenVMS 7.1 and higher +$ CC3_SHOWN = 0 +$ CC4_SHOWN = 0 +$ CC5_SHOWN = 0 +$ CC6_SHOWN = 0 +$! +$! The following lists must have leading and trailing commas, and no +$! embedded spaces. (They are scanned for ",name,".) +$! +$ ! Add definitions for no threads on OpenVMS 7.1 and higher. $ COMPILEWITH_CC3 = ",bss_rtcp," -$ ! Disable the DOLLARID warning -$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir" -$ ! Disable disjoint optimization +$ ! Disable the DOLLARID warning. Not needed with /STANDARD=RELAXED. +$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir," +$ ! Disable disjoint optimization on VAX with DECC. $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc," -$ ! Disable the MIXLINKAGE warning -$ COMPILEWITH_CC6 = ",enc_read,set_key," +$ ! Disable the MIXLINKAGE warning. +$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key," $! $! Figure Out What Other Modules We Are To Build. $! @@ -515,31 +562,60 @@ $ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File. (",BUILDALL,",",STATE," $ ENDIF $ IF (MODULE_NAME.NES."") $ THEN -$ WRITE SYS$OUTPUT " ",FILE_NAME,"" +$ WRITE SYS$OUTPUT " ",FILE_NAME,"" $ ENDIF $! $! Compile The File. $! $ ON ERROR THEN GOTO NEXT_FILE -$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME) +$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ "," $ IF FILE_NAME - ".mar" .NES. FILE_NAME $ THEN $ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3 $ THEN +$ write sys$output " \Using special rule (3)" +$ if (.not. CC3_SHOWN) +$ then +$ CC3_SHOWN = 1 +$ x = " "+ CC3 +$ write /symbol sys$output x +$ endif $ CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4 $ THEN +$ write /symbol sys$output " \Using special rule (4)" +$ if (.not. CC4_SHOWN) +$ then +$ CC4_SHOWN = 1 +$ x = " "+ CC4 +$ write /symbol sys$output x +$ endif $ CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE -$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5 +$ IF CC5_DIFFERENT .AND. - + (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5) $ THEN +$ write sys$output " \Using special rule (5)" +$ if (.not. CC5_SHOWN) +$ then +$ CC5_SHOWN = 1 +$ x = " "+ CC5 +$ write /symbol sys$output x +$ endif $ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6 $ THEN +$ write sys$output " \Using special rule (6)" +$ if (.not. CC6_SHOWN) +$ then +$ CC6_SHOWN = 1 +$ x = " "+ CC6 +$ write /symbol sys$output x +$ endif $ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' @@ -586,38 +662,22 @@ $! SHOW SYMBOL APPLICATION* $! $! Tell the user what happens $! -$ WRITE SYS$OUTPUT " ",APPLICATION,".exe" +$ WRITE SYS$OUTPUT " ",APPLICATION,".exe" $! $! Link The Program. $! $ ON ERROR THEN GOTO NEXT_APPLICATION $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. +$! Link With A TCP/IP Library. $! -$ IF (TCPIP_LIB.NES."") -$ THEN +$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' - + /EXE='EXE_DIR''APPLICATION'.EXE - + 'OBJ_DIR''APPLICATION_OBJECTS', - + 'CRYPTO_LIB'/LIBRARY - + 'TCPIP_LIB' - + 'ZLIB_LIB' - + ,'OPT_FILE' /OPTIONS $! -$! Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS',- - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF $ GOTO NEXT_APPLICATION $ APPLICATION_DONE: $ ENDIF @@ -656,7 +716,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable VAX C Runtime Library. ! SYS$SHARE:VAXCRTL.EXE/SHARE @@ -685,7 +745,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable C Runtime Library. ! GNU_CC:[000000]GCCLIB/LIBRARY @@ -720,7 +780,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File To Link Agianst +! Default System Options File To Link Against ! The Sharable DEC C Runtime Library. ! SYS$SHARE:DECC$SHR.EXE/SHARE @@ -735,7 +795,7 @@ $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For non-VAX To Link Agianst +! Default System Options File For non-VAX To Link Against ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE @@ -756,7 +816,7 @@ $ ENDIF $! $! Tell The User What Linker Option File We Are Using. $! -$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." +$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." $! $! Time To RETURN. $! @@ -803,8 +863,8 @@ $ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.E $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." -$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." +$ WRITE SYS$OUTPUT " ALPHA[64]: Alpha Architecture." +$ WRITE SYS$OUTPUT " IA64[64] : IA64 Architecture." $ WRITE SYS$OUTPUT " VAX : VAX Architecture." $ WRITE SYS$OUTPUT "" $! @@ -825,15 +885,16 @@ $! $ IF (P2.EQS."NODEBUG") $ THEN $! -$! P2 Is NODEBUG, So Compile Without The Debugger Information. +$! P2 Is NODEBUG, So Compile Without The Debugger Information. $! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ MACRO_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." +$ DEBUGGER = "NODEBUG" +$ LINKMAP = "NOMAP" +$ TRACEBACK = "NOTRACEBACK" +$ GCC_OPTIMIZE = "OPTIMIZE" +$ CC_OPTIMIZE = "OPTIMIZE" +$ MACRO_OPTIMIZE = "OPTIMIZE" +$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. @@ -844,6 +905,7 @@ $! $! Compile With Debugger Information. $! $ DEBUGGER = "DEBUG" +$ LINKMAP = "MAP" $ TRACEBACK = "TRACEBACK" $ GCC_OPTIMIZE = "NOOPTIMIZE" $ CC_OPTIMIZE = "NOOPTIMIZE" @@ -852,7 +914,7 @@ $ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." $ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." $ ELSE $! -$! They Entered An Invalid Option.. +$! They Entered An Invalid Option. $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" @@ -907,6 +969,60 @@ $! End The P5 Check. $! $ ENDIF $! +$! Check P7 (POINTER_SIZE). +$! +$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (P7 .EQS. "32") +$ THEN +$ POINTER_SIZE = " /POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ POINTER_SIZE = " /POINTER_SIZE=64" +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", P7, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$ ENDIF +$! +$ ENDIF +$! +$! End The P7 (POINTER_SIZE) Check. +$! +$ ENDIF +$! +$! Set basic C compiler /INCLUDE directories. +$! +$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ - + "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1]" +$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."") @@ -1007,11 +1123,64 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" +$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS $! -$! Check To See If The User Entered A Valid Paramter. +$! Check To See If We Have A ZLIB Option. +$! +$ ZLIB = P8 +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$ file1 = f$parse( "A.;", ZLIB)- "A.;" +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ EXIT +$ endif +$! +$ CCDEFS = """ZLIB=1"", "+ CCDEFS +$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 +$ ZLIB_LIB = ", ''file2' /library" +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The ZLIB Check. +$! +$ ENDIF +$! +$! Check To See If The User Entered A Valid Parameter. $! $ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") $ THEN @@ -1034,14 +1203,14 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - - CCEXTRAFLAGS +$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - + "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - + " /INCLUDE=(''CC_INCLUDES')"+ - + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -1070,7 +1239,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(''CC_INCLUDES')"+ - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! @@ -1080,7 +1249,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -1102,12 +1271,12 @@ $! $! Use GNU C... $! $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - + "/INCLUDE=(''CC_INCLUDES')"+ - CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -1128,22 +1297,24 @@ $ CC6DISABLEWARNINGS = "MIXLINKAGE" $ ELSE $ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" $ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" +$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" $ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" -$ CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))" +$ CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" +$ CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))" $ ELSE $ CCDISABLEWARNINGS = "" $ CC4DISABLEWARNINGS = "" $ CC6DISABLEWARNINGS = "" $ ENDIF -$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS +$ CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS +$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG" $ THEN -$ CC5 = CC + "/OPTIMIZE=NODISJOINT" +$ CC5 = CC + " /OPTIMIZE=NODISJOINT" +$ CC5_DIFFERENT = 1 $ ELSE -$ CC5 = CC + "/NOOPTIMIZE" +$ CC5 = CC +$ CC5_DIFFERENT = 0 $ ENDIF $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS $ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS @@ -1196,7 +1367,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" $! $! Done with SOCKETSHR $! @@ -1222,13 +1393,13 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" $ ENDIF $! $! Done with UCX @@ -1242,7 +1413,7 @@ $ THEN $! $! Set the library to use TCPIP (post UCX). $! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" $! $! Done with TCPIP $! @@ -1263,7 +1434,7 @@ $ ENDIF $! $! Print info $! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB +$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," $! $! Else The User Entered An Invalid Argument. $! diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index 0fcd25f8b0..cb0b4538a4 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c @@ -120,7 +120,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, BIGNUM *r0,*W,*X,*c,*test; BIGNUM *g=NULL,*q=NULL,*p=NULL; BN_MONT_CTX *mont=NULL; - int i, k,n=0,b,m=0, qsize = qbits >> 3; + int i, k, n=0, m=0, qsize = qbits >> 3; int counter=0; int r=0; BN_CTX *ctx=NULL; @@ -232,7 +232,6 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* "offset = 2" */ n=(bits-1)/160; - b=(bits-1)-n*160; for (;;) { diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 4fead07e80..a3ddd7d281 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c @@ -148,15 +148,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) s=BN_new(); if (s == NULL) goto err; - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dlen > SHA256_DIGEST_LENGTH) - { - reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; - goto err; - } - ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -185,7 +176,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ if (BN_cmp(s,dsa->q) > 0) - BN_sub(s,s,dsa->q); + if (!BN_sub(s,s,dsa->q)) goto err; if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; ret=DSA_SIG_new(); @@ -325,15 +316,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); return -1; } - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dgst_len > SHA256_DIGEST_LENGTH) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return -1; - } - BN_init(&u1); BN_init(&u2); BN_init(&t1); diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c index 578a20d91d..e78004903c 100644 --- a/src/lib/libcrypto/dso/dso_dlfcn.c +++ b/src/lib/libcrypto/dso/dso_dlfcn.c @@ -85,6 +85,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) # define HAVE_DLINFO 1 # if defined(_AIX) || defined(__CYGWIN__) || \ defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ + (defined(__osf__) && !defined(RTLD_NEXT)) || \ (defined(__OpenBSD__) && (!defined(__ELF__) || !defined(RTLD_SELF))) # undef HAVE_DLINFO # endif diff --git a/src/lib/libcrypto/dso/dso_vms.c b/src/lib/libcrypto/dso/dso_vms.c index 321512772a..eee20d14f1 100644 --- a/src/lib/libcrypto/dso/dso_vms.c +++ b/src/lib/libcrypto/dso/dso_vms.c @@ -68,8 +68,20 @@ #include #include #include +#include "vms_rms.h" #endif +/* Some compiler options may mask the declaration of "_malloc32". */ +#if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 + void * _malloc32 (__size_t); +# pragma pointer_size restore +# endif /* __INITIAL_POINTER_SIZE == 64 */ +#endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */ + + #ifndef OPENSSL_SYS_VMS DSO_METHOD *DSO_METHOD_vms(void) { @@ -121,14 +133,13 @@ typedef struct dso_internal_st /* This should contain the name only, no directory, * no extension, nothing but a name. */ struct dsc$descriptor_s filename_dsc; - char filename[FILENAME_MAX+1]; + char filename[ NAMX_MAXRSS+ 1]; /* This contains whatever is not in filename, if needed. * Normally not defined. */ struct dsc$descriptor_s imagename_dsc; - char imagename[FILENAME_MAX+1]; + char imagename[ NAMX_MAXRSS+ 1]; } DSO_VMS_INTERNAL; - DSO_METHOD *DSO_METHOD_vms(void) { return(&dso_meth_vms); @@ -139,7 +150,22 @@ static int vms_load(DSO *dso) void *ptr = NULL; /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); - DSO_VMS_INTERNAL *p; + +/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */ +#if __INITIAL_POINTER_SIZE == 64 +# define DSO_MALLOC _malloc32 +# pragma pointer_size save +# pragma pointer_size 32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define DSO_MALLOC OPENSSL_malloc +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + + DSO_VMS_INTERNAL *p = NULL; + +#if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ + const char *sp1, *sp2; /* Search result */ if(filename == NULL) @@ -192,7 +218,7 @@ static int vms_load(DSO *dso) goto err; } - p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL)); + p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL)); if(p == NULL) { DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE); @@ -290,18 +316,38 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) int flags = 0; #endif struct dsc$descriptor_s symname_dsc; - *sym = NULL; - symname_dsc.dsc$w_length = strlen(symname); - symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - symname_dsc.dsc$b_class = DSC$K_CLASS_S; - symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ +/* Arrange 32-bit pointer to (copied) string storage, if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# define SYMNAME symname_32p +# pragma pointer_size save +# pragma pointer_size 32 + char *symname_32p; +# pragma pointer_size restore + char symname_32[ NAMX_MAXRSS+ 1]; +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define SYMNAME ((char *) symname) +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + + *sym = NULL; if((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER); return; } + +#if __INITIAL_POINTER_SIZE == 64 + /* Copy the symbol name to storage with a 32-bit pointer. */ + symname_32p = symname_32; + strcpy( symname_32p, symname); +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + + symname_dsc.dsc$w_length = strlen(SYMNAME); + symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; + symname_dsc.dsc$b_class = DSC$K_CLASS_S; + symname_dsc.dsc$a_pointer = SYMNAME; + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR); @@ -372,64 +418,60 @@ static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) return sym; } + static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) { int status; int filespec1len, filespec2len; struct FAB fab; -#ifdef NAML$C_MAXRSS - struct NAML nam; - char esa[NAML$C_MAXRSS]; -#else - struct NAM nam; - char esa[NAM$C_MAXRSS]; -#endif + struct NAMX_STRUCT nam; + char esa[ NAMX_MAXRSS+ 1]; char *merged; +/* Arrange 32-bit pointer to (copied) string storage, if needed. */ +#if __INITIAL_POINTER_SIZE == 64 +# define FILESPEC1 filespec1_32p; +# define FILESPEC2 filespec2_32p; +# pragma pointer_size save +# pragma pointer_size 32 + char *filespec1_32p; + char *filespec2_32p; +# pragma pointer_size restore + char filespec1_32[ NAMX_MAXRSS+ 1]; + char filespec2_32[ NAMX_MAXRSS+ 1]; +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define FILESPEC1 ((char *) filespec1) +# define FILESPEC2 ((char *) filespec2) +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + if (!filespec1) filespec1 = ""; if (!filespec2) filespec2 = ""; filespec1len = strlen(filespec1); filespec2len = strlen(filespec2); +#if __INITIAL_POINTER_SIZE == 64 + /* Copy the file names to storage with a 32-bit pointer. */ + filespec1_32p = filespec1_32; + filespec2_32p = filespec2_32; + strcpy( filespec1_32p, filespec1); + strcpy( filespec2_32p, filespec2); +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + fab = cc$rms_fab; -#ifdef NAML$C_MAXRSS - nam = cc$rms_naml; -#else - nam = cc$rms_nam; -#endif + nam = CC_RMS_NAMX; - fab.fab$l_fna = (char *)filespec1; - fab.fab$b_fns = filespec1len; - fab.fab$l_dna = (char *)filespec2; - fab.fab$b_dns = filespec2len; -#ifdef NAML$C_MAXRSS - if (filespec1len > NAM$C_MAXRSS) - { - fab.fab$l_fna = 0; - fab.fab$b_fns = 0; - nam.naml$l_long_filename = (char *)filespec1; - nam.naml$l_long_filename_size = filespec1len; - } - if (filespec2len > NAM$C_MAXRSS) - { - fab.fab$l_dna = 0; - fab.fab$b_dns = 0; - nam.naml$l_long_defname = (char *)filespec2; - nam.naml$l_long_defname_size = filespec2len; - } - nam.naml$l_esa = esa; - nam.naml$b_ess = NAM$C_MAXRSS; - nam.naml$l_long_expand = esa; - nam.naml$l_long_expand_alloc = sizeof(esa); - nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD; - nam.naml$v_no_short_upcase = 1; - fab.fab$l_naml = &nam; -#else - nam.nam$l_esa = esa; - nam.nam$b_ess = NAM$C_MAXRSS; - nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD; - fab.fab$l_nam = &nam; -#endif + FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNA = FILESPEC1; + FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNS = filespec1len; + FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNA = FILESPEC2; + FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNS = filespec2len; + NAMX_DNA_FNA_SET( fab) + + nam.NAMX_ESA = esa; + nam.NAMX_ESS = NAMX_MAXRSS; + nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD; + SET_NAMX_NO_SHORT_UPCASE( nam); + + fab.FAB_NAMX = &nam; status = sys$parse(&fab, 0, 0); @@ -460,33 +502,12 @@ static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) } return(NULL); } -#ifdef NAML$C_MAXRSS - if (nam.naml$l_long_expand_size) - { - merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1); - if(!merged) - goto malloc_err; - strncpy(merged, nam.naml$l_long_expand, - nam.naml$l_long_expand_size); - merged[nam.naml$l_long_expand_size] = '\0'; - } - else - { - merged = OPENSSL_malloc(nam.naml$b_esl + 1); - if(!merged) - goto malloc_err; - strncpy(merged, nam.naml$l_esa, - nam.naml$b_esl); - merged[nam.naml$b_esl] = '\0'; - } -#else - merged = OPENSSL_malloc(nam.nam$b_esl + 1); + + merged = OPENSSL_malloc( nam.NAMX_ESL+ 1); if(!merged) goto malloc_err; - strncpy(merged, nam.nam$l_esa, - nam.nam$b_esl); - merged[nam.nam$b_esl] = '\0'; -#endif + strncpy( merged, nam.NAMX_ESA, nam.NAMX_ESL); + merged[ nam.NAMX_ESL] = '\0'; return(merged); malloc_err: DSOerr(DSO_F_VMS_MERGER, diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c index cf357b462a..af94458ca7 100644 --- a/src/lib/libcrypto/ec/ec2_smpl.c +++ b/src/lib/libcrypto/ec/ec2_smpl.c @@ -937,6 +937,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c index f05df5332e..19f21675fb 100644 --- a/src/lib/libcrypto/ec/ec_mult.c +++ b/src/lib/libcrypto/ec/ec_mult.c @@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_) EC_POINT **p; for (p = pre->points; *p != NULL; p++) + { EC_POINT_clear_free(*p); - OPENSSL_cleanse(pre->points, sizeof pre->points); + OPENSSL_cleanse(p, sizeof *p); + } OPENSSL_free(pre->points); } - OPENSSL_cleanse(pre, sizeof pre); + OPENSSL_cleanse(pre, sizeof *pre); OPENSSL_free(pre); } diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c index 4d26f8bdf6..66a92e2a90 100644 --- a/src/lib/libcrypto/ec/ecp_smpl.c +++ b/src/lib/libcrypto/ec/ecp_smpl.c @@ -1406,6 +1406,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT * { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h index 8ad11b15d7..9d73abac8e 100644 --- a/src/lib/libcrypto/engine/engine.h +++ b/src/lib/libcrypto/engine/engine.h @@ -678,6 +678,7 @@ typedef struct st_dynamic_fns { * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); #define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } @@ -700,6 +701,8 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c index b42c747249..28546a84bc 100644 --- a/src/lib/libcrypto/evp/encode.c +++ b/src/lib/libcrypto/evp/encode.c @@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; + int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; unsigned char *d; n=ctx->num; @@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, * lines. We process the line and then need to * accept the '\n' */ if ((v != B64_EOF) && (n >= 64)) exp_nl=1; - tmp2=v; if (n > 0) { v=EVP_DecodeBlock(out,d,n); diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index bead6a2170..c268d25cb4 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c @@ -204,6 +204,7 @@ skip_to_init: case EVP_CIPH_OFB_MODE: ctx->num = 0; + /* fall-through */ case EVP_CIPH_CBC_MODE: diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c index 902efac975..55c7cdfdcc 100644 --- a/src/lib/libcrypto/evp/evp_test.c +++ b/src/lib/libcrypto/evp/evp_test.c @@ -435,6 +435,7 @@ int main(int argc,char **argv) EXIT(3); } } + fclose(f); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index 1916c61699..e26ccd0d08 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c @@ -411,7 +411,10 @@ void EVP_PKEY_free(EVP_PKEY *x) static void EVP_PKEY_free_it(EVP_PKEY *x) { if (x->ameth && x->ameth->pkey_free) + { x->ameth->pkey_free(x); + x->pkey.ptr = NULL; + } #ifndef OPENSSL_NO_ENGINE if (x->engine) { diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c index 8df6d48a7e..bb893f5bde 100644 --- a/src/lib/libcrypto/evp/p_sign.c +++ b/src/lib/libcrypto/evp/p_sign.c @@ -81,7 +81,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; *siglen=0; EVP_MD_CTX_init(&tmp_ctx); diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c index 8db46412f3..41d4b67130 100644 --- a/src/lib/libcrypto/evp/p_verify.c +++ b/src/lib/libcrypto/evp/p_verify.c @@ -68,7 +68,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; EVP_MD_CTX_init(&tmp_ctx); EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index 45015fe754..6c98fc43a3 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c @@ -138,12 +138,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { - int j; unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; - j=EVP_MD_block_size(ctx->md); - if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) goto err; if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) diff --git a/src/lib/libcrypto/md32_common.h b/src/lib/libcrypto/md32_common.h index 1cb783944e..bb7381952a 100644 --- a/src/lib/libcrypto/md32_common.h +++ b/src/lib/libcrypto/md32_common.h @@ -165,7 +165,7 @@ asm ( \ "roll %1,%0" \ : "=r"(ret) \ - : "I"(n), "0"(a) \ + : "I"(n), "0"((unsigned int)(a)) \ : "cc"); \ ret; \ }) @@ -383,6 +383,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) } #ifndef MD32_REG_T +#if defined(__alpha) || defined(__sparcv9) || defined(__mips) #define MD32_REG_T long /* * This comment was originaly written for MD5, which is why it @@ -400,9 +401,15 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) * Well, to be honest it should say that this *prevents* * performance degradation. * - * Apparently there're LP64 compilers that generate better - * code if A-D are declared int. Most notably GCC-x86_64 - * generates better code. + */ +#else +/* + * Above is not absolute and there are LP64 compilers that + * generate better code if MD32_REG_T is defined int. The above + * pre-processor condition reflects the circumstances under which + * the conclusion was made and is subject to further extension. * */ +#define MD32_REG_T int +#endif #endif diff --git a/src/lib/libcrypto/o_time.c b/src/lib/libcrypto/o_time.c index eecbdd19f0..9030fdef7a 100644 --- a/src/lib/libcrypto/o_time.c +++ b/src/lib/libcrypto/o_time.c @@ -64,12 +64,18 @@ #include "o_time.h" #ifdef OPENSSL_SYS_VMS -# include -# include -# include -# include -# include -# include +# if __CRTL_VER >= 70000000 && \ + (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE) +# define VMS_GMTIME_OK +# endif +# ifndef VMS_GMTIME_OK +# include +# include +# include +# include +# include +# include +# endif /* ndef VMS_GMTIME_OK */ #endif struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) @@ -81,7 +87,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) so we don't even look at the return value */ gmtime_r(timer,result); ts = result; -#elif !defined(OPENSSL_SYS_VMS) +#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) ts = gmtime(timer); if (ts == NULL) return NULL; @@ -89,7 +95,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) memcpy(result, ts, sizeof(struct tm)); ts = result; #endif -#ifdef OPENSSL_SYS_VMS +#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK) if (ts == NULL) { static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL"); diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c index 12bbfcffd1..af5fc16691 100644 --- a/src/lib/libcrypto/ocsp/ocsp_ht.c +++ b/src/lib/libcrypto/ocsp/ocsp_ht.c @@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) case OHS_ASN1_HEADER: - /* Now reading ASN1 header: can read at least 6 bytes which - * is more than enough for any valid ASN1 SEQUENCE header + /* Now reading ASN1 header: can read at least 2 bytes which + * is enough for ASN1 SEQUENCE header and either length field + * or at least the length of the length field. */ n = BIO_get_mem_data(rctx->mem, &p); - if (n < 6) + if (n < 2) goto next_io; /* Check it is an ASN1 SEQUENCE */ @@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) /* Check out length field */ if (*p & 0x80) { + /* If MSB set on initial length octet we can now + * always read 6 octets: make sure we have them. + */ + if (n < 6) + goto next_io; n = *p & 0x7F; /* Not NDEF or excessive length */ if (!n || (n > 4)) diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c index 36905d76cd..e92b86c060 100644 --- a/src/lib/libcrypto/ocsp/ocsp_lib.c +++ b/src/lib/libcrypto/ocsp/ocsp_lib.c @@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss char *host, *port; - /* dup the buffer since we are going to mess with it */ - buf = BUF_strdup(url); - if (!buf) goto mem_err; - *phost = NULL; *pport = NULL; *ppath = NULL; + /* dup the buffer since we are going to mess with it */ + buf = BUF_strdup(url); + if (!buf) goto mem_err; + /* Check for initial colon */ p = strchr(buf, ':'); diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c index 1695c9c4ad..87608ff399 100644 --- a/src/lib/libcrypto/ocsp/ocsp_prn.c +++ b/src/lib/libcrypto/ocsp/ocsp_prn.c @@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { int i, ret = 0; long l; - unsigned char *p; OCSP_CERTID *cid = NULL; OCSP_BASICRESP *br = NULL; OCSP_RESPID *rid = NULL; @@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) return 1; } - p = ASN1_STRING_data(rb->response); i = ASN1_STRING_length(rb->response); if (!(br = OCSP_response_get1_basic(o))) goto err; rd = br->tbsResponseData; diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h index 2fb110fa0e..310a3387be 100644 --- a/src/lib/libcrypto/opensslv.h +++ b/src/lib/libcrypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000001fL +#define OPENSSL_VERSION_NUMBER 0x1000005fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e-fips 6 Sep 2011" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a 1 Jun 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e 6 Sep 2011" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index 42e4861bc1..cfc89a9921 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c @@ -482,7 +482,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) { - int o; const EVP_CIPHER *enc=NULL; char *p,c; char **header_pp = &header; @@ -522,7 +521,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) header++; } *header='\0'; - o=OBJ_sn2nid(p); cipher->cipher=enc=EVP_get_cipherbyname(p); *header=c; header++; diff --git a/src/lib/libcrypto/perlasm/cbc.pl b/src/lib/libcrypto/perlasm/cbc.pl index e43dc9ae15..6fc2510905 100644 --- a/src/lib/libcrypto/perlasm/cbc.pl +++ b/src/lib/libcrypto/perlasm/cbc.pl @@ -158,7 +158,6 @@ sub cbc &jmp_ptr($count); &set_label("ej7"); - &xor("edx", "edx") if $ppro; # ppro friendly &movb(&HB("edx"), &BP(6,$in,"",0)); &shl("edx",8); &set_label("ej6"); @@ -170,7 +169,6 @@ sub cbc &jmp(&label("ejend")); &set_label("ej3"); &movb(&HB("ecx"), &BP(2,$in,"",0)); - &xor("ecx", "ecx") if $ppro; # ppro friendly &shl("ecx",8); &set_label("ej2"); &movb(&HB("ecx"), &BP(1,$in,"",0)); diff --git a/src/lib/libcrypto/perlasm/x86_64-xlate.pl b/src/lib/libcrypto/perlasm/x86_64-xlate.pl index d66ad24095..68b4c1ca80 100755 --- a/src/lib/libcrypto/perlasm/x86_64-xlate.pl +++ b/src/lib/libcrypto/perlasm/x86_64-xlate.pl @@ -167,7 +167,7 @@ my %globals; } elsif ($self->{op} =~ /^(pop|push)f/) { $self->{op} .= $self->{sz}; } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") { - $self->{op} = "ALIGN\t8\n\tDQ"; + $self->{op} = "\tDQ"; } $self->{op}; } @@ -546,6 +546,8 @@ my %globals; if ($line=~/\.([px])data/) { $v.=" rdata align="; $v.=$1 eq "p"? 4 : 8; + } elsif ($line=~/\.CRT\$/i) { + $v.=" rdata align=8"; } } else { $v="$current_segment\tENDS\n" if ($current_segment); @@ -553,6 +555,8 @@ my %globals; if ($line=~/\.([px])data/) { $v.=" READONLY"; $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref); + } elsif ($line=~/\.CRT\$/i) { + $v.=" READONLY DWORD"; } } $current_segment = $line; diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c index a29794bbbc..424203f648 100644 --- a/src/lib/libcrypto/pkcs12/p12_key.c +++ b/src/lib/libcrypto/pkcs12/p12_key.c @@ -107,6 +107,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, unsigned char *B, *D, *I, *p, *Ai; int Slen, Plen, Ilen, Ijlen; int i, j, u, v; + int ret = 0; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ EVP_MD_CTX ctx; #ifdef DEBUG_KEYGEN @@ -144,10 +145,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, I = OPENSSL_malloc (Ilen); Ij = BN_new(); Bpl1 = BN_new(); - if (!D || !Ai || !B || !I || !Ij || !Bpl1) { - PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); - return 0; - } + if (!D || !Ai || !B || !I || !Ij || !Bpl1) + goto err; for (i = 0; i < v; i++) D[i] = id; p = I; for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; @@ -164,28 +163,22 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, } memcpy (out, Ai, min (n, u)); if (u >= n) { - OPENSSL_free (Ai); - OPENSSL_free (B); - OPENSSL_free (D); - OPENSSL_free (I); - BN_free (Ij); - BN_free (Bpl1); - EVP_MD_CTX_cleanup(&ctx); #ifdef DEBUG_KEYGEN fprintf(stderr, "Output KEY (length %d)\n", tmpn); h__dump(tmpout, tmpn); #endif - return 1; + ret = 1; + goto end; } n -= u; out += u; for (j = 0; j < v; j++) B[j] = Ai[j % u]; /* Work out B + 1 first then can use B as tmp space */ - BN_bin2bn (B, v, Bpl1); - BN_add_word (Bpl1, 1); + if (!BN_bin2bn (B, v, Bpl1)) goto err; + if (!BN_add_word (Bpl1, 1)) goto err; for (j = 0; j < Ilen ; j+=v) { - BN_bin2bn (I + j, v, Ij); - BN_add (Ij, Ij, Bpl1); + if (!BN_bin2bn (I + j, v, Ij)) goto err; + if (!BN_add (Ij, Ij, Bpl1)) goto err; BN_bn2bin (Ij, B); Ijlen = BN_num_bytes (Ij); /* If more than 2^(v*8) - 1 cut off MSB */ @@ -201,6 +194,19 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, } else BN_bn2bin (Ij, I + j); } } + +err: + PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); + +end: + OPENSSL_free (Ai); + OPENSSL_free (B); + OPENSSL_free (D); + OPENSSL_free (I); + BN_free (Ij); + BN_free (Bpl1); + EVP_MD_CTX_cleanup(&ctx); + return ret; } #ifdef DEBUG_KEYGEN void h__dump (unsigned char *p, int len) diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 451de84489..3bf1a367bb 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c @@ -422,7 +422,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) X509_ALGOR *enc_alg=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; i=OBJ_obj2nid(p7->type); @@ -445,7 +444,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; break; case NID_pkcs7_enveloped: rsk=p7->d.enveloped->recipientinfo; @@ -457,7 +455,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.enveloped->enc_data->algorithm; break; default: PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c index 3ca0952792..d411269b50 100644 --- a/src/lib/libcrypto/pkcs7/pk7_lib.c +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c @@ -591,7 +591,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) { int i; - ASN1_OBJECT *objtmp; PKCS7_ENC_CONTENT *ec; i=OBJ_obj2nid(p7->type); @@ -614,7 +613,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); return(0); } - objtmp = OBJ_nid2obj(i); ec->cipher = cipher; return 1; diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c index 88088ce73c..b2f04ff13e 100644 --- a/src/lib/libcrypto/rand/md_rand.c +++ b/src/lib/libcrypto/rand/md_rand.c @@ -476,11 +476,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); #ifndef PURIFY /* purify complains */ - /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + /* The following line uses the supplied buffer as a small + * source of entropy: since this buffer is often uninitialised + * it may cause programs such as purify or valgrind to + * complain. So for those builds it is not used: the removal + * of such a small source of entropy has negligible impact on + * security. + */ MD_Update(&m,buf,j); - /* We know that line may cause programs such as - purify and valgrind to complain about use of - uninitialized data. */ #endif k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; diff --git a/src/lib/libcrypto/rand/rand_vms.c b/src/lib/libcrypto/rand/rand_vms.c index 1267a3acae..0bfd8ff7e4 100644 --- a/src/lib/libcrypto/rand/rand_vms.c +++ b/src/lib/libcrypto/rand/rand_vms.c @@ -69,6 +69,17 @@ # pragma message disable DOLLARID #endif +/* Use 32-bit pointers almost everywhere. Define the type to which to + * cast a pointer passed to an external function. + */ +#if __INITIAL_POINTER_SIZE == 64 +# define PTR_T __void_ptr64 +# pragma pointer_size save +# pragma pointer_size 32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_T void * +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + static struct items_data_st { short length, code; /* length is amount of bytes */ @@ -125,11 +136,12 @@ int RAND_poll(void) { if (status == SS$_NORMAL) { - RAND_add(data_buffer, total_length, total_length/2); + RAND_add( (PTR_T)data_buffer, total_length, + total_length/2); } } sys$gettim(iosb); - RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2); + RAND_add( (PTR_T)iosb, sizeof(iosb), sizeof(iosb)/2); return 1; } diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index 4ed40b7b70..bc7d9c5804 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c @@ -144,7 +144,9 @@ int RAND_load_file(const char *file, long bytes) * I/O because we will waste system entropy. */ bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ +#ifndef OPENSSL_NO_SETVBUF_IONBF setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ } #endif for (;;) @@ -269,7 +271,6 @@ err: const char *RAND_file_name(char *buf, size_t size) { char *s=NULL; - int ok = 0; #ifdef __OpenBSD__ struct stat sb; #endif @@ -298,7 +299,6 @@ const char *RAND_file_name(char *buf, size_t size) BUF_strlcat(buf,"/",size); #endif BUF_strlcat(buf,RFILE,size); - ok = 1; } else buf[0] = '\0'; /* no file name */ @@ -312,7 +312,7 @@ const char *RAND_file_name(char *buf, size_t size) * to something hopefully decent if that isn't available. */ - if (!ok) + if (!buf[0]) if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { return(NULL); } diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index c5eaeeae6b..7c941885f0 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c @@ -675,7 +675,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, rsa->_method_mod_n)) goto err; if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) - BN_sub(ret, rsa->n, ret); + if (!BN_sub(ret, rsa->n, ret)) goto err; p=buf; i=BN_bn2bin(ret,p); diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c index e238d10e5c..18d307ea9e 100644 --- a/src/lib/libcrypto/rsa/rsa_oaep.c +++ b/src/lib/libcrypto/rsa/rsa_oaep.c @@ -189,34 +189,40 @@ int PKCS1_MGF1(unsigned char *mask, long len, EVP_MD_CTX c; unsigned char md[EVP_MAX_MD_SIZE]; int mdlen; + int rv = -1; EVP_MD_CTX_init(&c); mdlen = EVP_MD_size(dgst); if (mdlen < 0) - return -1; + goto err; for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - EVP_DigestInit_ex(&c,dgst, NULL); - EVP_DigestUpdate(&c, seed, seedlen); - EVP_DigestUpdate(&c, cnt, 4); + if (!EVP_DigestInit_ex(&c,dgst, NULL) + || !EVP_DigestUpdate(&c, seed, seedlen) + || !EVP_DigestUpdate(&c, cnt, 4)) + goto err; if (outlen + mdlen <= len) { - EVP_DigestFinal_ex(&c, mask + outlen, NULL); + if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) + goto err; outlen += mdlen; } else { - EVP_DigestFinal_ex(&c, md, NULL); + if (!EVP_DigestFinal_ex(&c, md, NULL)) + goto err; memcpy(mask + outlen, md, len - outlen); outlen = len; } } + rv = 0; + err: EVP_MD_CTX_cleanup(&c); - return 0; + return rv; } static int MGF1(unsigned char *mask, long len, const unsigned char *seed, diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h index 891cb84a51..3e76aa58f5 100644 --- a/src/lib/libcrypto/stack/safestack.h +++ b/src/lib/libcrypto/stack/safestack.h @@ -179,7 +179,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) sk_is_sorted(CHECKED_STACK_OF(type, st)) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \ + (STACK_OF(type) *)d2i_ASN1_SET( \ + (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ pp, length, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ @@ -2030,79 +2031,79 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_void_sort(st) SKM_sk_sort(void, (st)) #define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) -#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) -#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) -#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i)) -#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) -#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i) -#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) -#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr)) -#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ - ((int (*)(const void * const *,const void * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp))) -#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st)) -#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) +#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) +#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) +#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) +#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) +#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) #define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) -#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i)) +#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) #define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) -#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) -#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) +#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) #define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) -#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) -#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) #define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) #define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) #define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st)) +#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) #define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) -#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) -#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i)) -#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) -#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i) -#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) -#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr)) -#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ - ((int (*)(const char * const *,const char * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp))) -#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st)) -#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) +#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) +#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) +#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) +#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) +#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) +#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) +#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ + ((int (*)(const void * const *,const void * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) +#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ diff --git a/src/lib/libcrypto/util/cygwin.sh b/src/lib/libcrypto/util/cygwin.sh index a4f2e740b4..d6228521e6 100644 --- a/src/lib/libcrypto/util/cygwin.sh +++ b/src/lib/libcrypto/util/cygwin.sh @@ -8,7 +8,7 @@ #set -x CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5" -INSTALL_PREFIX=/tmp/install +INSTALL_PREFIX=/tmp/install/INSTALL VERSION= SUBVERSION=$1 @@ -124,8 +124,12 @@ strip usr/bin/*.exe usr/bin/*.dll usr/lib/engines/*.so chmod u-w usr/lib/engines/*.so # Runtime package -find etc usr/bin usr/lib/engines usr/share/doc usr/ssl/certs \ - usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private \ +tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \ + usr/bin/cyg*dll +# Base package +find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \ + usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf \ + usr/ssl/private \ -empty -o \! -type d | tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 - # Development package @@ -135,6 +139,7 @@ tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 +ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 cleanup diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num index c68047e955..1467ab6243 100644 --- a/src/lib/libcrypto/util/libeay.num +++ b/src/lib/libcrypto/util/libeay.num @@ -4178,4 +4178,20 @@ UI_method_get_prompt_constructr 4550 EXIST:VMS:FUNCTION: UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION: UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION: EVP_read_pw_string_min 4552 EXIST::FUNCTION: -ENGINE_load_aesni 4553 EXIST::FUNCTION:ENGINE +CRYPTO_cts128_encrypt 4553 EXIST::FUNCTION: +CRYPTO_cts128_decrypt_block 4554 EXIST::FUNCTION: +CRYPTO_cfb128_1_encrypt 4555 EXIST::FUNCTION: +CRYPTO_cbc128_encrypt 4556 EXIST::FUNCTION: +CRYPTO_ctr128_encrypt 4557 EXIST::FUNCTION: +CRYPTO_ofb128_encrypt 4558 EXIST::FUNCTION: +CRYPTO_cts128_decrypt 4559 EXIST::FUNCTION: +CRYPTO_cts128_encrypt_block 4560 EXIST::FUNCTION: +CRYPTO_cbc128_decrypt 4561 EXIST::FUNCTION: +CRYPTO_cfb128_encrypt 4562 EXIST::FUNCTION: +CRYPTO_cfb128_8_encrypt 4563 EXIST::FUNCTION: +OPENSSL_strcasecmp 4564 EXIST::FUNCTION: +OPENSSL_memcmp 4565 EXIST::FUNCTION: +OPENSSL_strncasecmp 4566 EXIST::FUNCTION: +OPENSSL_gmtime 4567 EXIST::FUNCTION: +OPENSSL_gmtime_adj 4568 EXIST::FUNCTION: +ENGINE_load_aesni 4569 EXIST::FUNCTION:ENGINE diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl index 780029a03f..1dcef2b8a2 100644 --- a/src/lib/libcrypto/util/mk1mf.pl +++ b/src/lib/libcrypto/util/mk1mf.pl @@ -13,6 +13,7 @@ $banner="\t\@echo Building OpenSSL"; my $no_static_engine = 1; my $engines = ""; +my $otherlibs = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; local $perl_asm = 0; # 1 to autobuild asm files from perl scripts @@ -266,6 +267,7 @@ $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; +$cflags.=" -DOPENSSL_NO_GOST" if $no_gost; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; @@ -356,6 +358,12 @@ for (;;) $lib=$val; $lib =~ s/^.*\/([^\/]+)$/$1/; } + if ($key eq "LIBNAME" && $no_static_engine) + { + $lib=$val; + $lib =~ s/^.*\/([^\/]+)$/$1/; + $otherlibs .= " $lib"; + } if ($key eq "EXHEADER") { $exheader.=&var_add($dir,$val, 1); } @@ -658,7 +666,7 @@ foreach (split(/\s+/,$test)) $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); } -$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); +$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp); foreach (split(/\s+/,$engines)) { @@ -671,6 +679,14 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); +foreach (split(" ",$otherlibs)) + { + my $uc = $_; + $uc =~ tr /a-z/A-Z/; + $rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, ""); + + } + $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); print $defs; @@ -708,6 +724,7 @@ sub var_add return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; + return("") if $no_gost && $dir =~ /\/ccgost/; return("") if $no_cms && $dir =~ /\/cms/; return("") if $no_jpake && $dir =~ /\/jpake/; if ($no_des && $dir =~ /\/des/) @@ -1047,6 +1064,7 @@ sub read_options "no-ec" => \$no_ec, "no-ecdsa" => \$no_ecdsa, "no-ecdh" => \$no_ecdh, + "no-gost" => \$no_gost, "no-engine" => \$no_engine, "no-hw" => \$no_hw, "just-ssl" => diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl index a4a17e3ae9..ab47329097 100644 --- a/src/lib/libcrypto/util/mkdef.pl +++ b/src/lib/libcrypto/util/mkdef.pl @@ -257,6 +257,8 @@ $ssl.=" ssl/tls1.h"; my $crypto ="crypto/crypto.h"; $crypto.=" crypto/o_dir.h"; +$crypto.=" crypto/o_str.h"; +$crypto.=" crypto/o_time.h"; $crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des; $crypto.=" crypto/idea/idea.h" ; # unless $no_idea; $crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4; @@ -316,6 +318,7 @@ $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; $crypto.=" crypto/jpake/jpake.h"; +$crypto.=" crypto/modes/modes.h"; my $symhacks="crypto/symhacks.h"; diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl index 15b774f277..2c99467d34 100644 --- a/src/lib/libcrypto/util/mkerr.pl +++ b/src/lib/libcrypto/util/mkerr.pl @@ -391,7 +391,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", @@ -576,7 +576,7 @@ EOF print OUT <<"EOF"; /* $cfile */ /* ==================================================================== - * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libcrypto/util/mkstack.pl b/src/lib/libcrypto/util/mkstack.pl index 6a43757c95..f708610a78 100644 --- a/src/lib/libcrypto/util/mkstack.pl +++ b/src/lib/libcrypto/util/mkstack.pl @@ -104,25 +104,25 @@ EOF #define sk_${t1}_new(cmp) ((STACK_OF($t1) *)sk_new(CHECKED_SK_CMP_FUNC($t2, cmp))) #define sk_${t1}_new_null() ((STACK_OF($t1) *)sk_new_null()) -#define sk_${t1}_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) -#define sk_${t1}_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) -#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_PTR_OF(STACK_OF($t1), st), i)) +#define sk_${t1}_push(st, val) sk_push(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_find(st, val) sk_find(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_STACK_OF($t1, st), i)) #define sk_${t1}_num(st) SKM_sk_num($t1, st) -#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_FREE_FUNC2($t1, free_func)) -#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val), i) +#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF($t1, st), CHECKED_SK_FREE_FUNC2($t1, free_func)) +#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val), i) #define sk_${t1}_free(st) SKM_sk_free(${t1}, st) -#define sk_${t1}_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), i, CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_set(st, i, val) sk_set(CHECKED_STACK_OF($t1, st), i, CHECKED_PTR_OF($t2, val)) #define sk_${t1}_zero(st) SKM_sk_zero($t1, (st)) -#define sk_${t1}_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_unshift(st, val) sk_unshift(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) #define sk_${t1}_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF($t1), st), CHECKED_CONST_PTR_OF($t2, val)) #define sk_${t1}_delete(st, i) SKM_sk_delete($t1, (st), (i)) -#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, ptr)) +#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, ptr)) #define sk_${t1}_set_cmp_func(st, cmp) \\ ((int (*)(const $t2 * const *,const $t2 * const *)) \\ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_CMP_FUNC($t2, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF($t1, st), CHECKED_SK_CMP_FUNC($t2, cmp))) #define sk_${t1}_dup(st) SKM_sk_dup($t1, st) #define sk_${t1}_shift(st) SKM_sk_shift($t1, (st)) -#define sk_${t1}_pop(st) ($t2 *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st)) +#define sk_${t1}_pop(st) ($t2 *)sk_pop(CHECKED_STACK_OF($t1, st)) #define sk_${t1}_sort(st) SKM_sk_sort($t1, (st)) #define sk_${t1}_is_sorted(st) SKM_sk_is_sorted($t1, (st)) diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl index c3e29fda96..5f25fc41bf 100644 --- a/src/lib/libcrypto/util/pl/VC-32.pl +++ b/src/lib/libcrypto/util/pl/VC-32.pl @@ -138,8 +138,8 @@ else } # generate symbols.pdb unconditionally -$app_cflag.=" /Zi /Fd$tmp_def/app"; -$lib_cflag.=" /Zi /Fd$tmp_def/lib"; +$app_cflag.=" /Zi /Fd\$(TMP_D)/app"; +$lib_cflag.=" /Zi /Fd\$(TMP_D)/lib"; $lflags.=" /debug"; $obj='.obj'; @@ -195,7 +195,7 @@ if ($FLAVOR =~ /WIN64A/) { my $ver=`nasm -v 2>NUL`; my $vew=`nasmw -v 2>NUL`; # pick newest version - $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; + $asm=($ver ge $vew?"nasm":"nasmw")." -f win32"; $asmtype="win32n"; $afile='-o '; } else { diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index 604f4fb27f..e6f8a40395 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h @@ -258,6 +258,7 @@ typedef struct x509_cinf_st ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; } X509_CINF; /* This stuff is certificate "auxiliary info" diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 87ebf62525..5a0b0249b4 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c @@ -703,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx) x = sk_X509_value(ctx->chain, cnum); ctx->current_cert = x; ctx->current_issuer = NULL; + ctx->current_crl_score = 0; ctx->current_reasons = 0; while (ctx->current_reasons != CRLDP_ALL_REASONS) { @@ -2015,6 +2016,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->error_depth=0; ctx->current_cert=NULL; ctx->current_issuer=NULL; + ctx->current_crl=NULL; + ctx->current_crl_score=0; + ctx->current_reasons=0; ctx->tree = NULL; ctx->parent = NULL; @@ -2034,7 +2038,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, if (store) ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); else - ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; + ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; if (store) { diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c index ebae30b701..8ec88c215a 100644 --- a/src/lib/libcrypto/x509/x_all.c +++ b/src/lib/libcrypto/x509/x_all.c @@ -90,6 +90,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { + x->cert_info->enc.modified = 1; return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, x->sig_alg, x->signature, x->cert_info,pkey,md)); } diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c index 92f6b24556..bb9777348f 100644 --- a/src/lib/libcrypto/x509v3/pcy_tree.c +++ b/src/lib/libcrypto/x509v3/pcy_tree.c @@ -341,9 +341,8 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache) { int i; - X509_POLICY_LEVEL *last; X509_POLICY_DATA *data; - last = curr - 1; + for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { data = sk_X509_POLICY_DATA_value(cache->data, i); diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c index 9087d66e0a..0d70e8696d 100644 --- a/src/lib/libcrypto/x509v3/v3_addr.c +++ b/src/lib/libcrypto/x509v3/v3_addr.c @@ -177,12 +177,18 @@ static int i2r_address(BIO *out, unsigned char addr[ADDR_RAW_BUF_LEN]; int i, n; + if (bs->length < 0) + return 0; switch (afi) { case IANA_AFI_IPV4: + if (bs->length > 4) + return 0; addr_expand(addr, bs, 4, fill); BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; case IANA_AFI_IPV6: + if (bs->length > 16) + return 0; addr_expand(addr, bs, 16, fill); for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) ; diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c index 56702f86b9..3f434c0603 100644 --- a/src/lib/libcrypto/x509v3/v3_asid.c +++ b/src/lib/libcrypto/x509v3/v3_asid.c @@ -61,7 +61,6 @@ #include #include -#include #include "cryptlib.h" #include #include @@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_, { const ASIdOrRange *a = *a_, *b = *b_; - assert((a->type == ASIdOrRange_id && a->u.id != NULL) || + OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || (a->type == ASIdOrRange_range && a->u.range != NULL && a->u.range->min != NULL && a->u.range->max != NULL)); - assert((b->type == ASIdOrRange_id && b->u.id != NULL) || + OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || (b->type == ASIdOrRange_range && b->u.range != NULL && b->u.range->min != NULL && b->u.range->max != NULL)); @@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which) if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - assert((*choice)->u.inherit == NULL); + OPENSSL_assert((*choice)->u.inherit == NULL); if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) return 0; (*choice)->type = ASIdentifierChoice_inherit; @@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid, if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - assert((*choice)->u.asIdsOrRanges == NULL); + OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL); (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); if ((*choice)->u.asIdsOrRanges == NULL) return 0; @@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor, ASN1_INTEGER **min, ASN1_INTEGER **max) { - assert(aor != NULL && min != NULL && max != NULL); + OPENSSL_assert(aor != NULL && min != NULL && max != NULL); switch (aor->type) { case ASIdOrRange_id: *min = aor->u.id; @@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) int v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) || + (ASIdentifierChoice_is_canonical(asid->asnum) && ASIdentifierChoice_is_canonical(asid->rdi))); } @@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * We have a list. Sort it. */ - assert(choice->type == ASIdentifierChoice_asIdsOrRanges); + OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges); sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); /* @@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Make sure we're properly sorted (paranoia). */ - assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); + OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); /* * Check for overlaps. @@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) } } - assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ + OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ ret = 1; @@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, int i, ret = 1, inherit_as = 0, inherit_rdi = 0; X509 *x; - assert(chain != NULL && sk_X509_num(chain) > 0); - assert(ctx != NULL || ext != NULL); - assert(ctx == NULL || ctx->verify_cb != NULL); + OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); + OPENSSL_assert(ctx != NULL || ext != NULL); + OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); /* * Figure out where to start. If we don't have an extension to @@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, } else { i = 0; x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if ((ext = x->rfc3779_asid) == NULL) goto done; } @@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, */ for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if (x->rfc3779_asid == NULL) { if (child_as != NULL || child_rdi != NULL) validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, /* * Trust anchor can't inherit. */ - assert(x != NULL); + OPENSSL_assert(x != NULL); if (x->rfc3779_asid != NULL) { if (x->rfc3779_asid->asnum != NULL && x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE index a2c4adcbe6..e47d101f10 100644 --- a/src/lib/libssl/LICENSE +++ b/src/lib/libssl/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c index af319af302..eedac8a3fc 100644 --- a/src/lib/libssl/bio_ssl.c +++ b/src/lib/libssl/bio_ssl.c @@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_SET_SSL: if (ssl != NULL) + { ssl_free(b); + if (!ssl_new(b)) + return 0; + } b->shutdown=(int)num; ssl=(SSL *)ptr; ((BIO_SSL *)b->ptr)->ssl=ssl; diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 5bc9eb6603..089fa4c7f8 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c @@ -407,7 +407,8 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_B: - dtls1_start_timer(s); + if (!s->hit) + dtls1_start_timer(s); ret=dtls1_send_change_cipher_spec(s, SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; @@ -442,7 +443,8 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: - dtls1_start_timer(s); + if (!s->hit) + dtls1_start_timer(s); ret=dtls1_send_finished(s, SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, s->method->ssl3_enc->client_finished_label, diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index a5439d544f..39aac73e10 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c @@ -296,9 +296,6 @@ dtls1_process_buffered_records(SSL *s) item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { - DTLS1_RECORD_DATA *rdata; - rdata = (DTLS1_RECORD_DATA *)item->data; - /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) return(1); /* Nothing to do. */ @@ -412,11 +409,12 @@ dtls1_process_record(SSL *s) enc_err = s->method->ssl3_enc->enc(s,0); if (enc_err <= 0) { - if (enc_err == 0) - /* SSLerr() and ssl3_send_alert() have been called */ - goto err; - - /* otherwise enc_err == -1 */ + /* decryption failed, silently discard message */ + if (enc_err < 0) + { + rr->length = 0; + s->packet_length = 0; + } goto err; } @@ -528,14 +526,12 @@ int dtls1_get_record(SSL *s) int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; - SSL_SESSION *sess; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); - sess=s->session; /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ @@ -662,10 +658,12 @@ again: /* If this record is from the next epoch (either HM or ALERT), * and a handshake is currently in progress, buffer it since it - * cannot be processed at this time. */ + * cannot be processed at this time. However, do not buffer + * anything while listening. + */ if (is_next_epoch) { - if (SSL_in_init(s) || s->in_handshake) + if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); } diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 301ceda7a5..a6a4c87ea6 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c @@ -150,6 +150,7 @@ int dtls1_accept(SSL *s) unsigned long alg_k; int ret= -1; int new_state,state,skip=0; + int listen; RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); @@ -159,11 +160,15 @@ int dtls1_accept(SSL *s) cb=s->info_callback; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; + + listen = s->d1->listen; /* init things to blank */ s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->d1->listen = listen; + if (s->cert == NULL) { SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); @@ -273,11 +278,23 @@ int dtls1_accept(SSL *s) s->init_num=0; + /* Reflect ClientHello sequence to remain stateless while listening */ + if (listen) + { + memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); + } + /* If we're just listening, stop here */ - if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) + if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; s->d1->listen = 0; + /* Set expected sequence numbers + * to continue the handshake. + */ + s->d1->handshake_read_seq = 2; + s->d1->handshake_write_seq = 1; + s->d1->next_handshake_write_seq = 1; goto end; } @@ -286,7 +303,6 @@ int dtls1_accept(SSL *s) case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - dtls1_start_timer(s); ret = dtls1_send_hello_verify_request(s); if ( ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; @@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s) /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); } /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ @@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s) SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - if (!EC_KEY_up_ref(ecdhp)) + if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - ecdh = ecdhp; s->s3->tmp.ecdh=ecdh; if ((EC_KEY_get0_public_key(ecdh) == NULL) || diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c index e3fce53430..3bf728318a 100644 --- a/src/lib/libssl/s23_lib.c +++ b/src/lib/libssl/s23_lib.c @@ -92,15 +92,8 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u) * available */ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c; const SSL_CIPHER *cp; - unsigned long id; - int n; - n=ssl3_num_ciphers(); - id=0x03000000|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; cp=ssl3_get_cipher_by_char(p); #ifndef OPENSSL_NO_SSL2 if (cp == NULL) diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 8cc291b922..50bd415b56 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c @@ -1511,6 +1511,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); + bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; } @@ -2242,6 +2243,7 @@ int ssl3_send_client_key_exchange(SSL *s) if (!DH_generate_key(dh_clnt)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + DH_free(dh_clnt); goto err; } @@ -2253,6 +2255,7 @@ int ssl3_send_client_key_exchange(SSL *s) if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + DH_free(dh_clnt); goto err; } diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index d6b047c995..62c791cb72 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s) } #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) + { DH_free(s->s3->tmp.dh); + s->s3->tmp.dh = NULL; + } #endif #ifndef OPENSSL_NO_ECDH if (s->s3->tmp.ecdh != NULL) + { EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } #endif rp = s->s3->rbuf.buf; diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index e3f6050a26..f9b3629cf7 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c @@ -246,7 +246,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) if (i <= 0) { rb->left = left; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && + SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) if (len+left == 0) ssl3_release_read_buffer(s); return(i); @@ -846,7 +847,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, { wb->left=0; wb->offset+=i; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && + SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) ssl3_release_write_buffer(s); s->rwstate=SSL_NOTHING; return(s->s3->wpend_ret); diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 61ee0a3e42..c3b5ff33ff 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c @@ -768,15 +768,20 @@ int ssl3_check_client_hello(SSL *s) if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) { /* Throw away what we have done so far in the current handshake, - * which will now be aborted. (A full SSL_clear would be too much.) - * I hope that tmp.dh is the only thing that may need to be cleared - * when a handshake is not completed ... */ + * which will now be aborted. (A full SSL_clear would be too much.) */ #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) { DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; } +#endif +#ifndef OPENSSL_NO_ECDH + if (s->s3->tmp.ecdh != NULL) + { + EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } #endif return 2; } @@ -1491,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s) if (s->s3->tmp.dh != NULL) { - DH_free(dh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1552,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s) if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1563,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - if (!EC_KEY_up_ref(ecdhp)) + if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - ecdh = ecdhp; s->s3->tmp.ecdh=ecdh; if ((EC_KEY_get0_public_key(ecdh) == NULL) || @@ -1731,6 +1733,7 @@ int ssl3_send_server_key_exchange(SSL *s) (unsigned char *)encodedPoint, encodedlen); OPENSSL_free(encodedPoint); + encodedPoint = NULL; p += encodedlen; } #endif @@ -2440,6 +2443,12 @@ int ssl3_get_client_key_exchange(SSL *s) /* Get encoded point length */ i = *p; p += 1; + if (n != 1 + i) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) { @@ -2584,12 +2593,19 @@ int ssl3_get_client_key_exchange(SSL *s) { int ret = 0; EVP_PKEY_CTX *pkey_ctx; - EVP_PKEY *client_pub_pkey = NULL; + EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; unsigned char premaster_secret[32], *start; - size_t outlen=32, inlen; + size_t outlen=32, inlen; + unsigned long alg_a; /* Get our certificate private key*/ - pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL); + alg_a = s->s3->tmp.new_cipher->algorithm_auth; + if (alg_a & SSL_aGOST94) + pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; + else if (alg_a & SSL_aGOST01) + pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; + + pkey_ctx = EVP_PKEY_CTX_new(pk,NULL); EVP_PKEY_decrypt_init(pkey_ctx); /* If client certificate is present and is of the same type, maybe * use it for key exchange. Don't mind errors from diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES index b139cf6244..a0de5abb60 100644 --- a/src/lib/libssl/src/CHANGES +++ b/src/lib/libssl/src/CHANGES @@ -2,6 +2,64 @@ OpenSSL CHANGES _______________ + Changes between 1.0.0d and 1.0.0e [6 Sep 2011] + + *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted + by initialising X509_STORE_CTX properly. (CVE-2011-3207) + [Kaspar Brand ] + + *) Fix SSL memory handling for (EC)DH ciphersuites, in particular + for multi-threaded use of ECDH. (CVE-2011-3210) + [Adam Langley (Google)] + + *) Fix x509_name_ex_d2i memory leak on bad inputs. + [Bodo Moeller] + + *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check + signature public key algorithm by using OID xref utilities instead. + Before this you could only use some ECC ciphersuites with SHA1 only. + [Steve Henson] + + *) Add protection against ECDSA timing attacks as mentioned in the paper + by Billy Bob Brumley and Nicola Tuveri, see: + + http://eprint.iacr.org/2011/232.pdf + + [Billy Bob Brumley and Nicola Tuveri] + + Changes between 1.0.0c and 1.0.0d [8 Feb 2011] + + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + [Neel Mehta, Adam Langley, Bodo Moeller (Google)] + + *) Fix bug in string printing code: if *any* escaping is enabled we must + escape the escape character (backslash) or the resulting string is + ambiguous. + [Steve Henson] + + Changes between 1.0.0b and 1.0.0c [2 Dec 2010] + + *) Disable code workaround for ancient and obsolete Netscape browsers + and servers: an attacker can use it in a ciphersuite downgrade attack. + Thanks to Martin Rex for discovering this bug. CVE-2010-4180 + [Steve Henson] + + *) Fixed J-PAKE implementation error, originally discovered by + Sebastien Martini, further info and confirmation from Stefan + Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 + [Ben Laurie] + + Changes between 1.0.0a and 1.0.0b [16 Nov 2010] + + *) Fix extension code to avoid race conditions which can result in a buffer + overrun vulnerability: resumed sessions must not be modified as they can + be shared by multiple threads. CVE-2010-3864 + [Steve Henson] + + *) Fix WIN32 build system to correctly link an ENGINE directory into + a DLL. + [Steve Henson] + Changes between 1.0.0 and 1.0.0a [01 Jun 2010] *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover @@ -849,7 +907,73 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] + Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] + + *) Fix SSL memory handling for (EC)DH ciphersuites, in particular + for multi-threaded use of ECDH. + [Adam Langley (Google)] + + *) Fix x509_name_ex_d2i memory leak on bad inputs. + [Bodo Moeller] + + *) Add protection against ECDSA timing attacks as mentioned in the paper + by Billy Bob Brumley and Nicola Tuveri, see: + + http://eprint.iacr.org/2011/232.pdf + + [Billy Bob Brumley and Nicola Tuveri] + + Changes between 0.9.8q and 0.9.8r [8 Feb 2011] + + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + [Neel Mehta, Adam Langley, Bodo Moeller (Google)] + + *) Fix bug in string printing code: if *any* escaping is enabled we must + escape the escape character (backslash) or the resulting string is + ambiguous. + [Steve Henson] + + Changes between 0.9.8p and 0.9.8q [2 Dec 2010] + + *) Disable code workaround for ancient and obsolete Netscape browsers + and servers: an attacker can use it in a ciphersuite downgrade attack. + Thanks to Martin Rex for discovering this bug. CVE-2010-4180 + [Steve Henson] + + *) Fixed J-PAKE implementation error, originally discovered by + Sebastien Martini, further info and confirmation from Stefan + Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 + [Ben Laurie] + + Changes between 0.9.8o and 0.9.8p [16 Nov 2010] + + *) Fix extension code to avoid race conditions which can result in a buffer + overrun vulnerability: resumed sessions must not be modified as they can + be shared by multiple threads. CVE-2010-3864 + [Steve Henson] + + *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 + [Steve Henson] + + *) Don't reencode certificate when calculating signature: cache and use + the original encoding instead. This makes signature verification of + some broken encodings work correctly. + [Steve Henson] + + *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT + is also one of the inputs. + [Emilia Käsper (Google)] + + *) Don't repeatedly append PBE algorithms to table if they already exist. + Sort table on each new add. This effectively makes the table read only + after all algorithms are added and subsequent calls to PKCS12_pbe_add + etc are non-op. + [Steve Henson] + + Changes between 0.9.8n and 0.9.8o [01 Jun 2010] + + [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after + OpenSSL 1.0.0.] *) Correct a typo in the CMS ASN1 module which can result in invalid memory access or freeing data twice (CVE-2010-0742) @@ -860,6 +984,12 @@ SSL_library_init and not OpenSSL_add_all_algorithms() will fail. [Steve Henson] + *) VMS fixes: + Reduce copying into .apps and .test in makevms.com + Don't try to use blank CA certificate in CA.com + Allow use of C files from original directories in maketests.com + [Steven M. Schweda" ] + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never @@ -868,8 +998,8 @@ - OpenSSL 0.9.8f if 'short' is longer than 16 bits, the previous behavior could result in a read attempt at NULL when receiving specific incorrect SSL/TLS records once record payload - protection is active. (CVE-2010-####) - [Bodo Moeller, Adam Langley] + protection is active. (CVE-2010-0740) + [Bodo Moeller, Adam Langley ] *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure index e3b13b9d43..429ab2e5eb 100644 --- a/src/lib/libssl/src/Configure +++ b/src/lib/libssl/src/Configure @@ -492,6 +492,8 @@ my %table=( # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", "VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", +"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", +"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' "VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", @@ -583,6 +585,7 @@ my %table=( ); my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A + debug-VC-WIN64I debug-VC-WIN64A VC-NT VC-CE VC-WIN32 debug-VC-WIN32 BC-32 netware-clib netware-clib-bsdsock @@ -1093,6 +1096,12 @@ my $ar = $ENV{'AR'} || "ar"; my $arflags = $fields[$idx_arflags]; my $multilib = $fields[$idx_multilib]; +# if $prefix/lib$multilib is not an existing directory, then +# assume that it's not searched by linker automatically, in +# which case adding $multilib suffix causes more grief than +# we're ready to tolerate, so don't... +$multilib="" if !-d "$prefix/lib$multilib"; + $libdir="lib$multilib" if $libdir eq ""; $cflags = "$cflags$exp_cflags"; @@ -1102,6 +1111,12 @@ my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } else { $lflags=$prelflags; undef $prelflags; } +if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) + { + $cflags =~ s/\-mno\-cygwin\s*//; + $shared_ldflag =~ s/\-mno\-cygwin\s*//; + } + my $no_shared_warn=0; my $no_user_cflags=0; diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ index becee6663f..fe54856a62 100644 --- a/src/lib/libssl/src/FAQ +++ b/src/lib/libssl/src/FAQ @@ -52,6 +52,9 @@ OpenSSL - Frequently Asked Questions * Why does the OpenSSL test suite fail in sha512t on x86 CPU? * Why does compiler fail to compile sha512.c? * Test suite still fails, what to do? +* I think I've found a bug, what should I do? +* I'm SURE I've found a bug, how do I report it? +* I've found a security issue, how do I report it? [PROG] Questions about programming with OpenSSL @@ -79,7 +82,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 1.0.0a was released on Jun 1st, 2010. +OpenSSL 1.0.0e was released on Sep 6th, 2011. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at . Some applications that use OpenSSL are distributed in binary form. When using such an application, you don't need to install OpenSSL @@ -463,7 +466,7 @@ administrators. Other projects do have other policies so you can for example extract the CA bundle used by Mozilla and/or modssl as described in this article: - http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html + [BUILD] ======================================================================= @@ -505,7 +508,7 @@ when you run the test suite (using "make test"). The message returned is "bc: 1 not implemented". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see for download instructions) can be safely used, for example. @@ -516,7 +519,7 @@ that the OpenSSL bntest throws at it. This gets triggered when you run the test suite (using "make test"). The message returned is "bc: stack empty". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see for download instructions) can be safely used, for example. @@ -709,6 +712,46 @@ never make sense, and tend to emerge when you least expect them. In order to identify one, drop optimization level, e.g. by editing CFLAG line in top-level Makefile, recompile and re-run the test. +* I think I've found a bug, what should I do? + +If you are a new user then it is quite likely you haven't found a bug and +something is happening you aren't familiar with. Check this FAQ, the associated +documentation and the mailing lists for similar queries. If you are still +unsure whether it is a bug or not submit a query to the openssl-users mailing +list. + + +* I'm SURE I've found a bug, how do I report it? + +Bug reports with no security implications should be sent to the request +tracker. This can be done by mailing the report to (or its +alias ), please note that messages sent to the +request tracker also appear in the public openssl-dev mailing list. + +The report should be in plain text. Any patches should be sent as +plain text attachments because some mailers corrupt patches sent inline. +If your issue affects multiple versions of OpenSSL check any patches apply +cleanly and, if possible include patches to each affected version. + +The report should be given a meaningful subject line briefly summarising the +issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. + +By sending reports to the request tracker the bug can then be given a priority +and assigned to the appropriate maintainer. The history of discussions can be +accessed and if the issue has been addressed or a reason why not. If patches +are only sent to openssl-dev they can be mislaid if a team member has to +wade through months of old messages to review the discussion. + +See also + + +* I've found a security issue, how do I report it? + +If you think your bug has security implications then please send it to +openssl-security@openssl.org if you don't get a prompt reply at least +acknowledging receipt then resend or mail it directly to one of the +more active team members (e.g. Steve). + [PROG] ======================================================================== * Is OpenSSL thread-safe? diff --git a/src/lib/libssl/src/INSTALL.VMS b/src/lib/libssl/src/INSTALL.VMS index 7658f64e1d..e5d43a57ab 100644 --- a/src/lib/libssl/src/INSTALL.VMS +++ b/src/lib/libssl/src/INSTALL.VMS @@ -71,7 +71,7 @@ the top to understand how to use them. However, if you want to compile all you can get, the simplest is to use MAKEVMS.COM in the top directory. The syntax is the following: - @MAKEVMS